Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 6, 2026, noon

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
251291	9.3	危険	オラクル Erik de Castro Lopo Nullsoft	-	Winamp などで利用される libsndfile の voc_read_header におけるヒープベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2009-1788	2011-05-10 10:48	2009-05-26	Show	GitHub Exploit DB Packet Storm

251292	9.3	危険	オラクル Erik de Castro Lopo Nullsoft	-	Winamp などで利用される libsndfile における整数オーバーフローの脆弱性	CWE-189 数値処理の問題	CVE-2009-0186	2011-05-10 10:47	2009-03-5	Show	GitHub Exploit DB Packet Storm

251293	-	-	アップル	-	Apple Mac OS X における脆弱性に対するアップデート	-	-	2011-05-10 10:46	2011-04-15	Show	GitHub Exploit DB Packet Storm

251294	10	危険	BlackBerry アップル Google	-	WebKit における任意のコードを実行される脆弱性	CWE-189 数値処理の問題	CVE-2011-1290	2011-05-10 10:43	2011-03-11	Show	GitHub Exploit DB Packet Storm

251295	10	危険	MIT Kerberos レッドハット	-	MIT Kerberos 5 の process_chpw_request 関数における任意のコードを実行される脆弱性	CWE-20 CWE-Other	CVE-2011-0285	2011-05-10 10:40	2011-04-14	Show	GitHub Exploit DB Packet Storm

251296	9.3	危険	リアルネットワークス	-	RealNetworks RealPlayer の rvrender.dll におけるヒープベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2011-1525	2011-05-10 10:38	2011-04-6	Show	GitHub Exploit DB Packet Storm

251297	9.3	危険	リアルネットワークス	-	RealNetworks RealPlayer の OpenURLInDefaultBrowser メソッドにおける任意のコードを実行される脆弱性	CWE-DesignError	CVE-2011-1426	2011-05-10 10:38	2011-04-12	Show	GitHub Exploit DB Packet Storm

251298	9.3	危険	OpenOffice.org Project レッドハット	-	OpenOffice.org におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2010-3450	2011-05-10 10:09	2011-01-28	Show	GitHub Exploit DB Packet Storm

251299	9.3	危険	OpenOffice.org Project レッドハット	-	OpenOffice.org の Impress におけるヒープベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2010-4253	2011-05-10 10:08	2011-01-28	Show	GitHub Exploit DB Packet Storm

251300	9.3	危険	OpenOffice.org Project レッドハット	-	OpenOffice.org の WW8DopTypography::ReadFromMem 関数における任意のコードを実行される脆弱性	CWE-189 数値処理の問題	CVE-2010-3454	2011-05-10 10:07	2011-01-28	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 6, 2026, 4:08 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
2001	9.9	CRITICAL Network	openclaw	openclaw	OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate privileges via heartbeat context inheritance and senderIsOwner parameter manipulation. Attackers can e…	CWE-648 Incorrect Use of Privileged APIs	CVE-2026-41329	2026-04-28 00:09	2026-04-21	Show	GitHub Exploit DB Packet Storm

2002	7.2	HIGH Network	espocrm	espocrm	EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, the admin template management endpoints accept attacker-controlled `name` and `scope` values and pass t…	CWE-23 Relative Path Traversal	CVE-2026-33733	2026-04-28 00:08	2026-04-23	Show	GitHub Exploit DB Packet Storm

2003	4.4	MEDIUM Local	openclaw	openclaw	OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass sec…	CWE-453 Insecure Default Variable Initialization	CVE-2026-41330	2026-04-28 00:08	2026-04-21	Show	GitHub Exploit DB Packet Storm

2004	5.3	MEDIUM Network	openclaw	openclaw	OpenClaw before 2026.3.31 contains a resource consumption vulnerability in Telegram audio preflight transcription that allows unauthorized group senders to trigger transcription processing. Attackers…	CWE-408 Incorrect Behavior Order: Early Amplification	CVE-2026-41331	2026-04-28 00:08	2026-04-21	Show	GitHub Exploit DB Packet Storm

2005	4.8	MEDIUM Network	gfi	helpdesk	GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the template group creation and editing functionality that allows authenticated administrators to inject arbitrary J…	CWE-79 Cross-site Scripting	CVE-2026-23752	2026-04-28 00:07	2026-04-21	Show	GitHub Exploit DB Packet Storm

2006	8.6	HIGH Local	openclaw	openclaw	OpenClaw before 2026.3.28 loads the current working directory .env file before trusted state-dir configuration, allowing environment variable injection. Attackers can place a malicious .env file in a…	CWE-15 External Control of System or Configuration Setting	CVE-2026-41294	2026-04-28 00:07	2026-04-21	Show	GitHub Exploit DB Packet Storm

2007	4.8	MEDIUM Network	gfi	helpdesk	GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the language management functionality where the charset POST parameter is passed directly to SWIFT_Language::Create(…	CWE-79 Cross-site Scripting	CVE-2026-23753	2026-04-28 00:07	2026-04-21	Show	GitHub Exploit DB Packet Storm

2008	7.5	HIGH Network	gomarkdown	markdown	The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Processing a malformed input containing a < character that is not followed by a > charact…	CWE-125 Out-of-bounds Read	CVE-2026-40890	2026-04-28 00:07	2026-04-22	Show	GitHub Exploit DB Packet Storm

2009	7.8	HIGH Local	openclaw	openclaw	OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allowing untrusted workspace channel shadows to execute during built-in channel setup and login. Attackers can clone a works…	CWE-829 Inclusion of Functionality from Untrusted Control Sphere	CVE-2026-41295	2026-04-28 00:06	2026-04-21	Show	GitHub Exploit DB Packet Storm

2010	8.2	HIGH Network	openclaw	openclaw	OpenClaw before 2026.3.31 contains a time-of-check-time-of-use race condition in the remote filesystem bridge readFile function that allows sandbox escape. Attackers can exploit the separate path val…	CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition	CVE-2026-41296	2026-04-28 00:06	2026-04-21	Show	GitHub Exploit DB Packet Storm