Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
251861	9.3	危険	マイクロソフト	-	複数の Microsoft 製品のテキストコンバーターにおける整数オーバーフローの脆弱性	CWE-94 コード・インジェクション	CVE-2009-2506	2010-01-22 10:27	2009-12-8	Show	GitHub Exploit DB Packet Storm

251862	9	危険	マイクロソフト	-	Microsoft Windows の Active Directory フェデレーションサービスにおける任意のコードを実行される脆弱性	CWE-20 不適切な入力確認	CVE-2009-2509	2010-01-22 10:27	2009-12-8	Show	GitHub Exploit DB Packet Storm

251863	6.9	警告	マイクロソフト	-	Microsoft Windows の Active Directory フェデレーションサービスのシングルサインオン実装における認証情報を取得される脆弱性	CWE-255 証明書・パスワード管理	CVE-2009-2508	2010-01-22 10:27	2009-12-8	Show	GitHub Exploit DB Packet Storm

251864	6.8	警告	マイクロソフト	-	Microsoft Windows の LSASS におけるサービス運用妨害 (DoS) の脆弱性	CWE-399 リソース管理の問題	CVE-2009-3675	2010-01-22 10:27	2009-12-8	Show	GitHub Exploit DB Packet Storm

251865	9.3	危険	マイクロソフト	-	Microsoft Project における任意のコードを実行される脆弱性	CWE-399 リソース管理の問題	CVE-2009-0102	2010-01-22 10:26	2009-12-8	Show	GitHub Exploit DB Packet Storm

251866	9.3	危険	マイクロソフト	-	Microsoft Internet Explorer におけるメモリ破損の脆弱性	CWE-94 コード・インジェクション	CVE-2009-3673	2010-01-22 10:26	2009-12-8	Show	GitHub Exploit DB Packet Storm

251867	9.3	危険	マイクロソフト	-	Microsoft Internet Explorer におけるメモリ破損の脆弱性	CWE-399 リソース管理の問題	CVE-2009-3671	2010-01-22 10:26	2009-12-8	Show	GitHub Exploit DB Packet Storm

251868	10	危険	マイクロソフト	-	Microsoft Windows のインターネット認証サービスにおけるネットワークリソースにアクセスされる脆弱性	CWE-255 CWE-94	CVE-2009-3677	2010-01-22 10:24	2009-12-8	Show	GitHub Exploit DB Packet Storm

251869	10	危険	マイクロソフト	-	Microsoft Windows のインターネット認証サービスにおける任意のコードを実行される脆弱性	CWE-287 不適切な認証	CVE-2009-2505	2010-01-22 10:24	2009-12-8	Show	GitHub Exploit DB Packet Storm

251870	6.9	警告	acpid	-	acpid の umask におけるサービス運用妨害 (DoS) の脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2009-4235	2010-01-21 11:44	2009-12-7	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:April 17, 2026, 4:13 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
181	3.3	LOW Local	-	-	MuPDF mutool does not sanitize PDF metadata fields before writing them to terminal output, allowing attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata. Attackers can emb… New	CWE-150 Improper Neutralization of Escape, Meta, or Control Sequences	CVE-2026-40505	2026-04-16 11:16	2026-04-16	Show	GitHub Exploit DB Packet Storm

182	9.8	CRITICAL Network	-	-	Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity_vm_exec function that allows attackers to write out-of-bounds memory by crafting scripts with many string li… New	CWE-122 Heap-based Buffer Overflow	CVE-2026-40504	2026-04-16 11:16	2026-04-16	Show	GitHub Exploit DB Packet Storm

183	6.4	MEDIUM Network	-	-	The WP YouTube Lyte plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lyte' shortcode in all versions up to, and including, 1.7.29 due to insufficient input sanitiza… New	CWE-79 Cross-site Scripting	CVE-2026-3299	2026-04-16 11:16	2026-04-16	Show	GitHub Exploit DB Packet Storm

184	8.1	HIGH Local	-	-	Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trusted_mods or secure.http_mods, then a crafted mod can intercept the re… New	CWE-670 Always-Incorrect Control Flow Implementation	CVE-2026-40960	2026-04-16 10:16	2026-04-16	Show	GitHub Exploit DB Packet Storm

185	9.3	CRITICAL Local	-	-	Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod. New	CWE-829 Inclusion of Functionality from Untrusted Control Sphere	CVE-2026-40959	2026-04-16 10:16	2026-04-16	Show	GitHub Exploit DB Packet Storm

186	6.5	MEDIUM Network	-	-	OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat access to read arbitrary files by supplying path traversal sequences to the /mem… New	CWE-22 Path Traversal	CVE-2026-40503	2026-04-16 10:16	2026-04-16	Show	GitHub Exploit DB Packet Storm

187	8.8	HIGH Network	-	-	OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive administrative commands by exploiting insufficient… New	CWE-862 Missing Authorization	CVE-2026-40502	2026-04-16 10:16	2026-04-16	Show	GitHub Exploit DB Packet Storm

188	-		-	-	radare2 prior to version 6.1.4 contains a command injection vulnerability in the PDB parser's print_gvars() function that allows attackers to execute arbitrary commands by embedding a newline byte in… New	CWE-78 OS Command	CVE-2026-40499	2026-04-16 10:16	2026-04-15	Show	GitHub Exploit DB Packet Storm

189	6.3	MEDIUM Network	geosolutionsgroup	geonode	GeoNode versions 4.4.5 and 5.0.2 (and prior within their respective releases) contain a server-side request forgery vulnerability in the service registration endpoint that allows authenticated attack… New	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-39922	2026-04-16 10:16	2026-04-11	Show	GitHub Exploit DB Packet Storm

190	6.3	MEDIUM Network	geosolutionsgroup	geonode	GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side request forgery vulnerability that allows authenticated users with document upload permissions to trigger arbitrary outbou… New	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-39921	2026-04-16 10:16	2026-04-11	Show	GitHub Exploit DB Packet Storm