Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
219161	10	危険	アドビシステムズ	-	Adobe Reader および Acrobat における任意のコードを実行される脆弱性	CWE-119 バッファエラー	CVE-2013-3346	2013-09-4 11:02	2013-05-14	Show	GitHub Exploit DB Packet Storm

219162	7.5	危険	The Cacti Group	-	Cacti の snmp.php および rrd.php における任意のコマンドを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2013-1435	2013-09-4 11:01	2013-08-6	Show	GitHub Exploit DB Packet Storm

219163	7.5	危険	The Cacti Group	-	Cacti の api_poller.php および utility.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2013-1434	2013-09-4 10:54	2013-08-6	Show	GitHub Exploit DB Packet Storm

219164	7.5	危険	アップルサイバートラスト株式会社 pcre.org レッドハット	-	PCRE ライブラリにおける正規表現の取り扱いに関する任意のコードを実行される脆弱性	CWE-119 バッファエラー	CVE-2007-1659	2013-09-2 18:40	2007-11-7	Show	GitHub Exploit DB Packet Storm

219165	5	警告	株式会社ロックオン	-	EC-CUBE における Windows 環境でのディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2013-4702	2013-09-2 18:23	2013-08-30	Show	GitHub Exploit DB Packet Storm

219166	6.8	警告	Id Software	-	ID-software などの製品で使用される libdigidoc における絶対パストラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2013-5648	2013-09-2 15:33	2013-08-22	Show	GitHub Exploit DB Packet Storm

219167	5	警告	シスコシステムズ	-	Cisco IOS XR の RIP プロセスにおけるサービス運用妨害 (DoS) の脆弱性	CWE-20 不適切な入力確認	CVE-2013-3470	2013-09-2 15:23	2013-08-29	Show	GitHub Exploit DB Packet Storm

219168	4.6	警告	シスコシステムズ	-	Cisco UCS のファブリックインターコネクトデバイス上で稼働する CLI コンポーネントにおけるサービス運用妨害 (DoS) の脆弱性	CWE-399 リソース管理の問題	CVE-2013-3467	2013-09-2 14:59	2013-08-29	Show	GitHub Exploit DB Packet Storm

219169	4.3	警告	シスコシステムズ	-	Cisco Adaptive Security Appliances デバイスの protocol-inspection 機能におけるサービス運用妨害 (DoS) の脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2013-3463	2013-09-2 14:39	2013-08-30	Show	GitHub Exploit DB Packet Storm

219170	4.3	警告	シスコシステムズ	-	Cisco Identity Services Engine ソフトウェアのゲストポータルにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-5744	2013-09-2 14:14	2013-08-29	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:April 20, 2026, 4:09 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
371	6.0	MEDIUM Network	-	-	Due to improper input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is possible for an attacker with admin privileges and access to the local system to inject malicious cod… New	CWE-20 Improper Input Validation	CVE-2026-22615	2026-04-18 00:38	2026-04-16	Show	GitHub Exploit DB Packet Storm

372	6.5	MEDIUM Network	-	-	Eaton Intelligent Power Protector (IPP) software allows repeated authentication attempts against the web interface login page due to insufficient rate‑limiting controls. This security issue has been … New	CWE-307 mproper Restriction of Excessive Authentication Attempts	CVE-2026-22616	2026-04-18 00:38	2026-04-16	Show	GitHub Exploit DB Packet Storm

373	6.3	MEDIUM Network	-	-	UDP Console provided by Arcserve contains an incorrectly specified destination in a communication channel vulnerability. When a user configures an activation server hostname of the affected product t… New	CWE-941 Incorrectly Specified Destination in a Communication Channel	CVE-2026-40118	2026-04-18 00:38	2026-04-16	Show	GitHub Exploit DB Packet Storm

374	5.7	MEDIUM Network	-	-	Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a network‑based attacker to intercept the cookie and exploit it through a man‑in‑the‑middle attack. Th… New	CWE-614 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute	CVE-2026-22617	2026-04-18 00:38	2026-04-16	Show	GitHub Exploit DB Packet Storm

375	5.9	MEDIUM Network	-	-	A security misconfiguration was identified in Eaton Intelligent Power Protector (IPP), where an HTTP response header was set with an insecure attribute, potentially exposing users to web‑based attack… New	CWE-358 Improperly Implemented Security Check for Standard	CVE-2026-22618	2026-04-18 00:38	2026-04-16	Show	GitHub Exploit DB Packet Storm

376	7.8	HIGH Local	-	-	Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package. Thi… New	CWE-427 Uncontrolled Search Path Element	CVE-2026-22619	2026-04-18 00:38	2026-04-16	Show	GitHub Exploit DB Packet Storm

377	6.5	MEDIUM Network	-	-	LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where opening a crafted web page can repeatedly trigger OS-level dialogs, potentially causing the iOS devic… New	CWE-451 User Interface (UI) Misrepresentation of Critical Information	CVE-2026-3861	2026-04-18 00:38	2026-04-16	Show	GitHub Exploit DB Packet Storm

378	6.2	MEDIUM Local	-	-	In ONLYOFFICE DesktopEditors before 9.3.0, the update service allows attackers to perform actions on files with SYSTEM privileges. New	CWE-669 Incorrect Resource Transfer Between Spheres	CVE-2026-41030	2026-04-18 00:38	2026-04-16	Show	GitHub Exploit DB Packet Storm

379	5.0	MEDIUM Network	-	-	ONLYOFFICE DocumentServer before 9.3.0 has an untrusted pointer dereference in XLS processing/conversion (via pictFmla.cbBufInCtlStm and other vectors), leading to an information leak and ASLR bypass. New	CWE-125 Out-of-bounds Read	CVE-2026-41034	2026-04-18 00:38	2026-04-16	Show	GitHub Exploit DB Packet Storm

380	7.4	HIGH Network	-	-	In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free. The victim must run rsync with -X (aka --xattrs). On Linux, … New	CWE-130 Improper Handling of Length Parameter Inconsistency	CVE-2026-41035	2026-04-18 00:38	2026-04-16	Show	GitHub Exploit DB Packet Storm