Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":April 28, 2026, 4 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
253141	9.3	危険	マイクロソフト	-	Microsoft Windows の kernel における任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2009-2514	2010-01-4 15:24	2009-11-10	Show	GitHub Exploit DB Packet Storm

253142	6.8	警告	マイクロソフト	-	Microsoft Windows の kernel の Graphics Device Interface (GDI) における権限を取得される脆弱性	CWE-20 不適切な入力確認	CVE-2009-2513	2010-01-4 15:24	2009-11-10	Show	GitHub Exploit DB Packet Storm

253143	6.8	警告	マイクロソフト	-	Microsoft Windows の kernel における権限を取得される脆弱性	CWE-20 不適切な入力確認	CVE-2009-1127	2010-01-4 15:24	2009-11-10	Show	GitHub Exploit DB Packet Storm

253144	10	危険	マイクロソフト	-	Microsoft Windows の License Logging Server (llssrv.exe) における任意のコードを実行される脆弱性	CWE-119 バッファエラー	CVE-2009-2523	2010-01-4 15:24	2009-11-10	Show	GitHub Exploit DB Packet Storm

253145	9.3	危険	マイクロソフト	-	Microsoft Windows の Web Services on Devices API (WSDAPI) における任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2009-2512	2010-01-4 15:23	2009-11-10	Show	GitHub Exploit DB Packet Storm

253146	10	危険	アップル VMware サン・マイクロシステムズ	-	Sun Java SE の Provider クラスにおける詳細不明な脆弱性	CWE-noinfo 情報不足	CVE-2009-2722	2010-01-4 14:56	2009-08-10	Show	GitHub Exploit DB Packet Storm

253147	10	危険	アップル VMware サン・マイクロシステムズ	-	Sun Java SE の Provider クラスにおける詳細不明な脆弱性	CWE-noinfo 情報不足	CVE-2009-2723	2010-01-4 14:55	2009-08-10	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:April 28, 2026, 4:09 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
2881	9.1	CRITICAL Network	rapid7	velociraptor	Velociraptor versions prior to 0.76.3 contain a vulnerability in the query() plugin which allows access to all orgs with the user's current ACL token. This allows an authenticated GUI user with acces…	CWE-863 Incorrect Authorization	CVE-2026-6290	2026-04-24 05:44	2026-04-16	Show	GitHub Exploit DB Packet Storm

2882	3.5	LOW Network	gitlab	gitlab	GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that under certain conditions could have allowed an authenticated user to load unauthorized content int…	CWE-1021 Improper Restriction of Rendered UI Layers or Frames	CVE-2026-3254	2026-04-24 05:43	2026-04-23	Show	GitHub Exploit DB Packet Storm

2883	8.1	HIGH Network	gitlab	gitlab	GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execut…	CWE-352 Origin Validation Error	CVE-2026-4922	2026-04-24 05:40	2026-04-23	Show	GitHub Exploit DB Packet Storm

2884	6.1	MEDIUM Network	gitlab	gitlab	GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.1.0 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that under certain conditions could have allowed an una…	CWE-79 Cross-site Scripting	CVE-2026-5262	2026-04-24 05:38	2026-04-23	Show	GitHub Exploit DB Packet Storm

2885	4.3	MEDIUM Network	gitlab	gitlab	GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.11 before 18.11.1 that could have allowed an authenticated user to access titles of confidential or private issues in pub…	CWE-863 Incorrect Authorization	CVE-2026-5377	2026-04-24 05:37	2026-04-23	Show	GitHub Exploit DB Packet Storm

2886	8.1	HIGH Network	gitlab	gitlab	GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that could have allowed an unauthenticated user to execute arbitrary JavaScrip…	CWE-41 Improper Resolution of Path Equivalence	CVE-2026-5816	2026-04-24 05:30	2026-04-23	Show	GitHub Exploit DB Packet Storm

2887	9.8	CRITICAL Network	codefuture	image_hosting_script	CF Image Hosting Script 1.6.5 allows unauthenticated attackers to download and decode the application database by accessing the imgdb.db file in the upload/data directory. Attackers can extract delet…	CWE-552 Files or Directories Accessible to External Parties	CVE-2019-25709	2026-04-24 05:22	2026-04-12	Show	GitHub Exploit DB Packet Storm

2888	5.4	MEDIUM Network	gitlab	gitlab	GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.9.6, 18.10 before 18.10.4, and 18.11 before 18.11.1 that could have allowed a user to use invalidated or inco…	CWE-613 Insufficient Session Expiration	CVE-2026-6515	2026-04-24 05:18	2026-04-23	Show	GitHub Exploit DB Packet Storm

2889	9.8	CRITICAL Network	coreweave	marimo	marimo is a reactive Python notebook. Prior to 0.23.0, Marimo has a Pre-Auth RCE vulnerability. The terminal WebSocket endpoint /terminal/ws lacks authentication validation, allowing an unauthenticat…	CWE-306 Missing Authentication for Critical Function	CVE-2026-39987	2026-04-24 05:15	2026-04-10	Show	GitHub Exploit DB Packet Storm

2890	7.5	HIGH Network	ffmpeg	ffmpeg	An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input.	CWE-125 Out-of-bounds Read	CVE-2026-30997	2026-04-24 05:12	2026-04-14	Show	GitHub Exploit DB Packet Storm