Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
209671 5.4 警告 independent - Android 用 i Newspaper アプリケーションにおけるサーバになりすまされる脆弱性 CWE-310
暗号の問題 		CVE-2014-7085 2014-12-17 09:57 2014-09-3 Show GitHub Exploit DB Packet Storm
209672 5.4 警告 ireadercity - Android 用 Hesheng 80 アプリケーションにおけるサーバになりすまされる脆弱性 CWE-310
暗号の問題 		CVE-2014-7084 2014-12-17 09:57 2014-09-3 Show GitHub Exploit DB Packet Storm
209673 5.4 警告 jiujik - Android 用 Jiu Jik アプリケーションにおけるサーバになりすまされる脆弱性 CWE-310
暗号の問題 		CVE-2014-7083 2014-12-17 09:57 2014-09-3 Show GitHub Exploit DB Packet Storm
209674 5.4 警告 imapp - Android 用 No Disturb アプリケーションにおけるサーバになりすまされる脆弱性 CWE-310
暗号の問題 		CVE-2014-7082 2014-12-17 09:57 2014-09-3 Show GitHub Exploit DB Packet Storm
209675 5.4 警告 sigong ebook project - Android 用 Sigong ebook アプリケーションにおけるサーバになりすまされる脆弱性 CWE-310
暗号の問題 		CVE-2014-7080 2014-12-17 09:57 2014-09-3 Show GitHub Exploit DB Packet Storm
209676 5.4 警告 cybird - Android 用 Romeo and Juliet アプリケーションにおけるサーバになりすまされる脆弱性 CWE-310
暗号の問題 		CVE-2014-7079 2014-12-17 09:57 2014-09-3 Show GitHub Exploit DB Packet Storm
209677 5.4 警告 payoneer sign up project - Android 用 Payoneer Sign Up アプリケーションにおけるサーバになりすまされる脆弱性 CWE-310
暗号の問題 		CVE-2014-7078 2014-12-17 09:57 2014-09-3 Show GitHub Exploit DB Packet Storm
209678 5.4 警告 gcefcu - Android 用 Gulf Coast Educators FCU アプリケーションにおけるサーバになりすまされる脆弱性 CWE-310
暗号の問題 		CVE-2014-7077 2014-12-17 09:57 2014-09-3 Show GitHub Exploit DB Packet Storm
209679 5.4 警告 Magzter Inc. - Android 用 Sanctuary Asia アプリケーションにおけるサーバになりすまされる脆弱性 CWE-310
暗号の問題 		CVE-2014-7076 2014-12-17 09:57 2014-09-3 Show GitHub Exploit DB Packet Storm
209680 5.4 警告 happycloud - Android 用 HAPPY アプリケーションにおけるサーバになりすまされる脆弱性 CWE-310
暗号の問題 		CVE-2014-7075 2014-12-17 09:57 2014-09-3 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 20, 2026, 4:09 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
301 9.9 CRITICAL
Network 		- - Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the subtitle upload endpoint (POST /Videos/{itemId}/Subtitles), where the Format field … Update CWE-20
CWE-22
CWE-187
 Improper Input Validation 
Path Traversal
 Partial String Comparison 		CVE-2026-35031 2026-04-18 00:38 2026-04-15 Show GitHub Exploit DB Packet Storm
302 - - - Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the LiveTV M3U tuner endpoint (POST /LiveTv/TunerHosts), where the tuner URL is not val… Update CWE-73
CWE-918
 External Control of File Name or Path
Server-Side Request Forgery (SSRF)  		CVE-2026-35032 2026-04-18 00:38 2026-04-15 Show GitHub Exploit DB Packet Storm
303 - - - Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain an unauthenticated arbitrary file read vulnerability via ffmpeg argument injection through the StreamOptions que… Update CWE-88
CWE-862
Argument Injection
 Missing Authorization 		CVE-2026-35033 2026-04-18 00:38 2026-04-15 Show GitHub Exploit DB Packet Storm
304 - - - radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars() function that allows attackers to execute arbitrary commands by embedding a newline byte in… Update CWE-78
OS Command  		CVE-2026-40499 2026-04-18 00:38 2026-04-15 Show GitHub Exploit DB Packet Storm
305 - - - Improper input validation, Improper verification of cryptographic signature vulnerability in XQUIC Project XQUIC xquic on Linux (QUIC protocol implementation, packet processing module, STREAM frame h… Update CWE-20
CWE-347
 Improper Input Validation 
 Improper Verification of Cryptographic Signature 		CVE-2026-6328 2026-04-18 00:38 2026-04-15 Show GitHub Exploit DB Packet Storm
306 5.4 MEDIUM
Network 		- - Stored cross-site scripting vulnerability exists in GROWI v7.4.6 and earlier. If this vulnerability is exploited, an arbitrary script may be executed in a user's web browser. Update CWE-79
Cross-site Scripting 		CVE-2026-26291 2026-04-18 00:38 2026-04-15 Show GitHub Exploit DB Packet Storm
307 7.5 HIGH
Network 		- - Deadwood in MaraDNS 3.5.0036 allows attackers to exhaust connection slots via a zone whose authoritative nameserver address cannot be resolved. Update CWE-670
 Always-Incorrect Control Flow Implementation 		CVE-2026-40719 2026-04-18 00:38 2026-04-15 Show GitHub Exploit DB Packet Storm
308 7.5 HIGH
Network 		- - Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for salts. The _make_salt and _make_salt_bcrypt methods will attept to load Crypt::URandom and then Bytes::… Update CWE-338
 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) 		CVE-2026-5088 2026-04-18 00:38 2026-04-15 Show GitHub Exploit DB Packet Storm
309 8.0 HIGH
Network 		- - nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking (CSWSH) vulnerability exists in the bridge's WebSocket server in bridge/src/server.ts, resulting f… Update CWE-1385
 Missing Origin Validation in WebSockets 		CVE-2026-35589 2026-04-18 00:38 2026-04-15 Show GitHub Exploit DB Packet Storm
310 7.2 HIGH
Network 		- - BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are vulnerable to a critical Local File Inclusion (LFI) … Update CWE-98
 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') 		CVE-2026-39387 2026-04-18 00:38 2026-04-15 Show GitHub Exploit DB Packet Storm