Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
1961 6.5 警告
Network 		Wireshark Wireshark Wiresharkにおける境界外書き込みに関する脆弱性 CWE-787
境界外書き込み 		CVE-2026-0962 2026-01-23 14:23 2026-01-14 Show GitHub Exploit DB Packet Storm
1962 7.2 重要
Network 		Open eClass project Open eClass Open eClassにおける危険なタイプのファイルの無制限アップロードに関する脆弱性 CWE-434
危険なタイプのファイルの無制限アップロード 		CVE-2026-22241 2026-01-23 14:23 2026-01-8 Show GitHub Exploit DB Packet Storm
1963 8.8 重要
Network 		Microhard IPn4G Firmware
IPn3Gii Firmware
VIP4Gb Firmware
BulletLTE ファームウェア
IPn4Gb Firmware
Dragon-LTE Firmware
Bullet-3G Firmware
VIP4G-WiFi-N Firm… 		MicrohardのBullet-3G Firmware等の複数製品における不適切な権限設定に関する脆弱性 CWE-266
不適切な権限設定 		CVE-2018-25148 2026-01-23 14:23 2025-12-24 Show GitHub Exploit DB Packet Storm
1964 6.5 警告
Network 		Microhard IPn4G Firmware
IPn3Gii Firmware
VIP4Gb Firmware
BulletLTE ファームウェア
IPn4Gb Firmware
Dragon-LTE Firmware
Bullet-3G Firmware
VIP4G-WiFi-N Firm… 		MicrohardのBullet-3G Firmware等の複数製品におけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2018-25149 2026-01-23 14:23 2025-12-24 Show GitHub Exploit DB Packet Storm
1965 6.5 警告
Network 		Teradek Vidiu Pro Firmware
VidiU Mini ファームウェア
VidiU ファームウェア 		TeradekのVidiU Mini ファームウェア等の複数製品におけるサーバサイドのリクエストフォージェリの脆弱性 CWE-918
サーバサイドリクエストフォージェリ 		CVE-2019-25251 2026-01-23 14:23 2025-12-24 Show GitHub Exploit DB Packet Storm
1966 4.3 警告
Network 		Teradek Vidiu Pro Firmware
VidiU Mini ファームウェア
VidiU ファームウェア 		TeradekのVidiU Mini ファームウェア等の複数製品におけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2019-25252 2026-01-23 14:23 2025-12-24 Show GitHub Exploit DB Packet Storm
1967 5.5 警告
Local 		Celestial Software AbsoluteTelnet Celestial SoftwareのAbsoluteTelnetにおける境界外書き込みに関する脆弱性 CWE-787
境界外書き込み 		CVE-2021-47764 2026-01-23 14:23 2026-01-15 Show GitHub Exploit DB Packet Storm
1968 5.5 警告
Local 		Celestial Software AbsoluteTelnet Celestial SoftwareのAbsoluteTelnetにおける境界外書き込みに関する脆弱性 CWE-787
境界外書き込み 		CVE-2021-47765 2026-01-23 14:23 2026-01-15 Show GitHub Exploit DB Packet Storm
1969 7.8 重要
Local 		Macro Expert Macro Expert Macro Expertにおける引用されない検索パスまたは要素に関する脆弱性 CWE-428
引用されない検索パスまたは要素 		CVE-2021-47780 2026-01-23 14:23 2026-01-16 Show GitHub Exploit DB Packet Storm
1970 8.8 重要
Network 		Zesle Software Inc. ZesleCP Zesle Software Inc.のZesleCPにおけるOS コマンドインジェクションの脆弱性 CWE-78
OSコマンド・インジェクション 		CVE-2021-47794 2026-01-23 14:22 2026-01-16 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 26, 2026, 4:08 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
304711 - photopost photopost_php_pro Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to gain users' passwords via the (1) photo parameter to addfav.php, (2) photo parameter to comment… NVD-CWE-Other
CVE-2004-1870 2017-07-11 10:31 2004-03-29 Show GitHub Exploit DB Packet Storm
304712 - photopost photopost_php_pro Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 4.6.x and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ppuser, (2) password, (3) stype, (… NVD-CWE-Other
CVE-2004-1871 2017-07-11 10:31 2004-03-29 Show GitHub Exploit DB Packet Storm
304713 - webct webct Cross-site scripting (XSS) vulnerability in WebCT Campus Edition 4.1.1.5 allows remote attackers to inject arbitrary web script or HTML via the @import URL function in a CSS style tag. NVD-CWE-Other
CVE-2004-1872 2017-07-11 10:31 2004-03-29 Show GitHub Exploit DB Packet Storm
304714 - alan_ward a-cart Multiple cross-site scripting (XSS) vulnerabilities in (1) deliver.asp and (2) billing.asp in A-CART Pro and A-CART 2.0 allow remote attackers to inject arbitrary web script or HTML via the user info… NVD-CWE-Other
CVE-2004-1874 2017-07-11 10:31 2004-03-29 Show GitHub Exploit DB Packet Storm
304715 - cpanel cpanel Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R85 allow remote attackers to inject arbitrary web script or HTML via the (1) email parameter to testfile.html, (2) file parameter … CWE-79
Cross-site Scripting 		CVE-2004-1875 2017-07-11 10:31 2004-03-30 Show GitHub Exploit DB Packet Storm
304716 - clam_anti-virus clamav The "%f" feature in the VirusEvent directive in Clam AntiVirus daemon (clamd) before 0.70 allows local users to execute arbitrary commands via shell metacharacters in a file name. NVD-CWE-Other
CVE-2004-1876 2017-07-11 10:31 2004-03-30 Show GitHub Exploit DB Packet Storm
304717 - oracle application_server
http_server 		The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the lo… NVD-CWE-Other
CVE-2004-1877 2017-07-11 10:31 2004-03-30 Show GitHub Exploit DB Packet Storm
304718 - linbit_technologies linbox_officeserver LINBOX LIN:BOX allows remote attackers to bypass authentication, obtain sensitive information, or gain access via a direct request to admin/user.pl preceded by // (double leading slash). NVD-CWE-Other
CVE-2004-1878 2017-07-11 10:31 2004-03-30 Show GitHub Exploit DB Packet Storm
304719 - phpkit phpkit Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows allows remote attackers to inject arbitrary web script or HTML via forum messages. NVD-CWE-Other
CVE-2004-1879 2017-07-11 10:31 2004-12-31 Show GitHub Exploit DB Packet Storm
304720 - cactusoft cactushop SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp in CactuShop 5.x allows remote attackers to execute arbitrary SQL commands via the strItems parameter. NVD-CWE-Other
CVE-2004-1881 2017-07-11 10:31 2004-12-31 Show GitHub Exploit DB Packet Storm