Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 6, 2026, noon

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
251991	4	警告	Linux レッドハット	-	Linux kernel の bcm_connect 関数におけるヒープベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2010-3874	2011-01-31 15:49	2010-12-8	Show	GitHub Exploit DB Packet Storm

251992	1.9	注意	Linux レッドハット	-	Linux kernel の viafb_ioctl_get_viafb_info 関数における重要な情報を取得される脆弱性	CWE-200 情報漏えい	CVE-2010-4082	2011-01-31 15:40	2010-11-30	Show	GitHub Exploit DB Packet Storm

251993	1.9	注意	Linux レッドハット	-	Linux kernel の ivtvfb_ioctl 関数における重要な情報を取得される脆弱性	CWE-200 情報漏えい	CVE-2010-4079	2011-01-31 15:03	2010-11-29	Show	GitHub Exploit DB Packet Storm

251994	1.9	注意	Linux レッドハット	-	Linux kernel の USB サブシステムにおける重要な情報を取得される脆弱性	CWE-200 情報漏えい	CVE-2010-4074	2011-01-31 15:01	2010-11-29	Show	GitHub Exploit DB Packet Storm

251995	2.1	注意	Linux レッドハット	-	Linux kernel の ethtool_get_rxnfc 関数における重要な情報を取得される脆弱性	CWE-200 情報漏えい	CVE-2010-3861	2011-01-31 14:56	2010-12-10	Show	GitHub Exploit DB Packet Storm

251996	4.9	警告	Linux レッドハット	-	Linux kernel の hso_get_count 関数における重要な情報を取得される脆弱性	CWE-200 情報漏えい	CVE-2010-3298	2011-01-28 16:03	2010-09-30	Show	GitHub Exploit DB Packet Storm

251997	4.9	警告	Linux レッドハット	-	Linux kernel の sound/core/seq/oss/seq_oss_init.c 関数におけるサービス運用妨害 (DoS) の脆弱性	CWE-399 リソース管理の問題	CVE-2010-3080	2011-01-28 15:59	2010-09-20	Show	GitHub Exploit DB Packet Storm

251998	9.3	危険	マイクロソフト	-	Microsoft Windows Vista の sdclt.exe にて使用される BitLocker Drive Encryption API における権限昇格の脆弱性	CWE-Other その他	CVE-2010-3145	2011-01-28 15:56	2011-01-11	Show	GitHub Exploit DB Packet Storm

251999	9.3	危険	マイクロソフト	-	MDAC および WDAC における任意のコードを実行される脆弱性	CWE-20 不適切な入力確認	CVE-2011-0027	2011-01-28 15:53	2011-01-11	Show	GitHub Exploit DB Packet Storm

252000	9.3	危険	マイクロソフト	-	MDAC および WDAC の SQLConnectW 関数における整数符号エラーの脆弱性	CWE-189 数値処理の問題	CVE-2011-0026	2011-01-28 15:50	2011-01-11	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 6, 2026, 4:08 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
2001	9.9	CRITICAL Network	openclaw	openclaw	OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate privileges via heartbeat context inheritance and senderIsOwner parameter manipulation. Attackers can e…	CWE-648 Incorrect Use of Privileged APIs	CVE-2026-41329	2026-04-28 00:09	2026-04-21	Show	GitHub Exploit DB Packet Storm

2002	7.2	HIGH Network	espocrm	espocrm	EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, the admin template management endpoints accept attacker-controlled `name` and `scope` values and pass t…	CWE-23 Relative Path Traversal	CVE-2026-33733	2026-04-28 00:08	2026-04-23	Show	GitHub Exploit DB Packet Storm

2003	4.4	MEDIUM Local	openclaw	openclaw	OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass sec…	CWE-453 Insecure Default Variable Initialization	CVE-2026-41330	2026-04-28 00:08	2026-04-21	Show	GitHub Exploit DB Packet Storm

2004	5.3	MEDIUM Network	openclaw	openclaw	OpenClaw before 2026.3.31 contains a resource consumption vulnerability in Telegram audio preflight transcription that allows unauthorized group senders to trigger transcription processing. Attackers…	CWE-408 Incorrect Behavior Order: Early Amplification	CVE-2026-41331	2026-04-28 00:08	2026-04-21	Show	GitHub Exploit DB Packet Storm

2005	4.8	MEDIUM Network	gfi	helpdesk	GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the template group creation and editing functionality that allows authenticated administrators to inject arbitrary J…	CWE-79 Cross-site Scripting	CVE-2026-23752	2026-04-28 00:07	2026-04-21	Show	GitHub Exploit DB Packet Storm

2006	8.6	HIGH Local	openclaw	openclaw	OpenClaw before 2026.3.28 loads the current working directory .env file before trusted state-dir configuration, allowing environment variable injection. Attackers can place a malicious .env file in a…	CWE-15 External Control of System or Configuration Setting	CVE-2026-41294	2026-04-28 00:07	2026-04-21	Show	GitHub Exploit DB Packet Storm

2007	4.8	MEDIUM Network	gfi	helpdesk	GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the language management functionality where the charset POST parameter is passed directly to SWIFT_Language::Create(…	CWE-79 Cross-site Scripting	CVE-2026-23753	2026-04-28 00:07	2026-04-21	Show	GitHub Exploit DB Packet Storm

2008	7.5	HIGH Network	gomarkdown	markdown	The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Processing a malformed input containing a < character that is not followed by a > charact…	CWE-125 Out-of-bounds Read	CVE-2026-40890	2026-04-28 00:07	2026-04-22	Show	GitHub Exploit DB Packet Storm

2009	7.8	HIGH Local	openclaw	openclaw	OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allowing untrusted workspace channel shadows to execute during built-in channel setup and login. Attackers can clone a works…	CWE-829 Inclusion of Functionality from Untrusted Control Sphere	CVE-2026-41295	2026-04-28 00:06	2026-04-21	Show	GitHub Exploit DB Packet Storm

2010	8.2	HIGH Network	openclaw	openclaw	OpenClaw before 2026.3.31 contains a time-of-check-time-of-use race condition in the remote filesystem bridge readFile function that allows sandbox escape. Attackers can exploit the separate path val…	CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition	CVE-2026-41296	2026-04-28 00:06	2026-04-21	Show	GitHub Exploit DB Packet Storm