Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
224821	9.3	危険	VideoLAN	-	Windows 上で稼動する VLC Media Player の modules/demux/wav.c における整数オーバーフローの脆弱性	CWE-189 数値処理の問題	CVE-2008-2430	2012-12-20 18:52	2008-07-7	Show	GitHub Exploit DB Packet Storm

224822	6.8	警告	torrenttrader	-	TorrentTrader Classic における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-2428	2012-12-20 18:52	2008-06-18	Show	GitHub Exploit DB Packet Storm

224823	7.5	危険	webslider	-	Web Slider の index.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-2422	2012-12-20 18:52	2008-05-23	Show	GitHub Exploit DB Packet Storm

224824	4.3	警告	SAP	-	SAP WAS などの Web GUI におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-2421	2012-12-20 18:52	2008-05-23	Show	GitHub Exploit DB Packet Storm

224825	6.8	警告	stunnel	-	stunnel の OCSP 関数におけるアクセス制限を回避される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2008-2420	2012-12-20 18:52	2008-05-23	Show	GitHub Exploit DB Packet Storm

224826	6.8	警告	sazcart	-	SazCart の index.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-2411	2012-12-20 18:52	2008-05-22	Show	GitHub Exploit DB Packet Storm

224827	7.5	危険	サン・マイクロシステムズ	-	Sun Java ASP Server の管理アプリケーションサーバにおける認証を回避される脆弱性	CWE-287 不適切な認証	CVE-2008-2406	2012-12-20 18:52	2008-06-3	Show	GitHub Exploit DB Packet Storm

224828	7.5	危険	サン・マイクロシステムズ	-	Sun Java ASP Server における任意のコマンドを実行される脆弱性	CWE-20 不適切な入力確認	CVE-2008-2405	2012-12-20 18:52	2008-06-3	Show	GitHub Exploit DB Packet Storm

224829	10	危険	サン・マイクロシステムズ	-	Sun Java ASP Server のリクエスト処理実装におけるスタックベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2008-2404	2012-12-20 18:52	2008-06-3	Show	GitHub Exploit DB Packet Storm

224830	5	警告	サン・マイクロシステムズ	-	Sun Java ASP Server の Admin Server におけるパスワードハッシュを読まれる脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2008-2402	2012-12-20 18:52	2008-06-3	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:April 25, 2026, 4:08 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1361	8.8	HIGH Network	apache	airflow	An example of BashOperator in Airflow documentation suggested a way of passing dag_run.conf in the way that could cause unsanitized user input to be used to escalate privileges of UI user to allow ex…	CWE-77 Command Injection	CVE-2026-30898	2026-04-21 23:43	2026-04-18	Show	GitHub Exploit DB Packet Storm

1362	7.5	HIGH Network	apache	airflow	In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/expose_stack_traces" was set to false. That could lead to exposing additional information to potential attacker.…	CWE-668 Exposure of Resource to Wrong Sphere	CVE-2026-30912	2026-04-21 23:42	2026-04-18	Show	GitHub Exploit DB Packet Storm

1363	3.7	LOW Network	apache	airflow	Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables were retrieved by the user the secrets stored as nested fields were not masked. If you do not stor…	CWE-668 Exposure of Resource to Wrong Sphere	CVE-2026-32690	2026-04-21 23:41	2026-04-18	Show	GitHub Exploit DB Packet Storm

1364	6.6	MEDIUM Local	dell	powerscale_onefs	Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit th…	CWE-532 Inclusion of Sensitive Information in Log Files	CVE-2025-43937	2026-04-21 23:33	2026-04-17	Show	GitHub Exploit DB Packet Storm

1365	4.4	MEDIUM Local	dell	powerscale_onefs	Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release vulnerability. A high privileged attacker with local access could potentially exploit this vulnera…	CWE-404 Improper Resource Shutdown or Release	CVE-2025-43935	2026-04-21 23:32	2026-04-17	Show	GitHub Exploit DB Packet Storm

1366	9.1	CRITICAL Network	-	-	OpenViking prior to version 0.3.9 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the api_key configuration …	CWE-636 Not Failing Securely ('Failing Open')	CVE-2026-40525	2026-04-21 23:16	2026-04-18	Show	GitHub Exploit DB Packet Storm

1367	7.5	HIGH Network	free5gc	free5gc	free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the UDR service, the handler for deleting Traffic Influence Subscriptions checks whether the influenceI…	CWE-285 Improper Authorization	CVE-2026-40246	2026-04-21 22:55	2026-04-17	Show	GitHub Exploit DB Packet Storm

1368	7.5	HIGH Network	free5gc	free5gc	free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for reading Traffic Influence Subscriptions checks whether the influenceId…	CWE-285 CWE-636 Improper Authorization Not Failing Securely ('Failing Open')	CVE-2026-40247	2026-04-21 22:53	2026-04-17	Show	GitHub Exploit DB Packet Storm

1369	5.3	MEDIUM Network	free5gc	free5gc	free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the PUT handler for updating Policy Data notification subscriptions at /nudr-dr/v2/pol…	CWE-636 CWE-754 Not Failing Securely ('Failing Open') Improper Check for Unusual or Exceptional Conditions	CVE-2026-40249	2026-04-21 22:51	2026-04-17	Show	GitHub Exploit DB Packet Storm

1370	7.5	HIGH Network	apache	airflow	UI / API User with asset materialize permission could trigger dags they had no access to. Users are advised to migrate to Airflow version 3.2.0 that fixes the issue.	CWE-863 Incorrect Authorization	CVE-2026-32228	2026-04-21 21:54	2026-04-18	Show	GitHub Exploit DB Packet Storm