Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
209561	5.4	警告	buronya	-	Android 用 Dil Bilgisi Kurallari アプリケーションにおけるサーバになりすまされる脆弱性	CWE-310 暗号の問題	CVE-2014-7398	2014-12-17 09:57	2014-09-3	Show	GitHub Exploit DB Packet Storm

209562	5.4	警告	byfes	-	Android 用 ileri Gazetesi - Yozgat アプリケーションにおけるサーバになりすまされる脆弱性	CWE-310 暗号の問題	CVE-2014-7397	2014-12-17 09:57	2014-09-3	Show	GitHub Exploit DB Packet Storm

209563	5.4	警告	pocketknife bravo super project	-	Android 用 PocketKnife Bravo Super アプリケーションにおけるサーバになりすまされる脆弱性	CWE-310 暗号の問題	CVE-2014-7396	2014-12-17 09:57	2014-09-3	Show	GitHub Exploit DB Packet Storm

209564	5.4	警告	usfbcm	-	Android 用 USF BCM アプリケーションにおけるサーバになりすまされる脆弱性	CWE-310 暗号の問題	CVE-2014-7395	2014-12-17 09:57	2014-09-3	Show	GitHub Exploit DB Packet Storm

209565	5.4	警告	alaaliwat	-	Android 用 www.alaaliwat.com アプリケーションにおけるサーバになりすまされる脆弱性	CWE-310 暗号の問題	CVE-2014-7394	2014-12-17 09:57	2014-09-3	Show	GitHub Exploit DB Packet Storm

209566	5.4	警告	mbtcreations	-	Android 用 100 Beauty Tips アプリケーションにおけるサーバになりすまされる脆弱性	CWE-310 暗号の問題	CVE-2014-7393	2014-12-17 09:57	2014-09-3	Show	GitHub Exploit DB Packet Storm

209567	5.4	警告	avto-russia	-	Android 用 Russian Federation Traffic Rules アプリケーションにおけるサーバになりすまされる脆弱性	CWE-310 暗号の問題	CVE-2014-7392	2014-12-17 09:57	2014-09-3	Show	GitHub Exploit DB Packet Storm

209568	5.4	警告	pintsized	-	Android 用 Synx addictive puzzle game アプリケーションにおけるサーバになりすまされる脆弱性	CWE-310 暗号の問題	CVE-2014-7391	2014-12-17 09:57	2014-09-3	Show	GitHub Exploit DB Packet Storm

209569	5.4	警告	tabtale	-	Android 用 Enchanted Fashion Crush アプリケーションにおけるサーバになりすまされる脆弱性	CWE-310 暗号の問題	CVE-2014-7390	2014-12-17 09:57	2014-09-3	Show	GitHub Exploit DB Packet Storm

209570	5.4	警告	nobexrc	-	Android 用 Amnesia Groove アプリケーションにおけるサーバになりすまされる脆弱性	CWE-310 暗号の問題	CVE-2014-7389	2014-12-17 09:57	2014-09-3	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:April 22, 2026, 4 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
321	7.5	HIGH Network	-	-	The Easy Appointments plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.12.21 via the `/wp-json/wp/v2/eablocks/ea_appointments/` REST API en…	CWE-200 Information Exposure	CVE-2026-2262	2026-04-18 09:16	2026-04-18	Show	GitHub Exploit DB Packet Storm

322	-		-	-	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.	-	CVE-2026-5250	2026-04-18 08:16	2026-04-18	Show	GitHub Exploit DB Packet Storm

323	4.3	MEDIUM Network	-	-	Kimai is an open-source time tracking application. In versions 2.52.0 and below, the User Preferences API endpoint (PATCH /api/users/{id}/preferences) applies submitted preference values without chec…	CWE-915 Improperly Controlled Modification of Dynamically-Determined Object Attributes	CVE-2026-40486	2026-04-18 08:16	2026-04-18	Show	GitHub Exploit DB Packet Storm

324	-		-	-	monetr is a budgeting application for recurring expenses. In versions 1.12.3 and below, the public Stripe webhook endpoint buffers the entire request body into memory before validating the Stripe sig…	CWE-400 Uncontrolled Resource Consumption	CVE-2026-40481	2026-04-18 08:16	2026-04-18	Show	GitHub Exploit DB Packet Storm

325	5.4	MEDIUM Network	-	-	Kimai is an open-source time tracking application. In versions 1.16.3 through 2.52.0, the escapeForHtml() function in KimaiEscape.js does not escape double quote or single quote characters. When a us…	CWE-79 Cross-site Scripting	CVE-2026-40479	2026-04-18 08:16	2026-04-18	Show	GitHub Exploit DB Packet Storm

326	6.4	MEDIUM Network	-	-	The Pz-LinkCard plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blogcard' shortcode attributes in all versions up to, and including, 2.5.8.1 due to insufficient input sanit…	CWE-79 Cross-site Scripting	CVE-2026-2434	2026-04-18 08:16	2026-04-18	Show	GitHub Exploit DB Packet Storm

327	9.0	CRITICAL Network	-	-	Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the the expression execution mechanism…	CWE-917 CWE-1336 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') Improper Neutralization of Special Elements Used in a Template Engine	CVE-2026-40478	2026-04-18 07:16	2026-04-18	Show	GitHub Exploit DB Packet Storm

328	9.0	CRITICAL Network	-	-	Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the expression execution mechanisms. A…	CWE-917 CWE-1336 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') Improper Neutralization of Special Elements Used in a Template Engine	CVE-2026-40477	2026-04-18 07:16	2026-04-18	Show	GitHub Exploit DB Packet Storm

329	-		-	-	graphql-go is a Go implementation of GraphQL. In versions 15.31.4 and below, the OverlappingFieldsCanBeMerged validation rule performs O(n²) pairwise comparisons of fields sharing the same response n…	CWE-407 Inefficient Algorithmic Complexity	CVE-2026-40476	2026-04-18 07:16	2026-04-18	Show	GitHub Exploit DB Packet Storm

330	7.6	HIGH Network	-	-	wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the GymConfigUpdateView declares permission_required = 'config.change_gymconfig' but inherits WgerFormMixin instead…	CWE-284 CWE-862 Improper Access Control Missing Authorization	CVE-2026-40474	2026-04-18 07:16	2026-04-18	Show	GitHub Exploit DB Packet Storm