Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
251911	9.3	危険	マイクロソフト	-	Microsoft Windows の kernel における任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2009-2514	2010-01-4 15:24	2009-11-10	Show	GitHub Exploit DB Packet Storm

251912	6.8	警告	マイクロソフト	-	Microsoft Windows の kernel の Graphics Device Interface (GDI) における権限を取得される脆弱性	CWE-20 不適切な入力確認	CVE-2009-2513	2010-01-4 15:24	2009-11-10	Show	GitHub Exploit DB Packet Storm

251913	6.8	警告	マイクロソフト	-	Microsoft Windows の kernel における権限を取得される脆弱性	CWE-20 不適切な入力確認	CVE-2009-1127	2010-01-4 15:24	2009-11-10	Show	GitHub Exploit DB Packet Storm

251914	10	危険	マイクロソフト	-	Microsoft Windows の License Logging Server (llssrv.exe) における任意のコードを実行される脆弱性	CWE-119 バッファエラー	CVE-2009-2523	2010-01-4 15:24	2009-11-10	Show	GitHub Exploit DB Packet Storm

251915	9.3	危険	マイクロソフト	-	Microsoft Windows の Web Services on Devices API (WSDAPI) における任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2009-2512	2010-01-4 15:23	2009-11-10	Show	GitHub Exploit DB Packet Storm

251916	10	危険	アップル VMware サン・マイクロシステムズ	-	Sun Java SE の Provider クラスにおける詳細不明な脆弱性	CWE-noinfo 情報不足	CVE-2009-2722	2010-01-4 14:56	2009-08-10	Show	GitHub Exploit DB Packet Storm

251917	10	危険	アップル VMware サン・マイクロシステムズ	-	Sun Java SE の Provider クラスにおける詳細不明な脆弱性	CWE-noinfo 情報不足	CVE-2009-2723	2010-01-4 14:55	2009-08-10	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:April 16, 2026, 4 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
111	7.8	HIGH Local	-	-	Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of… New	CWE-122 Heap-based Buffer Overflow	CVE-2026-27310	2026-04-15 05:16	2026-04-15	Show	GitHub Exploit DB Packet Storm

112	7.8	HIGH Local	-	-	Photoshop Desktop versions 27.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure… New	CWE-125 Out-of-bounds Read	CVE-2026-27289	2026-04-15 05:16	2026-04-15	Show	GitHub Exploit DB Packet Storm

113	5.5	MEDIUM Local	-	-	Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Divide By Zero vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the a… New	CWE-369 Divide By Zero	CVE-2026-27222	2026-04-15 05:16	2026-04-15	Show	GitHub Exploit DB Packet Storm

114	7.1	HIGH Local	libexif_project	libexif	In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems. New	CWE-190 Integer Overflow or Wraparound	CVE-2026-40385	2026-04-15 05:15	2026-04-13	Show	GitHub Exploit DB Packet Storm

115	7.7	HIGH Network	goshs	goshs	goshs is a SimpleHTTPServer written in Go. From 1.0.7 to before 2.0.0-beta.4, the SFTP command rename sanitizes only the source path and not the destination, so it is possible to write outside of the… New	CWE-1314	CVE-2026-40188	2026-04-15 05:15	2026-04-11	Show	GitHub Exploit DB Packet Storm

116	6.5	MEDIUM Network	nearform	fast-jwt	fast-jwt provides fast JSON Web Token (JWT) implementation. From 5.0.0 to 6.2.0, a denial-of-service condition exists in fast-jwt when the allowedAud verification option is configured using a regular… New	CWE-1333 Inefficient Regular Expression Complexity	CVE-2026-35041	2026-04-15 05:15	2026-04-10	Show	GitHub Exploit DB Packet Storm

117	8.2	HIGH Network	opnsense	opnsense	OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.6, OPNsense's LDAP authentication connector passes the login username directly into an LDAP search filter without calling ldap… New	CWE-90 LDAP Injection	CVE-2026-34578	2026-04-15 05:14	2026-04-10	Show	GitHub Exploit DB Packet Storm

118	9.9	CRITICAL Network	axios	axios	Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NO_PROXY rules. Requests to loopback… New	CWE-441 CWE-918 Confused Deputy Server-Side Request Forgery (SSRF)	CVE-2025-62718	2026-04-15 05:14	2026-04-10	Show	GitHub Exploit DB Packet Storm

119	7.3	HIGH Network	tandoor	recipes	Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the POST /api/food/{id}/shopping/ endpoint reads amount and unit directly from req… New	CWE-639 CWE-1284 Authorization Bypass Through User-Controlled Key Improper Validation of Specified Quantity in Input	CVE-2026-35489	2026-04-15 05:13	2026-04-8	Show	GitHub Exploit DB Packet Storm

120	7.5	HIGH Network	kagi	fastfeedparser	FastFeedParser is a high performance RSS, Atom and RDF parser. Prior to 0.5.10, when parse() fetches a URL that returns an HTML page containing a <meta http-equiv="refresh"> tag, it recursively calls… New	CWE-674 Uncontrolled Recursion	CVE-2026-39376	2026-04-15 05:12	2026-04-8	Show	GitHub Exploit DB Packet Storm