Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
209441 5.4 警告 avexim - Android 用 Noticias Bebes Beybies アプリケーションにおけるサーバになりすまされる脆弱性 CWE-310
暗号の問題 		CVE-2014-7551 2014-12-17 09:57 2014-09-3 Show GitHub Exploit DB Packet Storm
209442 5.4 警告 basketball news & videos project - Android 用 basketball news & videos アプリケーションにおけるサーバになりすまされる脆弱性 CWE-310
暗号の問題 		CVE-2014-7550 2014-12-17 09:57 2014-09-3 Show GitHub Exploit DB Packet Storm
209443 5.4 警告 fpinternet - Android 用 Texas Poker Unlimited Hold'em アプリケーションにおけるサーバになりすまされる脆弱性 CWE-310
暗号の問題 		CVE-2014-7547 2014-12-17 09:57 2014-09-3 Show GitHub Exploit DB Packet Storm
209444 5.4 警告 buddhist prayer project - Android 用 Buddhist Prayer アプリケーションにおけるサーバになりすまされる脆弱性 CWE-310
暗号の問題 		CVE-2014-7546 2014-12-17 09:57 2014-09-3 Show GitHub Exploit DB Packet Storm
209445 5.4 警告 narr8 - Android 用 Secret City - Motion Comic アプリケーションにおけるサーバになりすまされる脆弱性 CWE-310
暗号の問題 		CVE-2014-7544 2014-12-17 09:57 2014-09-3 Show GitHub Exploit DB Packet Storm
209446 5.4 警告 bloodjournal - Android 用 Blood アプリケーションにおけるサーバになりすまされる脆弱性 CWE-310
暗号の問題 		CVE-2014-7543 2014-12-17 09:57 2014-09-3 Show GitHub Exploit DB Packet Storm
209447 5.4 警告 staperpetua - Android 用 l'Informatiu アプリケーションにおけるサーバになりすまされる脆弱性 CWE-310
暗号の問題 		CVE-2014-7542 2014-12-17 09:57 2014-09-3 Show GitHub Exploit DB Packet Storm
209448 5.4 警告 zhang zhijun taiwan visit 2014-06-25 project - Android 用 Zhang Zhijun Taiwan Visit 2014-06-25 アプリケーションにおけるサーバになりすまされる脆弱性 CWE-310
暗号の問題 		CVE-2014-7539 2014-12-17 09:57 2014-09-3 Show GitHub Exploit DB Packet Storm
209449 5.4 警告 headlines news india project - Android 用 Headlines news India アプリケーションにおけるサーバになりすまされる脆弱性 CWE-310
暗号の問題 		CVE-2014-7538 2014-12-17 09:57 2014-09-3 Show GitHub Exploit DB Packet Storm
209450 5.4 警告 serviceacademyforums - Android 用 Service Academy Forums アプリケーションにおけるサーバになりすまされる脆弱性 CWE-310
暗号の問題 		CVE-2014-7536 2014-12-17 09:57 2014-09-3 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 23, 2026, 4 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
521 - - - Improper input validation, Improper verification of cryptographic signature vulnerability in XQUIC Project XQUIC xquic on Linux (QUIC protocol implementation, packet processing module, STREAM frame h… CWE-20
CWE-347
 Improper Input Validation 
 Improper Verification of Cryptographic Signature 		CVE-2026-6328 2026-04-18 00:38 2026-04-15 Show GitHub Exploit DB Packet Storm
522 7.8 HIGH
Local 		- - libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. In versions 1.8.7 and prior, when built with the --with-gdk-pixbuf2 option, a use-after-free vulnerability exists in loa… CWE-416
 Use After Free 		CVE-2026-33023 2026-04-18 00:38 2026-04-15 Show GitHub Exploit DB Packet Storm
523 - - - Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in pkg/machine/hyperv/stubber.go, where the… CWE-78
OS Command  		CVE-2026-33414 2026-04-18 00:38 2026-04-15 Show GitHub Exploit DB Packet Storm
524 3.5 LOW
Physics 		- - OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. A regression introduced in 7.11.0 prevents OAuth2 Proxy from clearing the session cookie when rendering the sign-i… CWE-384
CWE-613
 Session Fixation
 Insufficient Session Expiration 		CVE-2026-34454 2026-04-18 00:38 2026-04-15 Show GitHub Exploit DB Packet Storm
525 9.1 CRITICAL
Network 		- - OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions prior to 7.15.2 contain a configuration-dependent authentication bypass in deployments where OAuth2 Proxy… CWE-290
 Authentication Bypass by Spoofing 		CVE-2026-34457 2026-04-18 00:38 2026-04-15 Show GitHub Exploit DB Packet Storm
526 9.9 CRITICAL
Network 		- - Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the subtitle upload endpoint (POST /Videos/{itemId}/Subtitles), where the Format field … CWE-20
CWE-22
CWE-187
 Improper Input Validation 
Path Traversal
 Partial String Comparison 		CVE-2026-35031 2026-04-18 00:38 2026-04-15 Show GitHub Exploit DB Packet Storm
527 5.4 MEDIUM
Network 		- - Stored cross-site scripting vulnerability exists in GROWI v7.4.6 and earlier. If this vulnerability is exploited, an arbitrary script may be executed in a user's web browser. CWE-79
Cross-site Scripting 		CVE-2026-26291 2026-04-18 00:38 2026-04-15 Show GitHub Exploit DB Packet Storm
528 7.5 HIGH
Network 		- - Deadwood in MaraDNS 3.5.0036 allows attackers to exhaust connection slots via a zone whose authoritative nameserver address cannot be resolved. CWE-670
 Always-Incorrect Control Flow Implementation 		CVE-2026-40719 2026-04-18 00:38 2026-04-15 Show GitHub Exploit DB Packet Storm
529 7.5 HIGH
Network 		- - Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for salts. The _make_salt and _make_salt_bcrypt methods will attept to load Crypt::URandom and then Bytes::… CWE-338
 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) 		CVE-2026-5088 2026-04-18 00:38 2026-04-15 Show GitHub Exploit DB Packet Storm
530 - - - Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the LiveTV M3U tuner endpoint (POST /LiveTv/TunerHosts), where the tuner URL is not val… CWE-73
CWE-918
 External Control of File Name or Path
Server-Side Request Forgery (SSRF)  		CVE-2026-35032 2026-04-18 00:38 2026-04-15 Show GitHub Exploit DB Packet Storm