Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
228671	4.3	警告	TYPO3 Association	-	TYPO3 のインストールツールにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-3531	2012-11-15 14:26	2012-08-15	Show	GitHub Exploit DB Packet Storm

228672	4.3	警告	TYPO3 Association	-	TYPO3 の t3lib_div::quoteJSvalue API 関数におけるクロスサイトスクリプティングの脆弱性	CWE-Other その他	CVE-2012-3530	2012-11-15 14:25	2012-08-15	Show	GitHub Exploit DB Packet Storm

228673	3.5	注意	TYPO3 Association	-	TYPO3 のバックエンドの configuration モジュールにおける暗号鍵を取得される脆弱性	CWE-200 情報漏えい	CVE-2012-3529	2012-11-15 14:24	2012-08-15	Show	GitHub Exploit DB Packet Storm

228674	4	警告	TYPO3 Association	-	TYPO3 のバックエンドにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-3528	2012-11-15 14:23	2012-08-15	Show	GitHub Exploit DB Packet Storm

228675	4.6	警告	TYPO3 Association	-	TYPO3 のバックエンドのヘルプシステムにおける任意のオブジェクトのシリアル化を解除される脆弱性	CWE-310 暗号の問題	CVE-2012-3527	2012-11-15 14:22	2012-08-15	Show	GitHub Exploit DB Packet Storm

228676	7.5	危険	Zabbix	-	Zabbix の frontends/php/popup_bitem.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2012-3435	2012-11-15 12:09	2012-07-18	Show	GitHub Exploit DB Packet Storm

228677	10	危険	マイクロソフトアドビシステムズ Google	-	Adobe Flash Player および Adobe AIR におけるバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2012-5287	2012-11-14 16:07	2012-11-2	Show	GitHub Exploit DB Packet Storm

228678	10	危険	マイクロソフトアドビシステムズ Google	-	Adobe Flash Player および Adobe AIR におけるバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2012-5286	2012-11-14 16:07	2012-11-2	Show	GitHub Exploit DB Packet Storm

228679	10	危険	マイクロソフトアドビシステムズ Google	-	Adobe Flash Player および Adobe AIR における脆弱性	CWE-noinfo 情報不足	CVE-2012-5673	2012-11-14 16:07	2012-11-2	Show	GitHub Exploit DB Packet Storm

228680	10	危険	マイクロソフトアドビシステムズ Google	-	Adobe Flash Player および Adobe AIR におけるバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2012-5285	2012-11-14 16:06	2012-11-2	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:April 26, 2026, 4:08 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
501	10.0	CRITICAL Network	-	-	Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network. New	CWE-502 Deserialization of Untrusted Data	CVE-2026-33819	2026-04-24 23:41	2026-04-24	Show	GitHub Exploit DB Packet Storm

502	10.0	CRITICAL Network	-	-	Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network. New	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-35431	2026-04-24 23:41	2026-04-24	Show	GitHub Exploit DB Packet Storm

503	5.3	MEDIUM Local	-	-	OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GIT_TEMPLATE_DIR and AWS_CONFIG_FILE are not blocked in the host-env blocklist. Attackers can exploit appro… New	CWE-184 Incomplete Blacklist	CVE-2026-41332	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

504	3.7	LOW Network	-	-	OpenClaw before 2026.3.31 contains an authentication rate limiting bypass vulnerability that allows attackers to circumvent shared authentication protections using fake device tokens. Attackers can e… New	CWE-799 Improper Control of Interaction Frequency	CVE-2026-41333	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

505	6.5	MEDIUM Network	-	-	OpenClaw before 2026.3.31 contains a decompression bomb vulnerability in image processing that fails to properly enforce pixel-limit guards on sips. Attackers can exploit this by uploading oversized … New	CWE-636 Not Failing Securely ('Failing Open')	CVE-2026-41334	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

506	5.3	MEDIUM Network	-	-	OpenClaw before 2026.3.31 contains an information disclosure vulnerability in the Control Interface bootstrap JSON that exposes version and assistant agent identifiers. Attackers can extract sensitiv… New	CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere	CVE-2026-41335	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

507	7.8	HIGH Local	-	-	OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_HOOKS_DIR environment variable, enabling loading of attacker-controlled hook code. Attackers can replace trusted… New	CWE-829 Inclusion of Functionality from Untrusted Control Sphere	CVE-2026-41336	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

508	5.3	MEDIUM Network	-	-	OpenClaw before 2026.3.31 contains a callback origin mutation vulnerability in Plivo voice-call replay that allows attackers to mutate in-process callback origin before replay rejection. Attackers wi… New	CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition	CVE-2026-41337	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

509	5.0	MEDIUM Local	-	-	OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file operations that allows attackers to bypass fd-based defenses. Attackers can exploit check-then-act pattern… New	CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition	CVE-2026-41338	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm

510	4.3	MEDIUM Network	-	-	OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapshots to non-admin authenticated clients. Non-admin clients can recover host-specific filesystem paths… New	CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere	CVE-2026-41339	2026-04-24 23:40	2026-04-24	Show	GitHub Exploit DB Packet Storm