Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 7, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
254431	9.3	危険	マイクロソフト	-	複数の Microsoft 製品におけるセルに含まれる計算式の処理に関する任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2009-3131	2010-01-5 16:17	2009-11-10	Show	GitHub Exploit DB Packet Storm

254432	9.3	危険	マイクロソフト	-	Microsoft Office Excel における任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2009-3128	2010-01-5 16:17	2009-11-10	Show	GitHub Exploit DB Packet Storm

254433	9.3	危険	マイクロソフト	-	Microsoft Office および Open XML File Format Converter における任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2009-3127	2010-01-5 16:16	2009-11-10	Show	GitHub Exploit DB Packet Storm

254434	6.8	警告	アップルサイバートラスト株式会社サン・マイクロシステムズターボリナックスヒューレット・パッカード OpenSSL Project レッドハット	-	OpenSSL の SSL_get_shared_ciphers() 関数における一つずれエラーの脆弱性	CWE-189 数値処理の問題	CVE-2007-5135	2010-01-5 13:31	2007-10-12	Show	GitHub Exploit DB Packet Storm

254435	7.8	危険	マイクロソフト	-	Microsoft Windows で稼働している Active Directory の LDAP サービスにおけるサービス運用妨害 (DoS) の脆弱性	CWE-399 リソース管理の問題	CVE-2009-1928	2010-01-4 15:24	2009-11-10	Show	GitHub Exploit DB Packet Storm

254436	9.3	危険	マイクロソフト	-	Microsoft Windows の kernel における任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2009-2514	2010-01-4 15:24	2009-11-10	Show	GitHub Exploit DB Packet Storm

254437	6.8	警告	マイクロソフト	-	Microsoft Windows の kernel の Graphics Device Interface (GDI) における権限を取得される脆弱性	CWE-20 不適切な入力確認	CVE-2009-2513	2010-01-4 15:24	2009-11-10	Show	GitHub Exploit DB Packet Storm

254438	6.8	警告	マイクロソフト	-	Microsoft Windows の kernel における権限を取得される脆弱性	CWE-20 不適切な入力確認	CVE-2009-1127	2010-01-4 15:24	2009-11-10	Show	GitHub Exploit DB Packet Storm

254439	10	危険	マイクロソフト	-	Microsoft Windows の License Logging Server (llssrv.exe) における任意のコードを実行される脆弱性	CWE-119 バッファエラー	CVE-2009-2523	2010-01-4 15:24	2009-11-10	Show	GitHub Exploit DB Packet Storm

254440	9.3	危険	マイクロソフト	-	Microsoft Windows の Web Services on Devices API (WSDAPI) における任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2009-2512	2010-01-4 15:23	2009-11-10	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 7, 2026, 4:22 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
251631	5.4	MEDIUM Network	wordpress debian	wordpress debian_linux	wp-includes/general-template.php in WordPress before 4.9.1 does not properly restrict the lang attribute of an HTML element, which might allow attackers to conduct XSS attacks via the language settin…	CWE-79 Cross-site Scripting	CVE-2017-17093	2024-11-21 12:17	2017-12-2	Show	GitHub Exploit DB Packet Storm

251632	5.4	MEDIUM Network	wordpress debian	wordpress debian_linux	wp-includes/functions.php in WordPress before 4.9.1 does not require the unfiltered_html capability for upload of .js files, which might allow remote attackers to conduct XSS attacks via a crafted fi…	CWE-79 Cross-site Scripting	CVE-2017-17092	2024-11-21 12:17	2017-12-2	Show	GitHub Exploit DB Packet Storm

251633	8.8	HIGH Network	wordpress	wordpress	wp-admin/user-new.php in WordPress before 4.9.1 sets the newbloguser key to a string that can be directly derived from the user ID, which allows remote attackers to bypass intended access restriction…	CWE-330 Use of Insufficiently Random Values	CVE-2017-17091	2024-11-21 12:17	2017-12-2	Show	GitHub Exploit DB Packet Storm

251634	7.5	HIGH Network	digium	certified_asterisk asterisk	An issue was discovered in chan_skinny.c in Asterisk Open Source 13.18.2 and older, 14.7.2 and older, and 15.1.2 and older, and Certified Asterisk 13.13-cert7 and older. If the chan_skinny (aka SCCP …	CWE-459 Incomplete Cleanup	CVE-2017-17090	2024-11-21 12:17	2017-12-2	Show	GitHub Exploit DB Packet Storm

251635	7.5	HIGH Network	zte	zxdsl_831cii_firmware	connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET requ…	CWE-287 Improper Authentication	CVE-2017-16953	2024-11-21 12:17	2017-12-2	Show	GitHub Exploit DB Packet Storm

251636	7.8	HIGH Local	arqbackup	arq	The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqglacierrestorer, and (5) arqs3glacierrestorer helper apps in Arq 5.x before 5.10 for Mac allow local users to gain root privileges …	CWE-732 Incorrect Permission Assignment for Critical Resource	CVE-2017-16895	2024-11-21 12:17	2017-12-2	Show	GitHub Exploit DB Packet Storm

251637	6.5	MEDIUM Network	piwigo	piwigo	The application Piwigo is affected by an SQL injection vulnerability in version 2.9.2 and possibly prior. This vulnerability allows remote authenticated attackers to obtain information in the context…	CWE-89 SQL Injection	CVE-2017-16893	2024-11-21 12:17	2017-12-2	Show	GitHub Exploit DB Packet Storm

251638	5.5	MEDIUM Local	vim debian canonical	vim debian_linux ubuntu_linux	fileio.c in Vim prior to 8.0.1263 sets the group ownership of a .swp file to the editor's primary group (which may be different from the group ownership of the original file), which allows local user…	CWE-668 Exposure of Resource to Wrong Sphere	CVE-2017-17087	2024-11-21 12:17	2017-12-1	Show	GitHub Exploit DB Packet Storm

251639	9.8	CRITICAL Network	inedo	otter	Indeo Otter through 1.7.4 mishandles a "</script>" substring in an initial DP payload, which allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact, as…	CWE-20 Improper Input Validation	CVE-2017-17086	2024-11-21 12:17	2017-12-1	Show	GitHub Exploit DB Packet Storm

251640	7.5	HIGH Network	wireshark debian	wireshark debian_linux	In Wireshark 2.4.0 to 2.4.2 and 2.2.0 to 2.2.10, the CIP Safety dissector could crash. This was addressed in epan/dissectors/packet-cipsafety.c by validating the packet length.	CWE-754 Improper Check for Unusual or Exceptional Conditions	CVE-2017-17085	2024-11-21 12:17	2017-12-1	Show	GitHub Exploit DB Packet Storm