Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
199921	7.5	重要 Local	シトリックス・システムズ Xen プロジェクト	-	Xen の hw/pt-msi.c におけるバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2015-8554	2016-04-21 17:36	2015-12-17	Show	GitHub Exploit DB Packet Storm

199922	8.2	重要 Local	Xen プロジェクト	-	Xen におけるサービス運用妨害 (DoS) の脆弱性	CWE-Other その他	CVE-2015-8550	2016-04-21 17:34	2015-12-17	Show	GitHub Exploit DB Packet Storm

199923	7.8	重要 Local	Debian OptiPNG	-	OptiPNG の pngxrbmp.c の bmp_read_rows 関数におけるヒープベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2016-3981	2016-04-21 17:05	2016-04-4	Show	GitHub Exploit DB Packet Storm

199924	7.6	重要 Network	Debian Apache Software Foundation	-	Apache Subversion の mod_dav_svn の util.c における整数オーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2015-5343	2016-04-21 16:55	2015-12-16	Show	GitHub Exploit DB Packet Storm

199925	9.8	緊急 Network	Canonical Pixman	-	Pixman の pixman-bits-image.c の create_bits 関数における整数オーバーフローの脆弱性	CWE-189 数値処理の問題	CVE-2014-9766	2016-04-21 16:49	2014-04-9	Show	GitHub Exploit DB Packet Storm

199926	9.8	緊急 Network	openSUSE project Canonical Git project レッドハット	-	Git の git-remote-ext および不特定の他のリモートヘルパープログラムにおける任意のコードを実行される脆弱性	CWE-20 CWE-Other	CVE-2015-7545	2016-04-21 16:40	2015-09-29	Show	GitHub Exploit DB Packet Storm

199927	4.3	警告 Network	Roundup Debian	-	Roundup の schema.py における重要なユーザ情報を取得される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2014-6276	2016-04-21 16:35	2014-07-4	Show	GitHub Exploit DB Packet Storm

199928	7.5	重要 Network	Eran Hammer	-	Hawk におけるサービス運用妨害 (DoS) の脆弱性	CWE-399 リソース管理の問題	CVE-2016-2515	2016-04-21 16:17	2016-01-20	Show	GitHub Exploit DB Packet Storm

199929	6.1	警告 Network	Debian Fedora Project Horde	-	Horde Groupware および Groupware Webmail Edition におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-2228	2016-04-21 16:09	2016-02-2	Show	GitHub Exploit DB Packet Storm

199930	6.1	警告 Network	Debian Fedora Project Horde	-	Horde Groupware および Groupware Webmail Edition におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2015-8807	2016-04-21 16:09	2015-12-14	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:April 24, 2026, 4 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1111	6.5	MEDIUM Network	b3log	siyuan	SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configures Mermaid.js with securityLevel: "loose" and htmlLabels: true. In this mode, <img> tags with src attributes survive M…	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-40107	2026-04-17 05:28	2026-04-10	Show	GitHub Exploit DB Packet Storm

1112	6.1	MEDIUM Network	altenar	sportsbook	Cross Site Scripting vulnerability in Altenar Sportsbook Software Platform (SB2) v.2.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the URL parameter	CWE-200 Information Exposure	CVE-2026-31262	2026-04-17 05:17	2026-04-11	Show	GitHub Exploit DB Packet Storm

1113	7.5	HIGH Network	nasm	netwide_assembler	A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can be exploited by a user assembling …	CWE-787 Out-of-bounds Write	CVE-2026-6067	2026-04-17 04:49	2026-04-10	Show	GitHub Exploit DB Packet Storm

1114	6.5	MEDIUM Network	nasm	netwide_assembler	NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in the global depend_file and later dereferenced, as the response…	CWE-416 Use After Free	CVE-2026-6068	2026-04-17 04:48	2026-04-10	Show	GitHub Exploit DB Packet Storm

1115	7.5	HIGH Network	nasm	netwide_assembler	NASM’s disasm() function contains a stack based buffer overflow when formatting disassembly output, allowing an attacker triggered out-of-bounds write when `slen` exceeds the buffer capacity.	CWE-787 Out-of-bounds Write	CVE-2026-6069	2026-04-17 04:48	2026-04-10	Show	GitHub Exploit DB Packet Storm

1116	7.2	HIGH Network	couchcms	couchcms	CouchCMS contains a privilege escalation vulnerability that allows authenticated Admin-level users to create SuperAdmin accounts by tampering with the f_k_levels_list parameter in user creation reque…	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2026-29002	2026-04-17 04:41	2026-04-11	Show	GitHub Exploit DB Packet Storm

1117	5.5	MEDIUM Local	hdfgroup	hdf5	HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition in the H5T__ref_mem_setnull…	CWE-122 Heap-based Buffer Overflow	CVE-2026-29043	2026-04-17 04:40	2026-04-11	Show	GitHub Exploit DB Packet Storm

1118	9.6	CRITICAL Network	lollms	lollms	A Stored Cross-Site Scripting (XSS) vulnerability was identified in the social feature of parisneo/lollms, affecting the latest version prior to 2.2.0. The vulnerability exists in the `create_post` f…	CWE-79 Cross-site Scripting	CVE-2026-1115	2026-04-17 04:39	2026-04-10	Show	GitHub Exploit DB Packet Storm

1119	4.8	MEDIUM Network	-	-	Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.3.1, the Axios library is vulnerable to a specific "Gadget" attack chain that allows Prototype Pollution in any…	CWE-113 CWE-444 CWE-918 HTTP Response Splitting HTTP Request Smuggling Server-Side Request Forgery (SSRF)	CVE-2026-40175	2026-04-17 04:16	2026-04-11	Show	GitHub Exploit DB Packet Storm

1120	9.8	CRITICAL Network	chamilo	chamilo_lms	Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise-blocked PHP code from the main/install/ directory and allow an unauthenticated attacker to modify …	CWE-552 Files or Directories Accessible to External Parties	CVE-2026-33698	2026-04-17 03:48	2026-04-11	Show	GitHub Exploit DB Packet Storm