Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
223081 4.3 警告 XOOPS - XOOPS におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2009-2783 2012-12-20 19:10 2009-08-17 Show GitHub Exploit DB Packet Storm
223082 7.5 危険 sellatsite.com - Smart ASP Survey の showresult.asp における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2009-2776 2012-12-20 19:10 2009-08-14 Show GitHub Exploit DB Packet Storm
223083 7.5 危険 phparcadescript - PHP Arcade Script の linkout.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2009-2775 2012-12-20 19:10 2009-08-14 Show GitHub Exploit DB Packet Storm
223084 7.5 危険 php-paid4mail - PHP Paid 4 Mail Script の paidbanner.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2009-2774 2012-12-20 19:10 2009-08-14 Show GitHub Exploit DB Packet Storm
223085 7.5 危険 shop-020 - PHP Paid 4 Mail Script の home.php における PHP リモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2009-2773 2012-12-20 19:10 2009-08-14 Show GitHub Exploit DB Packet Storm
223086 4.3 警告 realtysoft - PG Roommate Finder Solution におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2009-2772 2012-12-20 19:10 2009-08-14 Show GitHub Exploit DB Packet Storm
223087 7.5 危険 powerupload - PowerUpload における管理者アクセス権を取得される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2009-2770 2012-12-20 19:10 2009-08-14 Show GitHub Exploit DB Packet Storm
223088 6.8 警告 ultrize - Ultrize TimeSheet の include/timesheet.php における PHP リモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2009-2769 2012-12-20 19:10 2009-08-14 Show GitHub Exploit DB Packet Storm
223089 7.5 危険 WordPress.org - WordPress の wp-login.php におけるデータベースの最初のユーザパスワードを強制的にリセットされる脆弱性 CWE-255
証明書・パスワード管理 		CVE-2009-2762 2012-12-20 19:10 2009-08-12 Show GitHub Exploit DB Packet Storm
223090 5.5 警告 Roundup - Roundup の cgi/actions.py におけるクラス内の任意の項目を変更される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2009-2737 2012-12-20 19:10 2009-08-11 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 25, 2026, 4:08 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1321 6.3 MEDIUM
Network 		- - HKUDS OpenHarness prior to PR #159 remediation contains a session key derivation vulnerability that allows authenticated participants in shared chats or threads to hijack other users' sessions by exp… New CWE-287
Improper Authentication 		CVE-2026-6729 2026-04-22 03:16 2026-04-21 Show GitHub Exploit DB Packet Storm
1322 - - - Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions up to and including 8.2.8.2, when LDAP authentication is enabled, Roxy-WI constructs an LDAP search … New CWE-287
Improper Authentication 		CVE-2026-33432 2026-04-22 03:16 2026-04-21 Show GitHub Exploit DB Packet Storm
1323 5.3 MEDIUM
Local 		- - XiangShan (open-source high-performance RISC-V processor) commit edb1dfaf7d290ae99724594507dc46c2c2125384 (2024-11-28) has improper gating of its distributed CSR write-enable path, allowing illegal C… New CWE-284
Improper Access Control 		CVE-2026-29644 2026-04-22 03:16 2026-04-22 Show GitHub Exploit DB Packet Storm
1324 4.5 MEDIUM
Network 		- - A vulnerability in the SQL Box in the admin interface of OTRS leads to an uncontrolled resource consumption leading to a DoS against the webserver. will be killed by the systemThis issue affects OTRS… New CWE-400
CWE-770
 Uncontrolled Resource Consumption
 Allocation of Resources Without Limits or Throttling 		CVE-2026-6060 2026-04-22 01:20 2026-04-21 Show GitHub Exploit DB Packet Storm
1325 4.7 MEDIUM
Local 		- - Cryptographic algorithm downgrade in the caching layer of Amazon AWS Encryption SDK for Python before version 3.3.1 and before version 4.0.5 might allow an authenticated local threat actor to bypass… New CWE-757
Algorithm Downgrade 		CVE-2026-6550 2026-04-22 01:20 2026-04-21 Show GitHub Exploit DB Packet Storm
1326 - - - Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the POST /config/<service>/show API endpoint accepts a configver parameter that is dir… New CWE-24
 Path Traversal: '../filedir' 		CVE-2026-33431 2026-04-22 01:20 2026-04-21 Show GitHub Exploit DB Packet Storm
1327 - - - Potential read out of bounds case with wolfSSHd on Windows while handling a terminal resize request. An authenticated user could trigger the out of bounds read after establishing a connection which w… New CWE-126
 Buffer Over-read 		CVE-2026-0930 2026-04-22 01:20 2026-04-21 Show GitHub Exploit DB Packet Storm
1328 - - - StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9.0.13 and 12.0.0.6 are susceptible to a Information Disclosure vulnerability. Successful exploit could allow an authenticated attacke… New CWE-200
Information Exposure 		CVE-2026-22051 2026-04-22 01:20 2026-04-21 Show GitHub Exploit DB Packet Storm
1329 5.7 MEDIUM
Adjacent 		- - OpenClaw before 2026.4.2 accepts non-loopback cleartext ws:// gateway endpoints and transmits stored gateway credentials over unencrypted connections. Attackers can forge discovery results or craft s… New CWE-319
Cleartext Transmission of Sensitive Information 		CVE-2026-40045 2026-04-22 01:20 2026-04-21 Show GitHub Exploit DB Packet Storm
1330 8.6 HIGH
Local 		- - OpenClaw before 2026.3.28 loads the current working directory .env file before trusted state-dir configuration, allowing environment variable injection. Attackers can place a malicious .env file in a… New CWE-15
 External Control of System or Configuration Setting 		CVE-2026-41294 2026-04-22 01:20 2026-04-21 Show GitHub Exploit DB Packet Storm