Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
471	5.4	警告 Network	joinmastodon	Mastodon	joinmastodonのMastodonにおける複数の脆弱性	CWE-639 CWE-863	CVE-2026-23964	2026-02-4 18:36	2026-01-22	Show	GitHub Exploit DB Packet Storm

472	5.3	警告 Network	Linux Foundation	rekor	Linux Foundationのrekorにおけるサーバサイドのリクエストフォージェリの脆弱性	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-24117	2026-02-4 18:35	2026-01-22	Show	GitHub Exploit DB Packet Storm

473	6.1	警告 Network	typemill	typemill	typemillにおける複数の脆弱性	CWE-116 CWE-79 CWE-79	CVE-2026-24127	2026-02-4 18:35	2026-01-23	Show	GitHub Exploit DB Packet Storm

474	6.5	警告 Network	Shenzhen Tenda Technology Co.,Ltd.	w30e ファームウェア	Shenzhen Tenda Technology Co.,Ltd.のw30e ファームウェアにおける過度に許容されるクロスドメインホワイトリストに関する脆弱性	CWE-942 過度に許容されるクロスドメインホワイトリスト	CVE-2026-24435	2026-02-4 18:35	2026-01-26	Show	GitHub Exploit DB Packet Storm

475	6.3	警告 Local	Sensio Labs	Symfony	Sensio LabsのSymfonyにおける引数の挿入または変更に関する脆弱性	CWE-88 引数の挿入または変更	CVE-2026-24739	2026-02-4 18:35	2026-01-28	Show	GitHub Exploit DB Packet Storm

476	8.2	重要 Network	isaacs	node-tar	isaacsのnode-tarにおける複数の脆弱性	CWE-22 CWE-59	CVE-2026-24842	2026-02-4 18:35	2026-01-28	Show	GitHub Exploit DB Packet Storm

477	6.5	警告 Network	シックス・アパート株式会社	Movable Type Premium Movable Type Movable Type Advanced Movable Type Premium (Advanced Edition)	Movable Typeにおける複数の脆弱性	CWE-79 CWE-Other	CVE-2026-21393 CVE-2026-22875 CVE-2026-23704 CVE-2026-24447	2026-02-4 12:10	2026-02-4	Show	GitHub Exploit DB Packet Storm

478	6.8	警告 Adjacent	エレコム株式会社	WRC-2533GST2 ファームウェア WRC-G01-W WMC-2LX2-B WRC-2533GS2V-B WMC-X1800GST-B WRC-1167GS2-B WRC-1167GST2 ファームウェア WSC-X1800GS2-B WRC-X3200GST3-B WRC-1167GS2H-B WMC-X1…	エレコム製無線 LAN ルーターにおける OS コマンドインジェクションの脆弱性	CWE-78 OSコマンド・インジェクション	CVE-2024-25579	2026-02-4 11:55	2024-02-20	Show	GitHub Exploit DB Packet Storm

479	7.5	重要 Network	三菱電機	CC-Link IE TSNリモートI/Oユニット MELSEC iQ-Rシリーズ CC-Link IE TSN マスタ・ローカルユニット CC-Link IE TSN FPGAユニット CC-Link IE TSN マスタ局・ローカル局用通信LSI…	三菱電機製 FA 製品の Ethernet 機能におけるサービス運用妨害（DoS）の脆弱性	CWE-1284 入力で指定された数量の不適切な検証	CVE-2025-3511	2026-02-4 11:55	2025-05-14	Show	GitHub Exploit DB Packet Storm

480	-	-	OpenSSL Project	OpenSSL	OpenSSLにおける複数の脆弱性（OpenSSL Security Advisory [27th January 2026]）	-	CVE-2025-11187 CVE-2025-15467 CVE-2025-15468 CVE-2025-15469 CVE-2025-66199 CVE-2025-68160 CVE-2025-69418 CVE-2025-69419 CVE-2025-69420 CVE-2025-69421 CVE-2026-22795 C…	2026-02-4 11:14	2026-02-3	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:April 25, 2026, 4:08 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
531	7.5	HIGH Network	netfoundry	zrok	zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, endpoints.GetSessionCookie parses an attacker-supplied cookie chunk count and calls make([]string, cou… Update	CWE-400 CWE-789 Uncontrolled Resource Consumption Memory Allocation with Excessive Size Value	CVE-2026-40303	2026-04-24 03:33	2026-04-18	Show	GitHub Exploit DB Packet Storm

532	6.1	MEDIUM Network	netfoundry	zrok	zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the proxyUi template engine uses Go's text/template (which performs no HTML escaping) instead of html/… Update	CWE-79 CWE-116 Cross-site Scripting Improper Encoding or Escaping of Output	CVE-2026-40302	2026-04-24 03:32	2026-04-18	Show	GitHub Exploit DB Packet Storm

533	7.5	HIGH Network	freedom	securedrop-client	SecureDrop Client is a desktop app for journalists to securely communicate with sources and handle submissions on the SecureDrop Workstation. In versions 0.17.4 and below, a compromised SecureDrop Se… Update	CWE-36 CWE-73 Absolute Path Traversal External Control of File Name or Path	CVE-2026-35465	2026-04-24 03:31	2026-04-18	Show	GitHub Exploit DB Packet Storm

534	9.9	CRITICAL Network	linuxfoundation	spinnaker	Spinnaker is an open source, multi-cloud continuous delivery platform. Echo like some other services, uses SPeL (Spring Expression Language) to process information - specifically around expected arti… New	CWE-94 Code Injection	CVE-2026-32613	2026-04-24 03:30	2026-04-21	Show	GitHub Exploit DB Packet Storm

535	9.9	CRITICAL Network	linuxfoundation	spinnaker	Spinnaker is an open source, multi-cloud continuous delivery platform. In versions prior to 2026.1.0, 2026.0.1, 2025.4.2, and 2025.3.2, a bad actor can execute arbitrary commands very simply on the c… New	CWE-20 Improper Input Validation	CVE-2026-32604	2026-04-24 03:30	2026-04-21	Show	GitHub Exploit DB Packet Storm

536	8.8	HIGH Network	lawnchair	lawnchair	Lawnchair is a free, open-source home app for Android. Prior to commit fcba413f55dd47f8a3921445252849126c6266b2, command injection in release_update.yml workflow dispatch input allows arbitrary code … New	CWE-77 Command Injection	CVE-2026-39866	2026-04-24 03:26	2026-04-21	Show	GitHub Exploit DB Packet Storm

537	6.5	MEDIUM Network	oracle	peoplesoft_enterprise_scm_purchasing	Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft (component: Purchasing). The supported version that is affected is 9.2. Easily exploitable vulnerability allow… New	CWE-284 Improper Access Control	CVE-2026-34295	2026-04-24 03:25	2026-04-22	Show	GitHub Exploit DB Packet Storm

538	4.3	MEDIUM Network	oracle	agile_product_lifecycle_management_for_process	Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Product Quality Management). The supported version that is affected is 6.2.4. E… New	CWE-200 Information Exposure	CVE-2026-34296	2026-04-24 03:22	2026-04-22	Show	GitHub Exploit DB Packet Storm

539	8.8	HIGH Network	m1k1o	neko	Neko is a a self-hosted virtual browser that runs in Docker and uses WebRTC In versions 3.0.0 through 3.0.10 and 3.1.0 through 3.1.1, any authenticated user can immediately obtain full administrative… New	CWE-20 CWE-269 CWE-284 CWE-639 CWE-862 Improper Input Validation Improper Privilege Management Improper Access Control Authorization Bypass Through User-Controlled Key Missing Authorization	CVE-2026-39386	2026-04-24 03:21	2026-04-21	Show	GitHub Exploit DB Packet Storm

540	3.5	LOW Network	-	-	The reCaptcha by WebDesignBy WordPress plugin before 2.0 does not sanitize or escape the Site Key setting before outputting it in a JavaScript string context via the grecaptcha_js() function. This al… New	CWE-79 Cross-site Scripting	CVE-2026-4512	2026-04-24 03:16	2026-04-23	Show	GitHub Exploit DB Packet Storm