Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
218461	9.3	危険	アップル	-	Apple iTunes などの製品で使用される WebKit における任意のコードを実行される脆弱性	CWE-399 リソース管理の問題	CVE-2013-1007	2013-10-22 18:24	2013-05-16	Show	GitHub Exploit DB Packet Storm

218462	9.3	危険	アップル	-	Apple iTunes などの製品で使用される WebKit における任意のコードを実行される脆弱性	CWE-399 リソース管理の問題	CVE-2013-1006	2013-10-22 18:17	2013-05-16	Show	GitHub Exploit DB Packet Storm

218463	9.3	危険	マイクロソフト	-	Microsoft Word における任意のコードを実行される脆弱性	CWE-119 バッファエラー	CVE-2013-3891	2013-10-22 18:07	2013-10-8	Show	GitHub Exploit DB Packet Storm

218464	9.3	危険	マイクロソフト	-	Microsoft Word および Office 互換機能パックにおける任意のコードを実行される脆弱性	CWE-119 バッファエラー	CVE-2013-3892	2013-10-22 18:07	2013-10-8	Show	GitHub Exploit DB Packet Storm

218465	9.3	危険	マイクロソフト	-	Microsoft Excel などの製品における任意のコードを実行される脆弱性	CWE-119 バッファエラー	CVE-2013-3890	2013-10-22 18:07	2013-10-8	Show	GitHub Exploit DB Packet Storm

218466	9.3	危険	マイクロソフト	-	Microsoft Excel などの製品における任意のコードを実行される脆弱性	CWE-119 バッファエラー	CVE-2013-3889	2013-10-22 18:07	2013-10-8	Show	GitHub Exploit DB Packet Storm

218467	10	危険	マイクロソフト	-	複数の Microsoft Windows 製品の Windows コモンコントロールライブラリにおける任意のコードを実行される脆弱性	CWE-399 リソース管理の問題	CVE-2013-3195	2013-10-22 18:07	2013-10-8	Show	GitHub Exploit DB Packet Storm

218468	7.8	危険	マイクロソフト	-	Microsoft .NET Framework におけるサービス運用妨害 (DoS) の脆弱性	CWE-20 不適切な入力確認	CVE-2013-3861	2013-10-22 18:06	2013-10-8	Show	GitHub Exploit DB Packet Storm

218469	9.3	危険	マイクロソフト	-	複数の Microsoft Windows 製品のカーネルモードドライバにおける任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2013-3894	2013-10-22 18:06	2013-10-8	Show	GitHub Exploit DB Packet Storm

218470	7.8	危険	マイクロソフト	-	Microsoft .NET Framework におけるサービス運用妨害 (DoS) の脆弱性	CWE-20 不適切な入力確認	CVE-2013-3860	2013-10-22 18:06	2013-10-8	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:April 25, 2026, 4:08 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
401	5.3	MEDIUM Local	-	-	OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GIT_TEMPLATE_DIR and AWS_CONFIG_FILE are not blocked in the host-env blocklist. Attackers can exploit appro… New	CWE-184 Incomplete Blacklist	CVE-2026-41332	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

402	3.7	LOW Network	-	-	OpenClaw before 2026.3.31 contains an authentication rate limiting bypass vulnerability that allows attackers to circumvent shared authentication protections using fake device tokens. Attackers can e… New	CWE-799 Improper Control of Interaction Frequency	CVE-2026-41333	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

403	6.5	MEDIUM Network	-	-	OpenClaw before 2026.3.31 contains a decompression bomb vulnerability in image processing that fails to properly enforce pixel-limit guards on sips. Attackers can exploit this by uploading oversized … New	CWE-636 Not Failing Securely ('Failing Open')	CVE-2026-41334	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

404	5.3	MEDIUM Network	-	-	OpenClaw before 2026.3.31 contains an information disclosure vulnerability in the Control Interface bootstrap JSON that exposes version and assistant agent identifiers. Attackers can extract sensitiv… New	CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere	CVE-2026-41335	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

405	7.8	HIGH Local	-	-	OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_HOOKS_DIR environment variable, enabling loading of attacker-controlled hook code. Attackers can replace trusted… New	CWE-829 Inclusion of Functionality from Untrusted Control Sphere	CVE-2026-41336	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

406	5.3	MEDIUM Network	-	-	OpenClaw before 2026.3.31 contains a callback origin mutation vulnerability in Plivo voice-call replay that allows attackers to mutate in-process callback origin before replay rejection. Attackers wi… New	CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition	CVE-2026-41337	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

407	5.0	MEDIUM Local	-	-	OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file operations that allows attackers to bypass fd-based defenses. Attackers can exploit check-then-act pattern… New	CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition	CVE-2026-41338	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

408	4.3	MEDIUM Network	-	-	OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapshots to non-admin authenticated clients. Non-admin clients can recover host-specific filesystem paths… New	CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere	CVE-2026-41339	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

409	6.5	MEDIUM Network	-	-	OpenClaw before 2026.3.31 contains an authentication boundary vulnerability where Telegram legacy allowFrom migration incorrectly fans default-account trust into all named accounts. Attackers can exp… New	CWE-372 Incomplete Internal State Distinction	CVE-2026-41340	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

410	5.4	MEDIUM Network	-	-	OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-component… New	CWE-351 Insufficient Type Distinction	CVE-2026-41341	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm