Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
251911	9.3	危険	マイクロソフト	-	Microsoft Windows の kernel における任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2009-2514	2010-01-4 15:24	2009-11-10	Show	GitHub Exploit DB Packet Storm

251912	6.8	警告	マイクロソフト	-	Microsoft Windows の kernel の Graphics Device Interface (GDI) における権限を取得される脆弱性	CWE-20 不適切な入力確認	CVE-2009-2513	2010-01-4 15:24	2009-11-10	Show	GitHub Exploit DB Packet Storm

251913	6.8	警告	マイクロソフト	-	Microsoft Windows の kernel における権限を取得される脆弱性	CWE-20 不適切な入力確認	CVE-2009-1127	2010-01-4 15:24	2009-11-10	Show	GitHub Exploit DB Packet Storm

251914	10	危険	マイクロソフト	-	Microsoft Windows の License Logging Server (llssrv.exe) における任意のコードを実行される脆弱性	CWE-119 バッファエラー	CVE-2009-2523	2010-01-4 15:24	2009-11-10	Show	GitHub Exploit DB Packet Storm

251915	9.3	危険	マイクロソフト	-	Microsoft Windows の Web Services on Devices API (WSDAPI) における任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2009-2512	2010-01-4 15:23	2009-11-10	Show	GitHub Exploit DB Packet Storm

251916	10	危険	アップル VMware サン・マイクロシステムズ	-	Sun Java SE の Provider クラスにおける詳細不明な脆弱性	CWE-noinfo 情報不足	CVE-2009-2722	2010-01-4 14:56	2009-08-10	Show	GitHub Exploit DB Packet Storm

251917	10	危険	アップル VMware サン・マイクロシステムズ	-	Sun Java SE の Provider クラスにおける詳細不明な脆弱性	CWE-noinfo 情報不足	CVE-2009-2723	2010-01-4 14:55	2009-08-10	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:April 17, 2026, 4:13 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
281	7.5	HIGH Network	orthanc-server	orthanc	A gzip decompression bomb vulnerability exists when Orthanc processes HTTP request with `Content-Encoding: gzip`. The server does not enforce limits on decompressed size and allocates memory based on… New	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2026-5438	2026-04-16 04:31	2026-04-10	Show	GitHub Exploit DB Packet Storm

282	6.5	MEDIUM Network	minio	minio	MinIO is a high-performance object storage system. From RELEASE.2018-08-18T03-49-57Z to before RELEASE.2025-12-20T04-58-37Z, MinIO's S3 Select feature is vulnerable to memory exhaustion when processi… New	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2026-39414	2026-04-16 04:30	2026-04-9	Show	GitHub Exploit DB Packet Storm

283	8.8	HIGH Network	openclaw	openclaw	OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSession function that uses a synthetic operator.admin runtime scope. Attackers ca… New	CWE-648 CWE-863 Incorrect Use of Privileged APIs Incorrect Authorization	CVE-2026-35645	2026-04-16 04:25	2026-04-10	Show	GitHub Exploit DB Packet Storm

284	6.1	MEDIUM Network	circl	ail_framework	AIL framework is an open-source platform to collect, crawl, process and analyse unstructured data. Prior to 6.8, a stored cross-site scripting (XSS) vulnerability was identified in the modal item pre… New	CWE-79 Cross-site Scripting	CVE-2026-39416	2026-04-16 04:20	2026-04-9	Show	GitHub Exploit DB Packet Storm

285	5.4	MEDIUM Network	-	-	A flaw was found in KubeVirt's Role-Based Access Control (RBAC) evaluation logic. The authorization mechanism improperly truncates subresource names, leading to incorrect permission evaluations. This… New	CWE-863 Incorrect Authorization	CVE-2026-6383	2026-04-16 04:16	2026-04-16	Show	GitHub Exploit DB Packet Storm

286	5.5	MEDIUM Local	-	-	A flaw was found in the System Security Services Daemon (SSSD). The pam_passkey_child_read_data() function within the PAM passkey responder fails to properly handle raw bytes received from a pipe. Be… New	CWE-805 Buffer Access with Incorrect Length Value	CVE-2026-6245	2026-04-16 04:16	2026-04-16	Show	GitHub Exploit DB Packet Storm

287	-		-	-	CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access… New	CWE-798 Use of Hard-coded Credentials	CVE-2026-5189	2026-04-16 04:16	2026-04-16	Show	GitHub Exploit DB Packet Storm

288	8.4	HIGH Network	-	-	IdentityIQ 8.5, all IdentityIQ 8.5 patch levels prior to 8.5p2, IdentityIQ 8.4, and all IdentityIQ 8.4 patch levels prior to 8.4p4 allow authenticated users assigned the Debug Pages Read Only capabil… New	CWE-863 Incorrect Authorization	CVE-2026-4857	2026-04-16 04:16	2026-04-16	Show	GitHub Exploit DB Packet Storm

289	5.0	MEDIUM Network	-	-	Weblate is a web based localization tool. In versions prior to 5.17, repository-boundary validation relies on string prefix checks on resolved absolute paths. In multiple code paths, the check uses s… New	CWE-22 Path Traversal	CVE-2026-40256	2026-04-16 04:16	2026-04-16	Show	GitHub Exploit DB Packet Storm

290	4.1	MEDIUM Network	-	-	Weblate is a web based localization tool. In versions prior to 5.17, the webhook add-on did not utilize existing SSRF protections. This issue has been fixed in version 5.17. If developers are unable … New	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-39845	2026-04-16 04:16	2026-04-16	Show	GitHub Exploit DB Packet Storm