Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 11, 2026, 12:16 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
255171	10	危険	アップル VMware サン・マイクロシステムズ	-	Sun Java SE の Provider クラスにおける詳細不明な脆弱性	CWE-noinfo 情報不足	CVE-2009-2723	2010-01-4 14:55	2009-08-10	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 11, 2026, 4:09 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
4251	5.4	MEDIUM Network	dnnsoftware	dotnetnuke	Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN) before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted …	CWE-79 Cross-site Scripting	CVE-2016-7119	2026-04-25 02:34	2016-08-31	Show	GitHub Exploit DB Packet Storm

4252	5.4	MEDIUM Network	dnnsoftware	dotnetnuke	Vulnerabilidad de XSS en la sección de biografía del perfil del usuario en DotNetNuke (DNN) en versiones anteriores a 8.0.1 permite a usuarios remotos autenticados inyectar secuencias de comandos web…	CWE-79 Cross-site Scripting	CVE-2016-7119	2026-04-25 02:34	2016-08-31	Show	GitHub Exploit DB Packet Storm

4253	9.8	CRITICAL Network	dnnsoftware	dotnetnuke	The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.	CWE-264 Permissions, Privileges, and Access Controls	CVE-2015-2794	2026-04-25 02:34	2017-02-7	Show	GitHub Exploit DB Packet Storm

4254	9.8	CRITICAL Network	dnnsoftware	dotnetnuke	El asistente de instalación en DotNetNuke (DNN) en versiones anteriores a 7.4.1 permite a atacantes remotos reinstalar la aplicación y obtener acceso SuperUser a través de una solicitud directa a Ins…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2015-2794	2026-04-25 02:34	2017-02-7	Show	GitHub Exploit DB Packet Storm

4255	6.1	MEDIUM Local	microsoft	windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2016 windows_server_2019 w…	Buffer over-read in Windows Kernel Memory allows an authorized attacker to disclose information locally.	CWE-126 Buffer Over-read	CVE-2026-26169	2026-04-25 02:33	2026-04-15	Show	GitHub Exploit DB Packet Storm

4256	7.8	HIGH Local	microsoft	windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2016 windows_server_2019 w…	Improper input validation in Microsoft PowerShell allows an authorized attacker to elevate privileges locally.	CWE-20 Improper Input Validation	CVE-2026-26170	2026-04-25 02:22	2026-04-15	Show	GitHub Exploit DB Packet Storm

4257	7.8	HIGH Local	microsoft	windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2022 windows_server_2022_23h2 windows_server_2025	Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally.	CWE-362 CWE-416 Race Condition Use After Free	CVE-2026-26172	2026-04-25 02:21	2026-04-15	Show	GitHub Exploit DB Packet Storm

4258	7.0	HIGH Local	microsoft	windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2012 windows_server_2016 w…	Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locall…	CWE-362 CWE-416 CWE-476 Race Condition Use After Free NULL Pointer Dereference	CVE-2026-26173	2026-04-25 02:20	2026-04-15	Show	GitHub Exploit DB Packet Storm

4259	6.1	MEDIUM Network	-	-	PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape `</style>` sequences when s…	CWE-79 Cross-site Scripting	CVE-2026-41305	2026-04-25 02:16	2026-04-24	Show	GitHub Exploit DB Packet Storm

4260	8.0	HIGH Network	-	-	Totara LMS v19.1.5 and before is vulnerable to HTML Injection. An attacker can inject malicious HTML code in a message and send it to all the users in the application, resulting in executing the code…	CWE-79 Cross-site Scripting	CVE-2026-31281	2026-04-25 02:16	2026-04-14	Show	GitHub Exploit DB Packet Storm