Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
224111 7.5 危険 slimcms - SlimCMS の edit.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-5491 2012-12-20 18:52 2008-12-12 Show GitHub Exploit DB Packet Storm
224112 7.5 危険 phpstore - PHPStore Yahoo Answers の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-5490 2012-12-20 18:52 2008-12-12 Show GitHub Exploit DB Packet Storm
224113 4.3 警告 turnkeyforms - TurnkeyForms Text Link Sales の admin.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-5487 2012-12-20 18:52 2008-12-12 Show GitHub Exploit DB Packet Storm
224114 7.5 危険 turnkeyforms - TurnkeyForms Text Link Sales の admin.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-5486 2012-12-20 18:52 2008-12-12 Show GitHub Exploit DB Packet Storm
224115 4.3 警告 PunBB - PunBB の moderate.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-5435 2012-12-20 18:52 2008-12-11 Show GitHub Exploit DB Packet Storm
224116 6.5 警告 PunBB - PunBB における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-5434 2012-12-20 18:52 2008-12-11 Show GitHub Exploit DB Packet Storm
224117 4.3 警告 PunBB - PunBB の login.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-5433 2012-12-20 18:52 2008-12-11 Show GitHub Exploit DB Packet Storm
224118 4.3 警告 シマンテック - Norton Internet Security の Norton Antivirus におけるサービス運用妨害 (DoS) の脆弱性 CWE-399
リソース管理の問題 		CVE-2008-5427 2012-12-20 18:52 2008-12-11 Show GitHub Exploit DB Packet Storm
224119 4.3 警告 サン・マイクロシステムズ - Sun Sun Ray Server Software などにおける Sun Ray 管理者パスワードを特定される脆弱性 CWE-200
情報漏えい 		CVE-2008-5423 2012-12-20 18:52 2008-12-4 Show GitHub Exploit DB Packet Storm
224120 7.5 危険 サン・マイクロシステムズ - Sun Sun Ray Server Software における Sun Ray 管理者パスワードを特定される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2008-5422 2012-12-20 18:52 2008-12-4 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 18, 2026, 4:11 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1811 9.1 CRITICAL
Network 		- - Solstice::Session versions through 1440 for Perl generates session ids insecurely. The _generateSessionID method returns an MD5 digest seeded by the epoch time, a random hash reference, a call to th… CWE-338
CWE-340
 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
 Generation of Predictable Numbers or Identifiers 		CVE-2026-5085 2026-04-14 01:16 2026-04-13 Show GitHub Exploit DB Packet Storm
1812 3.7 LOW
Network 		- - phpseclib is a PHP secure communications library. Prior to 3.0.51, 2.0.53, and 1.0.28, phpseclib\Net\SSH2::get_binary_packet() uses PHP's != operator to compare a received SSH packet HMAC against the… CWE-208
 Information Exposure Through Timing Discrepancy 		CVE-2026-40194 2026-04-14 01:16 2026-04-11 Show GitHub Exploit DB Packet Storm
1813 - - - PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, web_crawl's httpx fallback path passes user-supplied URLs directly to httpx.AsyncClient.get() with follow_redirects=True and no host v… CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-40160 2026-04-14 01:16 2026-04-11 Show GitHub Exploit DB Packet Storm
1814 7.8 HIGH
Local 		- - PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI automatically loads a file named tools.py from the current working directory to discover and register custom agent tools. This loa… CWE-94
CWE-426
CWE-829
Code Injection
 Untrusted Search Path
 Inclusion of Functionality from Untrusted Control Sphere 		CVE-2026-40156 2026-04-14 01:16 2026-04-11 Show GitHub Exploit DB Packet Storm
1815 7.4 HIGH
Network 		- - PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the execute_command function in shell_tools.py calls os.path.expandvars() on every command argument at line 64, manually re-implementi… CWE-526
 Cleartext Storage of Sensitive Information in an Environment Variable 		CVE-2026-40153 2026-04-14 01:16 2026-04-10 Show GitHub Exploit DB Packet Storm
1816 7.9 HIGH
Local 		- - PraisonAI is a multi-agent teams system. Prior to 4.5.128, the gateway's /api/approval/allow-list endpoint permits unauthenticated modification of the tool approval allowlist when no auth_token is co… CWE-396
CVE-2026-40149 2026-04-14 01:16 2026-04-10 Show GitHub Exploit DB Packet Storm
1817 - - - PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he memory hooks executor in praisonaiagents passes a user-controlled command string directly to subprocess.run() with shell=True at sr… CWE-78
OS Command  		CVE-2026-40111 2026-04-14 01:16 2026-04-10 Show GitHub Exploit DB Packet Storm
1818 8.1 HIGH
Network 		- - BSV Ruby SDK is the Ruby SDK for the BSV blockchain. From 0.3.1 to before 0.8.2, BSV::Wallet::WalletClient#acquire_certificate persists certificate records to storage without verifying the certifier'… CWE-347
 Improper Verification of Cryptographic Signature 		CVE-2026-40070 2026-04-14 01:16 2026-04-10 Show GitHub Exploit DB Packet Storm
1819 5.3 MEDIUM
Network 		- - Insertion of Sensitive Information Into Sent Data vulnerability in Ateeq Rafeeq RepairBuddy computer-repair-shop allows Retrieve Embedded Sensitive Data.This issue affects RepairBuddy: from n/a throu… CWE-201
 Insertion of Sensitive Information Into Sent Data 		CVE-2026-39586 2026-04-14 01:16 2026-04-8 Show GitHub Exploit DB Packet Storm
1820 5.3 MEDIUM
Network 		- - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Themefic Instantio instantio allows Retrieve Embedded Sensitive Data.This issue affects Instantio: from n/a… CWE-497
 Exposure of Sensitive System Information to an Unauthorized Control Sphere 		CVE-2026-39571 2026-04-14 01:16 2026-04-8 Show GitHub Exploit DB Packet Storm