Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 13, 2026, 2:01 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
247291 9.3 危険 Mozilla Foundation - 複数の Mozilla 製品の cairo-dwrite 実装におけるサービス運用妨害 (メモリ破損) の脆弱性 CWE-119
バッファエラー 		CVE-2012-0472 2012-04-26 15:51 2012-04-24 Show GitHub Exploit DB Packet Storm
247292 4.3 警告 OSQA - OSQA におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2012-1245 2012-04-26 12:03 2012-04-26 Show GitHub Exploit DB Packet Storm
247293 4 警告 株式会社NTTドコモ - spモードメールアプリにおける SSL サーバ証明書の検証不備の脆弱性 CWE-Other
その他 		CVE-2012-1244 2012-04-26 12:02 2012-04-26 Show GitHub Exploit DB Packet Storm
247294 10 危険 Bharat Mediratta - Gallery における暗号化の処理に関する脆弱性 CWE-310
暗号の問題 		CVE-2012-2405 2012-04-24 16:30 2012-04-3 Show GitHub Exploit DB Packet Storm
247295 4.3 警告 Cumin - Cumin におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2012-1575 2012-04-24 16:27 2012-04-22 Show GitHub Exploit DB Packet Storm
247296 4.6 警告 NVIDIA - NVIDIA UNIX ドライバにおける任意のメモリ領域にアクセスされる脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2012-0946 2012-04-24 16:23 2012-04-4 Show GitHub Exploit DB Packet Storm
247297 5 警告 IBM - IBM Tivoli Directory Server におけるサービス運用妨害 (デーモンクラッシュ) の脆弱性 CWE-399
リソース管理の問題 		CVE-2012-0743 2012-04-24 16:20 2012-04-16 Show GitHub Exploit DB Packet Storm
247298 4.3 警告 IBM - IBM Tivoli Directory Server の Web Admin Tool におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2012-0740 2012-04-24 16:18 2012-04-22 Show GitHub Exploit DB Packet Storm
247299 6.4 警告 IBM - IBM Tivoli Directory Server の TLS のデフォルト設定における非暗号化通信を誘発される脆弱性 CWE-310
暗号の問題 		CVE-2012-0726 2012-04-24 16:15 2012-04-16 Show GitHub Exploit DB Packet Storm
247300 9.3 危険 IBM - IBM Rational ClearQuest の Ole API におけるヒープベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2012-0708 2012-04-24 16:12 2012-04-22 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 13, 2026, 5:05 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
471 8.2 HIGH
Network 		- - Open-WebSearch is a multi-engine MCP server, CLI, and local daemon for agent web search and content retrieval. Prior to 2.1.7, isPublicHttpUrl / assertPublicHttpUrl in src/utils/urlSafety.ts do not r… New CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-42260 2026-05-13 00:16 2026-05-13 Show GitHub Exploit DB Packet Storm
472 7.3 HIGH
Network 		- - D-Link DCS-932L v2.18.01 is vulnerable to Command Injection in the function sub_42EF14 of the file /bin/alphapd. The manipulation of the argument LightSensorControl leads to command injection. New CWE-77
Command Injection 		CVE-2026-36983 2026-05-13 00:16 2026-05-12 Show GitHub Exploit DB Packet Storm
473 - - - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in elixir-ecto postgrex ('Elixir.Postgrex.Notifications' module) allows SQL Injection. The channel … New CWE-89
SQL Injection 		CVE-2026-32687 2026-05-13 00:16 2026-05-13 Show GitHub Exploit DB Packet Storm
474 6.8 MEDIUM
Network 		- - Wireshark MCP is an MCP Server that turns tshark into a structured analysis interface, then layers in optional Wireshark suite utilities. In 1.1.5 and earlier, wireshark-mcp exposes a wireshark_expor… New CWE-22
Path Traversal 		CVE-2026-43901 2026-05-13 00:15 2026-05-12 Show GitHub Exploit DB Packet Storm
475 4.3 MEDIUM
Network 		- - Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/filesystem/pathexists endpoint uses String.startsWith() to validate that a resolved file path is within a … New CWE-22
Path Traversal 		CVE-2026-42885 2026-05-13 00:13 2026-05-12 Show GitHub Exploit DB Packet Storm
476 - - - Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the podcast creation endpoint at server/controllers/PodcastController.js accepts a user-controlled file path without suf… New CWE-22
Path Traversal 		CVE-2026-42888 2026-05-13 00:13 2026-05-12 Show GitHub Exploit DB Packet Storm
477 6.4 MEDIUM
Network 		- - WWBN AVideo is an open source video platform. In versions up to and including 29.0, objects/notifySubscribers.json.php takes the raw message POST parameter and passes it into sendSiteEmail(), which s… New CWE-79
Cross-site Scripting 		CVE-2026-43876 2026-05-13 00:13 2026-05-12 Show GitHub Exploit DB Packet Storm
478 5.4 MEDIUM
Network 		- - WWBN AVideo is an open source video platform. In versions up to and including 29.0, an authenticated user can configure their own donation-notification webhook URL to point at internal/loopback/metad… New CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-43879 2026-05-13 00:13 2026-05-12 Show GitHub Exploit DB Packet Storm
479 4.3 MEDIUM
Network 		- - WWBN AVideo is an open source video platform. In versions up to and including 29.0, the unauthenticated plugin/Scheduler/downloadICS.php endpoint passes attacker-controlled title, description, and jo… New CWE-93
CRLF Injection 		CVE-2026-43882 2026-05-13 00:13 2026-05-12 Show GitHub Exploit DB Packet Storm
480 - - - WWBN AVideo is an open source video platform. In versions up to and including 29.0, an unauthenticated user can read APISecret from objects/plugins.json.php and use it to call protected API endpoints… New CWE-200
CWE-862
Information Exposure
 Missing Authorization 		CVE-2026-43885 2026-05-13 00:13 2026-05-12 Show GitHub Exploit DB Packet Storm