Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
224271	5	警告	php-daily	-	PHP-Daily の download_file.php におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2008-4758	2012-12-20 18:52	2008-10-27	Show	GitHub Exploit DB Packet Storm

224272	7.5	危険	php-daily	-	PHP-Daily における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-4757	2012-12-20 18:52	2008-10-27	Show	GitHub Exploit DB Packet Storm

224273	4.3	警告	php-daily	-	PHP-Daily の add_prest_date.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-4756	2012-12-20 18:52	2008-10-27	Show	GitHub Exploit DB Packet Storm

224274	7.5	危険	pozscripts	-	PozScripts Classified Auctions Script の gotourl.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-4755	2012-12-20 18:52	2008-10-27	Show	GitHub Exploit DB Packet Storm

224275	5.8	警告	scripts-for-sites	-	SFS Ez Forum の forum.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-4754	2012-12-20 18:52	2008-10-27	Show	GitHub Exploit DB Packet Storm

224276	7.5	危険	tech logic	-	TlNews における認証を回避される脆弱性	CWE-287 不適切な認証	CVE-2008-4752	2012-12-20 18:52	2008-10-27	Show	GitHub Exploit DB Packet Storm

224277	7.5	危険	uniwin	-	Uniwin eCart Professional における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-4746	2012-12-20 18:52	2008-10-27	Show	GitHub Exploit DB Packet Storm

224278	4.3	警告	uniwin	-	Uniwin eCart Professional の emailFriend.asp におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-4745	2012-12-20 18:52	2008-10-27	Show	GitHub Exploit DB Packet Storm

224279	7.5	危険	quidascript	-	QuidaScript FAQ Management Script の index.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-4743	2012-12-20 18:52	2008-10-27	Show	GitHub Exploit DB Packet Storm

224280	4.3	警告	timetrex	-	TimeTrex の interface/Login.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-4742	2012-12-20 18:52	2008-10-27	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:April 21, 2026, 4:10 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1471	6.5	MEDIUM Network	redaxo	redaxo	Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by tricking authenticated administrators into visiting …	CWE-352 Origin Validation Error	CVE-2016-20053	2026-04-15 04:08	2026-04-4	Show	GitHub Exploit DB Packet Storm

1472	9.8	CRITICAL Network	snewscms	snews	Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snews_files directory. Attackers can …	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2016-20052	2026-04-15 04:05	2026-04-4	Show	GitHub Exploit DB Packet Storm

1473	4.3	MEDIUM Network	snewscms	snews	Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials without authentication by crafting malicious HTML forms. Attackers can tric…	CWE-352 Origin Validation Error	CVE-2016-20051	2026-04-15 04:04	2026-04-4	Show	GitHub Exploit DB Packet Storm

1474	5.5	MEDIUM Local	mcafee	netschedscan	NetSchedScan 1.0 contains a buffer overflow vulnerability in the scan Hostname/IP field that allows local attackers to crash the application by supplying an oversized input string. Attackers can past…	CWE-787 Out-of-bounds Write	CVE-2016-20050	2026-04-15 04:03	2026-04-4	Show	GitHub Exploit DB Packet Storm

1475	6.1	MEDIUM Network	electronjs	electron	Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 39.0.0-alpha.1 to before 39.8.0, 40.0.0-alpha.1 to before 40.7.0, and 41.0.0-alph…	CWE-668 CWE-1188 Exposure of Resource to Wrong Sphere Insecure Default Initialization of Resource	CVE-2026-34780	2026-04-15 04:02	2026-04-4	Show	GitHub Exploit DB Packet Storm

1476	9.1	CRITICAL Network	adobe	commerce commerce_b2b magento	Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Improper Input Validation vulnerability. A successful attacker can abuse this …	CWE-20 Improper Input Validation	CVE-2025-54236	2026-04-15 04:00	2025-09-9	Show	GitHub Exploit DB Packet Storm

1477	10.0	CRITICAL Network	praison	praisonai	PraisonAI is a multi-agent teams system. Prior to version 4.5.97, SubprocessSandbox in all modes (BASIC, STRICT, NETWORK_ISOLATED) calls subprocess.run() with shell=True and relies solely on string-p…	CWE-78 OS Command	CVE-2026-34955	2026-04-15 03:56	2026-04-4	Show	GitHub Exploit DB Packet Storm

1478	7.8	HIGH Local	electronjs	electron	Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, on macOS, app.moveToApplicationsFo…	CWE-78 OS Command	CVE-2026-34779	2026-04-15 03:55	2026-04-4	Show	GitHub Exploit DB Packet Storm

1479	5.4	MEDIUM Network	opensourcepos	open_source_point_of_sale	Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Prior to 3.4.3, a Stored Cross-Site Scripting (XSS) vulnerability exists in the Daily Sa…	CWE-79 Cross-site Scripting	CVE-2026-32712	2026-04-15 03:45	2026-04-8	Show	GitHub Exploit DB Packet Storm

1480	7.5	HIGH Network	opentelemetry	opentelemetry	OpenTelemetry-Go is the Go implementation of OpenTelemetry. From 1.36.0 to 1.40.0, multi-value baggage: header extraction parses each header field-value independently and aggregates members across va…	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2026-29181	2026-04-15 03:45	2026-04-8	Show	GitHub Exploit DB Packet Storm