Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
224881 7.5 危険 wordnet - Wordnet の searchwn におけるスタックベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2008-2149 2012-12-20 18:52 2008-05-12 Show GitHub Exploit DB Packet Storm
224882 4.6 警告 VideoLAN - VideoLAN VLC における任意のコードを実行される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2008-2147 2012-12-20 18:52 2008-05-12 Show GitHub Exploit DB Packet Storm
224883 7.5 危険 WordPress.org - Wordpress の wp-includes/vars.php における特定のページに対するアクセス制限を回避される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2008-2146 2012-12-20 18:52 2008-05-12 Show GitHub Exploit DB Packet Storm
224884 2.6 注意 rPath, Inc - rPath Appliance Platform Agent の rootpw プラグインにおけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2008-2140 2012-12-20 18:52 2008-04-25 Show GitHub Exploit DB Packet Storm
224885 6.5 警告 rPath, Inc - rPath Appliance Platform Agent の rootpw プラグインにおける権限を取得される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2008-2139 2012-12-20 18:52 2008-04-25 Show GitHub Exploit DB Packet Storm
224886 7.5 危険 visualshapers - VisualShapers ezContents における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-2135 2012-12-20 18:52 2008-05-9 Show GitHub Exploit DB Packet Storm
224887 6.8 警告 tru-zone - Tru-Zone Nuke ET の Journal モジュールにおける任意のユーザアカウントへのアクセス権を取得される脆弱性 CWE-20
不適切な入力確認 		CVE-2008-2134 2012-12-20 18:52 2008-05-9 Show GitHub Exploit DB Packet Storm
224888 4.3 警告 tru-zone - Tru-Zone Nuke ET の Journal モジュールにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-2133 2012-12-20 18:52 2008-05-9 Show GitHub Exploit DB Packet Storm
224889 7.5 危険 systementor - Systementor PostcardMentor の step1.asp における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-2132 2012-12-20 18:52 2008-05-9 Show GitHub Exploit DB Packet Storm
224890 4.3 警告 tux cms - Tux CMS におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-2126 2012-12-20 18:52 2008-05-9 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 26, 2026, 4:08 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1391 - - - The method "sock_recvfrom_into()" of "asyncio.ProacterEventLoop" (Windows only) was missing a boundary check for the data buffer when using nbytes parameter. This allowed for an out-of-bounds buffer … CWE-787
 Out-of-bounds Write 		CVE-2026-3298 2026-04-22 06:16 2026-04-22 Show GitHub Exploit DB Packet Storm
1392 3.1 LOW
Network 		- - OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, `ExtractPluginFromImage()` in OpenBao's OCI plugin downloader extracts a plugin binary from a container ima… CWE-400
CWE-674
CWE-770
 Uncontrolled Resource Consumption
 Uncontrolled Recursion
 Allocation of Resources Without Limits or Throttling 		CVE-2026-39396 2026-04-22 05:16 2026-04-21 Show GitHub Exploit DB Packet Storm
1393 8.8 HIGH
Network 		- - In OpenXiangShan NEMU, when Smstateen is enabled, clearing mstateen0.ENVCFG does not correctly restrict access to henvcfg and senvcfg. As a result, less-privileged code may read or write these CSRs w… CWE-269
 Improper Privilege Management 		CVE-2026-29648 2026-04-22 05:16 2026-04-21 Show GitHub Exploit DB Packet Storm
1394 6.5 MEDIUM
Network 		- - In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state via stopei/vstopei CSRs even when mstateen0.IMSIC is cleared, potentially enabl… CWE-269
 Improper Privilege Management 		CVE-2026-29647 2026-04-22 05:16 2026-04-21 Show GitHub Exploit DB Packet Storm
1395 9.8 CRITICAL
Network 		- - In OpenXiangShan NEMU prior to 55295c4, when running with RVH (Hypervisor extension) enabled, a VS-mode guest write to the supervisor interrupt-enable CSR (sie) may be handled incorrectly and can inf… CWE-267
 Privilege Defined With Unsafe Actions 		CVE-2026-29646 2026-04-22 05:16 2026-04-21 Show GitHub Exploit DB Packet Storm
1396 7.1 HIGH
Local 		- - XiangShan (Open-source high-performance RISC-V processor) commit edb1dfaf7d290ae99724594507dc46c2c2125384 (2024-11-28) contains an improper exceptional-condition handling flaw in its CSR subsystem (N… CWE-703
 Improper Check or Handling of Exceptional Conditions 		CVE-2026-29643 2026-04-22 05:16 2026-04-21 Show GitHub Exploit DB Packet Storm
1397 7.8 HIGH
Local 		- - A local attacker who can execute privileged CSR operations (or can induce firmware to do so) performs carefully crafted reads/writes to menvcfg (e.g., csrrs in M-mode). On affected XiangShan versions… CWE-1244
 Internal Asset Exposed to Unsafe Debug Access Level or State 		CVE-2026-29642 2026-04-22 05:16 2026-04-21 Show GitHub Exploit DB Packet Storm
1398 5.3 MEDIUM
Local 		- - XiangShan (open-source high-performance RISC-V processor) commit edb1dfaf7d290ae99724594507dc46c2c2125384 (2024-11-28) has improper gating of its distributed CSR write-enable path, allowing illegal C… CWE-284
Improper Access Control 		CVE-2026-29644 2026-04-22 03:16 2026-04-22 Show GitHub Exploit DB Packet Storm
1399 4.5 MEDIUM
Network 		- - A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource consumption leading to a DoS against the webserver. will be killed by the systemThis issue affects OTRS… CWE-400
CWE-770
 Uncontrolled Resource Consumption
 Allocation of Resources Without Limits or Throttling 		CVE-2026-6060 2026-04-22 01:20 2026-04-21 Show GitHub Exploit DB Packet Storm
1400 4.7 MEDIUM
Local 		- - Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python before version 3.3.1 and before version 4.0.5 might allow an authenticated local threat actor to bypass… CWE-757
Algorithm Downgrade 		CVE-2026-6550 2026-04-22 01:20 2026-04-21 Show GitHub Exploit DB Packet Storm