Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
223571 4.3 警告 シマンテック - Symantec Brightmail Gateway Appliance の Control Center におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2009-0063 2012-12-20 19:10 2009-04-23 Show GitHub Exploit DB Packet Storm
223572 5 警告 zxid - ZXID における証明書チェーンの検証を回避される脆弱性 CWE-287
不適切な認証 		CVE-2009-0051 2012-12-20 19:10 2009-01-7 Show GitHub Exploit DB Packet Storm
223573 6.8 警告 PunBB - PunBB におけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2008-7241 2012-12-20 19:10 2009-09-17 Show GitHub Exploit DB Packet Storm
223574 10 危険 ourproject.org - White_Dune White_Dune におけるフォーマットストリングの脆弱性 CWE-134
書式文字列の問題 		CVE-2008-7228 2012-12-20 19:10 2009-09-14 Show GitHub Exploit DB Packet Storm
223575 7.5 危険 PHPNUKE - PHP-Nuke 用の Recipes モジュールにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-7226 2012-12-20 19:10 2009-09-14 Show GitHub Exploit DB Packet Storm
223576 4.3 警告 runcms - RunCMS の system/admin.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-7222 2012-12-20 19:10 2009-09-14 Show GitHub Exploit DB Packet Storm
223577 6.8 警告 runcms - RunCMS におけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2008-7221 2012-12-20 19:10 2009-09-14 Show GitHub Exploit DB Packet Storm
223578 7.5 危険 prototypejs - Prototype JavaScript フレームワークにおける "クロスサイト ajax リクエスト" を実行される脆弱性 CWE-Other
その他 		CVE-2008-7220 2012-12-20 19:10 2009-09-13 Show GitHub Exploit DB Packet Storm
223579 4.3 警告 WordPress.org - WordPress 用の Peter's Math Anti-Spam Spinoff プラグインにおける CAPTCHA 保護を回避される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2008-7216 2012-12-20 19:10 2009-09-11 Show GitHub Exploit DB Packet Storm
223580 6.9 警告 soundblaster - Ensoniq PCI 1371 サウンドカードで使用されている CreativeLabs es1371mp.sys WDM 音声ドライバにおける SYSTEM 権限を取得される脆弱性 CWE-Other
その他 		CVE-2008-7211 2012-12-20 19:10 2009-09-11 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 20, 2026, 4:09 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1471 9.8 CRITICAL
Network 		amazon athena_odbc Insufficient authentication security controls in the browser-based authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to intercept or hijack authenticati… CWE-862
 Missing Authorization 		CVE-2026-35561 2026-04-15 01:14 2026-04-4 Show GitHub Exploit DB Packet Storm
1472 5.9 MEDIUM
Network 		amazon athena_odbc Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2.1.0.0 might allow a man-in-the-middle threat actor to intercept authentication cre… CWE-295
Improper Certificate Validation  		CVE-2026-35560 2026-04-15 01:14 2026-04-4 Show GitHub Exploit DB Packet Storm
1473 6.5 MEDIUM
Network 		amazon athena_odbc Out-of-bounds write in the query processing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to crash the driver by using specially crafted data that is processed by … CWE-787
 Out-of-bounds Write 		CVE-2026-35559 2026-04-15 01:14 2026-04-4 Show GitHub Exploit DB Packet Storm
1474 7.5 HIGH
Network 		powerdns dnsdist An attacker might be able to trigger an out-of-bounds write by sending crafted DNS responses to a DNSdist using the DNSQuestion:changeName or DNSResponse:changeName methods in custom Lua code. In som… CWE-787
 Out-of-bounds Write 		CVE-2026-27853 2026-04-15 01:12 2026-03-31 Show GitHub Exploit DB Packet Storm
1475 7.5 HIGH
Network 		powerdns dnsdist An attacker might be able to trigger a use-after-free by sending crafted DNS queries to a DNSdist using the DNSQuestion:getEDNSOptions method in custom Lua code. In some cases DNSQuestion:getEDNSOpti… CWE-416
 Use After Free 		CVE-2026-27854 2026-04-15 01:09 2026-03-31 Show GitHub Exploit DB Packet Storm
1476 7.8 HIGH
Local 		lfprojects mlflow A command injection vulnerability exists in mlflow/mlflow when serving a model with `enable_mlserver=True`. The `model_uri` is embedded directly into a shell command executed via `bash -c` without pr… CWE-78
OS Command  		CVE-2026-0596 2026-04-15 01:01 2026-04-1 Show GitHub Exploit DB Packet Storm
1477 8.8 HIGH
Network 		ajax30 bravecms Brave CMS is an open-source CMS. Prior to 2.0.6, an unrestricted file upload vulnerability exists in the CKEditor upload functionality. It is found in app/Http/Controllers/Dashboard/CkEditorControlle… CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2026-35164 2026-04-15 00:51 2026-04-7 Show GitHub Exploit DB Packet Storm
1478 8.8 HIGH
Network 		ajax30 bravecms Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/{id} l… CWE-862
 Missing Authorization 		CVE-2026-35182 2026-04-15 00:50 2026-04-7 Show GitHub Exploit DB Packet Storm
1479 5.4 MEDIUM
Network 		ajax30 bravecms Brave CMS is an open-source CMS. Prior to 2.0.6, an Insecure Direct Object Reference (IDOR) vulnerability exists in the article image deletion feature. It is located in app/Http/Controllers/Dashboard… CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2026-35183 2026-04-15 00:50 2026-04-7 Show GitHub Exploit DB Packet Storm
1480 7.8 HIGH
Local 		tokfinity infcode InfCode's terminal auto-execution module contains a critical command filtering vulnerability that renders its blacklist security mechanism completely ineffective. The predefined blocklist fails to co… CWE-78
OS Command  		CVE-2026-30309 2026-04-15 00:49 2026-04-1 Show GitHub Exploit DB Packet Storm