Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
224241 7.5 危険 YourFreeWorld.com - YourFreeWorld Downline Builder の tr.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-4895 2012-12-20 18:52 2008-11-3 Show GitHub Exploit DB Packet Storm
224242 5.1 警告 Tribal Ltd. - Tribiq CMS の templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2008-4894 2012-12-20 18:52 2008-11-3 Show GitHub Exploit DB Packet Storm
224243 2.6 注意 Tribal Ltd. - Tribiq CMS の templates/mytribiqsite/tribal-GPL-1066/includes/header.inc.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-4893 2012-12-20 18:52 2008-11-3 Show GitHub Exploit DB Packet Storm
224244 4.3 警告 planetluc - Planetluc MyGallery の gallery.inc.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-4892 2012-12-20 18:52 2008-11-3 Show GitHub Exploit DB Packet Storm
224245 4.3 警告 planetluc - Planetluc SignMe の signme.inc.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-4891 2012-12-20 18:52 2008-11-3 Show GitHub Exploit DB Packet Storm
224246 7.5 危険 YourFreeWorld.com - YourFreeWorld Shopping Cart Script の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-4886 2012-12-20 18:52 2008-11-3 Show GitHub Exploit DB Packet Storm
224247 7.5 危険 YourFreeWorld.com - YourFreeWorld Scrolling Text Ads Script の tr1.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-4885 2012-12-20 18:52 2008-11-3 Show GitHub Exploit DB Packet Storm
224248 7.5 危険 YourFreeWorld.com - YourFreeWorld Classifieds Hosting Script の tr.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-4884 2012-12-20 18:52 2008-11-3 Show GitHub Exploit DB Packet Storm
224249 7.5 危険 YourFreeWorld.com - YourFreeWorld Blog Blaster Script の tr.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-4883 2012-12-20 18:52 2008-11-3 Show GitHub Exploit DB Packet Storm
224250 7.5 危険 YourFreeWorld.com - YourFreeWorld Autoresponder Hosting Script の tr.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-4882 2012-12-20 18:52 2008-11-3 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 20, 2026, 4:09 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1501 7.1 HIGH
Network 		lfprojects model_context_protocol_servers In mcp-server-git versions prior to 2025.12.17, the git_diff and git_checkout functions passed user-controlled arguments directly to git CLI commands without sanitization. Flag-like values (e.g., `--… CWE-88
Argument Injection 		CVE-2025-68144 2026-04-15 00:23 2025-12-18 Show GitHub Exploit DB Packet Storm
1502 - - - PraisonAI is a multi-agent teams system. Prior to 4.5.128, cmd_unpack in the recipe CLI extracts .praison tar archives using raw tar.extract() without validating archive member paths. A .praison bund… CWE-22
Path Traversal 		CVE-2026-40157 2026-04-15 00:16 2026-04-11 Show GitHub Exploit DB Packet Storm
1503 7.7 HIGH
Network 		- - PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the web_crawl() function in praisonaiagents/tools/web_crawl_tools.py accepts arbitrary URLs from AI agents with zero validation. No sc… CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-40150 2026-04-15 00:16 2026-04-10 Show GitHub Exploit DB Packet Storm
1504 5.4 MEDIUM
Network 		- - PraisonAI is a multi-agent teams system. Prior to 4.5.128, the Flask API endpoint in src/praisonai/api.py renders agent output as HTML without effective sanitization. The _sanitize_html function reli… CWE-79
Cross-site Scripting 		CVE-2026-40112 2026-04-15 00:16 2026-04-10 Show GitHub Exploit DB Packet Storm
1505 9.6 CRITICAL
Network 		- - Cross-Site Request Forgery (CSRF) vulnerability in mndpsingh287 Theme Editor theme-editor allows Code Injection.This issue affects Theme Editor: from n/a through <= 3.2. CWE-352
 Origin Validation Error 		CVE-2026-39640 2026-04-15 00:16 2026-04-8 Show GitHub Exploit DB Packet Storm
1506 5.4 MEDIUM
Network 		- - Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Portfolio grandportfolio allows Cross Site Request Forgery.This issue affects Grand Portfolio: from n/a through <= 3.3. CWE-352
 Origin Validation Error 		CVE-2026-39634 2026-04-15 00:16 2026-04-8 Show GitHub Exploit DB Packet Storm
1507 6.5 MEDIUM
Network 		- - Cross-Site Request Forgery (CSRF) vulnerability in ThemeGoods Grand Blog grandblog allows Cross Site Request Forgery.This issue affects Grand Blog: from n/a through <= 3.1. CWE-352
 Origin Validation Error 		CVE-2026-39632 2026-04-15 00:16 2026-04-8 Show GitHub Exploit DB Packet Storm
1508 6.4 MEDIUM
Network 		- - Server-Side Request Forgery (SSRF) vulnerability in Getty Images Getty Images getty-images allows Server Side Request Forgery.This issue affects Getty Images: from n/a through <= 4.1.0. CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-39630 2026-04-15 00:16 2026-04-8 Show GitHub Exploit DB Packet Storm
1509 5.3 MEDIUM
Network 		- - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes DukaMarket dukamarket allows Code Injection.This issue affects DukaMarket: from n/a through <… CWE-80
Basic XSS 		CVE-2026-39628 2026-04-15 00:16 2026-04-8 Show GitHub Exploit DB Packet Storm
1510 5.3 MEDIUM
Network 		- - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in kutethemes Armania armania allows Code Injection.This issue affects Armania: from n/a through <= 1.4.8. CWE-80
Basic XSS 		CVE-2026-39626 2026-04-15 00:16 2026-04-8 Show GitHub Exploit DB Packet Storm