Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
223891	7.8	危険	rakhisoftware	-	RakhiSoftware Price Comparison Script における重要な情報を取得される脆弱性	CWE-200 情報漏えい	CVE-2008-6279	2012-12-20 19:10	2009-02-25	Show	GitHub Exploit DB Packet Storm

223892	4.3	警告	rakhisoftware	-	RakhiSoftware Price Comparison Script の product.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-6278	2012-12-20 19:10	2009-02-25	Show	GitHub Exploit DB Packet Storm

223893	7.5	危険	rakhisoftware	-	RakhiSoftware Price Comparison Script の product.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-6277	2012-12-20 19:10	2009-02-25	Show	GitHub Exploit DB Packet Storm

223894	6.8	警告	tbmnet	-	TBmnetCMS の index.php におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2008-6271	2012-12-20 19:10	2009-02-25	Show	GitHub Exploit DB Packet Storm

223895	7.5	危険	sadi samami	-	WEBBDOMAIN Multi Languages WebShop Online の detail.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-6268	2012-12-20 19:10	2009-02-25	Show	GitHub Exploit DB Packet Storm

223896	7.5	危険	ultrastats	-	Ultrastats の index.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-6260	2012-12-20 19:10	2009-02-24	Show	GitHub Exploit DB Packet Storm

223897	4.3	警告	quadcomm	-	QuadComm Q-Shop の search.asp におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-6259	2012-12-20 19:10	2009-02-24	Show	GitHub Exploit DB Packet Storm

223898	7.5	危険	quadcomm	-	QuadComm Q-Shop の users.asp における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-6258	2012-12-20 19:10	2009-02-24	Show	GitHub Exploit DB Packet Storm

223899	6.5	警告	vBulletin Solutions, Inc.	-	vBulletin の admincp/admincalendar.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-6256	2012-12-20 19:10	2009-02-24	Show	GitHub Exploit DB Packet Storm

223900	6.5	警告	vBulletin Solutions, Inc.	-	vBulletin における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-6255	2012-12-20 19:10	2009-02-24	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:April 16, 2026, 4 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
111	7.8	HIGH Local	-	-	Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of… New	CWE-122 Heap-based Buffer Overflow	CVE-2026-27310	2026-04-15 05:16	2026-04-15	Show	GitHub Exploit DB Packet Storm

112	7.8	HIGH Local	-	-	Photoshop Desktop versions 27.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure… New	CWE-125 Out-of-bounds Read	CVE-2026-27289	2026-04-15 05:16	2026-04-15	Show	GitHub Exploit DB Packet Storm

113	5.5	MEDIUM Local	-	-	Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Divide By Zero vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the a… New	CWE-369 Divide By Zero	CVE-2026-27222	2026-04-15 05:16	2026-04-15	Show	GitHub Exploit DB Packet Storm

114	7.1	HIGH Local	libexif_project	libexif	In libexif through 0.6.25, an unsigned 32bit integer overflow in Nikon MakerNote handling could be used by local attackers to cause crashes or information leaks. This only affects 32bit systems. New	CWE-190 Integer Overflow or Wraparound	CVE-2026-40385	2026-04-15 05:15	2026-04-13	Show	GitHub Exploit DB Packet Storm

115	7.7	HIGH Network	goshs	goshs	goshs is a SimpleHTTPServer written in Go. From 1.0.7 to before 2.0.0-beta.4, the SFTP command rename sanitizes only the source path and not the destination, so it is possible to write outside of the… New	CWE-1314	CVE-2026-40188	2026-04-15 05:15	2026-04-11	Show	GitHub Exploit DB Packet Storm

116	6.5	MEDIUM Network	nearform	fast-jwt	fast-jwt provides fast JSON Web Token (JWT) implementation. From 5.0.0 to 6.2.0, a denial-of-service condition exists in fast-jwt when the allowedAud verification option is configured using a regular… New	CWE-1333 Inefficient Regular Expression Complexity	CVE-2026-35041	2026-04-15 05:15	2026-04-10	Show	GitHub Exploit DB Packet Storm

117	8.2	HIGH Network	opnsense	opnsense	OPNsense is a FreeBSD based firewall and routing platform. Prior to 26.1.6, OPNsense's LDAP authentication connector passes the login username directly into an LDAP search filter without calling ldap… New	CWE-90 LDAP Injection	CVE-2026-34578	2026-04-15 05:14	2026-04-10	Show	GitHub Exploit DB Packet Storm

118	9.9	CRITICAL Network	axios	axios	Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NO_PROXY rules. Requests to loopback… New	CWE-441 CWE-918 Confused Deputy Server-Side Request Forgery (SSRF)	CVE-2025-62718	2026-04-15 05:14	2026-04-10	Show	GitHub Exploit DB Packet Storm

119	7.3	HIGH Network	tandoor	recipes	Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the POST /api/food/{id}/shopping/ endpoint reads amount and unit directly from req… New	CWE-639 CWE-1284 Authorization Bypass Through User-Controlled Key Improper Validation of Specified Quantity in Input	CVE-2026-35489	2026-04-15 05:13	2026-04-8	Show	GitHub Exploit DB Packet Storm

120	7.5	HIGH Network	kagi	fastfeedparser	FastFeedParser is a high performance RSS, Atom and RDF parser. Prior to 0.5.10, when parse() fetches a URL that returns an HTML page containing a <meta http-equiv="refresh"> tag, it recursively calls… New	CWE-674 Uncontrolled Recursion	CVE-2026-39376	2026-04-15 05:12	2026-04-8	Show	GitHub Exploit DB Packet Storm