Vulnerability Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 16, 2026, 2 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
241911	7.2	危険	AVAST Software s.r.o.	-	avast! Home and Professional の aswRdr.sys におけるヒープベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2009-4049	2012-06-26 16:18	2009-11-23	Show	GitHub Exploit DB Packet Storm

241912	4	警告	dxmsoft	-	Dxmsoft XM Easy Personal FTP Server におけるサービス運用妨害 (DoS) の脆弱性	CWE-Other その他	CVE-2009-4048	2012-06-26 16:18	2009-11-23	Show	GitHub Exploit DB Packet Storm

241913	7.5	危険	FrontAccounting	-	FA における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-4046	2012-06-26 16:18	2009-10-24	Show	GitHub Exploit DB Packet Storm

241914	7.5	危険	FrontAccounting	-	FA における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-4045	2012-06-26 16:18	2009-10-24	Show	GitHub Exploit DB Packet Storm

241915	7.5	危険	Drupal bruno massa	-	Drupal の Web Services モジュールにおける API を使用をされる脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2009-4044	2012-06-26 16:18	2009-11-20	Show	GitHub Exploit DB Packet Storm

241916	7.5	危険	FrontAccounting	-	FA における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-4037	2012-06-26 16:18	2009-11-20	Show	GitHub Exploit DB Packet Storm

241917	7.5	危険	Debian	-	Lintian におけるフォーマットストリングの脆弱性	CWE-134 書式文字列の問題	CVE-2009-4014	2012-06-26 16:18	2010-01-27	Show	GitHub Exploit DB Packet Storm

241918	7.5	危険	Debian	-	Lintian におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2009-4013	2012-06-26 16:18	2010-01-27	Show	GitHub Exploit DB Packet Storm

241919	9.3	危険	denton woods	-	DevIL の GetUID 関数におけるスタックベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2009-3994	2012-06-26 16:18	2009-12-8	Show	GitHub Exploit DB Packet Storm

241920	9.3	危険	faslo	-	Faslo Player におけるスタックベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2009-3969	2012-06-26 16:18	2009-11-18	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 16, 2026, 4 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
266821	6.1	MEDIUM Network	sophos	unified_threat_management_software	Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter.	CWE-79 Cross-site Scripting	CVE-2016-2046	2024-11-21 11:47	2016-02-18	Show	GitHub Exploit DB Packet Storm

266822	8.8	HIGH Network	mozilla	firefox	Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site tha…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2016-1949	2024-11-21 11:47	2016-02-13	Show	GitHub Exploit DB Packet Storm

266823	6.5	MEDIUM Network	xmlsoft debian canonical	libxml2 debian_linux ubuntu_linux	The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document.	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2016-2073	2024-11-21 11:47	2016-02-13	Show	GitHub Exploit DB Packet Storm

266824	9.8	CRITICAL Network	hp	continuous_delivery_automation	HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library.	CWE-94 Code Injection	CVE-2016-1986	2024-11-21 11:47	2016-02-12	Show	GitHub Exploit DB Packet Storm

266825	3.3	LOW Local	libdwarf_project	libdwarf	The dwarf_read_cie_fde_prefix function in dwarf_frame2.c in libdwarf 20151114 allows attackers to cause a denial of service (out-of-bounds read) via a crafted ELF object file.	CWE-125 Out-of-bounds Read	CVE-2016-2091	2024-11-21 11:47	2016-02-9	Show	GitHub Exploit DB Packet Storm

266826	6.5	MEDIUM Network	jasper_project	jasper	The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image.	CWE-20 Improper Input Validation	CVE-2016-2089	2024-11-21 11:47	2016-02-9	Show	GitHub Exploit DB Packet Storm

266827	5.5	MEDIUM Network	djangoproject	django	Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option …	CWE-284 Improper Access Control	CVE-2016-2048	2024-11-21 11:47	2016-02-9	Show	GitHub Exploit DB Packet Storm

266828	9.8	CRITICAL Network	kubernetes	kubernetes	Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed.	CWE-264 Permissions, Privileges, and Access Controls	CVE-2016-1906	2024-11-21 11:47	2016-02-4	Show	GitHub Exploit DB Packet Storm

266829	7.7	HIGH Network	kubernetes	kubernetes	The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object.	CWE-284 Improper Access Control	CVE-2016-1905	2024-11-21 11:47	2016-02-4	Show	GitHub Exploit DB Packet Storm

266830	8.8	HIGH Network	janrain	php-openid	examples/consumer/common.php in JanRain PHP OpenID library (aka php-openid) improperly checks the openid.realm parameter against the SERVER_NAME element in the SERVER superglobal array, which might a…	CWE-284 Improper Access Control	CVE-2016-2049	2024-11-21 11:47	2016-02-2	Show	GitHub Exploit DB Packet Storm

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed