Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
1001 9.8 緊急
Network 		Blue Access Technologies Inc. Cobalt X1 Blue Access Technologies Inc.のCobalt X1における認証に関する脆弱性 CWE-287
不適切な認証 		CVE-2025-60534 2026-01-30 14:13 2026-01-6 Show GitHub Exploit DB Packet Storm
1002 6.5 警告
Network 		Marquitos mcp-shell Marquitosのmcp-shellにおけるコマンドインジェクションの脆弱性 CWE-77
コマンドインジェクション 		CVE-2025-61489 2026-01-30 14:13 2026-01-7 Show GitHub Exploit DB Packet Storm
1003 9.8 緊急
Network 		NJHYST HY511 POE core devices Firmware NJHYSTのHY511 POE core devices Firmwareにおける検証および完全性チェックを行っていない Cookie への依存に関する脆弱性 CWE-565
検証および完全性チェックを行っていない Cookie への依存 		CVE-2025-65212 2026-01-30 14:13 2026-01-6 Show GitHub Exploit DB Packet Storm
1004 7.5 重要
Network 		OpenAirInterface Software Alliance OpenAir CN 5G for AMF OpenAirInterface Software AllianceのOpenAir CN 5G for AMFにおけるスタックベースのバッファオーバーフローの脆弱性 CWE-121
スタックオーバーフロー 		CVE-2025-65805 2026-01-30 14:13 2026-01-7 Show GitHub Exploit DB Packet Storm
1005 7.5 重要
Network 		OpenAirInterface Software Alliance OpenAir CN 5G for AMF OpenAirInterface Software AllianceのOpenAir CN 5G for AMFにおける入力確認に関する脆弱性 CWE-20
不適切な入力確認 		CVE-2025-66786 2026-01-30 14:13 2026-01-7 Show GitHub Exploit DB Packet Storm
1006 7.5 重要
Network 		efforthye fast-filesystem-mcp efforthyeのfast-filesystem-mcpにおけるパストラバーサルの脆弱性 CWE-24
パストラバーサル (../filedir) 		CVE-2025-67364 2026-01-30 14:13 2026-01-7 Show GitHub Exploit DB Packet Storm
1007 7.5 重要
Network 		Sylphx Filesystem MCP SylphxのFilesystem MCPにおける相対パストラバーサルの脆弱性 CWE-23
相対的パストラバーサル 		CVE-2025-67366 2026-01-30 14:13 2026-01-7 Show GitHub Exploit DB Packet Storm
1008 3.8
Network 		Eli Hanna Compress & Upload Eli HannaのWordPress用Compress & Uploadにおける危険なタイプのファイルの無制限アップロードに関する脆弱性 CWE-434
危険なタイプのファイルの無制限アップロード 		CVE-2025-8889 2026-01-30 14:13 2025-09-9 Show GitHub Exploit DB Packet Storm
1009 5.4 警告
Network 		ngsurvey ngsurvey ngsurveyにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2025-15479 2026-01-30 14:13 2026-01-7 Show GitHub Exploit DB Packet Storm
1010 6.1 警告
Network 		WPForms wpforms WPFormsのWordPress用wpformsにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2020-36919 2026-01-30 14:13 2026-01-13 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 24, 2026, 4 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
283351 - microsoft windows_messenger An ActiveX control (Messenger.UIAutomation.1) in Windows Messenger 4.7 and 5.1 is marked as safe-for-scripting, which allows remote attackers to control the Messenger application, and "change state,"… CWE-200
Information Exposure 		CVE-2008-0082 2018-10-16 06:57 2008-08-13 Show GitHub Exploit DB Packet Storm
283352 - microsoft data_engine
sql_server
sql_server_desktop_engine
sql_server_express_edition 		Buffer overflow in the convert function in Microsoft SQL Server 2000 SP4, 2000 Desktop Engine (MSDE 2000) SP4, and 2000 Desktop Engine (WMSDE) allows remote authenticated users to execute arbitrary c… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2008-0086 2018-10-16 06:57 2008-07-9 Show GitHub Exploit DB Packet Storm
283353 - phpwebsite phpwebsite Cross-site scripting (XSS) vulnerability in index.php in the search module in Appalachian State University phpWebSite 1.4.0 allows remote attackers to inject arbitrary web script or HTML via the sear… CWE-79
Cross-site Scripting 		CVE-2008-0092 2018-10-16 06:57 2008-01-4 Show GitHub Exploit DB Packet Storm
283354 - asterisk asterisk_appliance_developer_kit
asterisk_business_edition
asterisknow
open_source
s800i 		The SIP channel driver in Asterisk Open Source 1.4.x before 1.4.17, Business Edition before C.1.0-beta8, AsteriskNOW before beta7, Appliance Developer Kit before Asterisk 1.4 revision 95946, and Appl… CWE-399
 Resource Management Errors 		CVE-2008-0095 2018-10-16 06:57 2008-01-8 Show GitHub Exploit DB Packet Storm
283355 - georgia_softworks ssh2_server Multiple buffer overflows in Georgia SoftWorks SSH2 Server (GSW_SSHD) 7.01.0003 and earlier allow remote attackers to execute arbitrary code via a (1) a long username, which triggers an overflow in t… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2008-0096 2018-10-16 06:57 2008-01-8 Show GitHub Exploit DB Packet Storm
283356 - georgia_softworks ssh2_server Format string vulnerability in the log function in Georgia SoftWorks SSH2 Server (GSW_SSHD) 7.01.0003 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the… CWE-20
 Improper Input Validation  		CVE-2008-0097 2018-10-16 06:57 2008-01-8 Show GitHub Exploit DB Packet Storm
283357 - white_dune white_dune Stack-based buffer overflow in the Scene::errorf function in Scene.cpp in White_Dune 0.29 beta791 and earlier allows remote attackers to execute arbitrary code via a long string in a .WRL file. CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2008-0100 2018-10-16 06:57 2008-01-8 Show GitHub Exploit DB Packet Storm
283358 - white_dune white_dune Format string vulnerability in the swDebugf function in DuneApp.cpp in White_Dune 0.29 beta791 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a .WRL fil… CWE-20
 Improper Input Validation  		CVE-2008-0101 2018-10-16 06:57 2008-01-8 Show GitHub Exploit DB Packet Storm
283359 - microsoft data_engine
sql_server
sql_server_desktop_engine
sql_server_express_edition 		Buffer overflow in Microsoft SQL Server 2005 SP1 and SP2, and 2005 Express Edition SP1 and SP2, allows remote authenticated users to execute arbitrary code via a crafted insert statement. CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2008-0106 2018-10-16 06:57 2008-07-9 Show GitHub Exploit DB Packet Storm
283360 - microsoft office
word 		Word in Microsoft Office 2000 SP3, XP SP3, Office 2003 SP2, and Office Word Viewer 2003 allows remote attackers to execute arbitrary code via crafted fields within the File Information Block (FIB) of… CWE-399
 Resource Management Errors 		CVE-2008-0109 2018-10-16 06:57 2008-02-13 Show GitHub Exploit DB Packet Storm