Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
224231	7.5	危険	w1n78	-	e107 用の Lyrics プラグインにおける SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-4906	2012-12-20 18:52	2008-11-3	Show	GitHub Exploit DB Packet Storm

224232	5	警告	typosphere	-	Typo におけるパスワードを推測される脆弱性	CWE-310 暗号の問題	CVE-2008-4905	2012-12-20 18:52	2008-11-3	Show	GitHub Exploit DB Packet Storm

224233	6	警告	typosphere	-	Typo の "ページを管理する" 機能における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-4904	2012-12-20 18:52	2008-11-3	Show	GitHub Exploit DB Packet Storm

224234	4.3	警告	typosphere	-	Typo のコメントを残す機能におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-4903	2012-12-20 18:52	2008-11-3	Show	GitHub Exploit DB Packet Storm

224235	7.5	危険	scripts frenzy	-	Article Publisher Pro の contact_author.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-4902	2012-12-20 18:52	2008-11-3	Show	GitHub Exploit DB Packet Storm

224236	7.5	危険	scripts frenzy	-	Article Publisher Pro の admin/admin.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-4901	2012-12-20 18:52	2008-11-3	Show	GitHub Exploit DB Packet Storm

224237	9.3	危険	SAP	-	SAP GUI の KWEdit ActiveX コントロールにおける任意のファイルを上書きされる脆弱性	CWE-Other その他	CVE-2008-4830	2012-12-20 18:52	2009-04-16	Show	GitHub Exploit DB Packet Storm

224238	7.5	危険	YourFreeWorld.com	-	YourFreeWorld Classifieds Blaster Script の tr.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-4900	2012-12-20 18:52	2008-11-3	Show	GitHub Exploit DB Packet Storm

224239	6.8	警告	planetluc	-	Planetluc RateMe におけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2008-4899	2012-12-20 18:52	2008-11-3	Show	GitHub Exploit DB Packet Storm

224240	4.3	警告	planetluc	-	planetluc RateMe におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-4898	2012-12-20 18:52	2008-11-3	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:April 22, 2026, 4 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1471	6.5	MEDIUM Network	redaxo	redaxo	Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by tricking authenticated administrators into visiting …	CWE-352 Origin Validation Error	CVE-2016-20053	2026-04-15 04:08	2026-04-4	Show	GitHub Exploit DB Packet Storm

1472	9.8	CRITICAL Network	snewscms	snews	Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snews_files directory. Attackers can …	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2016-20052	2026-04-15 04:05	2026-04-4	Show	GitHub Exploit DB Packet Storm

1473	4.3	MEDIUM Network	snewscms	snews	Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials without authentication by crafting malicious HTML forms. Attackers can tric…	CWE-352 Origin Validation Error	CVE-2016-20051	2026-04-15 04:04	2026-04-4	Show	GitHub Exploit DB Packet Storm

1474	5.5	MEDIUM Local	mcafee	netschedscan	NetSchedScan 1.0 contains a buffer overflow vulnerability in the scan Hostname/IP field that allows local attackers to crash the application by supplying an oversized input string. Attackers can past…	CWE-787 Out-of-bounds Write	CVE-2016-20050	2026-04-15 04:03	2026-04-4	Show	GitHub Exploit DB Packet Storm

1475	6.1	MEDIUM Network	electronjs	electron	Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 39.0.0-alpha.1 to before 39.8.0, 40.0.0-alpha.1 to before 40.7.0, and 41.0.0-alph…	CWE-668 CWE-1188 Exposure of Resource to Wrong Sphere Insecure Default Initialization of Resource	CVE-2026-34780	2026-04-15 04:02	2026-04-4	Show	GitHub Exploit DB Packet Storm

1476	9.1	CRITICAL Network	adobe	commerce commerce_b2b magento	Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this …	CWE-20 Improper Input Validation	CVE-2025-54236	2026-04-15 04:00	2025-09-9	Show	GitHub Exploit DB Packet Storm

1477	10.0	CRITICAL Network	praison	praisonai	PraisonAI is a multi-agent teams system. Prior to version 4.5.97, SubprocessSandbox in all modes (BASIC, STRICT, NETWORK_ISOLATED) calls subprocess.run() with shell=True and relies solely on string-p…	CWE-78 OS Command	CVE-2026-34955	2026-04-15 03:56	2026-04-4	Show	GitHub Exploit DB Packet Storm

1478	7.8	HIGH Local	electronjs	electron	Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, on macOS, app.moveToApplicationsFo…	CWE-78 OS Command	CVE-2026-34779	2026-04-15 03:55	2026-04-4	Show	GitHub Exploit DB Packet Storm

1479	5.4	MEDIUM Network	opensourcepos	open_source_point_of_sale	Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Daily Sa…	CWE-79 Cross-site Scripting	CVE-2026-32712	2026-04-15 03:45	2026-04-8	Show	GitHub Exploit DB Packet Storm

1480	7.5	HIGH Network	opentelemetry	opentelemetry	OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across va…	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2026-29181	2026-04-15 03:45	2026-04-8	Show	GitHub Exploit DB Packet Storm