Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 22, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
244671	9.3	危険	eyeball networks	-	Eyeball MessengerSDK の CoVideoWindow.ocx ActiveX コントロールにおけるバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2008-3430	2012-06-26 16:02	2008-07-31	Show	GitHub Exploit DB Packet Storm

244672	7.5	危険	Condor Project	-	Condor におけるアクセス制限を回避される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2008-3424	2012-06-26 16:02	2008-07-31	Show	GitHub Exploit DB Packet Storm

244673	4.3	警告	Blackboard, Inc.	-	Blackboard Academic Suite におけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2008-3421	2012-06-26 16:02	2008-07-31	Show	GitHub Exploit DB Packet Storm

244674	7.5	危険	greatclone	-	Youtuber Clone の ugroups.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-3419	2012-06-26 16:02	2008-07-31	Show	GitHub Exploit DB Packet Storm

244675	7.5	危険	fipsasp	-	fipsCMS light の home/index.asp における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-3417	2012-06-26 16:02	2008-07-31	Show	GitHub Exploit DB Packet Storm

244676	7.5	危険	CMScout	-	CMScout の common.php におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2008-3415	2012-06-26 16:02	2008-07-31	Show	GitHub Exploit DB Packet Storm

244677	7.5	危険	greatclone	-	Greatclone GC Auction Platinum の category.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-3413	2012-06-26 16:02	2008-07-31	Show	GitHub Exploit DB Packet Storm

244678	7.5	危険	ecshop	-	Comsenz EPShop における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-3412	2012-06-26 16:02	2008-07-31	Show	GitHub Exploit DB Packet Storm

244679	10	危険	Axesstel	-	Axesstel AXW-D800 モデムにおける設定を変更される脆弱性	CWE-287 不適切な認証	CVE-2008-3411	2012-06-26 16:02	2008-07-31	Show	GitHub Exploit DB Packet Storm

244680	5	警告	epic games	-	Unreal Tournament 3 におけるサービス運用妨害 (DoS) の脆弱性	CWE-20 CWE-399	CVE-2008-3410	2012-06-26 16:02	2008-07-31	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 22, 2026, 4:08 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1271	7.5	HIGH Network	microsoft	windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2025	Null pointer dereference in Windows TCP/IP allows an unauthorized attacker to deny service over a network.	CWE-476 NULL Pointer Dereference	CVE-2026-40405	2026-05-16 00:20	2026-05-13	Show	GitHub Exploit DB Packet Storm

1272	7.5	HIGH Network	microsoft	windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2012 windows_server_2016 w…	Use after free in Windows TCP/IP allows an unauthorized attacker to disclose information over a network.	CWE-416 Use After Free	CVE-2026-40406	2026-05-16 00:20	2026-05-13	Show	GitHub Exploit DB Packet Storm

1273	7.8	HIGH Local	microsoft	windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2012 windows_server_2016 w…	Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally.	CWE-122 Heap-based Buffer Overflow	CVE-2026-40407	2026-05-16 00:19	2026-05-13	Show	GitHub Exploit DB Packet Storm

1274	9.1	CRITICAL Network	-	-	Crabbox prior to v0.12.0 contains an environment variable exposure vulnerability that allows attackers with access to a malicious or compromised repository to forward local secrets such as API tokens…	CWE-94 Code Injection	CVE-2026-8634	2026-05-16 00:16	2026-05-15	Show	GitHub Exploit DB Packet Storm

1275	4.3	MEDIUM Network	-	-	SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, broken access control in the searchAsset, searchTag, searchWidget, and searchTemplate publish-mode Readers can enumerate…	CWE-863 Incorrect Authorization	CVE-2026-45148	2026-05-16 00:16	2026-05-15	Show	GitHub Exploit DB Packet Storm

1276	7.5	HIGH Network	-	-	libyang is a YANG data modeling language library. Prior to SO 5.2.15, lyb_read_string() in src/parser_lyb.c contains an integer overflow that results in a heap buffer overflow when parsing a maliciou…	CWE-190 Integer Overflow or Wraparound	CVE-2026-44673	2026-05-16 00:16	2026-05-15	Show	GitHub Exploit DB Packet Storm

1277	-		-	-	SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the kernel stores Attribute View (AV / database) names without any HTML escape, then a render template uses raw strings.…	CWE-79 CWE-94 CWE-1188 Cross-site Scripting Code Injection Insecure Default Initialization of Resource	CVE-2026-44670	2026-05-16 00:16	2026-05-15	Show	GitHub Exploit DB Packet Storm

1278	-		-	-	HRConvert2 is a self-hosted, drag-and-drop & nosql file conversion server & share tool. Prior to 3.3.8, the sanitizeString() function in convertCore.php is missing backtick (`) and tab (\t) from its …	CWE-78 OS Command	CVE-2026-44666	2026-05-16 00:16	2026-05-15	Show	GitHub Exploit DB Packet Storm

1279	-		-	-	SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, he tooltip mouseover handler in app/src/block/popover.ts reads aria-label via getAttribute and passes it through decode…	CWE-79 CWE-116 CWE-1188 Cross-site Scripting Improper Encoding or Escaping of Output Insecure Default Initialization of Resource	CVE-2026-44588	2026-05-16 00:16	2026-05-15	Show	GitHub Exploit DB Packet Storm

1280	10.0	CRITICAL Network	-	-	Note Mark is an open-source note-taking application. Prior to 0.19.4, no minimum length or entropy is enforced on the JWT_SECRET configuration value. The application accepts any base64-decodable secr…	CWE-326 CWE-345 Inadequate Encryption Strength Insufficient Verification of Data Authenticity	CVE-2026-44523	2026-05-16 00:16	2026-05-15	Show	GitHub Exploit DB Packet Storm