Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
223361	5	警告	Piwik	-	Piwik における API 鍵を取得される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2009-1085	2012-12-20 19:10	2009-03-25	Show	GitHub Exploit DB Packet Storm

223362	6.4	警告	サン・マイクロシステムズ	-	Sun Java System IdM における脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2009-1084	2012-12-20 19:10	2009-03-19	Show	GitHub Exploit DB Packet Storm

223363	6.9	警告	PulseAudio	-	PulseAudio の core-util.c における任意のファイルのパーミッションを変更される脆弱性	CWE-59 リンク解釈の問題	CVE-2009-1299	2012-12-20 19:10	2010-03-18	Show	GitHub Exploit DB Packet Storm

223364	1.9	注意	Canonical	-	Ubuntu 上で稼動する ecryptfs-utils 73-0ubuntu におけるファイルシステムへのアクセス権を取得される脆弱性	CWE-200 情報漏えい	CVE-2009-1296	2012-12-20 19:10	2009-06-8	Show	GitHub Exploit DB Packet Storm

223365	10	危険	TIBCO Software	-	TIBCO SmartSockets、SmartSockets 製品ファミリーおよび EMS におけるスタックベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2009-1291	2012-12-20 19:10	2009-04-30	Show	GitHub Exploit DB Packet Storm

223366	7.5	危険	The phpMyAdmin Project	-	phpMyAdmin の setup/lib/ConfigFile.class.php における任意の PHP コードを設定ファイルへ挿入される脆弱性	CWE-94 コード・インジェクション	CVE-2009-1285	2012-12-20 19:10	2009-04-14	Show	GitHub Exploit DB Packet Storm

223367	5	警告	Xine	-	xine-lib の demuxers/demux_qt.c における整数オーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2009-1274	2012-12-20 19:10	2009-04-8	Show	GitHub Exploit DB Packet Storm

223368	10	危険	Wireshark	-	Wireshark における脆弱性	CWE-noinfo 情報不足	CVE-2009-1266	2012-12-20 19:10	2009-04-21	Show	GitHub Exploit DB Packet Storm

223369	4	警告	Stanislas Rolland	-	TYPO3 用の sr_feuser_register エクステンションにおけるパスワードなどの重要な情報を取得される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2009-1264	2012-12-20 19:10	2009-04-7	Show	GitHub Exploit DB Packet Storm

223370	4.3	警告	webhelpdesk	-	Web Help Desk におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-1261	2012-12-20 19:10	2009-04-7	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:April 20, 2026, 4:09 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1691	9.1	CRITICAL Network	digitalbazaar	forge	Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. Prior to version 1.4.0, `pki.verifyCertificateChain()` does not enforce RFC 5280 basicConstraint…	CWE-295 Improper Certificate Validation	CVE-2026-33896	2026-04-14 10:13	2026-03-28	Show	GitHub Exploit DB Packet Storm

1692	9.8	CRITICAL Network	openfga	openfga	OpenFGA is a high-performance and flexible authorization/permission engine built for developers and inspired by Google Zanzibar. In versions prior to 1.13.1, under specific conditions, models using c…	CWE-20 CWE-345 CWE-1289 Improper Input Validation Insufficient Verification of Data Authenticity Improper Validation of Unsafe Equivalence in Input	CVE-2026-33729	2026-04-14 10:04	2026-03-27	Show	GitHub Exploit DB Packet Storm

1693	9.8	CRITICAL Network	openfga	openfga	OpenFGA es un motor de autorización/permisos de alto rendimiento y flexible, construido para desarrolladores e inspirado en Google Zanzibar. En versiones anteriores a la 1.13.1, bajo condiciones espe…	CWE-20 CWE-345 CWE-1289 Improper Input Validation Insufficient Verification of Data Authenticity Improper Validation of Unsafe Equivalence in Input	CVE-2026-33729	2026-04-14 10:04	2026-03-27	Show	GitHub Exploit DB Packet Storm

1694	4.3	MEDIUM Network	grafana	grafana	A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the requ…	CWE-285 Improper Authorization	CVE-2026-21724	2026-04-14 10:00	2026-03-27	Show	GitHub Exploit DB Packet Storm

1695	4.3	MEDIUM Network	grafana	grafana	Se ha descubierto una vulnerabilidad en Grafana OSS donde una omisión de autorización en la API de puntos de contacto de aprovisionamiento permite a los usuarios con rol de Editor modificar URLs de w…	CWE-285 Improper Authorization	CVE-2026-21724	2026-04-14 10:00	2026-03-27	Show	GitHub Exploit DB Packet Storm

1696	7.5	HIGH Network	libjxl_project	libjxl	A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized unallocated region is copied to pixel data…	CWE-805 CWE-770 Buffer Access with Incorrect Length Value Allocation of Resources Without Limits or Throttling	CVE-2026-1837	2026-04-14 09:51	2026-02-12	Show	GitHub Exploit DB Packet Storm

1697	7.5	HIGH Network	libjxl_project	libjxl	Un archivo especialmente diseñado puede provocar que el decodificador de libjxl escriba datos de píxeles en memoria no asignada no inicializada. Poco después, datos de otra región no asignada no inic…	CWE-805 CWE-770 Buffer Access with Incorrect Length Value Allocation of Resources Without Limits or Throttling	CVE-2026-1837	2026-04-14 09:51	2026-02-12	Show	GitHub Exploit DB Packet Storm

1698	2.7	LOW Network	windmill	windmill	Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Versions 1.634.6 and below allow non-admin users to obtain Slack OAuth client secrets, whic…	CWE-200 NVD-CWE-noinfo Information Exposure	CVE-2026-26964	2026-04-14 09:50	2026-02-20	Show	GitHub Exploit DB Packet Storm

1699	2.7	LOW Network	windmill	windmill	Windmill es una plataforma de desarrollo de código abierto para código interno: APIs, trabajos en segundo plano, flujos de trabajo e interfaces de usuario. Las versiones 1.634.6 y anteriores permiten…	CWE-200 NVD-CWE-noinfo Information Exposure	CVE-2026-26964	2026-04-14 09:50	2026-02-20	Show	GitHub Exploit DB Packet Storm

1700	6.5	MEDIUM Network	lfprojects	model_context_protocol_servers	Model Context Protocol Servers is a collection of reference implementations for the model context protocol (MCP). In mcp-server-git versions prior to 2026.1.14, the git_add tool did not validate that…	CWE-22 Path Traversal	CVE-2026-27735	2026-04-14 09:44	2026-02-26	Show	GitHub Exploit DB Packet Storm