Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
1641	6.1	警告 Network	Sick	SICK TDC-X401GL Firmware	SickのSICK TDC-X401GL Firmwareにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-22913	2026-01-26 19:43	2026-01-15	Show	GitHub Exploit DB Packet Storm

1642	6.5	警告 Network	Sick	SICK TDC-X401GL Firmware	SickのSICK TDC-X401GL Firmwareにおける不適切な権限設定に関する脆弱性	CWE-266 CWE-Other	CVE-2026-22914	2026-01-26 19:43	2026-01-15	Show	GitHub Exploit DB Packet Storm

1643	6.5	警告 Network	Sick	SICK TDC-X401GL Firmware	SickのSICK TDC-X401GL Firmwareにおける認可されていない制御領域への重要情報の漏えいに関する脆弱性	CWE-497 認可されていない制御領域への重要情報の漏えい	CVE-2026-22915	2026-01-26 19:43	2026-01-15	Show	GitHub Exploit DB Packet Storm

1644	5.4	警告 Network	Sick	SICK TDC-X401GL Firmware	SickのSICK TDC-X401GL Firmwareにおける不適切な権限設定に関する脆弱性	CWE-266 CWE-Other	CVE-2026-22916	2026-01-26 19:43	2026-01-15	Show	GitHub Exploit DB Packet Storm

1645	7.5	重要 Network	Sick	SICK TDC-X401GL Firmware	SickのSICK TDC-X401GL Firmwareにおける制限またはスロットリング無しのリソースの割り当てに関する脆弱性	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2026-22917	2026-01-26 19:43	2026-01-15	Show	GitHub Exploit DB Packet Storm

1646	8.2	重要 Network	Sick	SICK TDC-X401GL Firmware	SickのSICK TDC-X401GL Firmwareにおけるレンダリングされたユーザインターフェースレイヤまたはフレームの不適切な制限に関する脆弱性	CWE-1021 レンダリングされたユーザインターフェースレイヤまたはフレームの不適切な制限	CVE-2026-22918	2026-01-26 19:43	2026-01-15	Show	GitHub Exploit DB Packet Storm

1647	4.8	警告 Network	Sick	SICK TDC-X401GL Firmware	SickのSICK TDC-X401GL Firmwareにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-22919	2026-01-26 19:42	2026-01-15	Show	GitHub Exploit DB Packet Storm

1648	7.5	重要 Network	Sick	SICK TDC-X401GL Firmware	SickのSICK TDC-X401GL Firmwareにおける弱い認証情報の使用に関する脆弱性	CWE-1391 脆弱な認証情報の使用	CVE-2026-22920	2026-01-26 19:42	2026-01-15	Show	GitHub Exploit DB Packet Storm

1649	7.5	重要 Network	softlinkint	oliver v5 library	softlinkintのoliver v5 libraryにおけるパストラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2021-47755	2026-01-26 19:42	2026-01-15	Show	GitHub Exploit DB Packet Storm

1650	8.8	重要 Network	Chikitsa	Patient Management System	ChikitsaのPatient Management Systemにおける危険なタイプのファイルの無制限アップロードに関する脆弱性	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2021-47757	2026-01-26 19:42	2026-01-15	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:April 25, 2026, 4:08 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
331	-		-	-	A weakness in SpiceJet’s public booking retrieval page permits full passenger booking details to be accessed using only a PNR and last name, with no authentication or verification mechanisms. This re… New	CWE-306 Missing Authentication for Critical Function	CVE-2026-6376	2026-04-24 23:50	2026-04-24	Show	GitHub Exploit DB Packet Storm

332	7.1	HIGH Local	-	-	radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local attackers to recursively delete arbitrary directories by supplying absolute paths that escape the … New	CWE-22 Path Traversal	CVE-2026-6940	2026-04-24 23:50	2026-04-24	Show	GitHub Exploit DB Packet Storm

333	6.6	MEDIUM Local	-	-	radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured project directory by importing a malic… New	CWE-59 Link Following	CVE-2026-6941	2026-04-24 23:50	2026-04-24	Show	GitHub Exploit DB Packet Storm

334	9.8	CRITICAL Network	-	-	KTransformers through 0.5.3 contains an unsafe deserialization vulnerability in the balance_serve backend mode where the scheduler RPC server binds a ZMQ ROUTER socket to all interfaces with no authe… New	CWE-502 Deserialization of Untrusted Data	CVE-2026-26210	2026-04-24 23:50	2026-04-24	Show	GitHub Exploit DB Packet Storm

335	-		-	-	Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the GraphCypherQAChain node forwards user-provided input directly into the Cypher query execut… New	CWE-943 Improper Neutralization of Special Elements in Data Query Logic	CVE-2026-41274	2026-04-24 23:50	2026-04-24	Show	GitHub Exploit DB Packet Storm

336	6.1	MEDIUM Local	-	-	melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, an attacker who can influence a melange configuration file — for exampl… New	CWE-22 Path Traversal	CVE-2026-29050	2026-04-24 23:50	2026-04-24	Show	GitHub Exploit DB Packet Storm

337	4.4	MEDIUM Local	-	-	melange allows users to build apk packages using declarative pipelines. Starting in version 0.32.0 and prior to version 0.43.4, `melange lint --persist-lint-results` (opt-in flag, also usable via `me… New	CWE-22 Path Traversal	CVE-2026-29051	2026-04-24 23:50	2026-04-24	Show	GitHub Exploit DB Packet Storm

338	7.6	HIGH Network	-	-	Xibo is an open source digital signage platform with a web content management system and Windows display player software. Versions 1.7 through 4.4.0 have an SQL injection vulnerability in the API rou… New	CWE-89 CWE-184 SQL Injection Incomplete Blacklist	CVE-2026-31952	2026-04-24 23:50	2026-04-24	Show	GitHub Exploit DB Packet Storm

339	5.3	MEDIUM Network	-	-	go-ntlmssp is a Go package that provides NTLM/Negotiate authentication over HTTP. Prior to version 0.1.1, a malicious NTLM challenge message can causes an slice out of bounds panic, which can crash a… New	CWE-190 Integer Overflow or Wraparound	CVE-2026-32952	2026-04-24 23:50	2026-04-24	Show	GitHub Exploit DB Packet Storm

340	-		-	-	Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the haproxy_section_save interface presents a vulnerability that could lead to remote … New	CWE-22 Path Traversal	CVE-2026-33076	2026-04-24 23:50	2026-04-24	Show	GitHub Exploit DB Packet Storm