Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
219211 4.3 警告 IBM - IBM WebSphere Commerce の WebSphere Commerce Tool におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2013-0566 2013-08-28 12:06 2013-08-23 Show GitHub Exploit DB Packet Storm
219212 9.3 危険 リアルネットワークス - RealPlayer のファイル名の処理にスタックバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2013-4973 2013-08-28 11:47 2013-08-27 Show GitHub Exploit DB Packet Storm
219213 9.3 危険 リアルネットワークス - RealNetworks RealPlayer および RealPlayer SP における任意のコードを実行される脆弱性 CWE-119
バッファエラー 		CVE-2013-4974 2013-08-28 10:52 2013-08-23 Show GitHub Exploit DB Packet Storm
219214 7.5 危険 インテル - Intel Wireless WiMAX Connection 2400 用 Intel WiMAX Network Service における整数オーバーフローの脆弱性 CWE-189
数値処理の問題 		CVE-2013-4219 2013-08-27 19:25 2013-08-8 Show GitHub Exploit DB Packet Storm
219215 2.1 注意 インテル - Intel Wireless WiMAX Connection 2400 用 Intel WiMAX Network Service における重要な情報を取得される脆弱性 CWE-310
暗号の問題 		CVE-2013-4218 2013-08-27 19:24 2013-08-8 Show GitHub Exploit DB Packet Storm
219216 2.1 注意 インテル - Intel Wireless WiMAX Connection 2400 用 Intel WiMAX Network Service における重要な情報を取得される脆弱性 CWE-310
暗号の問題 		CVE-2013-4217 2013-08-27 19:23 2013-08-8 Show GitHub Exploit DB Packet Storm
219217 2.1 注意 インテル - Intel Wireless WiMAX Connection 2400 用 Intel WiMAX Network Service におけるサービス運用妨害 (DoS) の脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2013-4216 2013-08-27 19:22 2013-08-8 Show GitHub Exploit DB Packet Storm
219218 5.8 警告 Amazon.com, Inc.
Apache Software Foundation		 - Amazon FPS merchant Java SDK で使用される Apache Commons HttpClient における SSL サーバを偽装される脆弱性 CWE-20
不適切な入力確認 		CVE-2012-5783 2013-08-27 18:48 2012-11-4 Show GitHub Exploit DB Packet Storm
219219 10 危険 Mozilla Foundation - 複数の Mozilla 製品の nsWindow::OnExposeEvent 関数におけるヒープベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2012-5829 2013-08-27 18:20 2012-11-20 Show GitHub Exploit DB Packet Storm
219220 5 警告 Paolo Bacchilega - File Roller におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2013-4668 2013-08-27 18:17 2013-05-27 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 20, 2026, 4:09 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
481 9.8 CRITICAL
Network 		- - Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML parsing in the TextParser helper. Attackers… Update CWE-403
 Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak') 		CVE-2026-40042 2026-04-18 00:28 2026-04-14 Show GitHub Exploit DB Packet Storm
482 6.5 MEDIUM
Network 		- - Pachno 1.0.6 contains an authentication bypass vulnerability in the runSwitchUser() action that allows authenticated low-privilege users to escalate privileges by manipulating the original_username c… Update CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2026-40043 2026-04-18 00:28 2026-04-14 Show GitHub Exploit DB Packet Storm
483 9.8 CRITICAL
Network 		- - Pachno 1.0.6 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting malicious serialized objects into cache files. Attackers can write P… Update CWE-502
 Deserialization of Untrusted Data 		CVE-2026-40044 2026-04-18 00:28 2026-04-14 Show GitHub Exploit DB Packet Storm
484 - - - Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through 4.10.2 and 5.0.0 through 5.5.4, the PaymentsController::actionPay discloses some order data to unauthenticated users w… Update CWE-200
CWE-862
Information Exposure
 Missing Authorization 		CVE-2026-32270 2026-04-18 00:26 2026-04-14 Show GitHub Exploit DB Packet Storm
485 - - - Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through 4.10.2 and 5.0.0 through 5.5.4, there is an SQL injection vulnerability in the Commerce TotalRevenue widget which allo… Update CWE-89
SQL Injection 		CVE-2026-32271 2026-04-18 00:26 2026-04-14 Show GitHub Exploit DB Packet Storm
486 - - - Craft Commerce is an ecommerce platform for Craft CMS. In versions 5.0.0 through 5.5.4, an SQL injection vulnerability exists where the ProductQuery::hasVariant and VariantQuery::hasProduct propertie… Update CWE-89
SQL Injection 		CVE-2026-32272 2026-04-18 00:26 2026-04-14 Show GitHub Exploit DB Packet Storm
487 5.3 MEDIUM
Network 		- - ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-189 and 6.9.13-44, when `Magick` parses an XML file it is possible that a single… Update CWE-122
CWE-191
Heap-based Buffer Overflow
 Integer Underflow (Wrap or Wraparound) 		CVE-2026-33899 2026-04-18 00:26 2026-04-14 Show GitHub Exploit DB Packet Storm
488 5.9 MEDIUM
Network 		- - ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the viff encoder contains an integer truncation/wraparoun… Update CWE-190
 Integer Overflow or Wraparound 		CVE-2026-33900 2026-04-18 00:26 2026-04-14 Show GitHub Exploit DB Packet Storm
489 3.5 LOW
Network 		- - EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Attachment/fromImageUrl endpoint is vulnerable to Server-Side Request Forgery (SS… Update CWE-367
CWE-918
 Time-of-check Time-of-use (TOCTOU) Race Condition
Server-Side Request Forgery (SSRF)  		CVE-2026-33659 2026-04-18 00:26 2026-04-14 Show GitHub Exploit DB Packet Storm
490 5.4 MEDIUM
Network 		- - EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Email/importEml endpoint contains an Insecure Direct Object Reference (IDOR) vuln… Update CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2026-33740 2026-04-18 00:26 2026-04-14 Show GitHub Exploit DB Packet Storm