Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 10, 2026, 10 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
207251 3.3 注意 Mozilla Foundation - Windows 上で稼働する Mozilla Firefox の Mozilla Maintenance Service における任意のファイルを書き込まれる脆弱性 CWE-362
競合状態 		CVE-2015-4481 2015-08-19 16:58 2015-08-11 Show GitHub Exploit DB Packet Storm
207252 9.3 危険 Mozilla Foundation - Mozilla Firefox の libstagefright の stagefright::SampleTable::isValid 関数における整数オーバーフローの脆弱性 CWE-189
数値処理の問題 		CVE-2015-4480 2015-08-19 16:58 2015-08-11 Show GitHub Exploit DB Packet Storm
207253 10 危険 Mozilla Foundation - Mozilla Firefox の libstagefright における整数オーバーフローの脆弱性 CWE-189
数値処理の問題 		CVE-2015-4479 2015-08-19 16:58 2015-08-11 Show GitHub Exploit DB Packet Storm
207254 5 警告 Mozilla Foundation - Mozilla Firefox における同一生成元ポリシーを回避される脆弱性 CWE-200
情報漏えい 		CVE-2015-4478 2015-08-19 16:58 2015-08-11 Show GitHub Exploit DB Packet Storm
207255 10 危険 Mozilla Foundation - Mozilla Firefox の MediaStream のプレイバック機能における任意のコードを実行される脆弱性 CWE-Other
その他 		CVE-2015-4477 2015-08-19 16:58 2015-08-11 Show GitHub Exploit DB Packet Storm
207256 7.5 危険 Mozilla Foundation - Mozilla Firefox の mozilla::AudioSink 関数における任意のコードを実行される脆弱性 CWE-119
バッファエラー 		CVE-2015-4475 2015-08-19 16:57 2015-08-11 Show GitHub Exploit DB Packet Storm
207257 10 危険 Mozilla Foundation - Mozilla Firefox のブラウザエンジンにおけるサービス運用妨害 (DoS) の脆弱性 CWE-noinfo
情報不足 		CVE-2015-4474 2015-08-19 16:57 2015-08-11 Show GitHub Exploit DB Packet Storm
207258 10 危険 Mozilla Foundation - Mozilla Firefox のブラウザエンジンにおけるサービス運用妨害 (DoS) の脆弱性 CWE-119
バッファエラー 		CVE-2015-4473 2015-08-19 16:57 2015-08-11 Show GitHub Exploit DB Packet Storm
207259 9 危険 シスコシステムズ - Cisco Prime Infrastructure に SUID root された実行ファイルが存在する問題 CWE-Other
その他 		- 2015-08-19 16:57 2015-08-17 Show GitHub Exploit DB Packet Storm
207260 4.3 警告 マイクロソフト - Microsoft XML コアサービスにおける暗号保護メカニズムを破られる脆弱性 CWE-310
暗号の問題 		CVE-2015-2471 2015-08-19 16:53 2015-08-11 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 10, 2026, 4:58 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
101 6.5 MEDIUM
Network 		- - FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.1, a remote client with retained publish permission can crash the FlashMQ broker when both set_retained_mes… New CWE-369
 Divide By Zero 		CVE-2026-42209 2026-05-9 07:16 2026-05-9 Show GitHub Exploit DB Packet Storm
102 - - - Roadiz is a polymorphic content management system based on a node system. Prior to versions 2.3.43, 2.5.45, 2.6.31, and 2.7.18, the roadiz/openid package generates an OIDC nonce in OAuth2LinkGenerato… New CWE-345
 Insufficient Verification of Data Authenticity 		CVE-2026-42206 2026-05-9 07:16 2026-05-9 Show GitHub Exploit DB Packet Storm
103 8.8 HIGH
Network 		- - Avo is a framework to create admin panels for Ruby on Rails apps. Prior to version 3.31.2, a broken access control vulnerability was identified in the ActionsController of the Avo framework. Due to i… New CWE-284
CWE-639
Improper Access Control
 Authorization Bypass Through User-Controlled Key 		CVE-2026-42205 2026-05-9 07:16 2026-05-9 Show GitHub Exploit DB Packet Storm
104 6.5 MEDIUM
Network 		- - nova-toggle-5 enables fliping booleans in the index. Prior to version 1.3.0, the toggle endpoint (POST/nova-vendor/nova-toggle/toggle/{resource}/{resourceId}) was protected only by web + auth:<guard>… New CWE-285
Improper Authorization 		CVE-2026-42202 2026-05-9 07:16 2026-05-9 Show GitHub Exploit DB Packet Storm
105 6.2 MEDIUM
Local 		- - Grid is a data structure grid for rust. From version 0.17.0 to before version 1.0.1, an integer overflow in Grid::expand_rows() can corrupt the relationship between the grid’s logical dimensions and … New CWE-190
 Integer Overflow or Wraparound 		CVE-2026-42199 2026-05-9 07:16 2026-05-9 Show GitHub Exploit DB Packet Storm
106 3.4 LOW
Network 		- - draw.io is a configurable diagramming and whiteboarding application. Prior to version 29.7.9, the draw.io client accepts a ?gitlab= URL parameter that overrides the GitLab server URL used during OAut… New CWE-200
CWE-601
Information Exposure
Open Redirect 		CVE-2026-42195 2026-05-9 07:16 2026-05-9 Show GitHub Exploit DB Packet Storm
107 9.1 CRITICAL
Network 		- - Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, the /webhooks/sns endpoint accepts Amazon SNS notification payloads from unauthenticated requests without verif… New CWE-347
 Improper Verification of Cryptographic Signature 		CVE-2026-42193 2026-05-9 07:16 2026-05-9 Show GitHub Exploit DB Packet Storm
108 5.4 MEDIUM
Network 		- - Plunk is an open-source email platform built on top of AWS SES. Prior to version 0.9.0, a stored cross-site scripting (XSS) vulnerability exists in the campaign management feature, where the email bo… New CWE-79
Cross-site Scripting 		CVE-2026-42192 2026-05-9 07:16 2026-05-9 Show GitHub Exploit DB Packet Storm
109 9.1 CRITICAL
Network 		- - FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.217, the /user-setup/{hash} endpoint accepts a 60-character random invite_hash to set a new use… New CWE-613
 Insufficient Session Expiration 		CVE-2026-41902 2026-05-9 07:16 2026-05-8 Show GitHub Exploit DB Packet Storm
110 - - - Emlog is an open source website building system. Prior to version 2.6.11, insecure plugin upload functionality allows attackers to upload and execute arbitrary PHP code, leading to complete server co… New CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2026-41517 2026-05-9 07:16 2026-05-9 Show GitHub Exploit DB Packet Storm