Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 9, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
254441 9.3 危険 VMware - 複数の VMware 製品の VMnc media コーデックにおけるヒープベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2009-0199 2010-03-24 12:22 2009-09-4 Show GitHub Exploit DB Packet Storm
254442 5 警告 VMware - VMware Studio の Web インターフェースにおけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2009-2968 2010-03-24 12:22 2009-08-31 Show GitHub Exploit DB Packet Storm
254443 4 警告 VMware - 複数の VMware 製品の Descheduled Time Accounting ドライバにおけるサービス運用妨害 (DoS) の脆弱性 CWE-noinfo
情報不足 		CVE-2009-1805 2010-03-24 12:22 2009-05-28 Show GitHub Exploit DB Packet Storm
254444 6.8 警告 VMware - 複数の VMware 製品の仮想マシン表示機能における任意のコードを実行される脆弱性 CWE-noinfo
情報不足 		CVE-2009-1244 2010-03-24 12:21 2009-04-10 Show GitHub Exploit DB Packet Storm
254445 7.2 危険 VMware - 複数の VMware 製品の仮想マシン通信インターフェイスにおける権限昇格の脆弱性 CWE-noinfo
情報不足 		CVE-2009-1147 2010-03-24 12:21 2009-04-3 Show GitHub Exploit DB Packet Storm
254446 4.9 警告 VMware - 複数の VMware 製品の ioctl におけるサービス運用妨害 (DoS) の脆弱性 CWE-noinfo
情報不足 		CVE-2009-1146 2010-03-23 14:11 2010-04-3 Show GitHub Exploit DB Packet Storm
254447 6.8 警告 VMware - 複数の VMware 製品の VNnc コーデックにおけるヒープベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2009-0910 2010-03-23 14:11 2010-04-3 Show GitHub Exploit DB Packet Storm
254448 9.3 危険 VMware - 複数の VMware 製品の VNnc コーデックにおけるヒープベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2009-0909 2010-03-23 14:10 2010-04-3 Show GitHub Exploit DB Packet Storm
254449 6.4 警告 VMware - VMware ACE の ACE 共有フォルダ実装における無効にされた共有フォルダを有効にされる脆弱性 CWE-noinfo
情報不足 		CVE-2009-0908 2010-03-23 14:10 2010-04-3 Show GitHub Exploit DB Packet Storm
254450 2.1 注意 VMware - 複数の VMware 製品の VI Client におけるパスワードを取得される脆弱性 CWE-200
情報漏えい 		CVE-2009-0518 2010-03-23 14:10 2010-04-3 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 9, 2026, 5:07 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1511 - - - Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated remote denial of service via memory exhaustion. The fragment reassembly path in 'Elixir.Ba… CWE-770
 Allocation of Resources Without Limits or Throttling 		CVE-2026-42786 2026-05-6 04:37 2026-05-2 Show GitHub Exploit DB Packet Storm
1512 - - - Allocation of Resources Without Limits or Throttling vulnerability in mtrudel bandit allows unauthenticated memory exhaustion via oversized HTTP/2 frames. 'Elixir.Bandit.HTTP2.Frame':deserialize/2 i… CWE-770
 Allocation of Resources Without Limits or Throttling 		CVE-2026-42788 2026-05-6 04:37 2026-05-2 Show GitHub Exploit DB Packet Storm
1513 - - - 3onedata modbus gateway device model GW1101-1D(RS-485)-TB-P (hardware version V2.2.0) allows authenticated users to execute arbitrary shell commands in the context of the root user by providing paylo… CWE-78
OS Command  		CVE-2025-13605 2026-05-6 04:35 2026-05-5 Show GitHub Exploit DB Packet Storm
1514 9.1 CRITICAL
Network 		- - Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file in which the declared tensor offset and… CWE-125
Out-of-bounds Read 		CVE-2026-7482 2026-05-6 04:35 2026-05-4 Show GitHub Exploit DB Packet Storm
1515 9.8 CRITICAL
Network 		- - Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Tegsoft Management and Information Services Trade Limited Company Online Support Application allo… CWE-79
Cross-site Scripting 		CVE-2025-14320 2026-05-6 04:34 2026-05-4 Show GitHub Exploit DB Packet Storm
1516 7.2 HIGH
Network 		- - Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Information and Consulting Trade and Industry Limited Company SambaBox allows OS Command Injection. This issue aff… CWE-94
Code Injection 		CVE-2026-3120 2026-05-6 04:34 2026-05-4 Show GitHub Exploit DB Packet Storm
1517 9.8 CRITICAL
Network 		- - D-Link DIR-456U Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /etc/init0.d/S80telnetd.sh with the username "Alphanetworks… CWE-798
 Use of Hard-coded Credentials 		CVE-2026-42376 2026-05-6 04:32 2026-05-5 Show GitHub Exploit DB Packet Storm
1518 9.9 CRITICAL
Network 		- - Apache Polaris can issue broad temporary ("vended") storage credentials during staged table creation before the effective table location has been validated or durably reserved. Those temporary crede… CWE-20
CWE-862
 Improper Input Validation 
 Missing Authorization 		CVE-2026-42809 2026-05-6 04:32 2026-05-5 Show GitHub Exploit DB Packet Storm
1519 9.9 CRITICAL
Network 		- - Apache Polaris accepts literal `*` characters in namespace and table names. When it later builds temporary S3 access policies for delegated table access, those same characters appear to be reused une… CWE-20
CWE-116
 Improper Input Validation 
 Improper Encoding or Escaping of Output 		CVE-2026-42810 2026-05-6 04:32 2026-05-5 Show GitHub Exploit DB Packet Storm
1520 9.9 CRITICAL
Network 		- - In plain terms, Apache Polaris is supposed to issue short-lived GCS credentials that only work for one table's files, but a crafted namespace or table name can cause those credentials to work across … CWE-20
CWE-917
 Improper Input Validation 
 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') 		CVE-2026-42811 2026-05-6 04:32 2026-05-5 Show GitHub Exploit DB Packet Storm