Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
233571 4.3 警告 KnowledgeTree - KnowledgeTree Open Source におけるクロスサイトスクリプティングの脆弱性 - CVE-2007-4281 2012-09-25 16:59 2007-08-9 Show GitHub Exploit DB Packet Storm
233572 6.9 警告 IBM - IBM DB2 UDB におけるスタックベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2007-4276 2012-09-25 16:59 2007-08-18 Show GitHub Exploit DB Packet Storm
233573 6.9 警告 IBM - IBM DB2 UDB における権限を取得される脆弱性 - CVE-2007-4275 2012-09-25 16:59 2007-08-18 Show GitHub Exploit DB Packet Storm
233574 4.6 警告 IBM - IBM DB2 UDB における任意のコードを実行される脆弱性 CWE-134
書式文字列の問題 		CVE-2007-4273 2012-09-25 16:59 2007-08-18 Show GitHub Exploit DB Packet Storm
233575 1.9 注意 IBM - IBM DB2 UDB における任意のファイルを作成される脆弱性 - CVE-2007-4272 2012-09-25 16:59 2007-08-18 Show GitHub Exploit DB Packet Storm
233576 2.1 注意 IBM - IBM DB2 UDB におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2007-4271 2012-09-25 16:59 2007-08-16 Show GitHub Exploit DB Packet Storm
233577 6.9 警告 IBM - IBM DB2 UDB における root 権限を取得される脆弱性 - CVE-2007-4270 2012-09-25 16:59 2007-08-18 Show GitHub Exploit DB Packet Storm
233578 4.3 警告 kai blankenhorn bitfolge - Kai Blankenhorn Bitfolge simple and nice index file におけるクロスサイトスクリプティングの脆弱性 - CVE-2007-4264 2012-09-25 16:59 2007-08-9 Show GitHub Exploit DB Packet Storm
233579 6.8 警告 lfs - LFS におけるバッファオーバーフローの脆弱性 - CVE-2007-4257 2012-09-25 16:59 2007-08-8 Show GitHub Exploit DB Packet Storm
233580 7.5 危険 The PHP Group - PHP の mSQL エクステンションにおけるバッファオーバーフローの脆弱性 - CVE-2007-4255 2012-09-25 16:59 2007-08-8 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 26, 2026, 4:08 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1111 - - - Oxia is a metadata store and coordination system. Prior to 0.16.2, the OIDC authentication provider unconditionally sets SkipClientIDCheck: true in the go-oidc verifier configuration, disabling the s… CWE-287
Improper Authentication 		CVE-2026-40946 2026-04-23 05:28 2026-04-22 Show GitHub Exploit DB Packet Storm
1112 4.3 MEDIUM
Network 		- - BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have an Open Redirect through bigbluebutton/api/join via get-parameter "logoutURL." Version 3.0.24 has adjusted the handlin… CWE-601
Open Redirect 		CVE-2026-41126 2026-04-23 05:26 2026-04-22 Show GitHub Exploit DB Packet Storm
1113 6.5 MEDIUM
Network 		- - BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have a missing authorization that allows viewers to inject/overwrite captions Version 3.0.24 tightened the permissions on w… CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2026-41127 2026-04-23 05:26 2026-04-22 Show GitHub Exploit DB Packet Storm
1114 - - - Craft CMS is a content management system (CMS). In versions 5.6.0 through 5.9.14, the `actionSavePermissions()` endpoint allows a user with only `viewUsers` permission to remove arbitrary users from … CWE-862
 Missing Authorization 		CVE-2026-41128 2026-04-23 05:26 2026-04-22 Show GitHub Exploit DB Packet Storm
1115 - - - Craft CMS is a content management system (CMS). Versions on the 4.x branch through 4.17.8 and the 5.x branch through 5.9.14 are vulnerable to Server-Side Request Forgery. The exploitation requires a … CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-41129 2026-04-23 05:26 2026-04-22 Show GitHub Exploit DB Packet Storm
1116 - - - Craft CMS is a content management system (CMS). In versions on the 4.x branch through 4.17.8 and the 5.x branch through 5.9.14, the `resource-js` endpoint in Craft CMS allows unauthenticated requests… CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-41130 2026-04-23 05:26 2026-04-22 Show GitHub Exploit DB Packet Storm
1117 6.4 MEDIUM
Network 		- - The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagram_follow_text' setting in all versions up to, and including, … CWE-79
Cross-site Scripting 		CVE-2026-5162 2026-04-23 05:22 2026-04-17 Show GitHub Exploit DB Packet Storm
1118 6.5 MEDIUM
Network 		- - The Tutor LMS plugin for WordPress is vulnerable to SQL Injection in versions up to and including 3.9.8. This is due to insufficient escaping on the 'date' parameter combined with direct interpolatio… CWE-89
SQL Injection 		CVE-2026-6080 2026-04-23 05:22 2026-04-17 Show GitHub Exploit DB Packet Storm
1119 6.5 MEDIUM
Network 		- - The WP Statistics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 14.16.4. This is due to missing capability checks on multiple AJAX handlers includi… CWE-862
 Missing Authorization 		CVE-2026-3488 2026-04-23 05:22 2026-04-17 Show GitHub Exploit DB Packet Storm
1120 9.8 CRITICAL
Network 		- - All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versions. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in a… CWE-506
 Embedded Malicious Code 		CVE-2026-6443 2026-04-23 05:22 2026-04-17 Show GitHub Exploit DB Packet Storm