Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
216781	4.3	警告	シスコシステムズ	-	Cisco Adaptive Security Appliance ソフトウェアの Identity Firewall 機能における認証状態の変更を誘発される脆弱性	CWE-20 不適切な入力確認	CVE-2014-0653	2014-01-10 16:23	2014-01-8	Show	GitHub Exploit DB Packet Storm

216782	4.3	警告	シスコシステムズ	-	Cisco Context Directory Agent のマッピングページにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-0652	2014-01-10 16:22	2014-01-9	Show	GitHub Exploit DB Packet Storm

216783	4.9	警告	シスコシステムズ	-	Cisco Context Directory Agent の管理インターフェースにおける管理アクセス権を取得される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2014-0651	2014-01-10 16:22	2014-01-9	Show	GitHub Exploit DB Packet Storm

216784	4.3	警告	シスコシステムズ	-	Cisco NX-OS の BGP の実装におけるサービス運用妨害 (DoS) の脆弱性	CWE-20 不適切な入力確認	CVE-2013-6982	2014-01-10 16:21	2014-01-6	Show	GitHub Exploit DB Packet Storm

216785	4.3	警告	Andy's PHP Knowledgebase Project	-	Andy's PHP Knowledgebase におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-7277	2014-01-10 16:15	2013-12-24	Show	GitHub Exploit DB Packet Storm

216786	7.5	危険	Google	-	Google Picasa の Picasa3.exe における整数アンダーフローの脆弱性	CWE-119 バッファエラー	CVE-2013-5349	2014-01-10 16:14	2013-12-12	Show	GitHub Exploit DB Packet Storm

216787	7.5	危険	Google	-	Google Picasa の Picasa3.exe における整数オーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2013-5357	2014-01-10 16:13	2013-12-12	Show	GitHub Exploit DB Packet Storm

216788	7.5	危険	Google	-	Google Picasa の Picasa3.exe におけるメモリ破損を誘発される脆弱性	CWE-119 バッファエラー	CVE-2013-5358	2014-01-10 16:12	2013-12-12	Show	GitHub Exploit DB Packet Storm

216789	7.5	危険	Google	-	Google Picasa の Picasa3.exe におけるスタックベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2013-5359	2014-01-10 16:10	2013-12-12	Show	GitHub Exploit DB Packet Storm

216790	4.3	警告	Recommend to a friend Project	-	WordPress 用 Recommend to a friend プラグインの inc/raf_form.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-7276	2014-01-10 15:58	2013-12-24	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:April 20, 2026, 4:09 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
401	-		-	-	DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below contain a SQL injection vulnerability in the /de2api/datasetData/previewSql endpoint. The user-supplie… New	CWE-89 SQL Injection	CVE-2026-40900	2026-04-18 00:38	2026-04-17	Show	GitHub Exploit DB Packet Storm

402	-		-	-	mcp-framework is a framework for building Model Context Protocol (MCP) servers. In versions 0.2.21 and below, the readRequestBody() function in the HTTP transport concatenates request body chunks int… New	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2026-39313	2026-04-18 00:38	2026-04-17	Show	GitHub Exploit DB Packet Storm

403	-		-	-	free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the UDR service, the handler for deleting Traffic Influence Subscriptions checks whether the influenceI… New	CWE-285 Improper Authorization	CVE-2026-40246	2026-04-18 00:38	2026-04-17	Show	GitHub Exploit DB Packet Storm

404	-		-	-	free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for reading Traffic Influence Subscriptions checks whether the influenceId… New	CWE-285 CWE-636 Improper Authorization Not Failing Securely ('Failing Open')	CVE-2026-40247	2026-04-18 00:38	2026-04-17	Show	GitHub Exploit DB Packet Storm

405	-		-	-	DataEase is an open-source data visualization and analytics platform. Versions 2.10.20 and below ship the legacy velocity-1.7.jar, which pulls in commons-collections-3.2.1.jar containing the InvokerT… New	CWE-502 Deserialization of Untrusted Data	CVE-2026-40901	2026-04-18 00:38	2026-04-17	Show	GitHub Exploit DB Packet Storm

406	4.8	MEDIUM Network	-	-	Cryptomator is an open-source client-side encryption application for cloud storage. Version 1.19.1 contains a logic flaw in CheckHostTrustController.getAuthority() that allows an attacker to bypass t… New	CWE-305 CWE-319 Authentication Bypass by Primary Weakness Cleartext Transmission of Sensitive Information	CVE-2026-33472	2026-04-18 00:38	2026-04-17	Show	GitHub Exploit DB Packet Storm

407	4.9	MEDIUM Network	-	-	Valtimo is an open-source business process automation platform. In versions 13.0.0 through 13.21.0, the InboxHandlingService logs the full content of every incoming inbox message at INFO level. Inbox… New	CWE-532 Inclusion of Sensitive Information in Log Files	CVE-2026-34164	2026-04-18 00:38	2026-04-17	Show	GitHub Exploit DB Packet Storm

408	-		-	-	spdystream is a Go library for multiplexing streams over SPDY connections. In versions 0.5.0 and below, the SPDY/3 frame parser does not validate attacker-controlled counts and lengths before allocat… New	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2026-35469	2026-04-18 00:38	2026-04-17	Show	GitHub Exploit DB Packet Storm

409	7.5	HIGH Network	-	-	ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack bu… New	CWE-121 Stack-based Buffer Overflow	CVE-2026-40170	2026-04-18 00:38	2026-04-17	Show	GitHub Exploit DB Packet Storm

410	-		-	-	free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for creating or updating Traffic Influence Subscriptions checks whether th… New	CWE-285 CWE-636 Improper Authorization Not Failing Securely ('Failing Open')	CVE-2026-40248	2026-04-18 00:38	2026-04-17	Show	GitHub Exploit DB Packet Storm