Vulnerability Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":April 28, 2026, 2 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
253141	9.3	危険	マイクロソフト	-	Microsoft Windows の kernel における任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2009-2514	2010-01-4 15:24	2009-11-10	Show	GitHub Exploit DB Packet Storm

253142	6.8	警告	マイクロソフト	-	Microsoft Windows の kernel の Graphics Device Interface (GDI) における権限を取得される脆弱性	CWE-20 不適切な入力確認	CVE-2009-2513	2010-01-4 15:24	2009-11-10	Show	GitHub Exploit DB Packet Storm

253143	6.8	警告	マイクロソフト	-	Microsoft Windows の kernel における権限を取得される脆弱性	CWE-20 不適切な入力確認	CVE-2009-1127	2010-01-4 15:24	2009-11-10	Show	GitHub Exploit DB Packet Storm

253144	10	危険	マイクロソフト	-	Microsoft Windows の License Logging Server (llssrv.exe) における任意のコードを実行される脆弱性	CWE-119 バッファエラー	CVE-2009-2523	2010-01-4 15:24	2009-11-10	Show	GitHub Exploit DB Packet Storm

253145	9.3	危険	マイクロソフト	-	Microsoft Windows の Web Services on Devices API (WSDAPI) における任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2009-2512	2010-01-4 15:23	2009-11-10	Show	GitHub Exploit DB Packet Storm

253146	10	危険	アップル VMware サン・マイクロシステムズ	-	Sun Java SE の Provider クラスにおける詳細不明な脆弱性	CWE-noinfo 情報不足	CVE-2009-2722	2010-01-4 14:56	2009-08-10	Show	GitHub Exploit DB Packet Storm

253147	10	危険	アップル VMware サン・マイクロシステムズ	-	Sun Java SE の Provider クラスにおける詳細不明な脆弱性	CWE-noinfo 情報不足	CVE-2009-2723	2010-01-4 14:55	2009-08-10	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:April 28, 2026, 4:09 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1671	8.1	HIGH Network	-	-	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Curly Core curly-core allows PHP Local File Inclusion.This issue…	CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')	CVE-2026-27047	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

1672	8.1	HIGH Network	-	-	Control inadecuado del nombre de fichero para la declaración include/require en un programa PHP ('inclusión remota de ficheros PHP') vulnerabilidad en Mikado-Themes Curly Core curly-core permite la i…	CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')	CVE-2026-27047	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

1673	8.1	HIGH Network	-	-	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elated-Themes The Aisle Core theaisle-core allows PHP Local File Inclusion.Thi…	CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')	CVE-2026-27048	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

1674	8.1	HIGH Network	-	-	La vulnerabilidad de control inadecuado del nombre de fichero para la declaración Include/Require en el programa PHP ('Inclusión remota de ficheros PHP') en Elated-Themes The Aisle Core theaisle-core…	CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')	CVE-2026-27048	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

1675	9.8	CRITICAL Network	-	-	Authentication Bypass Using an Alternate Path or Channel vulnerability in NooTheme Jobica Core jobica-core allows Authentication Abuse.This issue affects Jobica Core: from n/a through <= 1.4.2.	CWE-288 Authentication Bypass Using an Alternate Path or Channel	CVE-2026-27049	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

1676	9.8	CRITICAL Network	-	-	Vulnerabilidad de omisión de autenticación mediante una ruta o canal alternativo en NooTheme Jobica Core jobica-core permite el abuso de autenticación. Este problema afecta a Jobica Core: desde n/a h…	CWE-288 Authentication Bypass Using an Alternate Path or Channel	CVE-2026-27049	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

1677	9.8	CRITICAL Network	-	-	Incorrect Privilege Assignment vulnerability in uxper Golo golo allows Privilege Escalation.This issue affects Golo: from n/a through <= 1.7.0.	CWE-266 Incorrect Privilege Assignment	CVE-2026-27051	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

1678	9.8	CRITICAL Network	-	-	Vulnerabilidad de Asignación Incorrecta de Privilegios en uxper Golo golo permite la escalada de privilegios. Este problema afecta a Golo: desde n/d hasta <= 1.7.0.	CWE-266 Incorrect Privilege Assignment	CVE-2026-27051	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

1679	7.1	HIGH Network	-	-	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PenciDesign Penci Soledad Data Migrator penci-data-migrator allows Reflected XSS.This issue affec…	CWE-79 Cross-site Scripting	CVE-2026-27054	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

1680	7.1	HIGH Network	-	-	Vulnerabilidad de Neutralización Incorrecta de la Entrada Durante la Generación de Páginas Web ('cross-site scripting') en PenciDesign Penci Soledad Data Migrator penci-data-migrator permite XSS Refl…	CWE-79 Cross-site Scripting	CVE-2026-27054	2026-04-25 01:35	2026-03-26	Show	GitHub Exploit DB Packet Storm

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed