Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
2081 7.5 重要
Network 		Spree Commerce Spree Spree CommerceのSpreeにおけるユーザ制御の鍵による認証回避に関する脆弱性 CWE-639
ユーザ制御の鍵による認証回避 		CVE-2026-22589 2026-01-23 14:18 2026-01-10 Show GitHub Exploit DB Packet Storm
2082 7.1 重要
Local 		PNG Development Group libpng PNG Development Groupのlibpngにおける境界外読み取りに関する脆弱性 CWE-125
境界外読み取り 		CVE-2026-22695 2026-01-23 14:18 2026-01-12 Show GitHub Exploit DB Packet Storm
2083 8.8 重要
Network 		appsmith appsmith appsmithにおける同一生成元ポリシー違反に関する脆弱性 CWE-346
同一生成元ポリシー違反 		CVE-2026-22794 2026-01-23 14:18 2026-01-12 Show GitHub Exploit DB Packet Storm
2084 8.8 重要
Network 		emlog emlog emlogにおける危険なタイプのファイルの無制限アップロードに関する脆弱性 CWE-434
危険なタイプのファイルの無制限アップロード 		CVE-2026-22799 2026-01-23 14:18 2026-01-12 Show GitHub Exploit DB Packet Storm
2085 4.5 警告
Network 		thm PILOS (Platform for Interactive Live-Online Seminars) Technischen Hochschule MittelhessenのPILOS (Platform for Interactive Live-Online Seminars)におけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2026-22800 2026-01-23 14:18 2026-01-12 Show GitHub Exploit DB Packet Storm
2086 7.8 重要
Local 		PNG Development Group libpng PNG Development Groupのlibpngにおける複数の脆弱性 CWE-125
CWE-125
CWE-190
CVE-2026-22801 2026-01-23 14:18 2026-01-12 Show GitHub Exploit DB Packet Storm
2087 7.5 重要
Network 		Svelte project kit Svelte projectのkitにおける複数の脆弱性 CWE-770
CWE-789
CVE-2026-22803 2026-01-23 14:18 2026-01-15 Show GitHub Exploit DB Packet Storm
2088 7.5 重要
Network 		Deno Land Deno Deno Land Inc.のDenoにおける暗号化処理の不備に関する脆弱性 CWE-325
暗号化処理の不備 		CVE-2026-22863 2026-01-23 14:18 2026-01-15 Show GitHub Exploit DB Packet Storm
2089 9.8 緊急
Network 		Deno Land Deno Deno Land Inc.のDenoにおけるコマンドインジェクションの脆弱性 CWE-77
コマンドインジェクション 		CVE-2026-22864 2026-01-23 14:17 2026-01-15 Show GitHub Exploit DB Packet Storm
2090 7.5 重要
Network 		Datadog guarddog Datadogのguarddogにおける高圧縮データの処理 (データ増幅)に関する脆弱性 CWE-409
高圧縮データの不適切な処理 (データ増幅) 		CVE-2026-22870 2026-01-23 14:17 2026-01-13 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 26, 2026, 4:08 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
283361 - stephen_craton chatness Stephen Craton (aka WiredPHP) Chatness 2.5.3 and earlier stores usernames and unencrypted passwords in (1) classes/vars.php and (2) classes/varstuff.php, and recommends 0666 or 0777 permissions for t… NVD-CWE-Other
CVE-2007-2149 2018-10-17 01:42 2007-04-19 Show GitHub Exploit DB Packet Storm
283362 - bluearc titan BlueArc-FTPD in BlueArc Titan 2x00 devices with firmware 4.2.944b allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command, a variant of CVE-1999-0017. NVD-CWE-Other
CVE-2007-2150 2018-10-17 01:42 2007-04-19 Show GitHub Exploit DB Packet Storm
283363 - atmail atmail_webmail Cross-site scripting (XSS) vulnerability in atmail.php in @Mail 5.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NVD-CWE-Other
CVE-2007-2153 2018-10-17 01:42 2007-04-19 Show GitHub Exploit DB Packet Storm
283364 - phpfaber topsites Directory traversal vulnerability in template.php in in phpFaber TopSites 3 allows remote attackers to read arbitrary files via a .. (dot dot) in the modify parameter in a template action to admin/in… NVD-CWE-Other
CVE-2007-2155 2018-10-17 01:42 2007-04-19 Show GitHub Exploit DB Packet Storm
283365 - gnu
mozilla 		iceweasel
firefox 		(1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote attackers to cause a denial of service (browser crash or system hang) via JavaScript that matches a regular expression against a… NVD-CWE-Other
CVE-2007-2162 2018-10-17 01:42 2007-04-23 Show GitHub Exploit DB Packet Storm
283366 - apple safari Apple Safari allows remote attackers to cause a denial of service (browser crash) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. NVD-CWE-Other
CVE-2007-2163 2018-10-17 01:42 2007-04-23 Show GitHub Exploit DB Packet Storm
283367 - kde konqueror Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service (browser crash or abort) via JavaScript that matches a regular expression against a long string, as demonstrated usin… NVD-CWE-Other
CVE-2007-2164 2018-10-17 01:42 2007-04-23 Show GitHub Exploit DB Packet Storm
283368 - oracle e-business_suite The APPLSYS.FND_DM_NODES package in Oracle E-Business Suite does not check for valid sessions, which allows remote attackers to delete arbitrary nodes. NOTE: due to lack of details from Oracle, it i… NVD-CWE-Other
CVE-2007-2170 2018-10-17 01:42 2007-04-25 Show GitHub Exploit DB Packet Storm
283369 - novell groupwise Stack-based buffer overflow in the base64_decode function in GWINTER.exe in Novell GroupWise (GW) WebAccess before 7.0 SP2 allows remote attackers to execute arbitrary code via long base64 content in… NVD-CWE-Other
CVE-2007-2171 2018-10-17 01:42 2007-04-25 Show GitHub Exploit DB Packet Storm
283370 - checkpoint zonealarm The IOCTL handling in srescan.sys in the ZoneAlarm Spyware Removal Engine (SRE) in Check Point ZoneAlarm before 5.0.156.0 allows local users to execute arbitrary code via certain IOCTL lrp parameter … NVD-CWE-Other
CVE-2007-2174 2018-10-17 01:42 2007-04-25 Show GitHub Exploit DB Packet Storm