Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
217011	5	警告	avant force	-	Avant Browser におけるコマンドライン引数を変更される脆弱性	-	CVE-2006-2058	2013-12-26 15:44	2006-04-26	Show	GitHub Exploit DB Packet Storm

217012	7.1	危険	WinSCP	-	WinSCP における任意のファイルをアップロードされる脆弱性	CWE-94 コード・インジェクション	CVE-2006-3015	2013-12-26 15:44	2006-06-14	Show	GitHub Exploit DB Packet Storm

217013	5	警告	alan ward	-	A-CART におけるユーザ名およびパスワードの情報を取得される脆弱性	-	CVE-2006-2948	2013-12-26 15:44	2006-06-12	Show	GitHub Exploit DB Packet Storm

217014	6	警告	KDE project	-	aRts の artswrapper における root 権限を取得される脆弱性	-	CVE-2006-2916	2013-12-26 15:44	2006-06-15	Show	GitHub Exploit DB Packet Storm

217015	4.6	警告	ActiveState Software	-	Windows 用 ActiveState ActivePerl における権限を取得される脆弱性	-	CVE-2006-2856	2013-12-26 15:44	2006-06-6	Show	GitHub Exploit DB Packet Storm

217016	10	危険	aspwebsoft	-	ASPwebSoft Speedy Asp Discussion Forum における任意のアカウントのパスワードを変更される脆弱性	-	CVE-2006-2807	2013-12-26 15:44	2006-06-5	Show	GitHub Exploit DB Packet Storm

217017	7.2	危険	サン・マイクロシステムズ	-	Sun Storage Automated Diagnostic Environment のパッケージコンポーネントにおける権限を取得される脆弱性	-	CVE-2006-2790	2013-12-26 15:44	2006-06-2	Show	GitHub Exploit DB Packet Storm

217018	5	警告	マイクロソフト avant force Mozilla Foundation	-	Mozilla Firefox におけるコマンドライン引数を変更される脆弱性	-	CVE-2006-2057	2013-12-26 15:44	2006-04-26	Show	GitHub Exploit DB Packet Storm

217019	5	警告	マイクロソフト	-	Windows XP 用 Internet Explorer 6 におけるコマンドライン引数を変更される脆弱性	-	CVE-2006-2056	2013-12-26 15:44	2006-04-26	Show	GitHub Exploit DB Packet Storm

217020	5	警告	マイクロソフト	-	Microsoft Outlook 2003 におけるコマンドライン引数を変更される脆弱性	-	CVE-2006-2055	2013-12-26 15:44	2006-04-26	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:April 25, 2026, 4:08 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
981	8.6	HIGH Network	-	-	Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where an HTTP redirect to unaut… New	CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere	CVE-2026-34413	2026-04-23 06:18	2026-04-23	Show	GitHub Exploit DB Packet Storm

982	7.1	HIGH Network	-	-	Xerte Online Toolkits versions 3.15 and earlier contain a relative path traversal vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where the name parameter in re… New	CWE-22 Path Traversal	CVE-2026-34414	2026-04-23 06:18	2026-04-23	Show	GitHub Exploit DB Packet Storm

983	9.8	CRITICAL Network	-	-	Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint that fails to block PHP-executable extensions .php4 due to an i… New	CWE-184 Incomplete Blacklist	CVE-2026-34415	2026-04-23 06:18	2026-04-23	Show	GitHub Exploit DB Packet Storm

984	5.3	MEDIUM Network	-	-	Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthenticated attackers to retrieve the full server-side filesystem path of the applicati… New	CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere	CVE-2026-41459	2026-04-23 06:18	2026-04-23	Show	GitHub Exploit DB Packet Storm

985	8.7	HIGH Adjacent	-	-	Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection present in the same application, these p… New	CWE-1104 Use of Unmaintained Third Party Components	CVE-2026-41468	2026-04-23 06:18	2026-04-23	Show	GitHub Exploit DB Packet Storm

986	5.2	MEDIUM Adjacent	-	-	Beghelli Sicuro24 SicuroWeb does not enforce a Content Security Policy, allowing unrestricted loading of external JavaScript resources from attacker-controlled origins. When chained with the template… New	CWE-693 Protection Mechanism Failure	CVE-2026-41469	2026-04-23 06:18	2026-04-23	Show	GitHub Exploit DB Packet Storm

987	5.7	MEDIUM Network	-	-	Twenty is an open source CRM. Prior to 1.20.6, a Stored Cross-Site Scripting (XSS) vulnerability exists in the BlockNote editor component. Due to a lack of protocol validation in the FileBlock compon… New	CWE-79 Cross-site Scripting	CVE-2026-35451	2026-04-23 06:17	2026-04-22	Show	GitHub Exploit DB Packet Storm

988	9.4	CRITICAL Network	-	-	excel-mcp-server is a Model Context Protocol server for Excel file manipulation. A path traversal vulnerability exists in excel-mcp-server versions up to and including 0.1.7. When running in SSE or S… New	CWE-22 Path Traversal	CVE-2026-40576	2026-04-23 06:17	2026-04-22	Show	GitHub Exploit DB Packet Storm

989	8.8	HIGH Network	-	-	Let's Encrypt client and ACME library written in Go (Lego). Prior to 4.34.0, the webroot HTTP-01 challenge provider in lego is vulnerable to arbitrary file write and deletion via path traversal. A ma… New	CWE-22 Path Traversal	CVE-2026-40611	2026-04-23 06:17	2026-04-22	Show	GitHub Exploit DB Packet Storm

990	5.3	MEDIUM Local	-	-	A stack-use-after-return issue exists in the Arduino_Core_STM32 library prior to version 1.7.0. The pwm_start() function allocates a TIM_HandleTypeDef structure on the stack and passes its address to… Update	CWE-562	CVE-2026-26399	2026-04-23 06:16	2026-04-21	Show	GitHub Exploit DB Packet Storm