Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
216781 4.3 警告 シスコシステムズ - Cisco Adaptive Security Appliance ソフトウェアの Identity Firewall 機能における認証状態の変更を誘発される脆弱性 CWE-20
不適切な入力確認 		CVE-2014-0653 2014-01-10 16:23 2014-01-8 Show GitHub Exploit DB Packet Storm
216782 4.3 警告 シスコシステムズ - Cisco Context Directory Agent のマッピングページにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2014-0652 2014-01-10 16:22 2014-01-9 Show GitHub Exploit DB Packet Storm
216783 4.9 警告 シスコシステムズ - Cisco Context Directory Agent の管理インターフェースにおける管理アクセス権を取得される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2014-0651 2014-01-10 16:22 2014-01-9 Show GitHub Exploit DB Packet Storm
216784 4.3 警告 シスコシステムズ - Cisco NX-OS の BGP の実装におけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認 		CVE-2013-6982 2014-01-10 16:21 2014-01-6 Show GitHub Exploit DB Packet Storm
216785 4.3 警告 Andy's PHP Knowledgebase Project - Andy's PHP Knowledgebase におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2013-7277 2014-01-10 16:15 2013-12-24 Show GitHub Exploit DB Packet Storm
216786 7.5 危険 Google - Google Picasa の Picasa3.exe における整数アンダーフローの脆弱性 CWE-119
バッファエラー 		CVE-2013-5349 2014-01-10 16:14 2013-12-12 Show GitHub Exploit DB Packet Storm
216787 7.5 危険 Google - Google Picasa の Picasa3.exe における整数オーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2013-5357 2014-01-10 16:13 2013-12-12 Show GitHub Exploit DB Packet Storm
216788 7.5 危険 Google - Google Picasa の Picasa3.exe におけるメモリ破損を誘発される脆弱性 CWE-119
バッファエラー 		CVE-2013-5358 2014-01-10 16:12 2013-12-12 Show GitHub Exploit DB Packet Storm
216789 7.5 危険 Google - Google Picasa の Picasa3.exe におけるスタックベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2013-5359 2014-01-10 16:10 2013-12-12 Show GitHub Exploit DB Packet Storm
216790 4.3 警告 Recommend to a friend Project - WordPress 用 Recommend to a friend プラグインの inc/raf_form.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2013-7276 2014-01-10 15:58 2013-12-24 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 21, 2026, 4:10 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
521 - - - Improper input validation, Improper verification of cryptographic signature vulnerability in XQUIC Project XQUIC xquic on Linux (QUIC protocol implementation, packet processing module, STREAM frame h… CWE-20
CWE-347
 Improper Input Validation 
 Improper Verification of Cryptographic Signature 		CVE-2026-6328 2026-04-18 00:38 2026-04-15 Show GitHub Exploit DB Packet Storm
522 7.8 HIGH
Local 		- - libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. In versions 1.8.7 and prior, when built with the --with-gdk-pixbuf2 option, a use-after-free vulnerability exists in loa… CWE-416
 Use After Free 		CVE-2026-33023 2026-04-18 00:38 2026-04-15 Show GitHub Exploit DB Packet Storm
523 - - - Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in pkg/machine/hyperv/stubber.go, where the… CWE-78
OS Command  		CVE-2026-33414 2026-04-18 00:38 2026-04-15 Show GitHub Exploit DB Packet Storm
524 3.5 LOW
Physics 		- - OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. A regression introduced in 7.11.0 prevents OAuth2 Proxy from clearing the session cookie when rendering the sign-i… CWE-384
CWE-613
 Session Fixation
 Insufficient Session Expiration 		CVE-2026-34454 2026-04-18 00:38 2026-04-15 Show GitHub Exploit DB Packet Storm
525 9.1 CRITICAL
Network 		- - OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Versions prior to 7.15.2 contain a configuration-dependent authentication bypass in deployments where OAuth2 Proxy… CWE-290
 Authentication Bypass by Spoofing 		CVE-2026-34457 2026-04-18 00:38 2026-04-15 Show GitHub Exploit DB Packet Storm
526 9.9 CRITICAL
Network 		- - Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the subtitle upload endpoint (POST /Videos/{itemId}/Subtitles), where the Format field … CWE-20
CWE-22
CWE-187
 Improper Input Validation 
Path Traversal
 Partial String Comparison 		CVE-2026-35031 2026-04-18 00:38 2026-04-15 Show GitHub Exploit DB Packet Storm
527 5.4 MEDIUM
Network 		- - Stored cross-site scripting vulnerability exists in GROWI v7.4.6 and earlier. If this vulnerability is exploited, an arbitrary script may be executed in a user's web browser. CWE-79
Cross-site Scripting 		CVE-2026-26291 2026-04-18 00:38 2026-04-15 Show GitHub Exploit DB Packet Storm
528 7.5 HIGH
Network 		- - Deadwood in MaraDNS 3.5.0036 allows attackers to exhaust connection slots via a zone whose authoritative nameserver address cannot be resolved. CWE-670
 Always-Incorrect Control Flow Implementation 		CVE-2026-40719 2026-04-18 00:38 2026-04-15 Show GitHub Exploit DB Packet Storm
529 7.5 HIGH
Network 		- - Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for salts. The _make_salt and _make_salt_bcrypt methods will attept to load Crypt::URandom and then Bytes::… CWE-338
 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) 		CVE-2026-5088 2026-04-18 00:38 2026-04-15 Show GitHub Exploit DB Packet Storm
530 - - - Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the LiveTV M3U tuner endpoint (POST /LiveTv/TunerHosts), where the tuner URL is not val… CWE-73
CWE-918
 External Control of File Name or Path
Server-Side Request Forgery (SSRF)  		CVE-2026-35032 2026-04-18 00:38 2026-04-15 Show GitHub Exploit DB Packet Storm