Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
1641	6.1	警告 Network	Sick	SICK TDC-X401GL Firmware	SickのSICK TDC-X401GL Firmwareにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-22913	2026-01-26 19:43	2026-01-15	Show	GitHub Exploit DB Packet Storm

1642	6.5	警告 Network	Sick	SICK TDC-X401GL Firmware	SickのSICK TDC-X401GL Firmwareにおける不適切な権限設定に関する脆弱性	CWE-266 CWE-Other	CVE-2026-22914	2026-01-26 19:43	2026-01-15	Show	GitHub Exploit DB Packet Storm

1643	6.5	警告 Network	Sick	SICK TDC-X401GL Firmware	SickのSICK TDC-X401GL Firmwareにおける認可されていない制御領域への重要情報の漏えいに関する脆弱性	CWE-497 認可されていない制御領域への重要情報の漏えい	CVE-2026-22915	2026-01-26 19:43	2026-01-15	Show	GitHub Exploit DB Packet Storm

1644	5.4	警告 Network	Sick	SICK TDC-X401GL Firmware	SickのSICK TDC-X401GL Firmwareにおける不適切な権限設定に関する脆弱性	CWE-266 CWE-Other	CVE-2026-22916	2026-01-26 19:43	2026-01-15	Show	GitHub Exploit DB Packet Storm

1645	7.5	重要 Network	Sick	SICK TDC-X401GL Firmware	SickのSICK TDC-X401GL Firmwareにおける制限またはスロットリング無しのリソースの割り当てに関する脆弱性	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2026-22917	2026-01-26 19:43	2026-01-15	Show	GitHub Exploit DB Packet Storm

1646	8.2	重要 Network	Sick	SICK TDC-X401GL Firmware	SickのSICK TDC-X401GL Firmwareにおけるレンダリングされたユーザインターフェースレイヤまたはフレームの不適切な制限に関する脆弱性	CWE-1021 レンダリングされたユーザインターフェースレイヤまたはフレームの不適切な制限	CVE-2026-22918	2026-01-26 19:43	2026-01-15	Show	GitHub Exploit DB Packet Storm

1647	4.8	警告 Network	Sick	SICK TDC-X401GL Firmware	SickのSICK TDC-X401GL Firmwareにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-22919	2026-01-26 19:42	2026-01-15	Show	GitHub Exploit DB Packet Storm

1648	7.5	重要 Network	Sick	SICK TDC-X401GL Firmware	SickのSICK TDC-X401GL Firmwareにおける弱い認証情報の使用に関する脆弱性	CWE-1391 脆弱な認証情報の使用	CVE-2026-22920	2026-01-26 19:42	2026-01-15	Show	GitHub Exploit DB Packet Storm

1649	7.5	重要 Network	softlinkint	oliver v5 library	softlinkintのoliver v5 libraryにおけるパストラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2021-47755	2026-01-26 19:42	2026-01-15	Show	GitHub Exploit DB Packet Storm

1650	8.8	重要 Network	Chikitsa	Patient Management System	ChikitsaのPatient Management Systemにおける危険なタイプのファイルの無制限アップロードに関する脆弱性	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2021-47757	2026-01-26 19:42	2026-01-15	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:April 25, 2026, 4:08 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
401	5.3	MEDIUM Local	-	-	OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GIT_TEMPLATE_DIR and AWS_CONFIG_FILE are not blocked in the host-env blocklist. Attackers can exploit appro… New	CWE-184 Incomplete Blacklist	CVE-2026-41332	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

402	3.7	LOW Network	-	-	OpenClaw before 2026.3.31 contains an authentication rate limiting bypass vulnerability that allows attackers to circumvent shared authentication protections using fake device tokens. Attackers can e… New	CWE-799 Improper Control of Interaction Frequency	CVE-2026-41333	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

403	6.5	MEDIUM Network	-	-	OpenClaw before 2026.3.31 contains a decompression bomb vulnerability in image processing that fails to properly enforce pixel-limit guards on sips. Attackers can exploit this by uploading oversized … New	CWE-636 Not Failing Securely ('Failing Open')	CVE-2026-41334	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

404	5.3	MEDIUM Network	-	-	OpenClaw before 2026.3.31 contains an information disclosure vulnerability in the Control Interface bootstrap JSON that exposes version and assistant agent identifiers. Attackers can extract sensitiv… New	CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere	CVE-2026-41335	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

405	7.8	HIGH Local	-	-	OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_HOOKS_DIR environment variable, enabling loading of attacker-controlled hook code. Attackers can replace trusted… New	CWE-829 Inclusion of Functionality from Untrusted Control Sphere	CVE-2026-41336	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

406	5.3	MEDIUM Network	-	-	OpenClaw before 2026.3.31 contains a callback origin mutation vulnerability in Plivo voice-call replay that allows attackers to mutate in-process callback origin before replay rejection. Attackers wi… New	CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition	CVE-2026-41337	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

407	5.0	MEDIUM Local	-	-	OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file operations that allows attackers to bypass fd-based defenses. Attackers can exploit check-then-act pattern… New	CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition	CVE-2026-41338	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

408	4.3	MEDIUM Network	-	-	OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapshots to non-admin authenticated clients. Non-admin clients can recover host-specific filesystem paths… New	CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere	CVE-2026-41339	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

409	6.5	MEDIUM Network	-	-	OpenClaw before 2026.3.31 contains an authentication boundary vulnerability where Telegram legacy allowFrom migration incorrectly fans default-account trust into all named accounts. Attackers can exp… New	CWE-372 Incomplete Internal State Distinction	CVE-2026-41340	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

410	5.4	MEDIUM Network	-	-	OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct messages as direct messages in extensions/discord/src/monitor/agent-component… New	CWE-351 Insufficient Type Distinction	CVE-2026-41341	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm