Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
200631 7.1 危険 Moodle - Moodle の Atto におけるサービス運用妨害 (DoS) の脆弱性 CWE-399
リソース管理の問題 		CVE-2015-5332 2016-03-3 15:48 2015-11-16 Show GitHub Exploit DB Packet Storm
200632 4 警告 Moodle - Moodle におけるアクセス制限を回避される脆弱性 CWE-Other
その他 		CVE-2015-5331 2016-03-3 15:48 2015-11-16 Show GitHub Exploit DB Packet Storm
200633 4 警告 Moodle - Moodle の Forum モジュールにおける任意のグループに投稿される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2015-5272 2016-03-3 15:48 2015-09-21 Show GitHub Exploit DB Packet Storm
200634 4.9 警告 Moodle - Moodle の enrol/meta/locallib.php の enrol_meta_sync 関数における管理者権限を取得される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2015-5266 2016-03-3 15:46 2015-09-21 Show GitHub Exploit DB Packet Storm
200635 4.3 警告 IBM - IBM Business Process Manager の Process Portal におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-8524 2016-03-3 14:05 2015-12-8 Show GitHub Exploit DB Packet Storm
200636 5 警告 IBM - IBM WebSphere Commerce Enterprise のアップデートインストーラにおける重要な情報を取得される脆弱性 CWE-200
情報漏えい 		CVE-2015-7444 2016-03-3 14:05 2015-09-29 Show GitHub Exploit DB Packet Storm
200637 5 警告 QNAP Systems - QNAP Signage Station における認証を回避される脆弱性 CWE-Other
その他 		CVE-2015-6036 2016-03-3 12:21 2016-02-25 Show GitHub Exploit DB Packet Storm
200638 4.3 警告 Huawei - Huawei Agile Controller-Campus のソフトウェアの不特定のポータル認証ページにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2016-2214 2016-03-3 11:35 2016-02-3 Show GitHub Exploit DB Packet Storm
200639 6.8 警告 FFmpeg - FFmpeg の libavcodec/pngenc.c におけるサービス運用妨害 (DoS) の脆弱性 CWE-119
バッファエラー 		CVE-2016-2327 2016-03-3 11:25 2016-01-15 Show GitHub Exploit DB Packet Storm
200640 4.3 警告 LibTIFF - tiff2ps で使用される LibTIFF におけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認 		CVE-2010-2596 2016-03-2 16:59 2010-04-16 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 20, 2026, 4:09 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
511 4.6 MEDIUM
Network 		- - MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an incomplete fix for CVE-2025-53928, where a Remote Code Execution vulnerability still exists in the MCP node of… Update CWE-20
CWE-78
 Improper Input Validation 
OS Command  		CVE-2026-39417 2026-04-18 00:26 2026-04-14 Show GitHub Exploit DB Packet Storm
512 7.5 HIGH
Network 		- - jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed (0x432A9843) for all JSON object hash table op… Update CWE-328
CWE-407
 Use of Weak Hash
 Inefficient Algorithmic Complexity 		CVE-2026-40164 2026-04-18 00:26 2026-04-14 Show GitHub Exploit DB Packet Storm
513 5.0 MEDIUM
Network 		- - MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, sandbox network protection can be bypassed by using socket.sendto() with the MSG_FASTOPEN flag. This allows authentic… Update CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-39418 2026-04-18 00:26 2026-04-14 Show GitHub Exploit DB Packet Storm
514 6.3 MEDIUM
Network 		- - MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an incomplete sandbox protection mechanism allows an authenticated user with tool execution privileges to escape the … Update CWE-78
CWE-693
OS Command 
 Protection Mechanism Failure 		CVE-2026-39420 2026-04-18 00:26 2026-04-14 Show GitHub Exploit DB Packet Storm
515 6.3 MEDIUM
Network 		- - MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a sandbox escape vulnerability in the ToolExecutor component. By leveraging Python's ctypes library to execute ra… Update CWE-94
CWE-693
Code Injection
 Protection Mechanism Failure 		CVE-2026-39421 2026-04-18 00:26 2026-04-14 Show GitHub Exploit DB Packet Storm
516 - - - MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain a Stored Cross-Site Scripting (XSS) vulnerability through the application name or icon fields when creating an ap… Update CWE-79
Cross-site Scripting 		CVE-2026-39422 2026-04-18 00:26 2026-04-14 Show GitHub Exploit DB Packet Storm
517 - - - MaxKB is an open-source AI assistant for enterprise. Versions 2.7.1 and below contain an Eval Injection vulnerability in the Markdown rendering engine that allows any user capable of interacting with… Update CWE-79
CWE-95
Cross-site Scripting
Eval Injection 		CVE-2026-39423 2026-04-18 00:26 2026-04-14 Show GitHub Exploit DB Packet Storm
518 - - - MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, the chat export feature is vulnerable to Improper Neutralization of Formula Elements in a CSV File. When an administr… Update CWE-1236
 Improper Neutralization of Formula Elements in a CSV File 		CVE-2026-39424 2026-04-18 00:26 2026-04-14 Show GitHub Exploit DB Packet Storm
519 9.8 CRITICAL
Network 		- - A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talen… Update - CVE-2026-6264 2026-04-18 00:26 2026-04-14 Show GitHub Exploit DB Packet Storm
520 4.3 MEDIUM
Network 		- - Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.7.2 and below contain a Blind Server Side Request Forgery in the functionality that allow… Update CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-34225 2026-04-18 00:26 2026-04-14 Show GitHub Exploit DB Packet Storm