Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
228451 10 危険 PHP Enter - PHP Enter の admin/banners.php における horad.php への任意の PHP コード を実行される脆弱性 CWE-94
コード・インジェクション 		CVE-2012-6046 2012-11-28 14:57 2012-11-27 Show GitHub Exploit DB Packet Storm
228452 4.3 警告 ramui.com - Ramui Forum の gb/user/index.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2012-6045 2012-11-28 14:56 2012-11-27 Show GitHub Exploit DB Packet Storm
228453 10 危険 Joobi - Joomla! 用 Jstore コンポーネントにおけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2010-5286 2012-11-28 14:55 2012-11-26 Show GitHub Exploit DB Packet Storm
228454 6.8 警告 Open Dynamics - Collabtive の admin.php におけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2010-5285 2012-11-28 14:32 2012-11-26 Show GitHub Exploit DB Packet Storm
228455 4.3 警告 Open Dynamics - Collabtive におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2010-5284 2012-11-28 14:31 2012-11-26 Show GitHub Exploit DB Packet Storm
228456 6.8 警告 OpenText - OpenText ECM におけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2010-5283 2012-11-28 14:30 2012-11-26 Show GitHub Exploit DB Packet Storm
228457 4.3 警告 OpenText - OpenText ECM におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2010-5282 2012-11-28 14:29 2012-11-26 Show GitHub Exploit DB Packet Storm
228458 6.8 警告 net4visions - IBrowser TinyMCE プラグインの CMScout 内の ibrowser.php におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2010-5281 2012-11-28 14:27 2012-11-26 Show GitHub Exploit DB Packet Storm
228459 7.5 危険 Joomla-CBE - Joomla! 用 CBE コンポーネントにおけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2010-5280 2012-11-28 14:26 2012-11-26 Show GitHub Exploit DB Packet Storm
228460 4.3 警告 Matthew James - M-Player におけるサービス運用妨害 (クラッシュ) の脆弱性 CWE-20
不適切な入力確認 		CVE-2012-6044 2012-11-28 14:23 2012-11-26 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 25, 2026, 4:08 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
741 6.5 MEDIUM
Network 		- - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rescue Themes Rescue Shortcodes allows Stored XSS.This issue affects Rescue Shortcodes: from n/a … New CWE-79
Cross-site Scripting 		CVE-2025-62110 2026-04-23 23:28 2026-04-23 Show GitHub Exploit DB Packet Storm
742 6.5 MEDIUM
Network 		- - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magepeople inc. Taxi Booking Manager for WooCommerce allows Stored XSS.This issue affects Taxi Bo… New CWE-79
Cross-site Scripting 		CVE-2026-28040 2026-04-23 23:28 2026-04-23 Show GitHub Exploit DB Packet Storm
743 9.9 CRITICAL
Network 		- - Improper Control of Generation of Code ('Code Injection') vulnerability in Funnelforms LLC FunnelFormsPro allows Remote Code Inclusion.This issue affects FunnelFormsPro: from n/a through 3.8.1. New CWE-94
Code Injection 		CVE-2026-39440 2026-04-23 23:28 2026-04-23 Show GitHub Exploit DB Packet Storm
744 7.1 HIGH
Network 		connectwise automate ConnectWise has released a security update for ConnectWise Automate™ that addresses a behavior in the ConnectWise Automate Solution Center where certain client-to-server communications could occur wi… Update CWE-319
Cleartext Transmission of Sensitive Information 		CVE-2026-6066 2026-04-23 23:18 2026-04-21 Show GitHub Exploit DB Packet Storm
745 7.3 HIGH
Network 		fortra goanywhere_managed_file_transfer The login limit is not enforced on the SFTP service of Fortra's GoAnywhere MFT prior to 7.10.0 if the Web User attempting to be logged in to is configured to log in with an SSH Key, making the SSH ke… New CWE-307
mproper Restriction of Excessive Authentication Attempts 		CVE-2025-14362 2026-04-23 23:16 2026-04-22 Show GitHub Exploit DB Packet Storm
746 7.8 HIGH
Local 		- - Insecure Permissions vulnerability in DeepCool DeepCreative v.1.2.12 and before allows a local attacker to execute arbitrary code via a crafted file Update CWE-277
 Insecure Inherited Permissions 		CVE-2026-30266 2026-04-23 23:16 2026-04-21 Show GitHub Exploit DB Packet Storm
747 4.9 MEDIUM
Network 		fortra goanywhere_agents
goanywhere_managed_file_transfer 		Encrypted values in Fortra's GoAnywhere MFT prior to version 7.10.0 and GoAnywhere Agents prior to version 2.2.0 utilize a static IV which allows admin users to brute-force decryption of data. New CWE-326
Inadequate Encryption Strength 		CVE-2025-1241 2026-04-23 23:12 2026-04-22 Show GitHub Exploit DB Packet Storm
748 7.5 HIGH
Network 		vexa vexa Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa transcription-collector service exposes an internal endpoint `GET /internal/… Update CWE-306
CWE-862
Missing Authentication for Critical Function
 Missing Authorization 		CVE-2026-25058 2026-04-23 23:11 2026-04-21 Show GitHub Exploit DB Packet Storm
749 5.8 MEDIUM
Network 		vexa vexa Vexa is an open-source, self-hostable meeting bot API and meeting transcription API. Prior to 0.10.0-260419-1910, the Vexa webhook feature allows authenticated users to configure an arbitrary URL tha… Update CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-25883 2026-04-23 23:10 2026-04-21 Show GitHub Exploit DB Packet Storm
750 4.3 MEDIUM
Network 		fortra goanywhere_managed_file_transfer An improper session timeout issue in Fortra's GoAnywhere MFT prior to version 7.10.0 results in SAML configured Web Users being redirected to the regular login page instead of the SAML login page. New CWE-613
 Insufficient Session Expiration 		CVE-2026-0971 2026-04-23 23:00 2026-04-22 Show GitHub Exploit DB Packet Storm