Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 17, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
226691 6.5 警告 TestLink Development Team - TestLink における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2009-4238 2012-12-20 19:28 2009-12-10 Show GitHub Exploit DB Packet Storm
226692 3.5 注意 TestLink Development Team - TestLink におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2009-4237 2012-12-20 19:28 2009-12-10 Show GitHub Exploit DB Packet Storm
226693 4.3 警告 youjoomla - YJ Whois コンポーネントの modules/mod_yj_whois.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2009-4233 2012-12-20 19:28 2009-12-4 Show GitHub Exploit DB Packet Storm
226694 7.5 危険 ruven pillay - IIPImage Server の FastCGI プログラムにおけるスタックベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2009-4230 2012-12-20 19:28 2009-12-8 Show GitHub Exploit DB Packet Storm
226695 4.3 警告 Xfig project - Xfig の u_bound.c におけるサービス運用妨害 (DoS) の脆弱性 CWE-399
リソース管理の問題 		CVE-2009-4228 2012-12-20 19:28 2009-12-8 Show GitHub Exploit DB Packet Storm
226696 6.8 警告 Xfig project - Xfig の f_readold.c におけるスタックベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2009-4227 2012-12-20 19:28 2009-12-8 Show GitHub Exploit DB Packet Storm
226697 7.1 危険 サン・マイクロシステムズ - Sun OpenSolaris のカーネルにおけるサービス運用妨害 (DoS) の脆弱性 CWE-362
競合状態 		CVE-2009-4226 2012-12-20 19:28 2009-12-3 Show GitHub Exploit DB Packet Storm
226698 7.5 危険 smartisoft - phpBazar における管理コントロールパネルへのアクセス権を取得される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2009-4222 2012-12-20 19:28 2009-12-7 Show GitHub Exploit DB Packet Storm
226699 7.5 危険 smartisoft - phpBazar の classified.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2009-4221 2012-12-20 19:28 2009-12-7 Show GitHub Exploit DB Packet Storm
226700 7.5 危険 raphael mazoyer - PointComma の includes/classes/pctemplate.php における PHP リモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2009-4220 2012-12-20 19:28 2009-12-7 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 18, 2026, 4:12 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
2621 5.5 MEDIUM
Local 		linux linux_kernel In the Linux kernel, the following vulnerability has been resolved: APEI/GHES: ensure that won't go past CPER allocated record The logic at ghes_new() prevents allocating too large records, by chec… NVD-CWE-noinfo
CVE-2026-43277 2026-05-9 04:34 2026-05-6 Show GitHub Exploit DB Packet Storm
2622 7.8 HIGH
Local 		linux linux_kernel In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix double destroy_workqueue on service rescan PCI path While testing corner cases in the driver, a use-after-free cra… CWE-415
 Double Free 		CVE-2026-43276 2026-05-9 04:32 2026-05-6 Show GitHub Exploit DB Packet Storm
2623 9.8 CRITICAL
Network 		vm2_project vm2 vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and… CWE-94
CWE-693
Code Injection
 Protection Mechanism Failure 		CVE-2026-24118 2026-05-9 04:30 2026-05-5 Show GitHub Exploit DB Packet Storm
2624 4.7 MEDIUM
Local 		linux linux_kernel In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Flush exception handling work when RPM level is zero Ensure that the exception event handling work is explicitly… CWE-362
Race Condition 		CVE-2026-43275 2026-05-9 04:30 2026-05-6 Show GitHub Exploit DB Packet Storm
2625 9.8 CRITICAL
Network 		vm2_project vm2 vm2 is an open source vm/sandbox for Node.js. Prior to version 3.10.5, the fix for CVE-2023-37466 is insufficient and can be circumvented allowing attackers to write code which can escape from the VM… CWE-94
CWE-693
Code Injection
 Protection Mechanism Failure 		CVE-2026-24120 2026-05-9 04:29 2026-05-5 Show GitHub Exploit DB Packet Storm
2626 9.8 CRITICAL
Network 		vm2_project vm2 vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.0, VM2 suffers from a sandbox breakout vulnerability through the inspect function. This allows attackers to write code which can es… CWE-94
CWE-693
Code Injection
 Protection Mechanism Failure 		CVE-2026-24781 2026-05-9 04:29 2026-05-5 Show GitHub Exploit DB Packet Storm
2627 9.8 CRITICAL
Network 		kestra kestra Kestra v1.3.3 and before is vulnerable to SQL Injection. The vulnerability occurs because user-controlled input from a GET parameter is directly concatenated into an SQL query without proper sanitiza… CWE-89
SQL Injection 		CVE-2026-38428 2026-05-9 04:24 2026-05-6 Show GitHub Exploit DB Packet Storm
2628 8.8 HIGH
Network 		fit2cloud sqlbot SQLBot is an intelligent Text-to-SQL system based on large language models and RAG. In versions 1.7.0 and earlier, the Text2SQL chat interface is vulnerable to prompt injection. The user-provided que… CWE-89
SQL Injection 		CVE-2026-33324 2026-05-9 04:22 2026-05-6 Show GitHub Exploit DB Packet Storm
2629 5.3 MEDIUM
Network 		dani-garcia vaultwarden Vaultwarden is a Bitwarden-compatible server written in Rust. In version 1.35.4 and earlier, the get_org_collections_details endpoint (GET /api/organizations/{org_id}/collections/details) is missing … CWE-862
 Missing Authorization 		CVE-2026-33420 2026-05-9 04:19 2026-05-6 Show GitHub Exploit DB Packet Storm
2630 5.3 MEDIUM
Network 		sandboxie-plus sandboxie Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, SbieIniServer::HashPassword converts a SHA-1 digest to hexadecimal incorrectly. The high… CWE-328
 Use of Weak Hash 		CVE-2026-34527 2026-05-9 04:17 2026-05-6 Show GitHub Exploit DB Packet Storm