Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
1421 9.1 緊急
Network 		Passy Passy Passyにおけるコマンドインジェクションの脆弱性 CWE-77
コマンドインジェクション 		CVE-2025-67397 2026-01-27 17:40 2026-01-5 Show GitHub Exploit DB Packet Storm
1422 6.8 警告
Physics 		Espressif Systems USB Host UVC Class Driver Espressif SystemsのUSB Host UVC Class Driverにおけるスタックベースのバッファオーバーフローの脆弱性 CWE-121
スタックオーバーフロー 		CVE-2025-68622 2026-01-27 17:40 2026-01-12 Show GitHub Exploit DB Packet Storm
1423 6.8 警告
Physics 		Espressif Systems USB Host HID (Human Interface Device) Driver Espressif SystemsのUSB Host HID (Human Interface Device) Driverにおける解放済みメモリの使用に関する脆弱性 CWE-416
解放済みメモリの使用 		CVE-2025-68656 2026-01-27 17:40 2026-01-12 Show GitHub Exploit DB Packet Storm
1424 6.4 警告
Physics 		Espressif Systems USB Host HID (Human Interface Device) Driver Espressif SystemsのUSB Host HID (Human Interface Device) Driverにおける複数の脆弱性 CWE-415
CWE-667
CVE-2025-68657 2026-01-27 17:40 2026-01-12 Show GitHub Exploit DB Packet Storm
1425 7.2 重要
Network 		- SAPのS/4 HANAにおけるコードインジェクションの脆弱性 CWE-94
コード・インジェクション 		CVE-2026-0498 2026-01-27 17:40 2026-01-13 Show GitHub Exploit DB Packet Storm
1426 6.1 警告
Network 		remyandrade API Key Manager App Remy AndradeのAPI Key Manager Appにおける複数の脆弱性 CWE-79
CWE-79
CWE-94
CVE-2026-0580 2026-01-27 17:40 2026-01-5 Show GitHub Exploit DB Packet Storm
1427 8.8 重要
Network 		TOTOLINK WA300 Firmware TOTOLINKのWA300 Firmwareにおける複数の脆弱性 CWE-74
CWE-77
CWE-77
CVE-2026-0641 2026-01-27 17:40 2026-01-6 Show GitHub Exploit DB Packet Storm
1428 4.8 警告
Network 		PHPGurukul Staff Leave Management System Using Django Python SQLite PHPGurukulのStaff Leave Management System Using Django Python SQLiteにおける複数の脆弱性 CWE-79
CWE-79
CWE-94
CVE-2026-0730 2026-01-27 17:40 2026-01-8 Show GitHub Exploit DB Packet Storm
1429 8.8 重要
Network 		PHPGurukul Online Course Registration System PHPGurukulのOnline Course Registration Systemにおける複数の脆弱性 CWE-74
CWE-89
CWE-89
CVE-2026-0733 2026-01-27 17:40 2026-01-9 Show GitHub Exploit DB Packet Storm
1430 8.8 重要
Network 		PHPGurukul Online Course Registration System PHPGurukulのOnline Course Registration Systemにおける複数の脆弱性 CWE-74
CWE-89
CWE-89
CVE-2026-0803 2026-01-27 17:40 2026-01-9 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 23, 2026, 4 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
283001 - chipmunk_scripts chipmunk_directory Cross-site scripting (XSS) vulnerability in directory/index.php in Chipmunk directory allows remote attackers to inject arbitrary web script or HTML via the start parameter. NVD-CWE-Other
CVE-2006-7042 2018-10-17 01:29 2007-02-24 Show GitHub Exploit DB Packet Storm
283002 - shoutpro shoutpro include.php in Shoutpro 1.0 might allow remote attackers to bypass IP ban restrictions via a URL in the path parameter that points to an alternate bannedips.php file. NOTE: this issue was originally… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2006-7047 2018-10-17 01:29 2007-02-24 Show GitHub Exploit DB Packet Storm
283003 - sweetphp totalcalendar PHP remote file inclusion vulnerability in index.php in TotalCalendar 2.30 and earlier allows remote attackers to execute arbitrary code via a URL in the inc_dir parameter, a different vector than CV… NVD-CWE-Other
CVE-2006-7055 2018-10-17 01:29 2007-02-24 Show GitHub Exploit DB Packet Storm
283004 - dreamcost hostadmin Multiple PHP remote file inclusion vulnerabilities in DreamCost HostAdmin 3.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) functions.php and… NVD-CWE-Other
CVE-2006-7056 2018-10-17 01:29 2007-02-24 Show GitHub Exploit DB Packet Storm
283005 - oracle database_server Oracle 10g R2 and possibly other versions allows remote attackers to trigger internal errors, and possibly have other impacts, via an "alter session set events" command with invalid arguments. NOTE:… NVD-CWE-Other
CVE-2006-7067 2018-10-17 01:29 2007-03-3 Show GitHub Exploit DB Packet Storm
283006 - etomite etomite Unrestricted file upload vulnerability in manager/media/ibrowser/scripts/rfiles.php in Etomite CMS 0.6.1 and earlier allows remote attackers to upload and execute arbitrary files via an nfile[] param… CWE-20
 Improper Input Validation  		CVE-2006-7070 2018-10-17 01:29 2007-03-3 Show GitHub Exploit DB Packet Storm
283007 - geodesicsolutions geoclassifieds_enterprise Cross-site scripting (XSS) vulnerability in GeoClassifieds Enterprise 2.0.5.2 and earlier allows remote attackers to inject arbitrary web script and HTML via the (1) b[username] and (2) c parameters … NVD-CWE-Other
CVE-2006-7072 2018-10-17 01:29 2007-03-3 Show GitHub Exploit DB Packet Storm
283008 - professional_home_page_tools_login_script professional_home_page_tools_login_script Multiple cross-site scripting (XSS) vulnerabilities in Professional Home Page Tools Login Script, as of July 2006, allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) … NVD-CWE-Other
CVE-2006-7078 2018-10-17 01:29 2007-03-3 Show GitHub Exploit DB Packet Storm
283009 - dotdeb dotdeb_php CRLF injection vulnerability in the mail function in Dotdeb PHP before 5.2.0 Rev 3 allows remote attackers to bypass the protection scheme and inject arbitrary email headers via CRLF sequences in the… NVD-CWE-Other
CVE-2006-7087 2018-10-17 01:29 2007-03-3 Show GitHub Exploit DB Packet Storm
283010 - ftpd ftpd ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid instead of the effective group id before executing /bin/ls, which allows remote authenticated users to list arbitrary direc… NVD-CWE-Other
CVE-2006-7094 2018-10-17 01:29 2007-03-3 Show GitHub Exploit DB Packet Storm