Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 9, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
254431	10	危険	サン・マイクロシステムズサイバートラスト株式会社 Mozilla Foundation レッドハット	-	Mozilla Firefox/Thunderbird の JavaScript エンジンにおける任意のコードを実行される脆弱性	CWE-399 リソース管理の問題	CVE-2009-2466	2010-04-1 13:38	2009-07-21	Show	GitHub Exploit DB Packet Storm

254432	10	危険	サン・マイクロシステムズサイバートラスト株式会社 Mozilla Foundation レッドハット	-	Mozilla Firefox/Thunderbird の base64 デコード関数における整数オーバーフローの脆弱性	CWE-189 数値処理の問題	CVE-2009-2463	2010-04-1 13:36	2009-07-21	Show	GitHub Exploit DB Packet Storm

254433	10	危険	サン・マイクロシステムズサイバートラスト株式会社 Mozilla Foundation レッドハット	-	Mozilla Firefox/Thunderbird のブラウザエンジンにおける任意のコードを実行される脆弱性	CWE-399 リソース管理の問題	CVE-2009-2462	2010-04-1 13:34	2009-07-21	Show	GitHub Exploit DB Packet Storm

254434	7.2	危険	サイバートラスト株式会社 Linux レッドハット	-	Linux kernel の fasync_helper 関数における権限昇格の脆弱性	CWE-399 リソース管理の問題	CVE-2009-4141	2010-03-29 15:18	2010-01-19	Show	GitHub Exploit DB Packet Storm

254435	9.3	危険	アップル	-	Apple Safari における任意のコードを実行される脆弱性	CWE-20 不適切な入力確認	CVE-2010-0045	2010-03-25 11:49	2010-03-15	Show	GitHub Exploit DB Packet Storm

254436	4.3	警告	アップル	-	Apple Safari の PubSub における Cookie が設定される脆弱性	CWE-16 環境設定	CVE-2010-0044	2010-03-25 11:49	2010-03-15	Show	GitHub Exploit DB Packet Storm

254437	7.5	危険	サン・マイクロシステムズ GNU Project サイバートラスト株式会社レッドハット	-	GNU tar の safer_name_suffix 関数におけるバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2007-4476	2010-03-25 11:47	2007-08-17	Show	GitHub Exploit DB Packet Storm

254438	7.8	危険	VMware	-	VMware Fusion の vmx86 のカーネル拡張における整数オーバーフローの脆弱性	CWE-189 数値処理の問題	CVE-2009-3282	2010-03-24 12:23	2009-10-1	Show	GitHub Exploit DB Packet Storm

254439	7.2	危険	VMware	-	VMware Fusion の vmx86 のカーネル拡張における権限昇格の脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2009-3281	2010-03-24 12:22	2009-10-1	Show	GitHub Exploit DB Packet Storm

254440	9.3	危険	VMware	-	複数の VMware 製品の VMnc media コーデックにおける任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2009-2628	2010-03-24 12:22	2009-09-4	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 10, 2026, 4:58 a.m.

No	CVSS	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
276421	-	php file_project	php file	The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain strin…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2014-9652	2024-11-21 11:21	2015-03-30	Show	GitHub Exploit DB Packet Storm

276422	-	websense	v-series_appliances	Websense TRITON V-Series appliances before 7.8.3 Hotfix 03 and 7.8.4 before Hotfix 01 allow remote administrators to read arbitrary files and obtain passwords via a crafted path.	CWE-200 Information Exposure	CVE-2014-9712	2024-11-21 11:21	2015-03-27	Show	GitHub Exploit DB Packet Storm

276423	-	websense	triton_web_security_gateway triton_web_security_gateway_anywhere triton_web_filter triton_web_security triton_ap_web	Multiple cross-site scripting (XSS) vulnerabilities in the Investigative Reports in Websense TRITON AP-WEB before 8.0.0 and Web Security and Filter, Web Security Gateway, and Web Security Gateway Any…	CWE-79 Cross-site Scripting	CVE-2014-9711	2024-11-21 11:21	2015-03-25	Show	GitHub Exploit DB Packet Storm

276424	-	ecryptfs	ecryptfs-utils	eCryptfs 104 and earlier uses a default salt to encrypt the mount passphrase, which makes it easier for attackers to obtain user passwords via a brute force attack.	CWE-255 Credentials Management	CVE-2014-9687	2024-11-21 11:21	2015-03-16	Show	GitHub Exploit DB Packet Storm

276425	-	solarwinds	orion_netflow_traffic_analyzer orion_web_performance_monitor orion_network_configuration_manager orion_user_device_tracker orion_ip_address_manager orion_voip_\&_network_quality_ma…	Multiple SQL injection vulnerabilities in the Manage Accounts page in the AccountManagement.asmx service in the Solarwinds Orion Platform 2015.1, as used in Network Performance Monitor (NPM) before 1…	CWE-89 SQL Injection	CVE-2014-9566	2024-11-21 11:21	2015-03-10	Show	GitHub Exploit DB Packet Storm

276426	-	google	chrome	content/renderer/device_sensors/device_orientation_event_pump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate gyroscope data, which makes it easier for remote a…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2014-9689	2024-11-21 11:21	2015-03-9	Show	GitHub Exploit DB Packet Storm

276427	-	ninjaforms	ninja_forms	Unspecified vulnerability in the Ninja Forms plugin before 2.8.10 for WordPress has unknown impact and remote attack vectors related to admin users.	NVD-CWE-noinfo	CVE-2014-9688	2024-11-21 11:21	2015-03-6	Show	GitHub Exploit DB Packet Storm

276428	-	canonical linux	ubuntu_linux linux_kernel	Off-by-one error in the ecryptfs_decode_from_filename function in fs/ecryptfs/crypto.c in the eCryptfs subsystem in the Linux kernel before 3.18.2 allows local users to cause a denial of service (buf…	CWE-189 Numeric Errors	CVE-2014-9683	2024-11-21 11:21	2015-03-3	Show	GitHub Exploit DB Packet Storm

276429	-	linux debian canonical oracle	linux_kernel debian_linux ubuntu_linux linux	The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a parenthesized module template expression in the…	CWE-269 Improper Privilege Management	CVE-2014-9644	2024-11-21 11:21	2015-03-2	Show	GitHub Exploit DB Packet Storm

276430	-	dns-sync_project	dns-sync	The dns-sync module before 0.1.1 for node.js allows context-dependent attackers to execute arbitrary commands via shell metacharacters in the first argument to the resolve API function.	CWE-77 Command Injection	CVE-2014-9682	2024-11-21 11:21	2015-02-28	Show	GitHub Exploit DB Packet Storm