Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
233211 2.1 注意 IBM - IBM Tivoli CDP for Files における任意のファイルを配置される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2007-5819 2012-09-25 16:59 2007-11-5 Show GitHub Exploit DB Packet Storm
233212 5 警告 ispworker - ISPworker の download.php におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2007-5813 2012-09-25 16:59 2007-11-5 Show GitHub Exploit DB Packet Storm
233213 5 警告 modulebuilder - ModuleBuilder の modules/Builder/DownloadModule.php におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2007-5812 2012-09-25 16:59 2007-11-5 Show GitHub Exploit DB Packet Storm
233214 4.3 警告 ILIAS - ILIAS の Services/Utilities/classes/class.ilUtil.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2007-5806 2012-09-25 16:59 2007-11-5 Show GitHub Exploit DB Packet Storm
233215 7.5 危険 jobsiteprofessional - JobSite Professional の file.php における SQL インジェクションの脆弱性 CWE-94
コード・インジェクション 		CVE-2007-5785 2012-09-25 16:59 2007-11-1 Show GitHub Exploit DB Packet Storm
233216 6.4 警告 mobile-spy - Mobile Spy における重要な情報を取得される脆弱性 CWE-200
CWE-310
CVE-2007-5778 2012-09-25 16:59 2007-11-1 Show GitHub Exploit DB Packet Storm
233217 10 危険 netkit-ftp - netkit ftp の getreply 関数におけるメモリ二重解放の脆弱性 CWE-119
バッファエラー 		CVE-2007-5769 2012-09-25 16:59 2007-11-15 Show GitHub Exploit DB Packet Storm
233218 10 危険 Novell - Novell BorderManager の Client Trust アプリケーションにおけるヒープベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2007-5767 2012-09-25 16:59 2007-10-24 Show GitHub Exploit DB Packet Storm
233219 7.5 危険 オラクル - Oracle E-Business Suite の okxLOV.jsp における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2007-5766 2012-09-25 16:59 2007-10-16 Show GitHub Exploit DB Packet Storm
233220 7.5 危険 light fman php - Light FMan PHP における脆弱性 CWE-noinfo
情報不足 		CVE-2007-5753 2012-09-25 16:59 2007-10-31 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 25, 2026, 4:08 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
421 8.8 HIGH
Network 		- - OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the node scope gate authentication mechanism. Attackers with device pairing credentials … New CWE-862
 Missing Authorization 		CVE-2026-41352 2026-04-24 23:40 2026-04-24 Show GitHub Exploit DB Packet Storm
422 8.1 HIGH
Network 		- - OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows attackers to circumvent profile restrictions through persistent profile mutation and… New CWE-472
 External Control of Assumed-Immutable Web Parameter 		CVE-2026-41353 2026-04-24 23:40 2026-04-24 Show GitHub Exploit DB Packet Storm
423 3.7 LOW
Network 		- - OpenClaw before 2026.4.2 contains an insufficient scope vulnerability in Zalo webhook replay dedupe keys that allows legitimate events from different conversations or senders to collide. Attackers ca… New CWE-706
 Use of Incorrectly-Resolved Name or Reference 		CVE-2026-41354 2026-04-24 23:40 2026-04-24 Show GitHub Exploit DB Packet Storm
424 7.3 HIGH
Local 		- - OpenShell before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted sandbox files into workspace hooks. Attackers with mirror mode access can execute … New CWE-829
 Inclusion of Functionality from Untrusted Control Sphere 		CVE-2026-41355 2026-04-24 23:40 2026-04-24 Show GitHub Exploit DB Packet Storm
425 5.4 MEDIUM
Network 		- - OpenClaw before 2026.3.31 fails to terminate active WebSocket sessions when rotating device tokens. Attackers with previously compromised credentials can maintain unauthorized access through existing… New CWE-613
 Insufficient Session Expiration 		CVE-2026-41356 2026-04-24 23:40 2026-04-24 Show GitHub Exploit DB Packet Storm
426 3.3 LOW
Local 		- - OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbox backends that pass unsanitized process.env to child processes. Attackers can exploit this by leve… New CWE-214
 Invocation of Process Using Visible Sensitive Information 		CVE-2026-41357 2026-04-24 23:40 2026-04-24 Show GitHub Exploit DB Packet Storm
427 5.4 MEDIUM
Network 		- - OpenClaw before 2026.4.2 fails to filter Slack thread context by sender allowlist, allowing non-allowlisted messages to enter agent context. Attackers can inject unauthorized thread messages through … New CWE-346
 Origin Validation Error 		CVE-2026-41358 2026-04-24 23:40 2026-04-24 Show GitHub Exploit DB Packet Storm
428 7.1 HIGH
Network 		- - OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissions to access admin-class Telegram configuration and cron persistence setti… New CWE-269
 Improper Privilege Management 		CVE-2026-41359 2026-04-24 23:40 2026-04-24 Show GitHub Exploit DB Packet Storm
429 6.7 MEDIUM
Local 		- - OpenClaw before 2026.4.2 contains an approval integrity vulnerability in pnpm dlx that fails to bind local script operands consistently with pnpm exec flows. Attackers can replace approved local scri… New CWE-367
 Time-of-check Time-of-use (TOCTOU) Race Condition 		CVE-2026-41360 2026-04-24 23:40 2026-04-24 Show GitHub Exploit DB Packet Storm
430 7.1 HIGH
Network 		- - OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attackers can exploit this by crafting URLs targeting internal or non-routable … New CWE-184
 Incomplete Blacklist 		CVE-2026-41361 2026-04-24 23:40 2026-04-24 Show GitHub Exploit DB Packet Storm