Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
238531 7.5 危険 bluevirus-design - SMA-DB の format.php における PHP リモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2009-1450 2012-06-26 16:10 2009-04-28 Show GitHub Exploit DB Packet Storm
238532 9.3 危険 coolplayer - PortableApps CoolPlayer Portable におけるスタックベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2009-1449 2012-06-26 16:10 2009-04-27 Show GitHub Exploit DB Packet Storm
238533 6.8 警告 e-cart - e-cart.biz Free Shopping Cart の admin/editor/image.php における任意のコードを実行される脆弱性 CWE-Other
その他 		CVE-2009-1447 2012-06-26 16:10 2009-04-27 Show GitHub Exploit DB Packet Storm
238534 6.5 警告 elkagroup - Elkagroup Image Gallery の upload.php における任意のコードを実行される脆弱性 CWE-20
不適切な入力確認 		CVE-2009-1446 2012-06-26 16:10 2009-04-27 Show GitHub Exploit DB Packet Storm
238535 6.8 警告 amule - amule の DownloadListCtrl.cpp における 引数インジェクション攻撃を実行される脆弱性 CWE-Other
その他 		CVE-2009-1440 2012-06-26 16:10 2009-04-27 Show GitHub Exploit DB Packet Storm
238536 9.3 危険 coolplayer - PortableApps CoolPlayer Portable におけるスタックベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2009-1437 2012-06-26 16:10 2009-04-27 Show GitHub Exploit DB Packet Storm
238537 4.9 警告 FreeBSD - FreeBSD の libc の db インターフェースにおける重要な情報を取得される脆弱性 CWE-20
不適切な入力確認 		CVE-2009-1436 2012-06-26 16:10 2009-04-22 Show GitHub Exploit DB Packet Storm
238538 6.8 警告 Foswiki - Foswiki におけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2009-1434 2012-06-26 16:10 2009-04-30 Show GitHub Exploit DB Packet Storm
238539 5 警告 GNU Project - GnuTLS の gnutls-cli における有効化前の証明書を承認される脆弱性 CWE-310
暗号の問題 		CVE-2009-1417 2012-06-26 16:10 2009-04-30 Show GitHub Exploit DB Packet Storm
238540 7.5 危険 GNU Project - GnuTLS の libgnutls の lib/gnutls_pk.c における証明書上の署名を偽装される脆弱性 CWE-310
暗号の問題 		CVE-2009-1416 2012-06-26 16:10 2009-04-20 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 25, 2026, 4:08 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
201 9.6 CRITICAL
Network 		nimiq nimiq_proof-of-stake nimiq-block contains block primitives to be used in Nimiq's Rust implementation. `SkipBlockProof::verify` computes its quorum check using `BitSet.len()`, then iterates `BitSet` indices and casts each… New CWE-20
CWE-190
CWE-345
CWE-1284
 Improper Input Validation 
 Integer Overflow or Wraparound
 Insufficient Verification of Data Authenticity
 Improper Validation of Specified Quantity in Input 		CVE-2026-33471 2026-04-25 02:11 2026-04-23 Show GitHub Exploit DB Packet Storm
202 6.8 MEDIUM
Network 		nimiq nimiq_proof-of-stake nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, the staking contract accepts `UpdateValidator` transactions that set `new_votin… New CWE-347
 Improper Verification of Cryptographic Signature 		CVE-2026-34068 2026-04-25 02:10 2026-04-23 Show GitHub Exploit DB Packet Storm
203 9.0 CRITICAL
Network 		thymeleaf thymeleaf Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the expression execution mechanisms. A… Update CWE-917
CWE-1336
 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
 Improper Neutralization of Special Elements Used in a Template Engine 		CVE-2026-40477 2026-04-25 01:58 2026-04-18 Show GitHub Exploit DB Packet Storm
204 9.0 CRITICAL
Network 		thymeleaf thymeleaf Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain a security bypass vulnerability in the the expression execution mechanism… Update CWE-917
CWE-1336
 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
 Improper Neutralization of Special Elements Used in a Template Engine 		CVE-2026-40478 2026-04-25 01:58 2026-04-18 Show GitHub Exploit DB Packet Storm
205 7.5 HIGH
Network 		monetr monetr monetr is a budgeting application for recurring expenses. In versions 1.12.3 and below, the public Stripe webhook endpoint buffers the entire request body into memory before validating the Stripe sig… Update CWE-400
 Uncontrolled Resource Consumption 		CVE-2026-40481 2026-04-25 01:57 2026-04-18 Show GitHub Exploit DB Packet Storm
206 5.3 MEDIUM
Network 		fastapiexpert python-multipart Python-Multipart is a streaming multipart parser for Python. Versions prior to 0.0.26 have a denial of service vulnerability when parsing crafted `multipart/form-data` requests with large preamble or… Update CWE-400
CWE-834
 Uncontrolled Resource Consumption
 Excessive Iteration 		CVE-2026-40347 2026-04-25 01:51 2026-04-18 Show GitHub Exploit DB Packet Storm
207 7.5 HIGH
Network 		powerdns dnsdist A client can trigger excessive memory allocation by generating a lot of queries that are routed to an overloaded DoH backend, causing queries to accumulate into a buffer that will not be released unt… New CWE-770
 Allocation of Resources Without Limits or Throttling 		CVE-2026-33594 2026-04-25 01:48 2026-04-22 Show GitHub Exploit DB Packet Storm
208 8.8 HIGH
Local 		nsa emissary Emissary is a P2P based data-driven workflow engine. In versions 8.42.0 and below, Executrix.getCommand() is vulnerable to OS command injection because it interpolates temporary file paths into a /b… Update CWE-78
CWE-116
OS Command 
 Improper Encoding or Escaping of Output 		CVE-2026-35582 2026-04-25 01:48 2026-04-18 Show GitHub Exploit DB Packet Storm
209 8.3 HIGH
Network 		wwbn avideo WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/configurationUpdate.json.php` (also routed via `/updateConfig`) persists dozens of global site settings from `$_POST… New CWE-352
 Origin Validation Error 		CVE-2026-40925 2026-04-25 01:46 2026-04-22 Show GitHub Exploit DB Packet Storm
210 5.7 MEDIUM
Network 		oracle peoplesoft_enterprise_cs_student_records Vulnerability in the PeopleSoft Enterprise CS Student Records product of Oracle PeopleSoft (component: Research Tracking). The supported version that is affected is 9.2. Easily exploitable vulnerab… New CWE-284
Improper Access Control 		CVE-2026-35241 2026-04-25 01:44 2026-04-22 Show GitHub Exploit DB Packet Storm