Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
200291	9.3	危険	アップル	-	Apple OS X の AppleRAID における特権付きコンテキスト内で任意のコードを実行される脆弱性	CWE-119 CWE-20	CVE-2016-1733	2016-03-25 14:59	2016-03-21	Show	GitHub Exploit DB Packet Storm

200292	4.3	警告	NetIQ	-	NetIQ Self Service Password Reset におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2016-1599	2016-03-25 13:42	2016-03-22	Show	GitHub Exploit DB Packet Storm

200293	5	警告	Privoxy Developers	-	Privoxy の filters.c の remove_chunked_transfer_coding 関数におけるサービス運用妨害 (DoS) の脆弱性	CWE-20 不適切な入力確認	CVE-2016-1982	2016-03-25 10:04	2016-01-21	Show	GitHub Exploit DB Packet Storm

200294	8.3	危険	ネットギア	-	NETGEAR Management System NMS300 における任意の Java コードを実行される脆弱性	CWE-Other その他	CVE-2016-1524	2016-03-24 18:08	2016-02-3	Show	GitHub Exploit DB Packet Storm

200295	6.8	警告	IBM	-	IBM Mashup Center の Lotus Mashups コンポーネントにおけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2015-7407	2016-03-24 18:04	2015-11-20	Show	GitHub Exploit DB Packet Storm

200296	6.8	警告	IBM	-	IBM Mashup Center の Lotus Mashups コンポーネントにおけるサービス運用妨害 (DoS) の脆弱性	CWE-399 CWE-Other	CVE-2015-7400	2016-03-24 18:03	2015-11-20	Show	GitHub Exploit DB Packet Storm

200297	4.3	警告	アドビシステムズ日立	-	Adobe ColdFusion および LiveCycle Data Services で使用される Adobe BlazeDS における HTTP トラフィックをイントラネットサーバへ送信される脆弱性	CWE-20 不適切な入力確認	CVE-2015-5255	2016-03-24 17:24	2015-11-17	Show	GitHub Exploit DB Packet Storm

200298	5	警告	アドビシステムズ日立	-	Adobe LiveCycle Data Services などの製品の flex-messaging-core.jar で使用される Apache Flex BlazeDS における任意のファイルを読まれる脆弱性	CWE-200 情報漏えい	CVE-2015-3269	2016-03-24 17:23	2015-08-18	Show	GitHub Exploit DB Packet Storm

200299	6.8	警告	XZERES Wind Corp	-	XZERES 442SR Wind Turbines 上で稼働する XZERES 442SR OS におけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2015-0985	2016-03-24 17:23	2015-03-17	Show	GitHub Exploit DB Packet Storm

200300	5.5	警告	Matt Johnston	-	Dropbear SSH における CRLF インジェクションの脆弱性	CWE-Other その他	CVE-2016-3116	2016-03-24 11:22	2016-03-9	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:April 19, 2026, 4:09 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
291	7.5	HIGH Network	-	-	Deadwood in MaraDNS 3.5.0036 allows attackers to exhaust connection slots via a zone whose authoritative nameserver address cannot be resolved. New	CWE-670 Always-Incorrect Control Flow Implementation	CVE-2026-40719	2026-04-18 00:38	2026-04-15	Show	GitHub Exploit DB Packet Storm

292	7.5	HIGH Network	-	-	Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for salts. The _make_salt and _make_salt_bcrypt methods will attept to load Crypt::URandom and then Bytes::… New	CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)	CVE-2026-5088	2026-04-18 00:38	2026-04-15	Show	GitHub Exploit DB Packet Storm

293	8.0	HIGH Network	-	-	nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking (CSWSH) vulnerability exists in the bridge's WebSocket server in bridge/src/server.ts, resulting f… Update	CWE-1385 Missing Origin Validation in WebSockets	CVE-2026-35589	2026-04-18 00:38	2026-04-15	Show	GitHub Exploit DB Packet Storm

294	7.2	HIGH Network	-	-	BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are vulnerable to a critical Local File Inclusion (LFI) … Update	CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')	CVE-2026-39387	2026-04-18 00:38	2026-04-15	Show	GitHub Exploit DB Packet Storm

295	9.6	CRITICAL Network	-	-	NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply … Update	CWE-20 CWE-22 Improper Input Validation Path Traversal	CVE-2026-39399	2026-04-18 00:38	2026-04-15	Show	GitHub Exploit DB Packet Storm

296	9.9	CRITICAL Network	-	-	OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expression injection vulnerabilities in the rules engine that allow arbitrary code execution on the serve… New	CWE-94 CWE-917 Code Injection Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')	CVE-2026-39842	2026-04-18 00:38	2026-04-15	Show	GitHub Exploit DB Packet Storm

297	8.1	HIGH Network	-	-	An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authen… New	CWE-863 Incorrect Authorization	CVE-2025-40897	2026-04-18 00:38	2026-04-15	Show	GitHub Exploit DB Packet Storm

298	8.9	HIGH Network	-	-	A Stored Cross-Site Scripting vulnerability was discovered in the Assets and Nodes functionality due to improper validation of an input parameter. An authenticated user with custom fields privileges … New	CWE-79 Cross-site Scripting	CVE-2025-40899	2026-04-18 00:38	2026-04-15	Show	GitHub Exploit DB Packet Storm

299	8.3	HIGH Network	-	-	mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions 3.4.0 and prior contain an argument injection vulnerability in the port_forward tool in src/tools/… New	CWE-88 Argument Injection	CVE-2026-39884	2026-04-18 00:38	2026-04-15	Show	GitHub Exploit DB Packet Storm

300	6.9	MEDIUM Network	-	-	Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the serendipity_setCookie() function in include/functions_config.inc.php uses $_SERVER['HTTP_HOST'] without validation as… New	CWE-565 Reliance on Cookies without Validation and Integrity Checking	CVE-2026-39963	2026-04-18 00:38	2026-04-15	Show	GitHub Exploit DB Packet Storm