Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
233361 3.3 注意 Novell - hugin における任意のファイルを上書きされる脆弱性 CWE-59
リンク解釈の問題 		CVE-2007-5200 2012-09-25 16:59 2007-10-12 Show GitHub Exploit DB Packet Storm
233362 6.8 警告 Nagios Enterprises, LLC - Nagios プラグインの redir 関数におけるバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2007-5198 2012-09-25 16:59 2007-10-4 Show GitHub Exploit DB Packet Storm
233363 7.5 危険 Mono Project - Mono の Mono.Math.BigInteger クラスにおけるバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2007-5197 2012-09-25 16:59 2007-11-2 Show GitHub Exploit DB Packet Storm
233364 4.3 警告 megasol - OdysseySuite の Mailbox.mws におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2007-5183 2012-09-25 16:59 2007-10-3 Show GitHub Exploit DB Packet Storm
233365 4.3 警告 netkamp - Netkamp Emlak Scripti の mail.asp におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2007-5182 2012-09-25 16:59 2007-10-3 Show GitHub Exploit DB Packet Storm
233366 7.5 危険 netkamp - Netkamp Emlak Scripti の detay.asp における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2007-5181 2012-09-25 16:59 2007-10-3 Show GitHub Exploit DB Packet Storm
233367 7.5 危険 ohesa emlak portali - Ohesa Emlak Portali における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2007-5180 2012-09-25 16:59 2007-10-3 Show GitHub Exploit DB Packet Storm
233368 6.8 警告 mxbb - mxBB 用の mx_glance モジュールにおけるリモートファイルインクルージョン攻撃を実行される脆弱性 CWE-94
コード・インジェクション 		CVE-2007-5178 2012-09-25 16:59 2007-10-3 Show GitHub Exploit DB Packet Storm
233369 7.5 危険 mambads
Mambo Foundation		 - Mambo 用の MambAds コンポーネントにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2007-5177 2012-09-25 16:59 2007-10-3 Show GitHub Exploit DB Packet Storm
233370 6.8 警告 OpenID
phpBB		 - phpBB Openid の includes/openid/Auth/OpenID/BBStore.php における PHP リモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2007-5173 2012-09-25 16:59 2007-10-3 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 24, 2026, 4 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1421 9.1 CRITICAL
Network 		orthanc-server orthanc An out-of-bounds read vulnerability exists in the `DecodeLookupTable` function within `DicomImageDecoder.cpp`. The lookup-table decoding logic used for `PALETTE COLOR` images does not validate pixel … CWE-125
Out-of-bounds Read 		CVE-2026-5445 2026-04-15 05:10 2026-04-10 Show GitHub Exploit DB Packet Storm
1422 7.8 HIGH
Local 		hdfgroup hdf5 HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the h5dump helper utility. An attacker who can supply a malicious h5 file can trigger a heap use-after-… CWE-416
 Use After Free 		CVE-2026-34734 2026-04-15 05:09 2026-04-10 Show GitHub Exploit DB Packet Storm
1423 8.2 HIGH
Network 		gitroom postiz Postiz is an AI social media scheduling tool. Prior to 2.21.5, the /api/public/stream endpoint is vulnerable to SSRF. Although the application validates the initially supplied URL and blocks direct p… CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-40168 2026-04-15 05:09 2026-04-11 Show GitHub Exploit DB Packet Storm
1424 9.8 CRITICAL
Network 		goshs goshs goshs is a SimpleHTTPServer written in Go. Prior to 2.0.0-beta.4, goshs enforces the documented per-folder .goshs ACL/basic-auth mechanism for directory listings and file reads, but it does not enfor… CWE-862
 Missing Authorization 		CVE-2026-40189 2026-04-15 05:08 2026-04-11 Show GitHub Exploit DB Packet Storm
1425 7.5 HIGH
Network 		softether softethervpn SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. In 5.2.5188 and earlier, a pre-authentication denial-of-service vulnerability exists in SoftEther VPN Developer Edition 5.2… CWE-789
 Memory Allocation with Excessive Size Value 		CVE-2026-39312 2026-04-15 05:08 2026-04-8 Show GitHub Exploit DB Packet Storm
1426 9.1 CRITICAL
Network 		docker model_runner Docker Model Runner (DMR) is software used to manage, run, and deploy AI models using Docker. Prior to version 1.1.25, Docker Model Runner contains an SSRF vulnerability in its OCI registry token exc… CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-33990 2026-04-15 05:08 2026-04-2 Show GitHub Exploit DB Packet Storm
1427 9.8 CRITICAL
Network 		xwiki xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Prior to 17.4.8 and 17.10.1, an improperly protected scripting API allows any user with script… CWE-862
 Missing Authorization 		CVE-2026-33229 2026-04-15 05:08 2026-04-9 Show GitHub Exploit DB Packet Storm
1428 8.6 HIGH
Network 		patrickjuchli basic-ftp basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences (\r\n) in file path parameters passed to high-level path APIs such as cd(), remove(),… CWE-93
CRLF Injection 		CVE-2026-39983 2026-04-15 05:07 2026-04-10 Show GitHub Exploit DB Packet Storm
1429 6.1 MEDIUM
Network 		unjs unhead Unhead is a document head and template manager. Prior to 2.1.13, useHeadSafe() is the composable that Nuxt's own documentation explicitly recommends for rendering user-supplied content in <head> safe… CWE-184
 Incomplete Blacklist 		CVE-2026-39315 2026-04-15 05:07 2026-04-10 Show GitHub Exploit DB Packet Storm
1430 7.5 HIGH
Network 		apache tomcat Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0-M1 through … CWE-444
HTTP Request Smuggling 		CVE-2026-24880 2026-04-15 05:02 2026-04-10 Show GitHub Exploit DB Packet Storm