Vulnerability Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 1, 2026, 12:10 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
253471	5	警告	マイクロソフト	-	Microsoft Windows の SMTP コンポーネントにおける情報漏えいの脆弱性	CWE-200 情報漏えい	CVE-2010-0025	2010-05-11 15:15	2010-04-13	Show	GitHub Exploit DB Packet Storm

253472	5	警告	マイクロソフト	-	Microsoft Windows の SMTP コンポーネントにおけるサービス運用妨害 (DoS) の脆弱性	CWE-20 不適切な入力確認	CVE-2010-0024	2010-05-11 15:15	2010-04-13	Show	GitHub Exploit DB Packet Storm

253473	9.3	危険	マイクロソフト	-	Microsoft Office Publisher におけるバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2010-0479	2010-05-11 15:14	2010-04-13	Show	GitHub Exploit DB Packet Storm

253474	4.7	警告	マイクロソフト	-	Microsoft Windows の kernel におけるサービス運用妨害 (DoS) の脆弱性	CWE-noinfo 情報不足	CVE-2010-0810	2010-05-11 15:14	2010-04-13	Show	GitHub Exploit DB Packet Storm

253475	4.7	警告	マイクロソフト	-	Microsoft Windows の kernel におけるサービス運用妨害 (DoS) の脆弱性	CWE-20 不適切な入力確認	CVE-2010-0482	2010-05-11 15:14	2010-04-13	Show	GitHub Exploit DB Packet Storm

253476	4.7	警告	マイクロソフト	-	Microsoft Windows の kernel におけるサービス運用妨害 (DoS) の脆弱性	CWE-Other その他	CVE-2010-0481	2010-05-11 15:13	2010-04-13	Show	GitHub Exploit DB Packet Storm

253477	4.9	警告	マイクロソフト	-	Microsoft Windows の kernel におけるサービス運用妨害 (DoS) の脆弱性	CWE-20 CWE-noinfo	CVE-2010-0238	2010-05-11 15:13	2010-04-13	Show	GitHub Exploit DB Packet Storm

253478	6.9	警告	マイクロソフト	-	Microsoft Windows の kernel における権限昇格の脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2010-0237	2010-05-11 15:13	2010-04-13	Show	GitHub Exploit DB Packet Storm

253479	6.8	警告	マイクロソフト	-	Microsoft Windows の kernel における権限昇格の脆弱性	CWE-399 リソース管理の問題	CVE-2010-0236	2010-05-11 15:13	2010-04-13	Show	GitHub Exploit DB Packet Storm

253480	4.7	警告	マイクロソフト	-	Microsoft Windows の kernel におけるサービス運用妨害 (DoS) の脆弱性	CWE-20 不適切な入力確認	CVE-2010-0235	2010-05-11 15:13	2010-04-13	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 1, 2026, 4:54 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
251421	7.5	HIGH Network	ox_project	ox	In the Ox gem 2.8.0 for Ruby, the process crashes with a segmentation fault when a crafted input is supplied to parse_obj. NOTE: the vendor has stated "Ox should handle the error more gracefully" but…	CWE-20 Improper Input Validation	CVE-2017-15928	2024-11-21 12:15	2017-10-28	Show	GitHub Exploit DB Packet Storm

251422	7.8	HIGH Local	shadowsocks debian	shadowsocks-libev debian_linux	In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related t…	CWE-78 OS Command	CVE-2017-15924	2024-11-21 12:15	2017-10-28	Show	GitHub Exploit DB Packet Storm

251423	5.5	MEDIUM Local	gnu	libextractor	In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in plugins/dvi_extractor.c.	CWE-125 Out-of-bounds Read	CVE-2017-15922	2024-11-21 12:15	2017-10-27	Show	GitHub Exploit DB Packet Storm

251424	9.8	CRITICAL Network	accesspressthemes	ultimate-form-builder-lite	The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php.	CWE-89 SQL Injection	CVE-2017-15919	2024-11-21 12:15	2017-10-27	Show	GitHub Exploit DB Packet Storm

251425	6.5	MEDIUM Network	paessler	prtg_network_monitor	In Paessler PRTG Network Monitor 17.3.33.2830, it's possible to create a Map as a read-only user, by forging a request and sending it to the server.	CWE-269 Improper Privilege Management	CVE-2017-15917	2024-11-21 12:15	2017-10-27	Show	GitHub Exploit DB Packet Storm

251426	4.8	MEDIUM Network	igniterealtime	openfire	The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka…	CWE-79 Cross-site Scripting	CVE-2017-15911	2024-11-21 12:15	2017-10-27	Show	GitHub Exploit DB Packet Storm

251427	7.5	HIGH Network	systemd_project canonical	systemd ubuntu_linux	In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-re…	CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')	CVE-2017-15908	2024-11-21 12:15	2017-10-26	Show	GitHub Exploit DB Packet Storm

251428	9.8	CRITICAL Network	phpcollab	phpcollab	SQL injection vulnerability in phpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to newsdesk/newsdesk.php.	CWE-89 SQL Injection	CVE-2017-15907	2024-11-21 12:15	2017-10-26	Show	GitHub Exploit DB Packet Storm

251429	7.5	HIGH Network	londontrustmedia	private_internet_access	The London Trust Media Private Internet Access (PIA) application before 1.3.3.1 for Android allows remote attackers to cause a denial of service (application crash) via a large VPN server-list file.	CWE-400 Uncontrolled Resource Consumption	CVE-2017-15882	2024-11-21 12:15	2017-10-26	Show	GitHub Exploit DB Packet Storm

251430	9.8	CRITICAL Network	dlink	dgs-1500_firmware	D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, which allows remote attackers to obtain shell access.	CWE-798 Use of Hard-coded Credentials	CVE-2017-15909	2024-11-21 12:15	2017-10-26	Show	GitHub Exploit DB Packet Storm

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed