Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 12, 2026, 2:01 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
2661 6.1 警告
Network 		XWiki xwiki XWikiのxwikiにおけるクロスサイトスクリプティングの脆弱性 CWE-80
クロスサイトスクリプティング (Basic XSS) 		CVE-2026-40105 2026-04-24 11:41 2026-04-15 Show GitHub Exploit DB Packet Storm
2662 6.1 警告
Network 		Prometheus Prometheus Prometheusにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-40179 2026-04-24 11:41 2026-04-15 Show GitHub Exploit DB Packet Storm
2663 7.5 重要
Network 		Python Software Foundation Python Pillow Python Software FoundationのPython Pillowにおける複数の脆弱性 CWE-400
CWE-770
CVE-2026-40192 2026-04-24 11:41 2026-04-15 Show GitHub Exploit DB Packet Storm
2664 8.2 重要
Network 		maddy project maddy maddy projectのmaddyにおけるLDAP インジェクションの脆弱性 CWE-90
LDAP インジェクション 		CVE-2026-40193 2026-04-24 11:41 2026-04-16 Show GitHub Exploit DB Packet Storm
2665 7.1 重要
Local 		OpenEXR OpenEXR OpenEXRにおける整数オーバーフローの脆弱性 CWE-190
整数オーバーフローまたはラップアラウンド 		CVE-2026-40244 2026-04-24 11:41 2026-04-21 Show GitHub Exploit DB Packet Storm
2666 7.1 重要
Local 		OpenEXR OpenEXR OpenEXRにおける整数オーバーフローの脆弱性 CWE-190
整数オーバーフローまたはラップアラウンド 		CVE-2026-40250 2026-04-24 11:41 2026-04-21 Show GitHub Exploit DB Packet Storm
2667 6.1 警告
Local 		openCryptoki Project openCryptoki openCryptoki ProjectのopenCryptokiにおける境界外読み取りに関する脆弱性 CWE-125
境界外読み取り 		CVE-2026-40253 2026-04-24 11:41 2026-04-16 Show GitHub Exploit DB Packet Storm
2668 5.3 警告
Network 		pypdf project pypdf pypdf projectのpypdfにおけるDTD の再帰的なエンティティ参照の不適切な制限に関する脆弱性 CWE-776
DTD の再帰的なエンティティ参照の不適切な制限 		CVE-2026-40260 2026-04-24 11:41 2026-04-17 Show GitHub Exploit DB Packet Storm
2669 8.8 重要
Network 		Chamilo Association Chamilo LMS Chamilo AssociationのChamilo LMSにおける複数の脆弱性 CWE-269
CWE-863
CVE-2026-40291 2026-04-24 11:41 2026-04-14 Show GitHub Exploit DB Packet Storm
2670 9 緊急
Network 		Gitroom Postiz GitroomのPostizにおける複数の脆弱性 CWE-345
CWE-434
CWE-79
CVE-2026-40487 2026-04-24 11:41 2026-04-18 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 12, 2026, 5:06 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
348141 - ipswitch imail Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. NVD-CWE-Other
CVE-2001-1287 2008-09-11 04:10 2001-10-12 Show GitHub Exploit DB Packet Storm
348142 - id_software quake_3_arena Quake 3 arena 1.29f and 1.29g allows remote attackers to cause a denial of service (crash) via a malformed connection packet that begins with several char-255 characters. NVD-CWE-Other
CVE-2001-1289 2008-09-11 04:10 2001-07-29 Show GitHub Exploit DB Packet Storm
348143 - 3com 3cr29223 Buffer overflow in web server of 3com HomeConnect Cable Modem External with USB (#3CR29223) allows remote attackers to cause a denial of service (crash) via a long HTTP request. NVD-CWE-Other
CVE-2001-1293 2008-09-11 04:10 2001-09-26 Show GitHub Exploit DB Packet Storm
348144 - avtronics inetserv Buffer overflow in A-V Tronics Inetserv 3.2.1 and earlier allows remote attackers to cause a denial of service (crash) in the Webmail interface via a long username and password. NVD-CWE-Other
CVE-2001-1294 2008-09-11 04:10 2001-08-22 Show GitHub Exploit DB Packet Storm
348145 - marc_logemann more.groupware More.groupware PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. NVD-CWE-Other
CVE-2001-1296 2008-09-11 04:10 2001-10-2 Show GitHub Exploit DB Packet Storm
348146 - actionpoll actionpoll PHP remote file inclusion vulnerability in Actionpoll PHP script before 1.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter. NVD-CWE-Other
CVE-2001-1297 2008-09-11 04:10 2001-10-2 Show GitHub Exploit DB Packet Storm
348147 - grant_horwood webodex Webodex PHP script 1.0 and earlier allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. NVD-CWE-Other
CVE-2001-1298 2008-09-11 04:10 2001-10-2 Show GitHub Exploit DB Packet Storm
348148 - xinetd xinetd xinetd 2.1.8 and earlier runs with a default umask of 0, which could allow local users to read or modify files that are created by an application that runs under xinetd but does not set its own safe … NVD-CWE-Other
CVE-2001-1322 2008-09-11 04:10 2001-07-10 Show GitHub Exploit DB Packet Storm
348149 - paul_jarc idtools cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not properly check the return value of a call to the pathexec_env function, which could cause the setstate utility to setuid to the UID… NVD-CWE-Other
CVE-2001-1324 2008-09-11 04:10 2001-06-26 Show GitHub Exploit DB Packet Storm
348150 - debian
progeny 		debian_linux
debian 		mandb in the man-db package before 2.3.16-3 allows local users to overwrite arbitrary files via the command line options (1) -u or (2) -c, which do not drop privileges and follow symlinks. NVD-CWE-Other
CVE-2001-1331 2008-09-11 04:10 2001-05-3 Show GitHub Exploit DB Packet Storm