Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
231581 5 警告 herongyang - hyBook Guestbook Script におけるパスワードを含むデータベースをダウンロードされる脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2008-6008 2012-09-25 17:26 2009-01-30 Show GitHub Exploit DB Packet Storm
231582 7.5 危険 minbank - minba における PHP リモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2008-6006 2012-09-25 17:26 2009-01-30 Show GitHub Exploit DB Packet Storm
231583 7.8 危険 ocp2 - OCP の admin/fileKontrola/browser.asp における絶対パストラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2008-5997 2012-09-25 17:26 2009-01-28 Show GitHub Exploit DB Packet Storm
231584 7.5 危険 jetik - Jetik ESA における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-5992 2012-09-25 17:26 2009-01-28 Show GitHub Exploit DB Packet Storm
231585 7.5 危険 mailwatch - MailScanner 用の MailWatch におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2008-5991 2012-09-25 17:26 2009-01-28 Show GitHub Exploit DB Packet Storm
231586 7.5 危険 jadu - Government 用の Jadu CMS における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-5988 2012-09-25 17:26 2009-01-28 Show GitHub Exploit DB Packet Storm
231587 5 警告 pacos drivers - PacPoll におけるデータベースをダウンロードされる脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2008-5981 2012-09-25 17:26 2009-01-26 Show GitHub Exploit DB Packet Storm
231588 5 警告 ocean12 technologies - Ocean12 Mailing List Manager Gold におけるデータベースをダウンロードされる脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2008-5980 2012-09-25 17:26 2009-01-26 Show GitHub Exploit DB Packet Storm
231589 4.3 警告 ocean12 technologies - Ocean12 Mailing List Manager Gold の default.asp におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-5979 2012-09-25 17:26 2009-01-26 Show GitHub Exploit DB Packet Storm
231590 7.5 危険 ocean12 technologies - Ocean12 Mailing List Manager Gold における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-5978 2012-09-25 17:26 2009-01-26 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 26, 2026, 4:08 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
781 5.3 MEDIUM
Network 		wwbn avideo WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/getCaptcha.php` accepts the CAPTCHA length (`ql`) directly from the query string with no clamping or sanitization, l… New CWE-804
 Guessable CAPTCHA 		CVE-2026-40935 2026-04-24 00:50 2026-04-22 Show GitHub Exploit DB Packet Storm
782 7.8 HIGH
Local 		node-modules compressing Compressing is a compressing and uncompressing lib for node. Prior to 2.1.1 and 1.10.5, the patch for CVE-2026-24884 relies on a purely logical string validation within the isPathWithinParent utility… New CWE-59
Link Following 		CVE-2026-40931 2026-04-24 00:49 2026-04-22 Show GitHub Exploit DB Packet Storm
783 5.4 MEDIUM
Network 		wwbn avideo WWBN AVideo is an open source video platform. In versions 29.0 and prior, multiple AVideo JSON endpoints under `objects/` accept state-changing requests via `$_REQUEST`/`$_GET` and persist changes ti… New CWE-352
 Origin Validation Error 		CVE-2026-40928 2026-04-24 00:49 2026-04-22 Show GitHub Exploit DB Packet Storm
784 5.4 MEDIUM
Network 		wwbn avideo WWBN AVideo is an open source video platform. In versions 29.0 and prior, `objects/commentDelete.json.php` is a state-mutating JSON endpoint that deletes comments but performs no CSRF validation. It … New CWE-352
 Origin Validation Error 		CVE-2026-40929 2026-04-24 00:48 2026-04-22 Show GitHub Exploit DB Packet Storm
785 7.1 HIGH
Network 		wwbn avideo WWBN AVideo is an open source video platform. In versions 29.0 and prior, three admin-only JSON endpoints — `objects/categoryAddNew.json.php`, `objects/categoryDelete.json.php`, and `objects/pluginRu… New CWE-352
 Origin Validation Error 		CVE-2026-40926 2026-04-24 00:48 2026-04-22 Show GitHub Exploit DB Packet Storm
786 9.9 CRITICAL
Network 		flowiseai flowise Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, due to unsafe serialization of stdio commands in the MCP adapter, an authenticated attacker ca… New CWE-78
OS Command  		CVE-2026-40933 2026-04-24 00:40 2026-04-22 Show GitHub Exploit DB Packet Storm
787 7.1 HIGH
Local 		apktool apktool Apktool is a tool for reverse engineering Android APK files. In versions 3.0.0 and 3.0.1, a path traversal vulnerability in `brut/androlib/res/decoder/ResFileDecoder.java` allows a maliciously crafte… New CWE-22
Path Traversal 		CVE-2026-39973 2026-04-24 00:39 2026-04-21 Show GitHub Exploit DB Packet Storm
788 9.1 CRITICAL
Network 		- - Jellystat is a free and open source Statistics App for Jellyfin. Prior to version 1.1.10, multiple API endpoints in Jellystat build SQL queries by interpolating unsanitized request-body fields direct… New CWE-89
SQL Injection 		CVE-2026-41167 2026-04-24 00:37 2026-04-23 Show GitHub Exploit DB Packet Storm
789 9.1 CRITICAL
Network 		- - EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, EspoCRM's built-in formula scripting engine allowing updating attachment's sourceId thus allowing an au… New CWE-22
Path Traversal 		CVE-2026-33656 2026-04-24 00:37 2026-04-23 Show GitHub Exploit DB Packet Storm
790 7.5 HIGH
Network 		gnu glibc Calling the ungetwc function on a FILE stream with wide characters encoded in a character set that has overlaps between its single byte and multi-byte character encodings, in the GNU C Library versio… New CWE-127
 Buffer Under-read 		CVE-2026-5928 2026-04-24 00:33 2026-04-21 Show GitHub Exploit DB Packet Storm