Vulnerability Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 13, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
255111	10	危険	マイクロソフト	-	Microsoft Windows の SMB 実装におけるアクセス権を取得される脆弱性	CWE-264 CWE-310	CVE-2010-0231	2010-03-3 11:54	2010-02-9	Show	GitHub Exploit DB Packet Storm

255112	7.8	危険	マイクロソフト	-	Microsoft Windows の SMB 実装におけるサービス運用妨害 (DoS) の脆弱性	CWE-20 不適切な入力確認	CVE-2010-0022	2010-03-3 11:53	2010-02-9	Show	GitHub Exploit DB Packet Storm

255113	9	危険	マイクロソフト	-	Microsoft Windows の SMB 実装における任意のコードを実行される脆弱性	CWE-20 CWE-94	CVE-2010-0020	2010-03-3 11:53	2010-02-9	Show	GitHub Exploit DB Packet Storm

255114	6.9	警告	マイクロソフト	-	Microsoft Windows の Client/Server Run-time Subsystem における権限昇格の脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2010-0023	2010-03-3 11:53	2010-02-9	Show	GitHub Exploit DB Packet Storm

255115	4	警告	マイクロソフト	-	Microsoft Windows の Hyper-V サーバ実装におけるサービス運用妨害 (DoS) の脆弱性	CWE-20 不適切な入力確認	CVE-2010-0026	2010-03-3 11:53	2010-02-9	Show	GitHub Exploit DB Packet Storm

255116	9.3	危険	日本電気アップル富士通古河電気工業ヒューレット・パッカードインターネットイニシアティブアラクサラネットワークス日立	-	IPv6 NDP 実装における Neighbor Discovery メッセージの送信元検証処理に関する脆弱性	CWE-20 不適切な入力確認	CVE-2008-2476	2010-03-3 11:43	2008-10-3	Show	GitHub Exploit DB Packet Storm

255117	9.3	危険	マイクロソフト	-	Microsoft Office PowerPoint におけるスタックベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2010-0034	2010-03-2 11:29	2010-02-9	Show	GitHub Exploit DB Packet Storm

255118	9.3	危険	マイクロソフト	-	Microsoft Office PowerPoint におけるスタックベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2010-0033	2010-03-2 11:28	2010-02-9	Show	GitHub Exploit DB Packet Storm

255119	9.3	危険	マイクロソフト	-	Microsoft Office PowerPoint における任意のコードを実行される脆弱性	CWE-94 CWE-Other	CVE-2010-0032	2010-03-2 11:28	2010-02-9	Show	GitHub Exploit DB Packet Storm

255120	9.3	危険	マイクロソフト	-	Microsoft Office PowerPoint における任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2010-0031	2010-03-2 11:27	2010-02-9	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 14, 2026, 4 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
253441	7.8	HIGH Local	icinga	icinga	Icinga Core through 1.14.0 initially executes bin/icinga as root but supports configuration options in which this file is owned by a non-root account (and similarly can have etc/icinga.cfg owned by a…	CWE-732 Incorrect Permission Assignment for Critical Resource	CVE-2017-16882	2024-11-21 12:17	2017-11-19	Show	GitHub Exploit DB Packet Storm

253442	6.1	MEDIUM Network	symphony_project	symphony	b3log Symphony (aka Sym) 2.2.0 does not properly address XSS in JSON objects, as demonstrated by a crafted userAvatarURL value to /settings/avatar, related to processor/AdminProcessor.java, processor…	CWE-79 Cross-site Scripting	CVE-2017-16881	2024-11-21 12:17	2017-11-18	Show	GitHub Exploit DB Packet Storm

253443	6.1	MEDIUM Network	whoops_project	whoops	The dump function in Util/TemplateHelper.php in filp whoops before 2.1.13 has XSS.	CWE-79 Cross-site Scripting	CVE-2017-16880	2024-11-21 12:17	2017-11-18	Show	GitHub Exploit DB Packet Storm

253444	10.0	CRITICAL Network	qemu debian canonical	qemu debian_linux ubuntu_linux	hw/input/ps2.c in Qemu does not validate 'rptr' and 'count' values during guest migration, leading to out-of-bounds access.	CWE-20 Improper Input Validation	CVE-2017-16845	2024-11-21 12:17	2017-11-18	Show	GitHub Exploit DB Packet Storm

253445	7.5	HIGH Network	zeit	next.js	ZEIT Next.js before 2.4.1 has directory traversal under the /_next and /static request namespace, allowing attackers to obtain sensitive information.	CWE-22 Path Traversal	CVE-2017-16877	2024-11-21 12:17	2017-11-18	Show	GitHub Exploit DB Packet Storm

253446	5.4	MEDIUM Network	icontime	rtc-1000_firmware	A stored cross-site scripting vulnerability in the Icon Time Systems RTC-1000 v2.5.7458 and earlier time clock allows remote attackers to inject arbitrary JavaScript in the nameFirst (aka First Name)…	CWE-79 Cross-site Scripting	CVE-2017-16819	2024-11-21 12:17	2017-11-18	Show	GitHub Exploit DB Packet Storm

253447	7.5	HIGH Network	teluu	pjsip	An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. The ioqueue component may issue a double key unregistration after an attacker initiates a socket connection wi…	NVD-CWE-noinfo	CVE-2017-16875	2024-11-21 12:17	2017-11-18	Show	GitHub Exploit DB Packet Storm

253448	9.8	CRITICAL Network	teluu debian	pjsip debian_linux	An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. Parsing the numeric header fields in a SIP message (like cseq, ttl, port, etc.) all had the potential to overf…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2017-16872	2024-11-21 12:17	2017-11-17	Show	GitHub Exploit DB Packet Storm

253449	8.1	HIGH Network	updraftplus	updraftplus	The UpdraftPlus plugin through 1.13.12 for WordPress allows remote PHP code execution because the plupload_action function in /wp-content/plugins/updraftplus/admin.php has a race condition before del…	CWE-94 Code Injection	CVE-2017-16871	2024-11-21 12:17	2017-11-17	Show	GitHub Exploit DB Packet Storm

253450	8.1	HIGH Network	updraftplus	updraftplus	The UpdraftPlus plugin through 1.13.12 for WordPress has SSRF in the updraft_ajax_handler function in /wp-content/plugins/updraftplus/admin.php via an httpget subaction. NOTE: the vendor reports that…	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2017-16870	2024-11-21 12:17	2017-11-17	Show	GitHub Exploit DB Packet Storm

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed