Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
233501	7.8	危険	michal marcinkowski	-	Soldat game server などにおけるサービス運用妨害 (DoS) の脆弱性	-	CVE-2007-4532	2012-09-25 16:59	2007-08-24	Show	GitHub Exploit DB Packet Storm

233502	5	警告	michal marcinkowski	-	Soldat game server などにおけるクライアントサービス運用妨害 (DoS) の脆弱性	-	CVE-2007-4531	2012-09-25 16:59	2007-08-24	Show	GitHub Exploit DB Packet Storm

233503	4.3	警告	The PHP Group	-	PHP の ffi におけるコードを実行される脆弱性	-	CVE-2007-4528	2012-09-25 16:59	2007-08-24	Show	GitHub Exploit DB Packet Storm

233504	2.1	注意	Novell	-	Novell Identity Manager の CLE における重要な情報を取得される脆弱性	CWE-255 証明書・パスワード管理	CVE-2007-4526	2012-09-25 16:59	2007-08-24	Show	GitHub Exploit DB Packet Storm

233505	5	警告	ヒューレット・パッカード	-	HP ProCurve Manager などにおける ProCurve Manager サーバから重要な情報を取得される脆弱性	CWE-200 情報漏えい	CVE-2007-4514	2012-09-25 16:59	2009-04-8	Show	GitHub Exploit DB Packet Storm

233506	6	警告	オラクル	-	Oracle の XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA プロシージャにおけるバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2007-4517	2012-09-25 16:59	2007-11-8	Show	GitHub Exploit DB Packet Storm

233507	7.5	危険	Joomla!	-	Joomla! 用の EventList コンポーネントの index.php における SQL インジェクションの脆弱性	-	CVE-2007-4509	2012-09-25 16:59	2007-08-23	Show	GitHub Exploit DB Packet Storm

233508	6.8	警告	The PHP Group	-	PHP 用の php_ntuser コンポーネントにおけるバッファオーバーフローの脆弱性	-	CVE-2007-4507	2012-09-25 16:59	2007-08-23	Show	GitHub Exploit DB Packet Storm

233509	7.5	危険	Joomla!	-	Joomla! 用の NeoRecruit コンポーネントにおける SQL インジェクションの脆弱性	-	CVE-2007-4506	2012-09-25 16:59	2007-08-23	Show	GitHub Exploit DB Packet Storm

233510	7.5	危険	Mambo Foundation Mambo Communities Pty	-	Mambo 用の remository コンポーネントにおける SQL インジェクションの脆弱性	-	CVE-2007-4505	2012-09-25 16:59	2007-08-23	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:April 25, 2026, 4:08 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
2281	8.2	HIGH Network	openclaw	openclaw	OpenClaw before 2026.3.22 performs cryptographic and dispatch operations on inbound Nostr direct messages before enforcing sender and pairing policy validation. Attackers can trigger unauthorized pre…	CWE-696 Incorrect Behavior Order	CVE-2026-35627	2026-04-17 05:52	2026-04-10	Show	GitHub Exploit DB Packet Storm

2282	6.3	MEDIUM Local	flatpak	flatpak-builder	flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-files manifest key takes an array of paths to user defined licence files relative to the source direct…	CWE-22 Path Traversal	CVE-2026-39977	2026-04-17 05:52	2026-04-10	Show	GitHub Exploit DB Packet Storm

2283	5.1	MEDIUM Local	openclaw	openclaw	OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway where authorizeCanvasRequest() unconditionally allows local-direct requests without validating bearer t…	CWE-288 Authentication Bypass Using an Alternate Path or Channel	CVE-2026-35634	2026-04-17 05:51	2026-04-10	Show	GitHub Exploit DB Packet Storm

2284	8.8	HIGH Network	openplcproject	openplc_v3_firmware	OpenPLC_V3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authenticated user with role=user can delete any other user, including administrators, by specifying the…	CWE-862 Missing Authorization	CVE-2026-35063	2026-04-17 05:49	2026-04-10	Show	GitHub Exploit DB Packet Storm

2285	7.5	HIGH Network	openplcproject	openplc_v3_firmware	OpenPLC_V3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an attacker to retrieve credentials and access sensitive information.	CWE-256 Plaintext Storage of a Password	CVE-2026-35556	2026-04-17 05:49	2026-04-10	Show	GitHub Exploit DB Packet Storm

2286	5.3	MEDIUM Network	langchain	langchain_core	LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prom…	CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine	CVE-2026-40087	2026-04-17 05:48	2026-04-10	Show	GitHub Exploit DB Packet Storm

2287	6.5	MEDIUM Network	openclaw	openclaw	OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass vulnerability where session_status resolves sessionId to canonical session keys before enforcing visibility checks. Sa…	CWE-696 Incorrect Behavior Order	CVE-2026-35636	2026-04-17 05:48	2026-04-10	Show	GitHub Exploit DB Packet Storm

2288	9.6	CRITICAL Network	praison	praisonai	PraisonAI is a multi-agent teams system. Prior to 4.5.121, the execute_command function and workflow shell execution are exposed to user-controlled input via agent workflows, YAML definitions, and LL…	CWE-78 OS Command	CVE-2026-40088	2026-04-17 05:40	2026-04-10	Show	GitHub Exploit DB Packet Storm

2289	9.8	CRITICAL Network	wolfssl	wolfssl	Two potential heap out-of-bounds write locations existed in DecodeObjectId() in wolfcrypt/src/asn.c. First, a bounds check only validates one available slot before writing two OID arc values (out[0] …	CWE-122 CWE-787 Heap-based Buffer Overflow Out-of-bounds Write	CVE-2026-5187	2026-04-17 05:39	2026-04-10	Show	GitHub Exploit DB Packet Storm

2290	9.1	CRITICAL Network	wolfssl	wolfssl	Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature ver…	CWE-295 Improper Certificate Validation	CVE-2026-5194	2026-04-17 05:37	2026-04-10	Show	GitHub Exploit DB Packet Storm