Vulnerability Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
1621	6.7	警告 Local	デル	PowerFlex Manager Powerflex Rack Release Certification Matrix PowerFlex appliance Intelligent Catalog Software data lakehouse insightiq	デルのdata lakehouse等の複数製品における重要な情報のセキュアでない格納に関する脆弱性	CWE-922 重要な情報のセキュアでない格納	CVE-2024-37144	2026-01-27 17:29	2024-12-10	Show	GitHub Exploit DB Packet Storm

1622	8.8	重要 Network	ジュニパーネットワークス	J-Web Junos OS	ジュニパーネットワークス等の複数ベンダの製品におけるXpath インジェクションの脆弱性	CWE-643 Xpathインジェクション	CVE-2024-39565	2026-01-27 17:29	2024-07-10	Show	GitHub Exploit DB Packet Storm

1623	9.8	緊急 Network	Sangfor Technologies	Operation and Maintenance Security Management System	Sangfor TechnologiesのOperation and Maintenance Security Management Systemにおける複数の脆弱性	CWE-77 CWE-78 CWE-78	CVE-2025-15499	2026-01-27 17:29	2026-01-9	Show	GitHub Exploit DB Packet Storm

1624	9.8	緊急 Network	Sangfor Technologies	Operation and Maintenance Security Management System	Sangfor TechnologiesのOperation and Maintenance Security Management Systemにおける複数の脆弱性	CWE-77 CWE-78 CWE-78	CVE-2025-15500	2026-01-27 17:29	2026-01-9	Show	GitHub Exploit DB Packet Storm

1625	-	-	Delta Electronics, INC.	DIAView	Delta Electronics製DIAViewにおけるコマンドインジェクションの脆弱性	CWE-77 コマンドインジェクション	CVE-2026-0975	2026-01-27 12:25	2026-01-26	Show	GitHub Exploit DB Packet Storm

1626	-	-	Schneider Electric	EcoStruxure Process Expert	Schneider Electric製EcoStruxure Process Expertにおけるインストール時のファイルアクセス権の設定が不適切な脆弱性	CWE-276 不適切なデフォルトパーミッション	CVE-2025-13905	2026-01-27 12:25	2026-01-26	Show	GitHub Exploit DB Packet Storm

1627	-	-	AutomationDirect	CLICK Programmable Logic Controller	AutomationDirect製CLICK Programmable Logic Controllerにおける複数の脆弱性	CWE-256 CWE-261	CVE-2025-25051 CVE-2025-67652	2026-01-27 12:25	2026-01-26	Show	GitHub Exploit DB Packet Storm

1628	-	-	David Reid	dr_flac	dr_flacにおける整数オーバーフローの脆弱性	-	CVE-2025-14369	2026-01-27 12:25	2026-01-26	Show	GitHub Exploit DB Packet Storm

1629	-	-	Rockwell Automation	CompactLogix	Rockwell Automation製CompactLogix 5370における数値の入力に対する不適切な検証の脆弱性	CWE-1284 入力で指定された数量の不適切な検証	CVE-2025-11743	2026-01-27 12:25	2026-01-26	Show	GitHub Exploit DB Packet Storm

1630	-	-	ジョンソンコントロールズ	iSTAR Configuration Utility (ICU) tool	Johnson Controls製iSTAR Configuration Utility (ICU) toolにおけるスタックベースのバッファオーバーフローの脆弱性	CWE-121 スタックオーバーフロー	CVE-2025-26386	2026-01-27 12:25	2026-01-26	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:April 22, 2026, 4 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
41	4.8	MEDIUM Network	-	-	GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the template group creation and editing functionality that allows authenticated administrators to inject arbitrary J… New	CWE-79 Cross-site Scripting	CVE-2026-23752	2026-04-21 03:16	2026-04-21	Show	GitHub Exploit DB Packet Storm

42	7.8	HIGH Local	microsoft	windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2019 windows_server_2022 windows_server_2022_…	Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. Update	CWE-362 Race Condition	CVE-2026-32160	2026-04-21 03:15	2026-04-15	Show	GitHub Exploit DB Packet Storm

43	5.7	MEDIUM Network	dell	data_domain_operating_system	Dell PowerProtect Data Domain appliances with Data Domain Operating System (DD OS) of Feature Release versions 8.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.10 contain an insertion o… Update	CWE-532 Inclusion of Sensitive Information in Log Files	CVE-2026-23775	2026-04-21 03:11	2026-04-17	Show	GitHub Exploit DB Packet Storm

44	7.8	HIGH Local	dell	data_domain_operating_system	Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50… Update	CWE-522 Insufficiently Protected Credentials	CVE-2025-36568	2026-04-21 03:10	2026-04-17	Show	GitHub Exploit DB Packet Storm

45	7.2	HIGH Network	fortinet	fortiweb	An out-of-bounds write vulnerability [CWE-787] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow a remote privileged attack… Update	CWE-787 Out-of-bounds Write	CVE-2026-40688	2026-04-21 03:07	2026-04-15	Show	GitHub Exploit DB Packet Storm

46	8.8	HIGH Network	fortinet	fortiddos-f	A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiDDoS-F 7.2.1 through 7.2.2 may allow attacker to execute unauthorized code or com… Update	CWE-89 SQL Injection	CVE-2026-39815	2026-04-21 03:06	2026-04-15	Show	GitHub Exploit DB Packet Storm

47	4.8	MEDIUM Network	fortinet	fortinac-f	An URL Redirection to Untrusted Site ('Open Redirect') vulnerability [CWE-601] vulnerability in Fortinet FortiNAC-F 7.6.0 through 7.6.5, FortiNAC-F 7.4 all versions, FortiNAC-F 7.2 all versions may a… Update	CWE-601 Open Redirect	CVE-2026-21741	2026-04-21 03:06	2026-04-15	Show	GitHub Exploit DB Packet Storm

48	7.2	HIGH Network	fortinet	fortianalyzer fortianalyzer_cloud fortimanager fortimanager_cloud	An improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.8, FortiAnalyzer 7… Update	CWE-89 SQL Injection	CVE-2025-61848	2026-04-21 03:05	2026-04-15	Show	GitHub Exploit DB Packet Storm

49	8.8	HIGH Adjacent	fortinet	fortios	A missing authentication for critical function vulnerability in Fortinet FortiOS 7.6.0 through 7.6.3, FortiOS 7.4.0 through 7.4.8, FortiOS 7.2.0 through 7.2.11, FortiOS 7.0.0 through 7.0.17, FortiOS … Update	CWE-306 Missing Authentication for Critical Function	CVE-2025-53847	2026-04-21 03:04	2026-04-15	Show	GitHub Exploit DB Packet Storm

50	4.3	MEDIUM Network	fortinet	fortivoice fortindr	An exposure of sensitive information to an unauthorized actor vulnerability in Fortinet FortiNDR 7.6.0, FortiNDR 7.4.0 through 7.4.8, FortiNDR 7.2 all versions, FortiNDR 7.1 all versions, FortiNDR 7.… Update	CWE-200 Information Exposure	CVE-2024-23104	2026-04-21 03:03	2026-04-15	Show	GitHub Exploit DB Packet Storm

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed