Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
249281	9.3	危険	マイクロソフト	-	Microsoft WMI Administrative Tools の WBEMSingleView.ocx ActiveX コントロールにおける任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2010-3973	2011-04-28 14:29	2010-12-23	Show	GitHub Exploit DB Packet Storm

249282	9.3	危険	マイクロソフト	-	Microsoft Internet Explorer における任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2010-0811	2011-04-28 14:25	2010-06-8	Show	GitHub Exploit DB Packet Storm

249283	5	警告	ProFTPD Project	-	ProFTPD の mod_sftp モジュールにおける整数オーバーフローの脆弱性	CWE-189 数値処理の問題	CVE-2011-1137	2011-04-27 11:59	2011-01-24	Show	GitHub Exploit DB Packet Storm

249284	6.8	警告	IBM	-	IBM AIX の LDAP ログイン機能における認証を回避される脆弱性	CWE-287 不適切な認証	CVE-2011-1561	2011-04-27 11:57	2011-03-31	Show	GitHub Exploit DB Packet Storm

249285	4.4	警告	ヒューレット・パッカード	-	HP HP-UX の OS-Core.CORE2-KRN ファイルセットにおけるサービス運用妨害 (DoS) の脆弱性	CWE-noinfo 情報不足	CVE-2011-0891	2011-04-27 11:56	2011-03-23	Show	GitHub Exploit DB Packet Storm

249286	1.9	注意	Gentoo Linux レッドハット	-	logrotate の logrotate.c 内にある writeState 関数におけるサービス運用妨害 (ローテーションの停止) の脆弱性	CWE-399 リソース管理の問題	CVE-2011-1155	2011-04-27 11:41	2011-03-30	Show	GitHub Exploit DB Packet Storm

249287	6.9	警告	Gentoo Linux レッドハット	-	logrotate の shred_file 関数における任意のコードを実行される脆弱性	CWE-20 不適切な入力確認	CVE-2011-1154	2011-04-27 11:40	2011-03-30	Show	GitHub Exploit DB Packet Storm

249288	1.9	注意	Gentoo Linux レッドハット	-	logrotate の createOutputFile 関数におけるログデータを閲覧される脆弱性	CWE-362 競合状態	CVE-2011-1098	2011-04-27 11:39	2011-03-30	Show	GitHub Exploit DB Packet Storm

249289	6.9	警告	サイバートラスト株式会社 libvirt.org レッドハット	-	複数のレッドハット製品などで利用される libvirt の libvirt.c における任意のコードを実行される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2011-1146	2011-04-27 11:34	2011-02-17	Show	GitHub Exploit DB Packet Storm

249290	5.1	警告	rsync.samba.org レッドハット	-	rsync における任意のコードを実行される脆弱性	CWE-119 バッファエラー	CVE-2011-1097	2011-04-27 11:32	2011-03-26	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:April 25, 2026, 4:08 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
401	5.3	MEDIUM Local	-	-	OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GIT_TEMPLATE_DIR and AWS_CONFIG_FILE are not blocked in the host-env blocklist. Attackers can exploit appro… New	CWE-184 Incomplete Blacklist	CVE-2026-41332	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

402	3.7	LOW Network	-	-	OpenClaw before 2026.3.31 contains an authentication rate limiting bypass vulnerability that allows attackers to circumvent shared authentication protections using fake device tokens. Attackers can e… New	CWE-799 Improper Control of Interaction Frequency	CVE-2026-41333	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

403	6.5	MEDIUM Network	-	-	OpenClaw before 2026.3.31 contains a decompression bomb vulnerability in image processing that fails to properly enforce pixel-limit guards on sips. Attackers can exploit this by uploading oversized … New	CWE-636 Not Failing Securely ('Failing Open')	CVE-2026-41334	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

404	5.3	MEDIUM Network	-	-	OpenClaw before 2026.3.31 contains an information disclosure vulnerability in the Control Interface bootstrap JSON that exposes version and assistant agent identifiers. Attackers can extract sensitiv… New	CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere	CVE-2026-41335	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

405	7.8	HIGH Local	-	-	OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_HOOKS_DIR environment variable, enabling loading of attacker-controlled hook code. Attackers can replace trusted… New	CWE-829 Inclusion of Functionality from Untrusted Control Sphere	CVE-2026-41336	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

406	5.3	MEDIUM Network	-	-	OpenClaw before 2026.3.31 contains a callback origin mutation vulnerability in Plivo voice-call replay that allows attackers to mutate in-process callback origin before replay rejection. Attackers wi… New	CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition	CVE-2026-41337	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

407	5.0	MEDIUM Local	-	-	OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file operations that allows attackers to bypass fd-based defenses. Attackers can exploit check-then-act pattern… New	CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition	CVE-2026-41338	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

408	4.3	MEDIUM Network	-	-	OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapshots to non-admin authenticated clients. Non-admin clients can recover host-specific filesystem paths… New	CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere	CVE-2026-41339	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

409	6.5	MEDIUM Network	-	-	OpenClaw before 2026.3.31 contains an authentication boundary vulnerability where Telegram legacy allowFrom migration incorrectly fans default-account trust into all named accounts. Attackers can exp… New	CWE-372 Incomplete Internal State Distinction	CVE-2026-41340	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

410	5.4	MEDIUM Network	-	-	OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-component… New	CWE-351 Insufficient Type Distinction	CVE-2026-41341	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm