Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 9, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
207691 4.3 警告 IBM - IBM Tivoli Service Automation Manager におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2014-0940 2015-07-31 15:23 2014-10-3 Show GitHub Exploit DB Packet Storm
207692 5.8 警告 Ignite Realtime
レッドハット		 - Ignite Realtime Smack XMPP API の ServerTrustManager コンポーネントにおけるサーバになりすまされる脆弱性 CWE-Other
その他 		CVE-2014-0363 2015-07-31 15:17 2014-04-17 Show GitHub Exploit DB Packet Storm
207693 6.8 警告 dhcpcd project - Android などの製品で使用される dhcpcd の dhcp-common.c の print_option 関数における任意のコードを実行される脆弱性 CWE-119
バッファエラー 		CVE-2014-7913 2015-07-31 14:33 2014-11-15 Show GitHub Exploit DB Packet Storm
207694 6.8 警告 dhcpcd project - Android などの製品で使用される dhcpcd の dhcp.c の get_option 関数における任意のコードを実行される脆弱性 CWE-119
バッファエラー 		CVE-2014-7912 2015-07-31 14:33 2014-11-15 Show GitHub Exploit DB Packet Storm
207695 2.1 注意 Python Software Foundation - pip におけるサービス運用妨害 (DoS) の脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2014-8991 2015-07-31 11:07 2014-11-12 Show GitHub Exploit DB Packet Storm
207696 6.4 警告 thekelleys - Dnsmasq の tcp_request 関数におけるプロセスのメモリを読み取られる脆弱性 CWE-Other
その他 		CVE-2015-3294 2015-07-31 10:35 2015-04-10 Show GitHub Exploit DB Packet Storm
207697 3.5 注意 OpenStack - OpenStack Dashboard におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-3988 2015-07-31 10:33 2015-05-1 Show GitHub Exploit DB Packet Storm
207698 5 警告 The PHP Group
アップル		 - PHP の Fileinfo コンポーネントで使用される readelf.c ファイル内の donote 関数におけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認 		CVE-2014-3710 2015-07-30 16:40 2014-10-17 Show GitHub Exploit DB Packet Storm
207699 5 警告 The Tcpdump Group - tcpdump の geonet_print 関数における整数アンダーフローの脆弱性 CWE-189
数値処理の問題 		CVE-2014-8768 2015-07-30 16:37 2014-11-12 Show GitHub Exploit DB Packet Storm
207700 7.5 危険 Novell
Mercurial		 - Mercurial の sshpeer の _validaterepo 関数における任意のコマンドを実行される脆弱性 CWE-20
不適切な入力確認 		CVE-2014-9462 2015-07-30 16:29 2014-12-29 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 9, 2026, 5:07 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
781 4.3 MEDIUM
Network 		- - Weblate is a web based localization tool. Prior to version 5.17.1, the screenshots, tasks, and component link API allowed for the enumeration of translations in a project inaccessible to the user. Th… New CWE-203
 Information Exposure Through Discrepancy 		CVE-2026-44263 2026-05-8 00:46 2026-05-8 Show GitHub Exploit DB Packet Storm
782 4.3 MEDIUM
Network 		- - Weblate is a web based localization tool. Prior to version 5.17.1, the Markdown renderer used in user comments and other user-provided content didn't properly sanitize some attributes. This issue has… New CWE-80
Basic XSS 		CVE-2026-44264 2026-05-8 00:46 2026-05-8 Show GitHub Exploit DB Packet Storm
783 7.7 HIGH
Network 		- - Wallos is an open-source, self-hostable personal subscription tracker. In versions 4.8.4 and prior, the incomplete SSRF fix in Wallos validates webhook URLs via gethostbyname() but passes the origina… New CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-41688 2026-05-8 00:45 2026-05-8 Show GitHub Exploit DB Packet Storm
784 9.6 CRITICAL
Network 		- - Notesnook is a note-taking app focused on user privacy & ease of use. Prior to Notesnook Web/Desktop version 3.3.15 and prior to Notesnook iOS/Android version 3.3.20, a stored XSS vulnerability in th… Update CWE-79
CWE-94
Cross-site Scripting
Code Injection 		CVE-2026-42090 2026-05-8 00:44 2026-05-5 Show GitHub Exploit DB Packet Storm
785 8.1 HIGH
Network 		- - Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a path traversal vulnerability in the skill download (fetch) command allows attackers to write files to arbitrary… Update CWE-22
Path Traversal 		CVE-2026-42075 2026-05-8 00:43 2026-05-5 Show GitHub Exploit DB Packet Storm
786 5.3 MEDIUM
Network 		- - Note Mark is an open-source note-taking application. Prior to version 0.19.3, after a note-mark owner soft-deletes a public book, its notes and uploaded assets stay readable at /api/notes/{id}, /api/… Update CWE-285
Improper Authorization 		CVE-2026-41572 2026-05-8 00:43 2026-05-5 Show GitHub Exploit DB Packet Storm
787 6.5 MEDIUM
Network 		- - titra is an open source time tracking project. In version 0.99.52, the globalsettings Meteor publication returns all global settings without any admin or role check. Any authenticated user can subscr… Update CWE-200
Information Exposure 		CVE-2026-42092 2026-05-8 00:43 2026-05-5 Show GitHub Exploit DB Packet Storm
788 4.4 MEDIUM
Network 		- - PlantUML Macro is a macro for rendering UML diagrams from simple textual schemes. Prior to version 2.4.1, the PlantUML Macro is vulnerable to Server-Side Request Forgery (SSRF). The macro allows user… Update CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-42140 2026-05-8 00:43 2026-05-5 Show GitHub Exploit DB Packet Storm
789 6.1 MEDIUM
Local 		- - CImg Library is a C++ library for image processing. Prior to commit 4ca26bc, there is an integer overflow vulnerability in the W*H*D size computation inside _load_pnm() that can bypass the memory all… Update CWE-190
 Integer Overflow or Wraparound 		CVE-2026-42144 2026-05-8 00:43 2026-05-5 Show GitHub Exploit DB Packet Storm
790 - - - In versions 3.0.0a1 through 3.2.0 of Mistune, there is a ReDoS (Regular Expression Denial of Service) vulnerability in `LINK_TITLE_RE` that allows an attacker who can supply Markdown for parsing to c… New CWE-1333
 Inefficient Regular Expression Complexity 		CVE-2026-33079 2026-05-8 00:43 2026-05-7 Show GitHub Exploit DB Packet Storm