Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
224741 6.8 警告 シマンテック - Symantec Altiris Notification Server Agent の GUI における権限を取得される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2008-2794 2012-12-20 18:52 2008-06-17 Show GitHub Exploit DB Packet Storm
224742 6.4 警告 Spamdyke - spamdyke の smtp_filter 関数におけるオープンメールリレーとしてサーバを使用される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2008-2784 2012-12-20 18:52 2008-06-19 Show GitHub Exploit DB Packet Storm
224743 7.5 危険 revokesoft - RevokeBB の Search System における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-2778 2012-12-20 18:52 2008-06-19 Show GitHub Exploit DB Packet Storm
224744 7.5 危険 phpraider - Simple Machines phpRaider の authentication/smf/smf.functions.php における PHP リモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2008-2769 2012-12-20 18:52 2008-06-18 Show GitHub Exploit DB Packet Storm
224745 3.5 注意 xigla - Xigla Poll Manager XE の admin/search.asp におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-2768 2012-12-20 18:52 2008-06-18 Show GitHub Exploit DB Packet Storm
224746 6.5 警告 xigla - Xigla Poll Manager XE の search.asp における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-2767 2012-12-20 18:52 2008-06-18 Show GitHub Exploit DB Packet Storm
224747 4.3 警告 xigla - Xigla Absolute Image Gallery XE におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-2766 2012-12-20 18:52 2008-06-18 Show GitHub Exploit DB Packet Storm
224748 7.5 危険 xigla - Xigla Absolute Image Gallery XE の gallery.asp における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-2765 2012-12-20 18:52 2008-06-18 Show GitHub Exploit DB Packet Storm
224749 3.5 注意 xigla - Xigla Absolute Live Support XE の admin/search.asp におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-2764 2012-12-20 18:52 2008-06-18 Show GitHub Exploit DB Packet Storm
224750 6.5 警告 xigla - Xigla Absolute Live Support XE の search.asp における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-2763 2012-12-20 18:52 2008-06-18 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 25, 2026, 4:08 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
341 - - - Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the oldconfig parameter in the haproxy_section_save interface has an arbitrary file re… New CWE-22
Path Traversal 		CVE-2026-33077 2026-04-24 23:50 2026-04-24 Show GitHub Exploit DB Packet Storm
342 6.4 MEDIUM
Network 		- - Xibo is an open source digital signage platform with a web content management system and Windows display player software. A stored Cross-Site Scripting (XSS) vulnerability in versions prior to 4.4.1 … New CWE-79
Cross-site Scripting 		CVE-2026-31953 2026-04-24 23:50 2026-04-24 Show GitHub Exploit DB Packet Storm
343 4.9 MEDIUM
Network 		- - Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery (SSRF) vulnerability in versions… New CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-31955 2026-04-24 23:50 2026-04-24 Show GitHub Exploit DB Packet Storm
344 4.3 MEDIUM
Network 		- - Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to version 4.4.1, any authenticated user can manually construct a URL t… New CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2026-31956 2026-04-24 23:50 2026-04-24 Show GitHub Exploit DB Packet Storm
345 - - - Kirby is an open-source content management system. Kirby's `Xml::value()` method has special handling for `<![CDATA[ ]]>` blocks. If the input value is already valid `CDATA`, it is not escaped a seco… New CWE-91
Blind XPath Injection 		CVE-2026-32870 2026-04-24 23:50 2026-04-24 Show GitHub Exploit DB Packet Storm
346 - - - Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 8.2.6.4 have a SQL injection vulnerability in the haproxy_section_save function in app/routes/… New CWE-89
SQL Injection 		CVE-2026-33078 2026-04-24 23:50 2026-04-24 Show GitHub Exploit DB Packet Storm
347 4.2 MEDIUM
Network 		- - FreeRDP is a free implementation of the Remote Desktop Protocol. Versions prior to 3.25.0 have an off-by-one in the path traversal filter in `channels/drive/client/drive_file.c`. The `contains_dotdot… New CWE-193
 Off-by-one Error 		CVE-2026-40254 2026-04-24 23:50 2026-04-24 Show GitHub Exploit DB Packet Storm
348 - - - Kirby is an open-source content management system. Prior to versions 4.9.0 and 5.4.0, Kirby's user permissions control which user role is allowed to perform specific actions to content models in the … New CWE-1336
 Improper Neutralization of Special Elements Used in a Template Engine 		CVE-2026-34587 2026-04-24 23:50 2026-04-24 Show GitHub Exploit DB Packet Storm
349 - - - Kirby is an open-source content management system. Kirby's user permissions control which user role is allowed to perform specific actions to content models in the CMS. These permissions are defined … New CWE-863
 Incorrect Authorization 		CVE-2026-40099 2026-04-24 23:50 2026-04-24 Show GitHub Exploit DB Packet Storm
350 - - - Kirby is an open-source content management system. Kirby's user permissions control which user role is allowed to perform specific actions to content models in the CMS. These permissions are defined … New CWE-863
 Incorrect Authorization 		CVE-2026-41325 2026-04-24 23:50 2026-04-24 Show GitHub Exploit DB Packet Storm