Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
233711 5.8 警告 The PHP Group - PHP の bz2 エクステンションにおけるサービス運用妨害 (DoS) の脆弱性 - CVE-2007-3790 2012-09-25 16:47 2007-07-15 Show GitHub Exploit DB Packet Storm
233712 7.5 危険 inmostore - Inmostore の admin/index.php における SQL インジェクションの脆弱性 - CVE-2007-3789 2012-09-25 16:47 2007-07-15 Show GitHub Exploit DB Packet Storm
233713 7.8 危険 os-cillation - Xfce Terminal の terminal/terminal.c の terminal_helper_execute 関数における任意のコマンドを実行される脆弱性 - CVE-2007-3770 2012-09-25 16:47 2007-07-15 Show GitHub Exploit DB Packet Storm
233714 5.8 警告 Netwin Ltd - SurgeFTP のミラーサーバ管理インターフェースにおけるクロスサイトスクリプティングの脆弱性 - CVE-2007-3769 2012-09-25 16:47 2007-07-15 Show GitHub Exploit DB Packet Storm
233715 8.5 危険 Netwin Ltd - SurgeFTP のミラーメカニズムにおけるサービス運用妨害 (DoS) の脆弱性 - CVE-2007-3768 2012-09-25 16:47 2007-07-15 Show GitHub Exploit DB Packet Storm
233716 5 警告 ヒューレット・パッカード - HP OpenVMS の TCP/IP Services における認証を回避される脆弱性 - CVE-2007-3730 2012-09-25 16:47 2007-07-12 Show GitHub Exploit DB Packet Storm
233717 5 警告 ヒューレット・パッカード - HP OpenVMS の TCP/IP Services における有効な POP ユーザ名を列挙される脆弱性 - CVE-2007-3729 2012-09-25 16:47 2007-07-12 Show GitHub Exploit DB Packet Storm
233718 2.1 注意 マイクロソフト - Microsoft Windows XP カーネルのプロセススケジューラにおけるサービス運用妨害 (DoS) の脆弱性 - CVE-2007-3724 2012-09-25 16:47 2007-07-12 Show GitHub Exploit DB Packet Storm
233719 10 危険 IBM - IBM DB2 UDB DAS におけるサービス運用妨害 (DoS) の脆弱性 CWE-399
リソース管理の問題 		CVE-2007-3676 2012-09-25 16:47 2008-02-12 Show GitHub Exploit DB Packet Storm
233720 5 警告 mywebland - myWebland myBloggie における重要な情報を取得される脆弱性 CWE-200
情報漏えい 		CVE-2007-3650 2012-09-25 16:47 2008-07-8 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 25, 2026, 4:08 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1401 9.9 CRITICAL
Network 		- - Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, the external engine plugin loader concatenates a user-supplied engine name into a files… CWE-22
CWE-73
CWE-94
CWE-427
Path Traversal
 External Control of File Name or Path
Code Injection
 Uncontrolled Search Path Element 		CVE-2026-40342 2026-04-21 04:03 2026-04-18 Show GitHub Exploit DB Packet Storm
1402 - - - Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. In versions prior to 23.0.0 , the ODT to PDF conversion process in odf.php concatenates … CWE-78
OS Command  		CVE-2026-23500 2026-04-21 04:03 2026-04-18 Show GitHub Exploit DB Packet Storm
1403 - - - xrdp is an open source RDP server. Versions through 0.10.5 have an out-of-bounds read vulnerability in the pre-authentication RDP message parsing logic. A remote, unauthenticated attacker can trigger… CWE-125
Out-of-bounds Read 		CVE-2026-33689 2026-04-21 04:03 2026-04-18 Show GitHub Exploit DB Packet Storm
1404 - - - mcp-neo4j-cypher is an MCP server for executing Cypher queries against Neo4j databases. In versions prior to 0.6.0, the read_only mode enforcement can be bypassed using APOC CALL procedures, potentia… CWE-284
Improper Access Control 		CVE-2026-35402 2026-04-21 04:03 2026-04-18 Show GitHub Exploit DB Packet Storm
1405 - - - xrdp is an open source RDP server. Versions through 0.10.5 have a heap-based buffer overflow in the EGFX (graphics dynamic virtual channel) implementation due to insufficient validation of client-con… CWE-122
Heap-based Buffer Overflow 		CVE-2026-35512 2026-04-21 04:03 2026-04-18 Show GitHub Exploit DB Packet Storm
1406 5.4 MEDIUM
Network 		- - The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In versions 4.12.0 through 4.17.1, simultaneous requests that trigger a nonce retry may cause the prox… CWE-362
CWE-863
Race Condition
 Incorrect Authorization 		CVE-2026-40155 2026-04-21 04:03 2026-04-18 Show GitHub Exploit DB Packet Storm
1407 6.3 MEDIUM
Network 		- - xrdp is an open source RDP server. Versions through 0.10.5 allow an authenticated remote user to execute arbitrary commands on the server due to unsafe handling of the AlternateShell parameter in xrd… CWE-78
OS Command  		CVE-2026-33145 2026-04-21 04:03 2026-04-18 Show GitHub Exploit DB Packet Storm
1408 6.5 MEDIUM
Network 		- - OpenFGA is an authorization/permission engine built for developers. In versions 0.1.4 through 1.13.1, when OpenFGA is configured to use preshared-key authentication with the built-in playground enabl… CWE-200
Information Exposure 		CVE-2026-40293 2026-04-21 04:03 2026-04-18 Show GitHub Exploit DB Packet Storm
1409 - - - next-intl provides internationalization for Next.js. Applications using the `next-intl` middleware prior to version 4.9.1with `localePrefix: 'as-needed'` could construct URLs where path handling and … CWE-601
Open Redirect 		CVE-2026-40299 2026-04-21 04:03 2026-04-18 Show GitHub Exploit DB Packet Storm
1410 4.7 MEDIUM
Network 		- - DOMSanitizer is a DOM/SVG/MathML Sanitizer for PHP 7.3+. Prior to version 1.0.10, DOMSanitizer::sanitize() allows <style> elements in SVG content but never inspects their text content. CSS url() refe… CWE-79
Cross-site Scripting 		CVE-2026-40301 2026-04-21 04:03 2026-04-18 Show GitHub Exploit DB Packet Storm