Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
232881	7.5	危険	Invision Power Services, Inc	-	Invision Gallery における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-0421	2012-09-25 16:59	2008-01-23	Show	GitHub Exploit DB Packet Storm

232882	5	警告	Rejetto	-	HFS における設定および利用状況を取得される脆弱性	CWE-287 不適切な認証	CVE-2008-0410	2012-09-25 16:59	2008-01-28	Show	GitHub Exploit DB Packet Storm

232883	4.3	警告	Rejetto	-	HFS におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-0409	2012-09-25 16:59	2008-01-28	Show	GitHub Exploit DB Packet Storm

232884	6.4	警告	Rejetto	-	HFS におけるログファイルに任意のテキストを追加される脆弱性	CWE-287 不適切な認証	CVE-2008-0408	2012-09-25 16:59	2008-01-28	Show	GitHub Exploit DB Packet Storm

232885	5	警告	Rejetto	-	HFS におけるリモートリクエスト発行元の特定を困難にする脆弱性	CWE-287 不適切な認証	CVE-2008-0407	2012-09-25 16:59	2008-01-28	Show	GitHub Exploit DB Packet Storm

232886	5	警告	Rejetto	-	HFS におけるサービス運用妨害 (DoS) の脆弱性	CWE-20 不適切な入力確認	CVE-2008-0406	2012-09-25 16:59	2008-01-28	Show	GitHub Exploit DB Packet Storm

232887	10	危険	Rejetto	-	HFS におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2008-0405	2012-09-25 16:59	2008-01-28	Show	GitHub Exploit DB Packet Storm

232888	4.3	警告	Mantis	-	Mantis におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-0404	2012-09-25 16:59	2008-01-23	Show	GitHub Exploit DB Packet Storm

232889	6	警告	IBM	-	IBM WebSphere Business Modeler Basic and Advanced におけるリポジトリリソースを削除される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2008-0402	2012-09-25 16:59	2008-01-23	Show	GitHub Exploit DB Packet Storm

232890	10	危険	IBM	-	IBM TPMfOSD の HTTP サーバにおけるバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2008-0401	2012-09-25 16:59	2008-01-23	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:April 25, 2026, 4:08 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1751	9.6	CRITICAL Network	-	-	NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply …	CWE-20 CWE-22 Improper Input Validation Path Traversal	CVE-2026-39399	2026-04-18 00:38	2026-04-15	Show	GitHub Exploit DB Packet Storm

1752	8.1	HIGH Network	-	-	An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authen…	CWE-863 Incorrect Authorization	CVE-2025-40897	2026-04-18 00:38	2026-04-15	Show	GitHub Exploit DB Packet Storm

1753	8.9	HIGH Network	-	-	A Stored Cross-Site Scripting vulnerability was discovered in the Assets and Nodes functionality due to improper validation of an input parameter. An authenticated user with custom fields privileges …	CWE-79 Cross-site Scripting	CVE-2025-40899	2026-04-18 00:38	2026-04-15	Show	GitHub Exploit DB Packet Storm

1754	9.9	CRITICAL Network	-	-	OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expression injection vulnerabilities in the rules engine that allow arbitrary code execution on the serve…	CWE-94 CWE-917 Code Injection Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')	CVE-2026-39842	2026-04-18 00:38	2026-04-15	Show	GitHub Exploit DB Packet Storm

1755	8.3	HIGH Network	-	-	mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Versions 3.4.0 and prior contain an argument injection vulnerability in the port_forward tool in src/tools/…	CWE-88 Argument Injection	CVE-2026-39884	2026-04-18 00:38	2026-04-15	Show	GitHub Exploit DB Packet Storm

1756	6.9	MEDIUM Network	-	-	Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the serendipity_setCookie() function in include/functions_config.inc.php uses $_SERVER['HTTP_HOST'] without validation as…	CWE-565 Reliance on Cookies without Validation and Integrity Checking	CVE-2026-39963	2026-04-18 00:38	2026-04-15	Show	GitHub Exploit DB Packet Storm

1757	7.2	HIGH Network	-	-	Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the email sending functionality in include/functions.inc.php inserts $_SERVER['HTTP_HOST'] directly into the Message-ID SM…	CWE-113 HTTP Response Splitting	CVE-2026-39971	2026-04-18 00:38	2026-04-15	Show	GitHub Exploit DB Packet Storm

1758	-		-	-	Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (core modules). This vulnerability is associated with program files G3413CTRBl…	CWE-327 Use of a Broken or Risky Cryptographic Algorithm	CVE-2025-14813	2026-04-18 00:38	2026-04-15	Show	GitHub Exploit DB Packet Storm

1759	-		-	-	Improper neutralization of special elements used in an LDAP query ('LDAP injection') vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcprov on all (prov modules). This vulnerability is asso…	CWE-90 LDAP Injection	CVE-2026-0636	2026-04-18 00:38	2026-04-15	Show	GitHub Exploit DB Packet Storm

1760	-		-	-	Impact@fastify/express v4.0.4 and earlier fails to normalize URLs before passing them to Express middleware when Fastify router normalization options are enabled. This allows complete bypass of path-…	CWE-436 Interpretation Conflict	CVE-2026-33808	2026-04-18 00:38	2026-04-15	Show	GitHub Exploit DB Packet Storm