Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
208631 5.8 警告 Tapatalk Inc. - Woltlab Burning Board 用 Tapatalk プラグインの mobiquo/smartbanner/welcome.php におけるオープンリダイレクトの脆弱性 CWE-Other
その他 		CVE-2014-8870 2015-01-20 13:55 2014-12-24 Show GitHub Exploit DB Packet Storm
208632 4.3 警告 Tapatalk Inc. - Woltlab Burning Board 用 Tapatalk プラグインにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2014-8869 2015-01-20 13:54 2014-12-24 Show GitHub Exploit DB Packet Storm
208633 6.5 警告 Level Four Development - WordPress 用 WP EasyCart プラグインの inc/amfphp/administration/banneruploaderscript.php における任意のコードを実行される脆弱性 CWE-Other
その他 		CVE-2014-9308 2015-01-20 12:11 2014-12-7 Show GitHub Exploit DB Packet Storm
208634 5 警告 GNU Project - GNU Binutils の bfd/archive.c の _bfd_slurp_extended_name_table 関数におけるサービス運用妨害 (DoS) の脆弱性 CWE-119
バッファエラー 		CVE-2014-8738 2015-01-20 11:53 2014-11-4 Show GitHub Exploit DB Packet Storm
208635 4.6 警告 コーレル株式会社 - Corel FastFlick における任意のコードを実行される脆弱性 CWE-Other
その他 		CVE-2014-8398 2015-01-19 17:44 2014-10-22 Show GitHub Exploit DB Packet Storm
208636 4.6 警告 コーレル株式会社 - Corel VideoStudio PRO X7 または FastFlick における任意のコードを実行される脆弱性 CWE-Other
その他 		CVE-2014-8397 2015-01-19 17:31 2014-10-22 Show GitHub Exploit DB Packet Storm
208637 4.6 警告 コーレル株式会社 - Corel PDF Fusion における任意のコードを実行される脆弱性 CWE-Other
その他 		CVE-2014-8396 2015-01-19 17:26 2014-10-22 Show GitHub Exploit DB Packet Storm
208638 4.6 警告 コーレル株式会社 - Corel Painter における任意のコードを実行される脆弱性 CWE-Other
その他 		CVE-2014-8395 2015-01-19 17:22 2014-10-22 Show GitHub Exploit DB Packet Storm
208639 4.6 警告 コーレル株式会社 - Corel CAD における任意のコードを実行される脆弱性 CWE-Other
その他 		CVE-2014-8394 2015-01-19 17:18 2014-10-22 Show GitHub Exploit DB Packet Storm
208640 4 警告 OpenStack
Litech Systems Design		 - OpenStack Neutron の L3 エージェントにおけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認 		CVE-2014-8153 2015-01-19 17:10 2014-12-18 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 26, 2026, 4:08 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
51 5.3 MEDIUM
Network 		- - Improper verification of cryptographic signature uniqueness in delegated role validation in awslabs/tough before tough-v0.22.0 allows remote authenticated users to bypass the TUF signature threshold … New CWE-347
 Improper Verification of Cryptographic Signature 		CVE-2026-6966 2026-04-25 06:16 2026-04-25 Show GitHub Exploit DB Packet Storm
52 3.1 LOW
Network 		- - LangChain is a framework for building agents and LLM-powered applications. Prior to 1.1.14, langchain-openai's _url_to_size() helper (used by get_num_tokens_from_messages for image token counting) va… New CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-41488 2026-04-25 06:16 2026-04-25 Show GitHub Exploit DB Packet Storm
53 6.5 MEDIUM
Network 		- - LangChain is a framework for building agents and LLM-powered applications. Prior to langchain-text-splitters 1.1.2, HTMLHeaderTextSplitter.split_text_from_url() validated the initial URL using valid… New CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-41481 2026-04-25 06:16 2026-04-25 Show GitHub Exploit DB Packet Storm
54 9.9 CRITICAL
Network 		- - Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.6, 1.5.6, and 1.6.0-beta.5, a SQL injection vulnerability in Saltcorn’s mobile-sync routes allows any authen… New CWE-89
SQL Injection 		CVE-2026-41478 2026-04-25 06:16 2026-04-25 Show GitHub Exploit DB Packet Storm
55 - - - Deskflow is a keyboard and mouse sharing app. Prior to 1.26.0.138, a remote memory-safety vulnerability in Deskflow's clipboard deserialization allows a connected peer to trigger an out-of-bounds re… New CWE-120
Classic Buffer Overflow 		CVE-2026-41476 2026-04-25 06:16 2026-04-25 Show GitHub Exploit DB Packet Storm
56 - - - CyberPanel versions prior to 2.4.4 contain an authentication bypass vulnerability in the AI Scanner worker API endpoints that allows unauthenticated remote attackers to write arbitrary data to the da… New CWE-306
Missing Authentication for Critical Function 		CVE-2026-41473 2026-04-25 06:16 2026-04-25 Show GitHub Exploit DB Packet Storm
57 - - - CyberPanel versions prior to 2.4.4 contain a stored cross-site scripting vulnerability in the AI Scanner dashboard where the POST /api/ai-scanner/callback endpoint lacks authentication and allows una… New CWE-79
Cross-site Scripting 		CVE-2026-41472 2026-04-25 06:16 2026-04-25 Show GitHub Exploit DB Packet Storm
58 9.1 CRITICAL
Network 		- - Budibase is an open-source low-code platform. Prior to 3.35.4, the authenticated middleware uses unanchored regular expressions to match public (no-auth) endpoint patterns against ctx.request.url. Si… New CWE-287
Improper Authentication 		CVE-2026-41428 2026-04-25 06:16 2026-04-25 Show GitHub Exploit DB Packet Storm
59 9.1 CRITICAL
Network 		- - Dgraph is an open source distributed GraphQL database. Prior to 25.3.3, a vulnerability has been found in Dgraph that gives an unauthenticated attacker full read access to every piece of data in the … New CWE-943
 Improper Neutralization of Special Elements in Data Query Logic 		CVE-2026-41328 2026-04-25 06:16 2026-04-25 Show GitHub Exploit DB Packet Storm
60 9.1 CRITICAL
Network 		- - Clerk JavaScript is the official JavaScript repository for Clerk authentication. createRouteMatcher in @clerk/nextjs, @clerk/nuxt, and @clerk/astro can be bypassed by certain crafted requests, allowi… New CWE-436
CWE-863
 Interpretation Conflict
 Incorrect Authorization 		CVE-2026-41248 2026-04-25 06:16 2026-04-25 Show GitHub Exploit DB Packet Storm