Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
221501	9.3	危険	Opera Software ASA	-	Opera における任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2013-1638	2013-02-12 16:49	2013-01-30	Show	GitHub Exploit DB Packet Storm

221502	9.3	危険	Opera Software ASA	-	Opera における任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2013-1637	2013-02-12 16:48	2013-01-30	Show	GitHub Exploit DB Packet Storm

221503	9.3	危険	Ecava	-	IntegraXor SCADA Server におけるバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2012-4700	2013-02-12 14:26	2013-01-3	Show	GitHub Exploit DB Packet Storm

221504	5	警告	ISC, Inc. 日本電気 VMware	-	複数の DNS ネームサーバの実装に問題	CWE-DesignError	CVE-2012-1033	2013-02-8 16:14	2012-02-9	Show	GitHub Exploit DB Packet Storm

221505	8.5	危険	（複数のベンダ）	-	HP/H3C 製および Huawei 製ネットワーク機器にアクセス制限不備の脆弱性	CWE-200 情報漏えい	CVE-2012-3268	2013-02-8 15:02	2012-10-25	Show	GitHub Exploit DB Packet Storm

221506	2.6	注意	サイボウズ	-	サイボウズガルーンにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-0702	2013-02-8 12:01	2013-02-8	Show	GitHub Exploit DB Packet Storm

221507	6.5	警告	サイボウズ	-	サイボウズガルーンにおける SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2013-0701	2013-02-8 12:01	2013-02-8	Show	GitHub Exploit DB Packet Storm

221508	4.3	警告	Tobias Bathge	-	WordPress 用 WP-Table Reloaded モジュールにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-1463	2013-02-8 11:19	2013-01-27	Show	GitHub Exploit DB Packet Storm

221509	6.8	警告	アップル	-	複数の Apple 製品で使用される WebKit における任意のコードを実行される脆弱性	CWE-noinfo 情報不足	CVE-2012-3684	2013-02-7 17:53	2012-09-13	Show	GitHub Exploit DB Packet Storm

221510	10	危険	シスコシステムズ	-	Cisco Unified IP Phone 7900 シリーズにおける任意のコードを実行される脆弱性	CWE-noinfo 情報不足	CVE-2012-5445	2013-02-7 17:40	2012-12-28	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:April 20, 2026, 4:09 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
101	-		-	-	wger is a free, open-source workout and fitness manager. In versions 2.5 and below, the attribution_link property in AbstractLicenseModel constructs HTML by directly interpolating user-controlled lic… New	CWE-79 Cross-site Scripting	CVE-2026-40353	2026-04-18 07:16	2026-04-18	Show	GitHub Exploit DB Packet Storm

102	8.8	HIGH Network	-	-	FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password change endpoint is vulnerable to NoSQL injection. An authenticated attacker can bypass the "old password" verific… New	CWE-943 Improper Neutralization of Special Elements in Data Query Logic	CVE-2026-40352	2026-04-18 07:16	2026-04-18	Show	GitHub Exploit DB Packet Storm

103	9.8	CRITICAL Network	-	-	FastGPT is an AI Agent building platform. In versions prior to 4.14.9.5, the password-based login endpoint uses TypeScript type assertion without runtime validation, allowing an unauthenticated attac… New	CWE-943 Improper Neutralization of Special Elements in Data Query Logic	CVE-2026-40351	2026-04-18 07:16	2026-04-18	Show	GitHub Exploit DB Packet Storm

104	8.0	HIGH Network	-	-	DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.2.2, a user could upload a specially crafted SVG file that could incl… New	CWE-87 Improper Neutralization of Alternate XSS Syntax	CVE-2026-40321	2026-04-18 07:16	2026-04-18	Show	GitHub Exploit DB Packet Storm

105	-		-	-	DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affec… New	CWE-330 Use of Insufficiently Random Values	CVE-2026-40306	2026-04-18 07:16	2026-04-18	Show	GitHub Exploit DB Packet Storm

106	4.3	MEDIUM Network	-	-	DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Starting in version 6.0.0 and prior to version 10.2.2, in the friends feature, a user cou… New	CWE-285 Improper Authorization	CVE-2026-40305	2026-04-18 07:16	2026-04-18	Show	GitHub Exploit DB Packet Storm

107	5.3	MEDIUM Network	-	-	zrok is software for sharing web services, files, and network resources. Prior to version 2.0.1, the unaccess handler (controller/unaccess.go) contains a logical error in its ownership guard: when a … New	CWE-284 CWE-863 Improper Access Control Incorrect Authorization	CVE-2026-40304	2026-04-18 07:16	2026-04-18	Show	GitHub Exploit DB Packet Storm

108	9.1	CRITICAL Network	-	-	The Gramps Web API is a Python REST API for the genealogical research software Gramps. Versions 1.6.0 through 3.11.0 have a path traversal vulnerability (Zip Slip) in the media archive import feature… New	CWE-22 Path Traversal	CVE-2026-40258	2026-04-18 07:16	2026-04-18	Show	GitHub Exploit DB Packet Storm

109	-		-	-	libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where get_byte_inc() in src/oscore/oscore_cbor.c relies solely on assert() for bounds checking, which i… New	CWE-125 Out-of-bounds Read	CVE-2026-29013	2026-04-18 07:16	2026-04-18	Show	GitHub Exploit DB Packet Storm

110	8.8	HIGH Network	chamilo	chamilo_lms	Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController::decodeSettingArray() method uses PHP's eval() to parse platform settings from the database. An at… Update	CWE-95 Eval Injection	CVE-2026-33618	2026-04-18 07:03	2026-04-11	Show	GitHub Exploit DB Packet Storm