Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
250121 4.3 警告 サイバートラスト株式会社
Mozilla Foundation
レッドハット
オラクル		 - Mozilla Thunderbird/SeaMonkey における任意のコードを実行される脆弱性 CWE-Other
その他 		CVE-2010-0163 2010-12-21 15:59 2010-03-16 Show GitHub Exploit DB Packet Storm
250122 9.3 危険 アップル
アドビシステムズ
レッドハット
オラクル		 - Adobe Flash に脆弱性 CWE-noinfo
情報不足 		CVE-2010-2884 2010-12-21 15:57 2010-09-15 Show GitHub Exploit DB Packet Storm
250123 6.9 警告 CVS
レッドハット		 - CVS の rcs.c 内にある apply_rcs_change 関数における権限昇格の脆弱性 CWE-119
バッファエラー 		CVE-2010-3846 2010-12-21 15:30 2010-11-5 Show GitHub Exploit DB Packet Storm
250124 10 危険 RealFlex Technologies - RealFlex RealWin HMI サービスにバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2010-4142 2010-12-21 15:25 2010-11-22 Show GitHub Exploit DB Packet Storm
250125 4.3 警告 Webmin Project
オラクル		 - Webmin および Usermin におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2009-4568 2010-12-21 15:14 2010-01-5 Show GitHub Exploit DB Packet Storm
250126 6.8 警告 富士通 - Interstage Application Server における許可されていない IP アドレスからのリクエストのアクセスを許可する脆弱性 CWE-noinfo
情報不足 		- 2010-12-21 14:14 2010-11-19 Show GitHub Exploit DB Packet Storm
250127 8.3 危険 日立 - 日立の Groupmax 関連製品におけるバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		- 2010-12-21 14:06 2010-11-17 Show GitHub Exploit DB Packet Storm
250128 4.3 警告 The PHP Group
アップル
サイバートラスト株式会社
レッドハット		 - PHP の var_export 関数における、重要な情報を取得される脆弱性 CWE-200
情報漏えい 		CVE-2010-2531 2010-12-20 16:08 2010-07-22 Show GitHub Exploit DB Packet Storm
250129 4.6 警告 サイバートラスト株式会社
Linux
レッドハット		 - Hypervisor の命令のエミュレーションにおけるサービス運用妨害 (DoS) の脆弱性 CWE-Other
その他 		CVE-2010-0435 2010-12-20 16:01 2010-08-19 Show GitHub Exploit DB Packet Storm
250130 5 警告 レッドハット
Pidgin
オラクル		 - Pidgin の MSN プロトコルプラグインの msn_emoticon_msg 関数におけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認 		CVE-2010-1624 2010-12-20 16:00 2010-05-12 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 25, 2026, 4:08 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
981 8.6 HIGH
Network 		- - Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where an HTTP redirect to unaut… New CWE-497
 Exposure of Sensitive System Information to an Unauthorized Control Sphere 		CVE-2026-34413 2026-04-23 06:18 2026-04-23 Show GitHub Exploit DB Packet Storm
982 7.1 HIGH
Network 		- - Xerte Online Toolkits versions 3.15 and earlier contain a relative path traversal vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where the name parameter in re… New CWE-22
Path Traversal 		CVE-2026-34414 2026-04-23 06:18 2026-04-23 Show GitHub Exploit DB Packet Storm
983 9.8 CRITICAL
Network 		- - Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint that fails to block PHP-executable extensions .php4 due to an i… New CWE-184
 Incomplete Blacklist 		CVE-2026-34415 2026-04-23 06:18 2026-04-23 Show GitHub Exploit DB Packet Storm
984 5.3 MEDIUM
Network 		- - Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthenticated attackers to retrieve the full server-side filesystem path of the applicati… New CWE-497
 Exposure of Sensitive System Information to an Unauthorized Control Sphere 		CVE-2026-41459 2026-04-23 06:18 2026-04-23 Show GitHub Exploit DB Packet Storm
985 8.7 HIGH
Adjacent 		- - Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection present in the same application, these p… New CWE-1104
 Use of Unmaintained Third Party Components 		CVE-2026-41468 2026-04-23 06:18 2026-04-23 Show GitHub Exploit DB Packet Storm
986 5.2 MEDIUM
Adjacent 		- - Beghelli Sicuro24 SicuroWeb does not enforce a Content Security Policy, allowing unrestricted loading of external JavaScript resources from attacker-controlled origins. When chained with the template… New CWE-693
 Protection Mechanism Failure 		CVE-2026-41469 2026-04-23 06:18 2026-04-23 Show GitHub Exploit DB Packet Storm
987 5.7 MEDIUM
Network 		- - Twenty is an open source CRM. Prior to 1.20.6, a Stored Cross-Site Scripting (XSS) vulnerability exists in the BlockNote editor component. Due to a lack of protocol validation in the FileBlock compon… New CWE-79
Cross-site Scripting 		CVE-2026-35451 2026-04-23 06:17 2026-04-22 Show GitHub Exploit DB Packet Storm
988 9.4 CRITICAL
Network 		- - excel-mcp-server is a Model Context Protocol server for Excel file manipulation. A path traversal vulnerability exists in excel-mcp-server versions up to and including 0.1.7. When running in SSE or S… New CWE-22
Path Traversal 		CVE-2026-40576 2026-04-23 06:17 2026-04-22 Show GitHub Exploit DB Packet Storm
989 8.8 HIGH
Network 		- - Let's Encrypt client and ACME library written in Go (Lego). Prior to 4.34.0, the webroot HTTP-01 challenge provider in lego is vulnerable to arbitrary file write and deletion via path traversal. A ma… New CWE-22
Path Traversal 		CVE-2026-40611 2026-04-23 06:17 2026-04-22 Show GitHub Exploit DB Packet Storm
990 5.3 MEDIUM
Local 		- - A stack-use-after-return issue exists in the Arduino_Core_STM32 library prior to version 1.7.0. The pwm_start() function allocates a TIM_HandleTypeDef structure on the stack and passes its address to… Update CWE-562
CVE-2026-26399 2026-04-23 06:16 2026-04-21 Show GitHub Exploit DB Packet Storm