Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":April 30, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
251261 6.8 警告 The PHP Group
アップル
サイバートラスト株式会社
レッドハット		 - PHP の utf8_decode 関数におけるクロスサイトスクリプティングおよび SQL インジェクションに対する保護メカニズムを回避される脆弱性 CWE-20
不適切な入力確認 		CVE-2010-3870 2011-04-4 14:29 2009-09-27 Show GitHub Exploit DB Packet Storm
251262 9.3 危険 アップル - Apple QuickTime における整数オーバーフローの脆弱性 CWE-189
数値処理の問題 		CVE-2010-4009 2011-04-4 14:28 2010-12-9 Show GitHub Exploit DB Packet Storm
251263 6.8 警告 アップル
FreeType Project
オラクル		 - FreeType の ttinterp.c 内にある Ins_SHZ 関数におけるヒープベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2010-3814 2011-04-4 14:27 2010-11-26 Show GitHub Exploit DB Packet Storm
251264 9.3 危険 アップル - Apple QuickTime における整数符号エラーの脆弱性 CWE-189
数値処理の問題 		CVE-2010-3802 2011-04-4 14:23 2010-12-9 Show GitHub Exploit DB Packet Storm
251265 9.3 危険 アップル - Apple QuickTime における任意のコードを実行される脆弱性 CWE-119
バッファエラー 		CVE-2010-3801 2011-04-4 14:22 2010-12-9 Show GitHub Exploit DB Packet Storm
251266 4.3 警告 The PHP Group
アップル
レッドハット		 - PHP の filter_var 関数におけるサービス運用妨害 (DoS) の脆弱性 CWE-399
リソース管理の問題 		CVE-2010-3710 2011-04-4 14:20 2010-10-25 Show GitHub Exploit DB Packet Storm
251267 4.3 警告 The PHP Group
アップル
レッドハット		 - PHP の ZipArchive::getArchiveComment 関数におけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認 		CVE-2010-3709 2011-04-4 14:18 2010-11-9 Show GitHub Exploit DB Packet Storm
251268 7.6 危険 アップル - 複数の Apple 製品の WebKit における任意のコードを実行される脆弱性 CWE-119
バッファエラー 		CVE-2011-0150 2011-04-1 15:32 2011-03-3 Show GitHub Exploit DB Packet Storm
251269 7.6 危険 アップル - 複数の Apple 製品の WebKit における任意のコードを実行される脆弱性 CWE-119
バッファエラー 		CVE-2011-0149 2011-04-1 15:31 2011-03-3 Show GitHub Exploit DB Packet Storm
251270 7.6 危険 アップル - 複数の Apple 製品の WebKit における任意のコードを実行される脆弱性 CWE-119
バッファエラー 		CVE-2011-0148 2011-04-1 15:24 2011-03-3 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 30, 2026, 4:58 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1071 8.5 HIGH
Network 		socialengine socialengine SocialEngine versions 7.8.0 and prior contain a blind server-side request forgery vulnerability in the /core/link/preview endpoint where user-supplied input passed via the uri request parameter is no… CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-41461 2026-04-27 23:53 2026-04-24 Show GitHub Exploit DB Packet Storm
1072 8.8 HIGH
Network 		goshs goshs goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs leaks file-based ACL credentials through its public collaborator feed when the server is deployed without global ba… CWE-200
NVD-CWE-noinfo
Information Exposure 		CVE-2026-40885 2026-04-27 23:51 2026-04-22 Show GitHub Exploit DB Packet Storm
1073 8.7 HIGH
Local 		linaro op-tee OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, mi… CWE-125
CWE-787
Out-of-bounds Read
 Out-of-bounds Write 		CVE-2026-33317 2026-04-27 23:50 2026-04-24 Show GitHub Exploit DB Packet Storm
1074 6.5 MEDIUM
Network 		apache activemq
activemq_web 		Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. An authenticated attacker can show malicious content when browsin… CWE-79
CWE-915
Cross-site Scripting
 Improperly Controlled Modification of Dynamically-Determined Object Attributes 		CVE-2026-41043 2026-04-27 23:49 2026-04-24 Show GitHub Exploit DB Packet Storm
1075 8.8 HIGH
Network 		apache activemq
activemq_broker 		Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use … CWE-20
CWE-94
 Improper Input Validation 
Code Injection 		CVE-2026-41044 2026-04-27 23:49 2026-04-24 Show GitHub Exploit DB Packet Storm
1076 9.8 CRITICAL
Network 		ericsson codechecker CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the URL ends with Authentication with certain… CWE-290
CWE-863
 Authentication Bypass by Spoofing
 Incorrect Authorization 		CVE-2026-25660 2026-04-27 23:48 2026-04-24 Show GitHub Exploit DB Packet Storm
1077 8.8 HIGH
Network 		mathjs mathjs Math.js is an extensive math library for JavaScript and Node.js. From 13.1.1 to before 15.2.0, a vulnerability allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be a… CWE-915
 Improperly Controlled Modification of Dynamically-Determined Object Attributes 		CVE-2026-40897 2026-04-27 23:47 2026-04-25 Show GitHub Exploit DB Packet Storm
1078 4.3 MEDIUM
Network 		xibosignage xibo Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to version 4.4.1, any authenticated user can manually construct a URL t… CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2026-31956 2026-04-27 23:44 2026-04-24 Show GitHub Exploit DB Packet Storm
1079 4.9 MEDIUM
Network 		xibosignage xibo Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery (SSRF) vulnerability in versions… CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-31955 2026-04-27 23:43 2026-04-24 Show GitHub Exploit DB Packet Storm
1080 5.4 MEDIUM
Network 		xibosignage xibo Xibo is an open source digital signage platform with a web content management system and Windows display player software. A stored Cross-Site Scripting (XSS) vulnerability in versions prior to 4.4.1 … CWE-79
Cross-site Scripting 		CVE-2026-31953 2026-04-27 23:43 2026-04-24 Show GitHub Exploit DB Packet Storm