Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
224951	4.3	警告	tru-zone	-	Nuke ET のプライベートメッセージ機能におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-1873	2012-12-20 18:52	2008-04-17	Show	GitHub Exploit DB Packet Storm

224952	6.5	警告	scriptsagent	-	Scriptsagent.com Links Directory の links.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-1871	2012-12-20 18:52	2008-04-17	Show	GitHub Exploit DB Packet Storm

224953	7.5	危険	site sift media	-	Site Sift Listings における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-1869	2012-12-20 18:52	2008-04-17	Show	GitHub Exploit DB Packet Storm

224954	7.5	危険	pixel motion	-	Blog Pixel Motion の admin/sauvBase.php における重要な情報を含む blogPM.sql ファイルの結果を取得される脆弱性	CWE-287 不適切な認証	CVE-2008-1868	2012-12-20 18:52	2008-04-17	Show	GitHub Exploit DB Packet Storm

224955	7.5	危険	pixel motion	-	Blog Pixel Motion における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-1867	2012-12-20 18:52	2008-04-17	Show	GitHub Exploit DB Packet Storm

224956	9	危険	pixel motion	-	Blog Pixel Motion の admin/modif_config.php における任意の PHP スクリプトをアップロードされる脆弱性	CWE-94 コード・インジェクション	CVE-2008-1866	2012-12-20 18:52	2008-04-17	Show	GitHub Exploit DB Packet Storm

224957	7.5	危険	prozilla	-	Prozilla Freelancers の project.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-1864	2012-12-20 18:52	2008-04-17	Show	GitHub Exploit DB Packet Storm

224958	7.5	危険	prozilla	-	Prozilla Cheat Script の view_reviews.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-1863	2012-12-20 18:52	2008-04-17	Show	GitHub Exploit DB Packet Storm

224959	5	警告	SmarterTools Inc.	-	SmarterMail の SmarterMail Web Server におけるサービス運用妨害 (DoS) の脆弱性	CWE-DesignError	CVE-2008-1854	2012-12-20 18:52	2008-04-16	Show	GitHub Exploit DB Packet Storm

224960	4.3	警告	SAP	-	SAP NetWeaver のデフォルト設定におけるクロスサイトスクリプティング攻撃を実行される脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-1846	2012-12-20 18:52	2008-04-16	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:April 26, 2026, 4:08 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1431	8.8	HIGH Network	-	-	Vvveb CMS 1.0.8 contains a remote code execution vulnerability in its media upload handler that allows authenticated attackers to execute arbitrary operating system commands by uploading a PHP webshe…	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2026-6249	2026-04-22 01:19	2026-04-21	Show	GitHub Exploit DB Packet Storm

1432	9.1	CRITICAL Network	-	-	Vvveb CMS v1.0.8 contains a remote code execution vulnerability in its media management functionality where a missing return statement in the file rename handler allows authenticated attackers to ren…	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2026-6257	2026-04-22 01:19	2026-04-21	Show	GitHub Exploit DB Packet Storm

1433	8.8	HIGH Network	apache	airflow	An example of BashOperator in Airflow documentation suggested a way of passing dag_run.conf in the way that could cause unsanitized user input to be used to escalate privileges of UI user to allow ex…	CWE-77 Command Injection	CVE-2026-30898	2026-04-21 23:43	2026-04-18	Show	GitHub Exploit DB Packet Storm

1434	7.5	HIGH Network	apache	airflow	In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/expose_stack_traces" was set to false. That could lead to exposing additional information to potential attacker.…	CWE-668 Exposure of Resource to Wrong Sphere	CVE-2026-30912	2026-04-21 23:42	2026-04-18	Show	GitHub Exploit DB Packet Storm

1435	3.7	LOW Network	apache	airflow	Secrets in Variables saved as JSON dictionaries were not properly redacted - in case thee variables were retrieved by the user the secrets stored as nested fields were not masked. If you do not stor…	CWE-668 Exposure of Resource to Wrong Sphere	CVE-2026-32690	2026-04-21 23:41	2026-04-18	Show	GitHub Exploit DB Packet Storm

1436	6.6	MEDIUM Local	dell	powerscale_onefs	Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit th…	CWE-532 Inclusion of Sensitive Information in Log Files	CVE-2025-43937	2026-04-21 23:33	2026-04-17	Show	GitHub Exploit DB Packet Storm

1437	4.4	MEDIUM Local	dell	powerscale_onefs	Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release vulnerability. A high privileged attacker with local access could potentially exploit this vulnera…	CWE-404 Improper Resource Shutdown or Release	CVE-2025-43935	2026-04-21 23:32	2026-04-17	Show	GitHub Exploit DB Packet Storm

1438	9.1	CRITICAL Network	-	-	OpenViking prior to version 0.3.9 contains an authentication bypass vulnerability in the VikingBot OpenAPI HTTP route surface where the authentication check fails open when the api_key configuration …	CWE-636 Not Failing Securely ('Failing Open')	CVE-2026-40525	2026-04-21 23:16	2026-04-18	Show	GitHub Exploit DB Packet Storm

1439	7.5	HIGH Network	free5gc	free5gc	free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the UDR service, the handler for deleting Traffic Influence Subscriptions checks whether the influenceI…	CWE-285 Improper Authorization	CVE-2026-40246	2026-04-21 22:55	2026-04-17	Show	GitHub Exploit DB Packet Storm

1440	7.5	HIGH Network	free5gc	free5gc	free5GC is an open-source implementation of the 5G core network. In versions 4.2.1 and below of the UDR service, the handler for reading Traffic Influence Subscriptions checks whether the influenceId…	CWE-285 CWE-636 Improper Authorization Not Failing Securely ('Failing Open')	CVE-2026-40247	2026-04-21 22:53	2026-04-17	Show	GitHub Exploit DB Packet Storm