Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
2051 7.8 重要
Local 		ON Semiconductor QCS-AX2-S5 ファームウェア
QV942C ファームウェア
QCS-AX3-A12 ファームウェア
QCS-AX3-S5 ファームウェア
QHS710 ファームウェア
QSR10GA ファームウェア
QD840 ファームウェア
QCS-AX3-T8 ファームウェア 		ON SemiconductorのQCS-AX2-A12 ファームウェア等の複数製品における引数の挿入または変更に関する脆弱性 CWE-88
引数の挿入または変更 		CVE-2025-3460 2026-01-23 14:19 2025-06-8 Show GitHub Exploit DB Packet Storm
2052 7.1 重要
Adjacent 		Google Android GoogleのAndroidにおける不特定の脆弱性 CWE-noinfo
情報不足 		CVE-2025-36911 2026-01-23 14:19 2026-01-15 Show GitHub Exploit DB Packet Storm
2053 3.5
Network 		GitLab.org GitLab GitLab.orgのGitLabにおける認可されていない行為者への個人情報の漏えいに関する脆弱性 CWE-359
認可されていないアクターへの個人情報の漏えい 		CVE-2025-3950 2026-01-23 14:19 2026-01-9 Show GitHub Exploit DB Packet Storm
2054 9.8 緊急
Network 		ヒューレット・パッカード HP ThinPro ヒューレット・パッカードのHP ThinProにおける不要な特権による実行に関する脆弱性 CWE-250
不要な特権による実行 		CVE-2025-43017 2026-01-23 14:19 2025-10-28 Show GitHub Exploit DB Packet Storm
2055 4.3 警告
Network 		デル secure connect gateway デルのsecure connect gatewayにおける複数の脆弱性 CWE-22
CWE-23
CVE-2025-46363 2026-01-23 14:19 2025-10-30 Show GitHub Exploit DB Packet Storm
2056 5.3 警告
Network 		libsndfile project libsndfile libsndfile projectのlibsndfileにおける有効期限後のメモリの解放の欠如に関する脆弱性 CWE-401
有効期限後のメモリの解放の欠如 		CVE-2025-56226 2026-01-23 14:19 2026-01-14 Show GitHub Exploit DB Packet Storm
2057 6.5 警告
Network 		Mattermost, Inc. Mattermost Mobile Mattermost, Inc.のMattermost Mobileにおけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2025-59480 2026-01-23 14:19 2025-11-13 Show GitHub Exploit DB Packet Storm
2058 9.8 緊急
Network 		Apache Software Foundation brpc Apache Software Foundationのbrpcにおけるコマンドインジェクションの脆弱性 CWE-77
コマンドインジェクション 		CVE-2025-60021 2026-01-23 14:19 2026-01-16 Show GitHub Exploit DB Packet Storm
2059 6.5 警告
Network 		E2pdf E2pdf WordPress用E2pdfにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2025-62068 2026-01-23 14:19 2025-10-22 Show GitHub Exploit DB Packet Storm
2060 6.7 警告
Local 		アクシスコミュニケーションズ AXIS OS アクシスコミュニケーションズのAXIS OSにおける指定されたタイプの入力に対する不適切な検証に関する脆弱性 CWE-1287
指定されたタイプの入力に対する不適切な検証 		CVE-2025-6298 2026-01-23 14:19 2025-11-11 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 26, 2026, 4:08 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
61 4.7 MEDIUM
Local 		- - Mojic is a CLI tool to transform readable C code into an unrecognizable chaotic stream of emojis. Prior to 2.1.4, the CipherEngine uses a standard equality operator (!==) to verify the HMAC-SHA256 in… New CWE-208
 Information Exposure Through Timing Discrepancy 		CVE-2026-41244 2026-04-25 06:16 2026-04-25 Show GitHub Exploit DB Packet Storm
62 6.5 MEDIUM
Network 		linuxfoundation tekton_pipelines Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. From 1.0.0 to 1.10.0, the Tekton Pipelines git resolver in API mode sends the system-configured Git API toke… New CWE-201
NVD-CWE-noinfo
 Insertion of Sensitive Information Into Sent Data 		CVE-2026-40161 2026-04-25 05:55 2026-04-22 Show GitHub Exploit DB Packet Storm
63 7.5 HIGH
Network 		signalk signal_k_server Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.25.0 are vulnerable to an unauthenticated Regular Expression Denial of Service (ReDoS) attack within … New CWE-400
CWE-1333
 Uncontrolled Resource Consumption
 Inefficient Regular Expression Complexity 		CVE-2026-39320 2026-04-25 05:51 2026-04-21 Show GitHub Exploit DB Packet Storm
64 7.1 HIGH
Local 		craigjbass clearancekit ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.5, ClearanceKit incorrectly treats a process with an empty Team ID and a non-empty Si… New CWE-863
 Incorrect Authorization 		CVE-2026-40599 2026-04-25 05:50 2026-04-22 Show GitHub Exploit DB Packet Storm
65 4.4 MEDIUM
Local 		craigjbass clearancekit ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.6, the opfilter Endpoint Security system extension (bundle ID uk.craigbass.clearancek… New CWE-693
 Protection Mechanism Failure 		CVE-2026-40604 2026-04-25 05:49 2026-04-22 Show GitHub Exploit DB Packet Storm
66 8.8 HIGH
Network 		goshs goshs goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.6, goshs contains an SFTP root escape caused by prefix-based path validation. An authenticated SFTP user can read from and write to file… New CWE-22
Path Traversal 		CVE-2026-40876 2026-04-25 05:38 2026-04-22 Show GitHub Exploit DB Packet Storm
67 - - - BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an out-of-bounds read vulnerability in bacnet-stack's ReadPropertyMultiple service property decoder… New CWE-125
Out-of-bounds Read 		CVE-2026-41503 2026-04-25 05:16 2026-04-25 Show GitHub Exploit DB Packet Storm
68 9.8 CRITICAL
Network 		- - Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, Dgraphl exposes the process command line through the unauthenticated /debug/vars endpoint on Alpha. Because the admin token is … New CWE-200
Information Exposure 		CVE-2026-41492 2026-04-25 05:16 2026-04-25 Show GitHub Exploit DB Packet Storm
69 7.8 HIGH
Local 		- - Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and exposes an IPC named pipe with WorldAccessOption enabled. The daemon processes pr… New CWE-306
CWE-862
Missing Authentication for Critical Function
 Missing Authorization 		CVE-2026-41477 2026-04-25 05:16 2026-04-25 Show GitHub Exploit DB Packet Storm
70 - - - BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, an out-of-bounds read vulnerability in bacnet-stack's WritePropertyMultiple service decoder allows … New CWE-125
Out-of-bounds Read 		CVE-2026-41475 2026-04-25 05:16 2026-04-25 Show GitHub Exploit DB Packet Storm