Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
233551 9.3 危険 マイクロソフト - Microsoft Internet Explorer 6 および 7 における重要な情報を取得される脆弱性 - CVE-2007-4356 2012-09-25 16:59 2007-08-14 Show GitHub Exploit DB Packet Storm
233552 4.3 警告 ヒューレット・パッカード - HP SiteScope の管理インターフェースにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2007-4350 2012-09-25 16:59 2008-10-21 Show GitHub Exploit DB Packet Storm
233553 4.3 警告 ヒューレット・パッカード - HP Performance Agent などの製品におけるサービス運用妨害 (DoS) の脆弱性 CWE-Other
その他 		CVE-2007-4349 2012-09-25 16:59 2008-10-23 Show GitHub Exploit DB Packet Storm
233554 4.3 警告 IBM - IBM TSM Client の CAD サービスにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2007-4348 2012-09-25 16:59 2007-10-30 Show GitHub Exploit DB Packet Storm
233555 7.5 危険 Ipswitch, Inc. - IPSwitch IMail Server に同梱された IMail Client におけるバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2007-4345 2012-09-25 16:59 2007-10-31 Show GitHub Exploit DB Packet Storm
233556 5.1 警告 Irfan Skiljan - IrfanView におけるスタックベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2007-4343 2012-09-25 16:59 2007-10-16 Show GitHub Exploit DB Packet Storm
233557 7.5 危険 omnistar - Omnistar Lib2 PHP の adm/my_statistics.php における PHP リモートファイルインクルージョンの脆弱性 - CVE-2007-4341 2012-09-25 16:59 2007-08-14 Show GitHub Exploit DB Packet Storm
233558 10 危険 Haudenschilt - Ryan Haudenschilt FCMS の index.php における任意のアカウントにアクセスされる脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2007-4338 2012-09-25 16:59 2007-08-14 Show GitHub Exploit DB Packet Storm
233559 4.3 警告 マイクロソフト - Microsoft DirectX Media SDK にパッケージされた DXTLIPI.DLL におけるバッファオーバーフローの脆弱性 - CVE-2007-4336 2012-09-25 16:59 2007-08-14 Show GitHub Exploit DB Packet Storm
233560 6.8 警告 mapos scripts - Shoutbox の shoutbox.php における PHP リモートファイルインクルージョンの脆弱性 - CVE-2007-4330 2012-09-25 16:59 2007-08-13 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 25, 2026, 4:08 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
2351 5.3 MEDIUM
Network 		- - The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference via the 'submission_id' parameter in … CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2026-4160 2026-04-16 23:16 2026-04-16 Show GitHub Exploit DB Packet Storm
2352 6.3 MEDIUM
Local 		adobe acrobat
acrobat_dc
acrobat_reader_dc 		Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability… CWE-1321
 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') 		CVE-2026-34626 2026-04-16 23:14 2026-04-15 Show GitHub Exploit DB Packet Storm
2353 8.6 HIGH
Local 		adobe acrobat
acrobat_dc
acrobat_reader_dc 		Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability… CWE-1321
 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') 		CVE-2026-34622 2026-04-16 23:14 2026-04-15 Show GitHub Exploit DB Packet Storm
2354 7.8 HIGH
Local 		openclaw openclaw OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator… CWE-648
 Incorrect Use of Privileged APIs 		CVE-2026-35625 2026-04-16 22:43 2026-04-10 Show GitHub Exploit DB Packet Storm
2355 - - - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accid… - CVE-2026-5968 2026-04-16 22:16 2026-04-16 Show GitHub Exploit DB Packet Storm
2356 5.4 MEDIUM
Network 		gitlab gitlab GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that, in customizable analytics dashboards, could have allowed… CWE-79
Cross-site Scripting 		CVE-2026-4332 2026-04-16 22:00 2026-04-9 Show GitHub Exploit DB Packet Storm
2357 2.7 LOW
Network 		gitlab gitlab GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with custom r… CWE-862
 Missing Authorization 		CVE-2026-4916 2026-04-16 21:59 2026-04-9 Show GitHub Exploit DB Packet Storm
2358 7.5 HIGH
Network 		- - The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to SQL Injection via the 'packages' parameter in versions up to, and including, 3.6.26 due to insu… CWE-89
SQL Injection 		CVE-2026-3489 2026-04-16 21:16 2026-04-16 Show GitHub Exploit DB Packet Storm
2359 5.4 MEDIUM
Network 		- - The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded image title in versions up to, and including, 1.7.9 due to insuffic… CWE-79
Cross-site Scripting 		CVE-2026-3369 2026-04-16 21:16 2026-04-16 Show GitHub Exploit DB Packet Storm
2360 3.1 LOW
Network 		- - The OneSignal – Web Push Notifications plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.8.0. This is due to the plugin not properly verifying that a user… CWE-862
 Missing Authorization 		CVE-2026-3155 2026-04-16 21:16 2026-04-16 Show GitHub Exploit DB Packet Storm