Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
233171 7.8 危険 justin hagstrom - Justin Hagstrom AutoIndex PHP Scrpit の classes/Url.php におけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認 		CVE-2007-5984 2012-09-25 16:59 2007-11-14 Show GitHub Exploit DB Packet Storm
233172 4.3 警告 justin hagstrom - Justin Hagstrom AutoIndex PHP Script におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2007-5983 2012-09-25 16:59 2007-11-14 Show GitHub Exploit DB Packet Storm
233173 3.3 注意 Lantronix, Inc. - Lantronix SCS3200 におけるサービス運用妨害 (DoS) の脆弱性 CWE-Other
その他 		CVE-2007-5981 2012-09-25 16:59 2007-11-14 Show GitHub Exploit DB Packet Storm
233174 7.5 危険 jportal - JPortal の mailer.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2007-5974 2012-09-25 16:59 2007-11-14 Show GitHub Exploit DB Packet Storm
233175 7.5 危険 jportal - JPortal の articles.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2007-5973 2012-09-25 16:59 2007-11-14 Show GitHub Exploit DB Packet Storm
233176 9 危険 MIT Kerberos - krb5 の lib/kdb/kdb_default.c におけるメモリ二重解放の脆弱性 CWE-119
バッファエラー 		CVE-2007-5972 2012-09-25 16:59 2007-12-5 Show GitHub Exploit DB Packet Storm
233177 5.8 警告 MySQL AB - MySQL における任意のテーブルの権限を取得される脆弱性 CWE-DesignError
CVE-2007-5970 2012-09-25 16:59 2007-12-10 Show GitHub Exploit DB Packet Storm
233178 4.7 警告 KDE project - kdebase におけるサービス運用妨害 (DoS) の脆弱性 CWE-noinfo
情報不足 		CVE-2007-5963 2012-09-25 16:59 2007-12-19 Show GitHub Exploit DB Packet Storm
233179 4.9 警告 IBM - Windows 上で稼働する IBM IDS におけるサービス運用妨害 (DoS) の脆弱性 CWE-noinfo
情報不足 		CVE-2007-5957 2012-09-25 16:59 2007-11-14 Show GitHub Exploit DB Packet Storm
233180 7.2 危険 IBM - IBM IDS におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2007-5956 2012-09-25 16:59 2007-11-14 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 25, 2026, 4:08 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1441 8.1 HIGH
Network 		- - ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the family record deletion endpoint (SelectDelete.php) performs permanent, irreversible deletion of family records an… CWE-352
CWE-862
 Origin Validation Error
 Missing Authorization 		CVE-2026-40581 2026-04-21 03:59 2026-04-18 Show GitHub Exploit DB Packet Storm
1442 - - - ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the /api/public/user/login endpoint validates only the username and password before returning the user's API key, byp… CWE-288
CWE-305
Authentication Bypass Using an Alternate Path or Channel
 Authentication Bypass by Primary Weakness 		CVE-2026-40582 2026-04-21 03:59 2026-04-18 Show GitHub Exploit DB Packet Storm
1443 4.8 MEDIUM
Network 		- - ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the User Editor (UserEditor.php) renders stored usernames directly into an HTML input value attribute without applyin… CWE-79
CWE-116
Cross-site Scripting
 Improper Encoding or Escaping of Output 		CVE-2026-40593 2026-04-21 03:59 2026-04-18 Show GitHub Exploit DB Packet Storm
1444 - - - editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based buffer overflow in ec_glob() that allo… CWE-121
CWE-787
Stack-based Buffer Overflow
 Out-of-bounds Write 		CVE-2026-40489 2026-04-21 03:59 2026-04-18 Show GitHub Exploit DB Packet Storm
1445 6.8 MEDIUM
Network 		- - The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When redirect following is enabled (followRedirect(true)), versio… CWE-200
Information Exposure 		CVE-2026-40490 2026-04-21 03:59 2026-04-18 Show GitHub Exploit DB Packet Storm
1446 5.3 MEDIUM
Network 		- - OpenAEV is an open source platform allowing organizations to plan, schedule and conduct cyber adversary simulation campaign and tests. Starting in version 1.11.0 and prior to version 2.0.13, the /api… CWE-204
 Response Discrepancy Information Exposure 		CVE-2026-24468 2026-04-21 03:59 2026-04-21 Show GitHub Exploit DB Packet Storm
1447 9.8 CRITICAL
Network 		- - SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 45d48d1f2e8e0d73e80bc1fd5310cb57f4547302, the TGA codec's RLE de… CWE-787
 Out-of-bounds Write 		CVE-2026-40494 2026-04-21 03:55 2026-04-18 Show GitHub Exploit DB Packet Storm
1448 9.8 CRITICAL
Network 		- - SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit 36aa5c7ec8a2bb35f6fb867a1177a6f141156b02, the XWD codec resolves… CWE-787
 Out-of-bounds Write 		CVE-2026-40492 2026-04-21 03:55 2026-04-18 Show GitHub Exploit DB Packet Storm
1449 9.8 CRITICAL
Network 		- - SAIL is a cross-platform library for loading and saving images with support for animation, metadata, and ICC profiles. Prior to commit c930284445ea3ff94451ccd7a57c999eca3bc979, the PSD codec computes… CWE-787
 Out-of-bounds Write 		CVE-2026-40493 2026-04-21 03:55 2026-04-18 Show GitHub Exploit DB Packet Storm
1450 8.8 HIGH
Network 		- - Vvveb prior to 1.0.8.1 contains a privilege escalation vulnerability in the admin user profile save endpoint that allows authenticated users to modify privileged fields on their own profile. Attacker… CWE-915
 Improperly Controlled Modification of Dynamically-Determined Object Attributes 		CVE-2026-34427 2026-04-21 03:54 2026-04-21 Show GitHub Exploit DB Packet Storm