Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
249251	9.3	危険	マイクロソフト	-	複数の Microsoft 製品におけるバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2011-0105	2011-05-2 14:19	2011-04-12	Show	GitHub Exploit DB Packet Storm

249252	9.3	危険	マイクロソフト	-	複数の Microsoft Office 製品における任意のコードを実行される脆弱性	CWE-20 不適切な入力確認	CVE-2011-0979	2011-05-2 14:17	2011-02-10	Show	GitHub Exploit DB Packet Storm

249253	9.3	危険	マイクロソフト	-	複数の Microsoft Office 製品におけるスタックベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2011-0978	2011-05-2 14:16	2011-02-10	Show	GitHub Exploit DB Packet Storm

249254	9.3	危険	マイクロソフト	-	複数の Microsoft Office 製品における整数アンダーフローの脆弱性	CWE-189 数値処理の問題	CVE-2011-0097	2011-05-2 14:14	2011-04-12	Show	GitHub Exploit DB Packet Storm

249255	9.3	危険	マイクロソフト	-	Microsoft Windows の OpenType Compact Font Format ドライバにおけるスタックベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2011-0034	2011-05-2 14:14	2011-04-12	Show	GitHub Exploit DB Packet Storm

249256	9.3	危険	マイクロソフト	-	Microsoft の JScript および VBScript スクリプトエンジンにおける整数オーバーフローの脆弱性	CWE-189 数値処理の問題	CVE-2011-0663	2011-05-2 14:13	2011-04-12	Show	GitHub Exploit DB Packet Storm

249257	7.5	危険	マイクロソフト	-	Microsoft Windows の DNS クライアント内にある DNSAPI.dll における任意のコードを実行される脆弱性	CWE-20 不適切な入力確認	CVE-2011-0657	2011-05-2 14:12	2011-04-12	Show	GitHub Exploit DB Packet Storm

249258	9.3	危険	マイクロソフト	-	Microsoft Windows および Office XP の GDI+ 内にある gdiplus.dll における整数オーバーフローの脆弱性	CWE-189 数値処理の問題	CVE-2011-0041	2011-05-2 14:11	2011-04-12	Show	GitHub Exploit DB Packet Storm

249259	9.3	危険	マイクロソフト	-	Microsoft .NET Framework の x86 JIT コンパイラにおける任意のコードを実行される脆弱性	CWE-20 不適切な入力確認	CVE-2010-3958	2011-05-2 14:09	2011-04-12	Show	GitHub Exploit DB Packet Storm

249260	9.3	危険	マイクロソフト	-	Microsoft Windows XP の Windows Messenger ActiveX コントロールにおける任意のコードを実行される脆弱性	CWE-119 バッファエラー	CVE-2011-1243	2011-05-2 14:08	2011-04-12	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:April 25, 2026, 4:08 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
401	5.3	MEDIUM Local	-	-	OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GIT_TEMPLATE_DIR and AWS_CONFIG_FILE are not blocked in the host-env blocklist. Attackers can exploit appro… New	CWE-184 Incomplete Blacklist	CVE-2026-41332	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

402	3.7	LOW Network	-	-	OpenClaw before 2026.3.31 contains an authentication rate limiting bypass vulnerability that allows attackers to circumvent shared authentication protections using fake device tokens. Attackers can e… New	CWE-799 Improper Control of Interaction Frequency	CVE-2026-41333	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

403	6.5	MEDIUM Network	-	-	OpenClaw before 2026.3.31 contains a decompression bomb vulnerability in image processing that fails to properly enforce pixel-limit guards on sips. Attackers can exploit this by uploading oversized … New	CWE-636 Not Failing Securely ('Failing Open')	CVE-2026-41334	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

404	5.3	MEDIUM Network	-	-	OpenClaw before 2026.3.31 contains an information disclosure vulnerability in the Control Interface bootstrap JSON that exposes version and assistant agent identifiers. Attackers can extract sensitiv… New	CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere	CVE-2026-41335	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

405	7.8	HIGH Local	-	-	OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_HOOKS_DIR environment variable, enabling loading of attacker-controlled hook code. Attackers can replace trusted… New	CWE-829 Inclusion of Functionality from Untrusted Control Sphere	CVE-2026-41336	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

406	5.3	MEDIUM Network	-	-	OpenClaw before 2026.3.31 contains a callback origin mutation vulnerability in Plivo voice-call replay that allows attackers to mutate in-process callback origin before replay rejection. Attackers wi… New	CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition	CVE-2026-41337	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

407	5.0	MEDIUM Local	-	-	OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file operations that allows attackers to bypass fd-based defenses. Attackers can exploit check-then-act pattern… New	CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition	CVE-2026-41338	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

408	4.3	MEDIUM Network	-	-	OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapshots to non-admin authenticated clients. Non-admin clients can recover host-specific filesystem paths… New	CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere	CVE-2026-41339	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

409	6.5	MEDIUM Network	-	-	OpenClaw before 2026.3.31 contains an authentication boundary vulnerability where Telegram legacy allowFrom migration incorrectly fans default-account trust into all named accounts. Attackers can exp… New	CWE-372 Incomplete Internal State Distinction	CVE-2026-41340	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

410	5.4	MEDIUM Network	-	-	OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-component… New	CWE-351 Insufficient Type Distinction	CVE-2026-41341	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm