Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
223561 7.5 危険 riotpix - RiotPix の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2009-0109 2012-12-20 19:10 2009-01-9 Show GitHub Exploit DB Packet Storm
223562 7.5 危険 phpauctions - PHPAuctions における管理者アクセス権を取得される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2009-0108 2012-12-20 19:10 2009-01-9 Show GitHub Exploit DB Packet Storm
223563 4.3 警告 phpauctions - PHPAuctions の profile.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2009-0107 2012-12-20 19:10 2009-01-9 Show GitHub Exploit DB Packet Storm
223564 7.5 危険 phpauctions - PHPAuctions の profile.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2009-0106 2012-12-20 19:10 2009-01-9 Show GitHub Exploit DB Packet Storm
223565 4.3 警告 se-ed - EZpack の index.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2009-0105 2012-12-20 19:10 2009-01-9 Show GitHub Exploit DB Packet Storm
223566 7.5 危険 se-ed - EZpack の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2009-0104 2012-12-20 19:10 2009-01-9 Show GitHub Exploit DB Packet Storm
223567 7.5 危険 playSMS - playSMS における PHP リモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2009-0103 2012-12-20 19:10 2009-01-9 Show GitHub Exploit DB Packet Storm
223568 10 危険 The phpMyAdmin Project - phpMyAdmin の libraries/File.class.php における脆弱性 CWE-310
暗号の問題 		CVE-2008-7252 2012-12-20 19:10 2010-01-15 Show GitHub Exploit DB Packet Storm
223569 10 危険 The phpMyAdmin Project - phpMyAdmin の libraries/File.class.php における脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2008-7251 2012-12-20 19:10 2010-01-19 Show GitHub Exploit DB Packet Storm
223570 9 危険 シマンテック - Symantec Brightmail Gateway Appliance の Control Center における権限を取得される脆弱性 CWE-noinfo
情報不足 		CVE-2009-0064 2012-12-20 19:10 2009-04-23 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 19, 2026, 4:09 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1781 3.1 LOW
Network 		libssh
redhat 		libssh
enterprise_linux 		A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malformed 'longname' field within an `SSH_FXP_NAME` message during a file listin… CWE-476
 NULL Pointer Dereference 		CVE-2026-0968 2026-04-14 05:15 2026-03-27 Show GitHub Exploit DB Packet Storm
1782 3.1 LOW
Network 		libssh
redhat 		libssh
enterprise_linux 		Se encontró una falla en libssh en la que un servidor SFTP (Protocolo de Transferencia de Archivos SSH) malicioso puede explotar esto enviando un campo 'longname' malformado dentro de un mensaje 'SSH… CWE-476
 NULL Pointer Dereference 		CVE-2026-0968 2026-04-14 05:15 2026-03-27 Show GitHub Exploit DB Packet Storm
1783 6.5 MEDIUM
Network 		openclaw openclaw OpenClaw before 2026.3.24 contains a privilege escalation vulnerability where the /allowlist command fails to re-validate gateway client scopes for internal callers, allowing operator.write-scoped cl… CWE-862
 Missing Authorization 		CVE-2026-35621 2026-04-14 05:14 2026-04-11 Show GitHub Exploit DB Packet Storm
1784 8.8 HIGH
Network 		openclaw openclaw OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing attackers to inject arbitrary instructions. Untrusted pages can invoke the canvas bridge to execut… CWE-940
 Improper Verification of Source of a Communication Channel 		CVE-2026-35643 2026-04-14 04:59 2026-04-11 Show GitHub Exploit DB Packet Storm
1785 6.5 MEDIUM
Network 		linkwhisper link_whisper The Link Whisper Free WordPress plugin before 0.9.1 has a publicly accessible REST endpoint that allows unauthenticated settings updates. CWE-306
Missing Authentication for Critical Function 		CVE-2026-1900 2026-04-14 04:52 2026-04-7 Show GitHub Exploit DB Packet Storm
1786 6.3 MEDIUM
Adjacent 		openclaw openclaw OpenClaw before 2026.3.22 contains a service discovery vulnerability where TXT metadata from Bonjour and DNS-SD could influence CLI routing even when actual service resolution failed. Attackers can e… CWE-345
 Insufficient Verification of Data Authenticity 		CVE-2026-35659 2026-04-14 04:21 2026-04-11 Show GitHub Exploit DB Packet Storm
1787 8.8 HIGH
Network 		- - A vulnerability was determined in Tenda F456 1.0.0.5. The affected element is the function formwebtypelibrary of the file /goform/webtypelibrary. This manipulation of the argument menufacturer/Go cau… CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error') 
Stack-based Buffer Overflow 		CVE-2026-6200 2026-04-14 04:16 2026-04-14 Show GitHub Exploit DB Packet Storm
1788 8.8 HIGH
Network 		- - A vulnerability was found in Tenda F456 1.0.0.5. Impacted is the function fromqossetting of the file /goform/qossetting. The manipulation of the argument page results in stack-based buffer overflow. … CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error') 
Stack-based Buffer Overflow 		CVE-2026-6199 2026-04-14 04:16 2026-04-14 Show GitHub Exploit DB Packet Storm
1789 8.8 HIGH
Network 		- - A vulnerability has been found in Tenda F456 1.0.0.5. This issue affects the function fromNatStaticSetting of the file /goform/NatStaticSetting. The manipulation of the argument page leads to stack-b… CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error') 
Stack-based Buffer Overflow 		CVE-2026-6198 2026-04-14 04:16 2026-04-14 Show GitHub Exploit DB Packet Storm
1790 7.2 HIGH
Network 		- - Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN user to bypass Workplace/Connect Tunnel TOTP authentication. CWE-176
 Improper Handling of Unicode Encoding 		CVE-2026-4116 2026-04-14 04:16 2026-04-10 Show GitHub Exploit DB Packet Storm