Vulnerability Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":April 28, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
2121	7.8	重要 Local		-	1E Ltdの1E Platformにおけるリンク解釈に関する脆弱性	CWE-59 リンク解釈の問題	CVE-2025-1683	2026-02-2 19:22	2025-03-12	Show	GitHub Exploit DB Packet Storm

2122	7.5	重要 Network	HCL Technologies Limited	HCL AION	HCL Technologies LimitedのHCL AIONにおける重要情報を含む Web ブラウザキャッシュの使用に関する脆弱性	CWE-525 重要情報を含む Web ブラウザキャッシュの使用	CVE-2025-52659	2026-02-2 19:22	2026-01-19	Show	GitHub Exploit DB Packet Storm

2123	5.3	警告 Network	HCL Technologies Limited	HCL AION	HCL Technologies LimitedのHCL AIONにおけるセッション期限に関する脆弱性	CWE-613 不適切なセッション期限	CVE-2025-52661	2026-02-2 19:22	2026-01-19	Show	GitHub Exploit DB Packet Storm

2124	5.3	警告 Network	HCL Technologies Limited	HCL AION	HCL Technologies LimitedのHCL AIONにおける保護メカニズムの不具合に関する脆弱性	CWE-693 保護メカニズムの不具合	CVE-2025-55249	2026-02-2 19:22	2026-01-19	Show	GitHub Exploit DB Packet Storm

2125	9.8	緊急 Network	ipTIME	A8004ITL Firmware A104NS Firmware N704E plus Firmware A604-V5 Firmware N602E Firmware N3-I Firmware A604 Firmware N104V Firmware A…	ipTIMEのA1004 Firmware等の複数製品におけるコードインジェクションの脆弱性	CWE-94 コード・インジェクション	CVE-2025-55423	2026-02-2 19:22	2026-01-20	Show	GitHub Exploit DB Packet Storm

2126	7.5	重要 Network	Node.js Foundation	Node.js	Node.js FoundationのNode.jsにおけるリソースの枯渇に関する脆弱性	CWE-400 リソースの枯渇	CVE-2025-59464	2026-02-2 19:22	2026-01-20	Show	GitHub Exploit DB Packet Storm

2127	7.5	重要 Network	Node.js Foundation	Node.js	Node.js FoundationのNode.jsにおけるリソースの枯渇に関する脆弱性	CWE-400 リソースの枯渇	CVE-2025-59465	2026-02-2 19:22	2026-01-20	Show	GitHub Exploit DB Packet Storm

2128	7.5	重要 Network	Node.js Foundation	Node.js	Node.js FoundationのNode.jsにおけるキャッチされない例外に関する脆弱性	CWE-248 キャッチされない例外	CVE-2025-59466	2026-02-2 19:22	2026-01-20	Show	GitHub Exploit DB Packet Storm

2129	6.1	警告 Network	Joomla!	Joomla!	Joomla!におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2025-63082	2026-02-2 19:22	2026-01-6	Show	GitHub Exploit DB Packet Storm

2130	6.1	警告 Network	Joomla!	Joomla!	Joomla!におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2025-63083	2026-02-2 19:22	2026-01-6	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:April 28, 2026, 4:09 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1	-		-	-	rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.27 to before 0.10.78, Deriver::derive (and PkeyCtxRef::derive) sets len = buf.len() and passes it as the in/out len… Update	CWE-131 CWE-787 Incorrect Calculation of Buffer Size Out-of-bounds Write	CVE-2026-41676	2026-04-28 03:57	2026-04-25	Show	GitHub Exploit DB Packet Storm

2	-		-	-	rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.0 to before 0.10.78, the *_from_pem_callback APIs did not validate the length returned by the user's callback. A pa… Update	CWE-125 CWE-1284 Out-of-bounds Read Improper Validation of Specified Quantity in Input	CVE-2026-41677	2026-04-28 03:57	2026-04-25	Show	GitHub Exploit DB Packet Storm

3	-		-	-	rust-openssl provides OpenSSL bindings for the Rust programming language. From to before 0.10.78, aes::unwrap_key() contains an incorrect assertion: it checks that out.len() + 8 <= in_.len(), but t… Update	CWE-787 Out-of-bounds Write	CVE-2026-41678	2026-04-28 03:57	2026-04-25	Show	GitHub Exploit DB Packet Storm

4	-		-	-	Marked is a markdown parser and compiler. From 18.0.0 to 18.0.1, a critical Denial of Service (DoS) vulnerability exists in marked. By providing a specific 3-byte input sequence a tab, a vertical tab… Update	CWE-400 CWE-674 CWE-835 Uncontrolled Resource Consumption Uncontrolled Recursion Loop with Unreachable Exit Condition ('Infinite Loop')	CVE-2026-41680	2026-04-28 03:57	2026-04-25	Show	GitHub Exploit DB Packet Storm

5	-		-	-	rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.10.39 to before 0.10.78, EVP_DigestFinal() always writes EVP_MD_CTX_size(ctx) to the out buffer. If out is smaller th… Update	CWE-121 Stack-based Buffer Overflow	CVE-2026-41681	2026-04-28 03:57	2026-04-25	Show	GitHub Exploit DB Packet Storm

6	-		-	-	rust-openssl provides OpenSSL bindings for the Rust programming language. From 0.9.24 to before 0.10.78, the FFI trampolines behind SslContextBuilder::set_psk_client_callback, set_psk_server_callbac… Update	CWE-126 CWE-130 Buffer Over-read Improper Handling of Length Parameter Inconsistency	CVE-2026-41898	2026-04-28 03:57	2026-04-25	Show	GitHub Exploit DB Packet Storm

7	7.4	HIGH Network	-	-	Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when Object.prototype has been polluted by any co-dependency with keys that axios reads without a hasOwnP… Update	CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	CVE-2026-42033	2026-04-28 03:57	2026-04-25	Show	GitHub Exploit DB Packet Storm

8	5.3	MEDIUM Network	-	-	Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, for stream request bodies, maxBodyLength is bypassed when maxRedirects is set to 0 (native http/https tra… Update	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2026-42034	2026-04-28 03:57	2026-04-25	Show	GitHub Exploit DB Packet Storm

9	5.3	MEDIUM Network	-	-	Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when responseType: 'stream' is used, Axios returns the response stream without enforcing maxContentLength… Update	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2026-42036	2026-04-28 03:57	2026-04-25	Show	GitHub Exploit DB Packet Storm

10	6.8	MEDIUM Network	-	-	Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, he fix for no_proxy hostname normalization bypass is incomplete. When no_proxy=localhost is set, requests… Update	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-42038	2026-04-28 03:57	2026-04-25	Show	GitHub Exploit DB Packet Storm

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed