Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":July 1, 2026, 6 p.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show
Exploit
PoC
Search
6681 9.4 緊急
Network
Deutsche Telekom AG Telekom Account Management Portal Deutsche Telekom AGのTelekom Account Management Portalにおけるパスワード管理機能に関する脆弱性 CWE-640
パスワードを忘れた場合の脆弱なパスワードリカバリの仕組み
CVE-2025-69614 2026-05-11 11:03 2026-03-10 Show GitHub Exploit DB Packet Storm
6682 9.1 緊急
Network
Deutsche Telekom AG Telekom Account Management Portal Deutsche Telekom AGのTelekom Account Management Portalにおける過度な認証試行の不適切な制限に関する脆弱性 CWE-307
過度な認証試行の不適切な制限
CVE-2025-69615 2026-05-11 11:03 2026-03-10 Show GitHub Exploit DB Packet Storm
6683 6.1 警告
Network
generatedata generatedata generatedataにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2025-70025 2026-05-11 11:02 2026-03-10 Show GitHub Exploit DB Packet Storm
6684 7.5 重要
Network
pdfmake project pdfmake pdfmakeにおけるサーバサイドのリクエストフォージェリの脆弱性 CWE-918
サーバサイドリクエストフォージェリ
CVE-2026-26801 2026-05-11 11:02 2026-03-10 Show GitHub Exploit DB Packet Storm
6685 7.8 重要
Local
Luis Novo (lfnovo) Open Notebook Luis Novo (lfnovo)のOpen Notebookにおける複数の脆弱性 CWE-20
CWE-352
CWE-917
CWE-noinfo
CVE-2026-28201 2026-05-11 11:02 2026-05-7 Show GitHub Exploit DB Packet Storm
6686 9.8 緊急
Network
Xiaomi MIUI File Explorer XiaomiのMIUI File Explorerにおける複数の脆弱性 CWE-303
CWE-862
CVE-2026-29515 2026-05-11 11:02 2026-03-11 Show GitHub Exploit DB Packet Storm
6687 6.1 警告
Network
WorkflowFirst Software LLC Staff.Wiki WorkflowFirst Software LLCのStaff.Wikiにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2026-29969 2026-05-11 11:02 2026-03-26 Show GitHub Exploit DB Packet Storm
6688 5.4 警告
Network
spomky-labs webauthn-lib
webauthn-symfony-bundle
webauthn framwork
spomky-labsのwebauthn-lib等の複数製品における同一生成元ポリシー違反に関する脆弱性 CWE-346
同一生成元ポリシー違反
CVE-2026-30964 2026-05-11 11:02 2026-03-10 Show GitHub Exploit DB Packet Storm
6689 6.5 警告
Network
appium Appium/support appiumのAppium/supportにおけるパストラバーサルの脆弱性 CWE-22
パス・トラバーサル
CVE-2026-30973 2026-05-11 11:02 2026-03-10 Show GitHub Exploit DB Packet Storm
6690 8.8 重要
Network
マイクロソフト Microsoft Windows Server 2025
Microsoft Windows Server 2022
Microsoft Windows 11 24h2
Microsoft Windows 11 25h2
Microsoft …
リモート デスクトップ クライアントのリモートでコードが実行される脆弱性 CWE-416
解放済みメモリの使用
CVE-2026-32157 2026-05-11 11:02 2026-04-14 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:July 1, 2026, 4:27 a.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
350151 - deslock deslock\+ The dlpcrypt.sys kernel driver 0.1.1.27 in DESlock+ 4.0.2 allows local users to gain privileges via a crafted IOCTL 0x80012010 request to the DLPCryptCore device. CWE-264
Permissions, Privileges, and Access Controls
CVE-2009-4832 2017-09-19 10:30 2010-04-30 Show GitHub Exploit DB Packet Storm
350152 - xpressengine zeroboard lib.php in Zeroboard 4.1 pl7 allows remote attackers to execute arbitrary PHP code via a crafted parameter name, possibly related to now_connect.php. CWE-94
Code Injection
CVE-2009-4834 2017-09-19 10:30 2010-05-5 Show GitHub Exploit DB Packet Storm
350153 - moviephp movie_php_script Eval injection vulnerability in system/services/init.php in Movie PHP Script 2.0 allows remote attackers to execute arbitrary PHP code via the anticode parameter. CWE-94
Code Injection
CVE-2009-4836 2017-09-19 10:30 2010-05-6 Show GitHub Exploit DB Packet Storm
350154 - roxio cineplayer Heap-based buffer overflow in the IAManager ActiveX control in IAManager.dll in Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary code via a long argument to the SetIAPlayerName metho… CWE-119
Incorrect Access of Indexable Resource ('Range Error') 
CVE-2009-4840 2017-09-19 10:30 2010-05-6 Show GitHub Exploit DB Packet Storm
350155 - roxio cineplayer Heap-based buffer overflow in the SonicMediaPlayer ActiveX control in SonicMediaPlayer.dll in Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary code via a long argument to the DiskTyp… CWE-119
Incorrect Access of Indexable Resource ('Range Error') 
CVE-2009-4841 2017-09-19 10:30 2010-05-6 Show GitHub Exploit DB Packet Storm
350156 - scripts.oldguy talkback addons/import.php in TalkBack 2.3.14 allows remote attackers to execute arbitrary commands via the result parameter. CWE-20
 Improper Input Validation 
CVE-2009-4854 2017-09-19 10:30 2010-05-8 Show GitHub Exploit DB Packet Storm
350157 - demarque typing_pal SQL injection vulnerability in demo.php in Typing Pal 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idTableProduit parameter. CWE-89
SQL Injection
CVE-2009-4860 2017-09-19 10:30 2010-05-11 Show GitHub Exploit DB Packet Storm
350158 - abushhab alwasel Multiple SQL injection vulnerabilities in Alwasel 1.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) show.php and (2) xml.php. CWE-89
SQL Injection
CVE-2009-4862 2017-09-19 10:30 2010-05-11 Show GitHub Exploit DB Packet Storm
350159 - ultraplayer ultraplayer_media_player Stack-based buffer overflow in UltraPlayer Media Player 2.112 allows remote attackers to execute arbitrary code via a long string in a .usk file. CWE-119
Incorrect Access of Indexable Resource ('Range Error') 
CVE-2009-4863 2017-09-19 10:30 2010-05-11 Show GitHub Exploit DB Packet Storm
350160 - tony_million tuniac Buffer overflow in Tuniac 090517c allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long URL in a .m3u playlist file. CWE-119
Incorrect Access of Indexable Resource ('Range Error') 
CVE-2009-4867 2017-09-19 10:30 2010-05-11 Show GitHub Exploit DB Packet Storm