Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 13, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
225041 6.8 警告 アップル
サイバートラスト株式会社
LibTIFF
レッドハット		 - LibTIFF の Thunder デコーダにおけるヒープベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2011-1167 2013-01-31 10:10 2011-03-28 Show GitHub Exploit DB Packet Storm
225042 5.1 警告 アップル - Apple iOS 6.1 未満の StoreKit におけるアクセス制限を回避される脆弱性 CWE-DesignError
CVE-2013-0974 2013-01-30 16:03 2013-01-29 Show GitHub Exploit DB Packet Storm
225043 6.8 警告 アップル - Apple iOS 6.1 未満で使用される WebKit における任意のコードを実行される脆弱性 CWE-119
バッファエラー 		CVE-2013-0968 2013-01-30 16:02 2013-01-29 Show GitHub Exploit DB Packet Storm
225044 3.6 注意 アップル - Apple iOS および Apple TV のカーネルにおけるポインタの制限を回避される脆弱性 CWE-20
不適切な入力確認 		CVE-2013-0964 2013-01-30 16:01 2013-01-29 Show GitHub Exploit DB Packet Storm
225045 7.2 危険 Beijer Electronics - Beijer ADP および H-Designer におけるバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2012-4696 2013-01-29 16:56 2013-01-24 Show GitHub Exploit DB Packet Storm
225046 5 警告 Moxiecode Systems AB
Moodle		 - Moodle で使用される TinyMCE 用 PHP Spellchecker における任意のアウトバウンド HTTP リクエストを誘発される脆弱性 CWE-noinfo
情報不足 		CVE-2012-6112 2013-01-29 16:55 2013-01-21 Show GitHub Exploit DB Packet Storm
225047 4 警告 Moodle - Moodle におけるコースレベルのカレンダーのサブスクリプションを削除される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2012-6106 2013-01-29 16:55 2013-01-21 Show GitHub Exploit DB Packet Storm
225048 5 警告 Moodle - Moodle の blog/rsslib.php における重要な情報を取得される脆弱性 CWE-200
情報漏えい 		CVE-2012-6105 2013-01-29 16:54 2013-01-21 Show GitHub Exploit DB Packet Storm
225049 5 警告 Moodle - Moodle の blog/rsslib.php における重要な情報を取得される脆弱性 CWE-200
情報漏えい 		CVE-2012-6104 2013-01-29 16:54 2013-01-21 Show GitHub Exploit DB Packet Storm
225050 6.8 警告 Moodle - Moodle の messaging システムにおけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2012-6103 2013-01-29 16:53 2013-01-21 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 13, 2026, 5:05 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
301 9.8 CRITICAL
Network 		- - JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, every MCP write tool (send_tokens, execute_contract, instantiate_contract, upload_wasm, ibc_transfer, etc.) accept… New CWE-200
CWE-312
CWE-522
CWE-532
Information Exposure
 Cleartext Storage of Sensitive Information
 Insufficiently Protected Credentials
 Inclusion of Sensitive Information in Log Files 		CVE-2026-43992 2026-05-13 02:16 2026-05-13 Show GitHub Exploit DB Packet Storm
302 8.4 HIGH
Local 		- - JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, substring-based blocklist in plugin-shell's command-safety check could be bypassed by adversarial argument constru… New CWE-78
CWE-184
OS Command 
 Incomplete Blacklist 		CVE-2026-43991 2026-05-13 02:16 2026-05-13 Show GitHub Exploit DB Packet Storm
303 8.4 HIGH
Local 		- - JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, plugin-shell's run_command wrapped every agent-supplied command in 'sh -c' / 'cmd /C' and passed the full argument… New CWE-77
CWE-78
Command Injection
OS Command  		CVE-2026-43990 2026-05-13 02:16 2026-05-13 Show GitHub Exploit DB Packet Storm
304 8.5 HIGH
Local 		- - JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the upload_wasm MCP tool accepted a filesystem path from the agent and uploaded whatever bytes the path resolved t… New CWE-20
CWE-22
CWE-59
CWE-73
 Improper Input Validation 
Path Traversal
Link Following
 External Control of File Name or Path 		CVE-2026-43989 2026-05-13 02:16 2026-05-13 Show GitHub Exploit DB Packet Storm
305 6.2 MEDIUM
Local 		- - jq is a command-line JSON processor. In 1.8.1 and earlier, unbounded recursion in jv_object_merge_recursive() allows a crafted jq program to crash the process with a segfault. The function is reachab… New CWE-674
 Uncontrolled Recursion 		CVE-2026-43896 2026-05-13 02:16 2026-05-12 Show GitHub Exploit DB Packet Storm
306 6.5 MEDIUM
Network 		- - Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/libraries/:id/download endpoint validates that the requesting user has access to the library specified in t… New CWE-863
 Incorrect Authorization 		CVE-2026-42883 2026-05-13 02:16 2026-05-12 Show GitHub Exploit DB Packet Storm
307 8.5 HIGH
Network 		- - Open edX Platform enables the authoring and delivery of online learning at any scale. The sync_provider_data endpoint in SAMLProviderDataViewSet allows authenticated Enterprise Admin users to supply … New CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-42858 2026-05-13 02:16 2026-05-12 Show GitHub Exploit DB Packet Storm
308 - - - Zulip is an open-source team collaboration tool. Prior to 12.0, With message_edit_history_visibility_policy set to "moves", /api/v1/messages/{id}/history still returns historical content values, allo… New CWE-284
Improper Access Control 		CVE-2026-40300 2026-05-13 02:16 2026-05-13 Show GitHub Exploit DB Packet Storm
309 5.3 MEDIUM
Network 		- - Missing Authorization vulnerability in WPMU DEV Hustle allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hustle: through 7.8.10.1. New CWE-862
 Missing Authorization 		CVE-2026-25431 2026-05-13 02:16 2026-05-13 Show GitHub Exploit DB Packet Storm
310 - - - Null pointer dereference for some Intel(R) QAT software drivers for Windows before version 2.6.0 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with a… New CWE-476
 NULL Pointer Dereference 		CVE-2026-20914 2026-05-13 02:16 2026-05-13 Show GitHub Exploit DB Packet Storm