Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
223121 5 警告 リアルネットワークス - RealNetworks Helix Server などにおけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認 		CVE-2009-2534 2012-12-20 19:10 2009-07-14 Show GitHub Exploit DB Packet Storm
223122 5 警告 リアルネットワークス - RealNetworks Helix Server などの rmserver におけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認 		CVE-2009-2533 2012-12-20 19:10 2009-07-14 Show GitHub Exploit DB Packet Storm
223123 4.4 警告 サン・マイクロシステムズ - SRSS の utaudiod デーモンにおける任意のユーザのセッションへアクセスされる脆弱性 CWE-noinfo
情報不足 		CVE-2009-2491 2012-12-20 19:10 2009-07-14 Show GitHub Exploit DB Packet Storm
223124 1.9 注意 サン・マイクロシステムズ - SRSS の utaudiod デーモンにおけるサービス運用妨害 (DoS) の脆弱性 CWE-noinfo
情報不足 		CVE-2009-2490 2012-12-20 19:10 2009-07-14 Show GitHub Exploit DB Packet Storm
223125 2.1 注意 サン・マイクロシステムズ - SRSS の utdmsession プログラムにおける任意のユーザのセッションへアクセスされる脆弱性 CWE-noinfo
情報不足 		CVE-2009-2489 2012-12-20 19:10 2009-07-14 Show GitHub Exploit DB Packet Storm
223126 9.3 危険 tingan - HT-MP3Player におけるスタックベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2009-2485 2012-12-20 19:10 2009-07-16 Show GitHub Exploit DB Packet Storm
223127 9.3 危険 VideoLAN - VideoLAN VLC Media Player の modules/access/smb.c におけるスタックベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2009-2484 2012-12-20 19:10 2009-07-16 Show GitHub Exploit DB Packet Storm
223128 5.4 警告 サン・マイクロシステムズ - Sun Fire V215 サーバにおけるサービス運用妨害 (DoS) の脆弱性 CWE-noinfo
情報不足 		CVE-2009-2458 2012-12-20 19:10 2009-07-13 Show GitHub Exploit DB Packet Storm
223129 7.2 危険 tallemu - Tall Emu Online Armor Personal Firewall AV+ などの OAmon.sys kernel driver における権限を取得される脆弱性 CWE-119
バッファエラー 		CVE-2009-2450 2012-12-20 19:10 2009-07-13 Show GitHub Exploit DB Packet Storm
223130 5 警告 siteframe - Siteframe における設定情報を取得される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2009-2443 2012-12-20 19:10 2009-07-13 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 24, 2026, 4 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1421 9.1 CRITICAL
Network 		orthanc-server orthanc An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`. The lookup-table decoding logic used for `PALETTE COLOR` images does not validate pixel … CWE-125
Out-of-bounds Read 		CVE-2026-5445 2026-04-15 05:10 2026-04-10 Show GitHub Exploit DB Packet Storm
1422 7.8 HIGH
Local 		hdfgroup hdf5 HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the h5dump helper utility. An attacker who can supply a malicious h5 file can trigger a heap use-after-… CWE-416
 Use After Free 		CVE-2026-34734 2026-04-15 05:09 2026-04-10 Show GitHub Exploit DB Packet Storm
1423 8.2 HIGH
Network 		gitroom postiz Postiz is an AI social media scheduling tool. Prior to 2.21.5, the /api/public/stream endpoint is vulnerable to SSRF. Although the application validates the initially supplied URL and blocks direct p… CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-40168 2026-04-15 05:09 2026-04-11 Show GitHub Exploit DB Packet Storm
1424 9.8 CRITICAL
Network 		goshs goshs goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.4, goshs enforces the documented per-folder .goshs ACL/basic-auth mechanism for directory listings and file reads, but it does not enfor… CWE-862
 Missing Authorization 		CVE-2026-40189 2026-04-15 05:08 2026-04-11 Show GitHub Exploit DB Packet Storm
1425 7.5 HIGH
Network 		softether softethervpn SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. In 5.2.5188 and earlier, a pre-authentication denial-of-service vulnerability exists in SoftEther VPN Developer Edition 5.2… CWE-789
 Memory Allocation with Excessive Size Value 		CVE-2026-39312 2026-04-15 05:08 2026-04-8 Show GitHub Exploit DB Packet Storm
1426 9.1 CRITICAL
Network 		docker model_runner Docker Model Runner (DMR) is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exc… CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-33990 2026-04-15 05:08 2026-04-2 Show GitHub Exploit DB Packet Storm
1427 9.8 CRITICAL
Network 		xwiki xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script… CWE-862
 Missing Authorization 		CVE-2026-33229 2026-04-15 05:08 2026-04-9 Show GitHub Exploit DB Packet Storm
1428 8.6 HIGH
Network 		patrickjuchli basic-ftp basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences (\r\n) in file path parameters passed to high-level path APIs such as cd(), remove(),… CWE-93
CRLF Injection 		CVE-2026-39983 2026-04-15 05:07 2026-04-10 Show GitHub Exploit DB Packet Storm
1429 6.1 MEDIUM
Network 		unjs unhead Unhead is a document head and template manager. Prior to 2.1.13, useHeadSafe() is the composable that Nuxt's own documentation explicitly recommends for rendering user-supplied content in <head> safe… CWE-184
 Incomplete Blacklist 		CVE-2026-39315 2026-04-15 05:07 2026-04-10 Show GitHub Exploit DB Packet Storm
1430 7.5 HIGH
Network 		apache tomcat Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0-M1 through … CWE-444
HTTP Request Smuggling 		CVE-2026-24880 2026-04-15 05:02 2026-04-10 Show GitHub Exploit DB Packet Storm