Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 2, 2026, 4 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
253431	5.8	警告	サン・マイクロシステムズ GNOME Project レッドハット	-	Evolution Data Server (別名 evolution-data-server) の ntlm_challenge 関数におけるプロセスメモリ情報の漏洩またはサービス運用妨害 (DoS) の脆弱性	CWE-20 不適切な入力確認	CVE-2009-0582	2010-05-14 18:37	2009-03-14	Show	GitHub Exploit DB Packet Storm

253432	1.2	注意	日本電気サイバートラスト株式会社サン・マイクロシステムズターボリナックス OpenSSL Project レッドハット	-	RSA key reconstruction vulnerability	-	CVE-2007-3108	2010-05-14 18:37	2007-08-16	Show	GitHub Exploit DB Packet Storm

253433	5	警告	ヒューレット・パッカードサイバートラスト株式会社 OpenSSL Project ターボリナックスレッドハット	-	OpenSSL の zlib_stateful_finish 関数におけるサービス運用妨害 (DoS) の脆弱性	CWE-399 リソース管理の問題	CVE-2009-4355	2010-05-13 17:21	2010-01-13	Show	GitHub Exploit DB Packet Storm

253434	9.3	危険	日立	-	XMAP3 における任意のコードが実行される脆弱性	CWE-noinfo 情報不足	-	2010-05-13 15:14	2010-04-12	Show	GitHub Exploit DB Packet Storm

253435	4.3	警告	オラクル	-	Oracle Industry Product Suite の Retail - Oracle Retail Plan In-Season コンポーネントにおける脆弱性	CWE-noinfo 情報不足	CVE-2010-0863	2010-05-13 15:13	2010-04-13	Show	GitHub Exploit DB Packet Storm

253436	4.3	警告	オラクル	-	Oracle Industry Product Suite の Retail - Oracle Retail Place In-Season コンポーネントにおける脆弱性	CWE-noinfo 情報不足	CVE-2010-0864	2010-05-13 15:13	2010-04-13	Show	GitHub Exploit DB Packet Storm

253437	4.3	警告	オラクル	-	Oracle Industry Product Suite の Retail - Oracle Retail Markdown Optimization コンポーネントにおける脆弱性	CWE-noinfo 情報不足	CVE-2010-0862	2010-05-13 15:13	2010-04-13	Show	GitHub Exploit DB Packet Storm

253438	4.3	警告	オラクル	-	Oracle Industry Product Suite の Life Sciences - Oracle Thesaurus Management System コンポーネントにおける脆弱性	CWE-noinfo 情報不足	CVE-2010-0875	2010-05-13 15:12	2010-04-13	Show	GitHub Exploit DB Packet Storm

253439	4.3	警告	オラクル	-	Oracle Industry Product Suite の Life Sciences - Oracle Clinical Remote Data Capture Option コンポーネントにおける脆弱性	CWE-noinfo 情報不足	CVE-2010-0876	2010-05-13 15:12	2010-04-13	Show	GitHub Exploit DB Packet Storm

253440	4.3	警告	オラクル	-	Oracle Industry Product Suite の Communications - Oracle Communications Unified Inventory Management コンポーネントにおける脆弱性	CWE-noinfo 情報不足	CVE-2010-0874	2010-05-13 15:12	2010-04-13	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 2, 2026, 4:08 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
279471	7.5	HIGH Network	igniterealtime	openfire	OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks.	CWE-295 Improper Certificate Validation	CVE-2014-3451	2024-11-21 11:08	2017-08-19	Show	GitHub Exploit DB Packet Storm

279472	7.5	HIGH Network	opensuse encfs_project	leap opensuse encfs	The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes".	CWE-200 Information Exposure	CVE-2014-3462	2024-11-21 11:08	2017-08-8	Show	GitHub Exploit DB Packet Storm

279473	8.8	HIGH Network	redhat	ansible	The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands.	CWE-20 Improper Input Validation	CVE-2014-3498	2024-11-21 11:08	2017-06-9	Show	GitHub Exploit DB Packet Storm

279474	9.8	CRITICAL Network	vmware	spring_security	When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. Th…	CWE-287 Improper Authentication	CVE-2014-3527	2024-11-21 11:08	2017-05-26	Show	GitHub Exploit DB Packet Storm

279475	9.8	CRITICAL Network	apache	ambari	In Ambari 1.2.0 through 2.2.2, it may be possible to execute arbitrary system commands on the Ambari Server host while generating SSL certificates for hosts in an Ambari cluster.	CWE-94 Code Injection	CVE-2014-3582	2024-11-21 11:08	2017-03-30	Show	GitHub Exploit DB Packet Storm

279476	6.5	MEDIUM Local	redhat xen	libvirt xen	The qemu implementation in libvirt before 1.3.0 and Xen allows local guest OS users to cause a denial of service (host disk consumption) by writing to stdout or stderr.	CWE-400 Uncontrolled Resource Consumption	CVE-2014-3672	2024-11-21 11:08	2016-05-26	Show	GitHub Exploit DB Packet Storm

279477	-		jenkins	jenkins	Jenkins before 1.587 and LTS before 1.580.1 do not properly ensure trust separation between a master and slaves, which might allow remote attackers to execute arbitrary code on the master by leveragi…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2014-3665	2024-11-21 11:08	2015-11-26	Show	GitHub Exploit DB Packet Storm

279478	-		apache	activemq	The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows remote attackers to bypass authentication by logging in with…	CWE-287 Improper Authentication	CVE-2014-3612	2024-11-21 11:08	2015-08-24	Show	GitHub Exploit DB Packet Storm

279479	7.5	HIGH Network	apache oracle	activemq business_intelligence_publisher fusion_middleware	The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command.	CWE-264 Permissions, Privileges, and Access Controls	CVE-2014-3576	2024-11-21 11:08	2015-08-15	Show	GitHub Exploit DB Packet Storm

279480	-		theforeman	foreman	Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template.	CWE-79 Cross-site Scripting	CVE-2014-3653	2024-11-21 11:08	2015-07-7	Show	GitHub Exploit DB Packet Storm