Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
1551	9.8	緊急 Network	covid-19 contact tracing system project	covid-19 contact tracing system	covid-19 contact tracing system projectのcovid-19 contact tracing systemにおける危険なタイプのファイルの無制限アップロードに関する脆弱性	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2025-66802	2026-01-27 17:34	2026-01-12	Show	GitHub Exploit DB Packet Storm

1552	6.5	警告 Network	CouchCMS	couchcms	CouchCMSのcouchcmsにおけるパストラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2025-67004	2026-01-27 17:34	2026-01-9	Show	GitHub Exploit DB Packet Storm

1553	6.5	警告 Network	InvoicePlane.com	InvoicePlane	InvoicePlane.comのInvoicePlaneにおけるSQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2025-67082	2026-01-27 17:34	2026-01-15	Show	GitHub Exploit DB Packet Storm

1554	5.3	警告 Network	InvoicePlane.com	InvoicePlane	InvoicePlane.comのInvoicePlaneにおけるパストラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2025-67083	2026-01-27 17:34	2026-01-15	Show	GitHub Exploit DB Packet Storm

1555	9.9	緊急 Network	InvoicePlane.com	InvoicePlane	InvoicePlane.comのInvoicePlaneにおけるPHPにおけるアップロードファイルに関する変数の不完全な識別に関する脆弱性	CWE-616 PHPにおけるアップロードファイルに関する変数の不完全な識別	CVE-2025-67084	2026-01-27 17:34	2026-01-15	Show	GitHub Exploit DB Packet Storm

1556	6.1	警告 Network	ThemeGoods	Grand Restaurant WordPress	ThemeGoodsのWordPress用Grand Restaurant WordPressにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2025-67922	2026-01-27 17:34	2026-01-8	Show	GitHub Exploit DB Packet Storm

1557	8.8	重要 Network	authlib	authlib	authlibにおけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2025-68158	2026-01-27 17:34	2026-01-8	Show	GitHub Exploit DB Packet Storm

1558	8.6	重要 Network	Espressif Systems	ESP-IDF	Espressif SystemsのESP-IDFにおける境界外書き込みに関する脆弱性	CWE-787 境界外書き込み	CVE-2025-68473	2026-01-27 17:34	2025-12-27	Show	GitHub Exploit DB Packet Storm

1559	7.6	重要 Adjacent	Espressif Systems	ESP-IDF	Espressif SystemsのESP-IDFにおける境界外書き込みに関する脆弱性	CWE-787 境界外書き込み	CVE-2025-68474	2026-01-27 17:34	2025-12-27	Show	GitHub Exploit DB Packet Storm

1560	9.8	緊急 Network	EDIMAX Technology	BR-6208AC ファームウェア	EDIMAX TechnologyのBR-6208AC ファームウェアにおけるコマンドインジェクションの脆弱性	CWE-77 コマンドインジェクション	CVE-2025-70161	2026-01-27 17:34	2026-01-9	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:April 23, 2026, 4 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
171	3.5	LOW Network	-	-	The Email Encoder WordPress plugin before 2.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks…	CWE-79 Cross-site Scripting	CVE-2024-7083	2026-04-20 23:16	2026-04-20	Show	GitHub Exploit DB Packet Storm

172	3.5	LOW Network	-	-	A vulnerability was found in Qibo CMS 1.0. Affected by this vulnerability is an unknown functionality of the component Internal Message Module. Performing a manipulation results in cross site scripti…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-6648	2026-04-20 22:16	2026-04-20	Show	GitHub Exploit DB Packet Storm

173	4.3	MEDIUM Network	-	-	A vulnerability was detected in p2r3 convert up to 6998584ace3e11db66dff0b423612a5cf91de75b. Affected is the function Bun.serve of the file buildCache.js of the component API. Performing a manipulati…	CWE-22 Path Traversal	CVE-2026-6636	2026-04-20 21:16	2026-04-20	Show	GitHub Exploit DB Packet Storm

174	7.3	HIGH Network	-	-	A security vulnerability has been detected in rowboatlabs rowboat up to 0.1.67. This impacts the function tool_call of the file apps/experimental/tools_webhook/app.py of the component tools_webhook. …	CWE-287 Improper Authentication	CVE-2026-6635	2026-04-20 21:16	2026-04-20	Show	GitHub Exploit DB Packet Storm

175	6.3	MEDIUM Network	-	-	A weakness has been identified in usememos memos up to 0.22.1. This affects the function memos_access_token of the file src/App.tsx of the component UpdateInstanceSetting. This manipulation of the ar…	CWE-266 CWE-285 Incorrect Privilege Assignment Improper Authorization	CVE-2026-6634	2026-04-20 21:16	2026-04-20	Show	GitHub Exploit DB Packet Storm

176	3.5	LOW Network	-	-	A security flaw has been discovered in Yifang CMS up to 2.0.5. The impacted element is the function store of the file plugins/yifang_backend_account/logic/admin/L_rbac_admin.php of the component Exte…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2026-6633	2026-04-20 21:16	2026-04-20	Show	GitHub Exploit DB Packet Storm

177	-		-	-	When sed is invoked with both -i (in-place edit) and --follow-symlinks, the function open_next_file() performs two separate, non-atomic filesystem operations on the same path: 1. resolves symlink to…	CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition	CVE-2026-5958	2026-04-20 21:16	2026-04-20	Show	GitHub Exploit DB Packet Storm

178	8.8	HIGH Network	-	-	A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. The affected element is the function fromSafeClientFilter of the file /goform/SafeClientFilter of the component httpd. The manipulatio…	CWE-119 CWE-120 Incorrect Access of Indexable Resource ('Range Error') Classic Buffer Overflow	CVE-2026-6632	2026-04-20 20:16	2026-04-20	Show	GitHub Exploit DB Packet Storm

179	8.8	HIGH Network	-	-	A vulnerability was determined in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. Executing a manipul…	CWE-119 CWE-120 Incorrect Access of Indexable Resource ('Range Error') Classic Buffer Overflow	CVE-2026-6631	2026-04-20 20:16	2026-04-20	Show	GitHub Exploit DB Packet Storm

180	8.8	HIGH Network	-	-	A vulnerability was found in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. Performing a manipulation of th…	CWE-119 CWE-120 Incorrect Access of Indexable Resource ('Range Error') Classic Buffer Overflow	CVE-2026-6630	2026-04-20 20:16	2026-04-20	Show	GitHub Exploit DB Packet Storm