Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 16, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
257631	6.9	警告	マイクロソフト	-	Microsoft Windows Movie Maker における権限昇格の脆弱性	CWE-Other その他	CVE-2010-3967	2011-01-14 15:36	2010-12-14	Show	GitHub Exploit DB Packet Storm

257632	7.2	危険	マイクロソフト	-	Microsoft Windows の Windows Task Scheduler における権限昇格の脆弱性	CWE-20 不適切な入力確認	CVE-2010-3338	2011-01-14 15:31	2010-12-14	Show	GitHub Exploit DB Packet Storm

257633	6.9	警告	マイクロソフト	-	Microsoft Windows の OpenType Font ドライバにおける権限昇格の脆弱性	CWE-94 コード・インジェクション	CVE-2010-3959	2011-01-14 15:27	2010-12-14	Show	GitHub Exploit DB Packet Storm

257634	5	警告	アップルサイバートラスト株式会社 OpenLDAP Foundation ターボリナックス VMware レッドハット	-	OpenLDAP の IA5StringNormalize 関数におけるサービス運用妨害 (DoS) の脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2010-0212	2011-01-14 14:45	2010-06-30	Show	GitHub Exploit DB Packet Storm

257635	5	警告	アップルサイバートラスト株式会社 OpenLDAP Foundation ターボリナックス VMware レッドハット	-	OpenLDAP の slap_modrdn2mods 関数における任意のコードを実行される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2010-0211	2011-01-14 14:45	2010-06-30	Show	GitHub Exploit DB Packet Storm

257636	6.2	警告	サイバートラスト株式会社 VMware Todd C. Miller レッドハット	-	sudo における権限昇格の脆弱性	CWE-DesignError	CVE-2010-2956	2011-01-14 14:44	2010-09-7	Show	GitHub Exploit DB Packet Storm

257637	-	-	GNU Project VMware サイバートラスト株式会社レッドハット	-	glibc に権限昇格の脆弱性	-	CVE-2010-3847	2011-01-14 14:42	2010-10-26	Show	GitHub Exploit DB Packet Storm

257638	7.8	危険	マイクロソフトアドビシステムズ日本電気	-	Microsoft Visual Studio の ATL における終端文字列の処理に関する重要な情報を取得される脆弱性	CWE-200 情報漏えい	CVE-2009-2495	2011-01-14 14:33	2009-07-28	Show	GitHub Exploit DB Packet Storm

257639	9.3	危険	サン・マイクロシステムズアドビシステムズ日本電気マイクロソフト OpenOffice.org Project	-	Microsoft Visual Studio の ATL におけるオブジェクトのインスタンス化処理に関する任意のコードを実行される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2009-2493	2011-01-14 14:32	2009-07-28	Show	GitHub Exploit DB Packet Storm

257640	9.3	危険	マイクロソフトアドビシステムズ日本電気	-	Microsoft Visual Studio の ATL における未初期化オブジェクト処理に関する任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2009-0901	2011-01-14 14:31	2009-07-28	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 16, 2026, 4:13 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
246071	9.8	CRITICAL Network	elastic	kibana	Kibana versions 4.0 to 4.6, 5.0 to 5.6.12, and 6.0 to 6.4.2 contain an error in the way authorization credentials are used when generating PDF reports. If a report requests external resources plainte…	CWE-522 Insufficiently Protected Credentials	CVE-2018-17245	2024-11-21 12:54	2018-12-21	Show	GitHub Exploit DB Packet Storm

246072	6.5	MEDIUM Network	elastic	elasticsearch	Elasticsearch Security versions 6.4.0 to 6.4.2 contain an error in the way request headers are applied to requests when using the Active Directory, LDAP, Native, or File realms. A request may receive…	CWE-200 Information Exposure	CVE-2018-17244	2024-11-21 12:54	2018-12-21	Show	GitHub Exploit DB Packet Storm

246073	6.1	MEDIUM Network	apache	nifi	The message-page.jsp error page used the value of the HTTP request header X-ProxyContextPath without sanitization, resulting in a reflected XSS attack. Mitigation: The fix to correctly parse and sani…	CWE-79 Cross-site Scripting	CVE-2018-17193	2024-11-21 12:54	2018-12-19	Show	GitHub Exploit DB Packet Storm

246074	6.5	MEDIUM Network	apache	nifi	The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. Some browsers would interpret these results incorrectly, allowing c…	CWE-1021 Improper Restriction of Rendered UI Layers or Frames	CVE-2018-17192	2024-11-21 12:54	2018-12-19	Show	GitHub Exploit DB Packet Storm

246075	7.5	HIGH Network	apache	nifi	The template upload API endpoint accepted requests from different domain when sent in conjunction with ARP spoofing + man in the middle (MiTM) attack, resulting in a CSRF attack. The required attack …	CWE-319 CWE-863 Cleartext Transmission of Sensitive Information Incorrect Authorization	CVE-2018-17195	2024-11-21 12:54	2018-12-19	Show	GitHub Exploit DB Packet Storm

246076	7.5	HIGH Network	apache	nifi	When a client request to a cluster node was replicated to other nodes in the cluster for verification, the Content-Length was forwarded. On a DELETE request, the body was ignored, but if the initial …	CWE-20 Improper Input Validation	CVE-2018-17194	2024-11-21 12:54	2018-12-19	Show	GitHub Exploit DB Packet Storm

246077	9.8	CRITICAL Network	dlink	dva-5592_firmware	An issue was discovered on D-Link DVA-5592 A1_WI_20180823 devices. If the PIN of the page "/ui/cbpc/login" is the default Parental Control PIN (0000), it is possible to bypass the login form by editi…	CWE-287 Improper Authentication	CVE-2018-17777	2024-11-21 12:54	2018-12-19	Show	GitHub Exploit DB Packet Storm

246078	8.8	HIGH Network	google redhat debian	chrome linux_desktop linux_workstation linux_server debian_linux	Incorrect object lifecycle handling in PDFium in Google Chrome prior to 71.0.3578.98 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.	CWE-787 CWE-416 Out-of-bounds Write Use After Free	CVE-2018-17481	2024-11-21 12:54	2018-12-12	Show	GitHub Exploit DB Packet Storm

246079	4.8	MEDIUM Network	umbraco	umbraco_cms	Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content (Blog, Content Page, etc.). The vu…	CWE-79 Cross-site Scripting	CVE-2018-17256	2024-11-21 12:54	2018-11-28	Show	GitHub Exploit DB Packet Storm

246080	9.8	CRITICAL Network	apache	spark	In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts. The master itself does not, by design, execute…	NVD-CWE-noinfo	CVE-2018-17190	2024-11-21 12:54	2018-11-19	Show	GitHub Exploit DB Packet Storm