Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
234101 5 警告 jchit - jchit counter の imgsrv.php におけるディレクトリトラバーサルの脆弱性 - CVE-2007-2184 2012-09-25 16:47 2007-04-24 Show GitHub Exploit DB Packet Storm
234102 6.8 警告 maran - Maran PHP Forum の forum_write.php における任意の PHP ファイルを実行される脆弱性 - CVE-2007-2182 2012-09-25 16:47 2007-04-24 Show GitHub Exploit DB Packet Storm
234103 7.1 危険 Nullsoft - Nullsoft Winamp におけるバッファオーバーフローの脆弱性 - CVE-2007-2180 2012-09-25 16:47 2007-04-24 Show GitHub Exploit DB Packet Storm
234104 7.8 危険 Objective Development Software GmbH - Objective Development Sharity におけるサービス運用妨害 (DoS) の脆弱性 - CVE-2007-2178 2012-09-25 16:47 2007-04-24 Show GitHub Exploit DB Packet Storm
234105 6.8 警告 microgaming - Microgaming Download Helper ActiveX コントロールにおけるスタックベースのバッファオーバーフローの脆弱性 - CVE-2007-2177 2012-09-25 16:47 2007-04-24 Show GitHub Exploit DB Packet Storm
234106 10 危険 Mozilla Foundation - Mozilla Firefox における任意のコードを実行される脆弱性 CWE-noinfo
情報不足 		CVE-2007-2176 2012-09-25 16:47 2007-04-24 Show GitHub Exploit DB Packet Storm
234107 10 危険 Novell - Novell GW WebAccess の base64_decode 関数におけるスタックベースのバッファオーバーフローの脆弱性 - CVE-2007-2171 2012-09-25 16:47 2007-04-17 Show GitHub Exploit DB Packet Storm
234108 9.4 危険 オラクル - Oracle E-Business Suite の APPLSYS.FND_DM_NODES パケッージにおける任意のノードを削除される脆弱性 - CVE-2007-2170 2012-09-25 16:47 2007-04-17 Show GitHub Exploit DB Packet Storm
234109 7.5 危険 mozzers subsystem - Mozzers SubSystem の add.php における subs.php へ PHP コードを挿入される脆弱性 - CVE-2007-2169 2012-09-25 16:47 2007-04-22 Show GitHub Exploit DB Packet Storm
234110 6.8 警告 opensurveypilot - osp の administration/user/lib/group.inc.php における PHP リモートファイルインクルージョンの脆弱性 - CVE-2007-2166 2012-09-25 16:47 2007-04-22 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 26, 2026, 4:08 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1811 9.9 CRITICAL
Network 		- - Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the subtitle upload endpoint (POST /Videos/{itemId}/Subtitles), where the Format field … CWE-20
CWE-22
CWE-187
 Improper Input Validation 
Path Traversal
 Partial String Comparison 		CVE-2026-35031 2026-04-18 00:38 2026-04-15 Show GitHub Exploit DB Packet Storm
1812 5.4 MEDIUM
Network 		- - Stored cross-site scripting vulnerability exists in GROWI v7.4.6 and earlier. If this vulnerability is exploited, an arbitrary script may be executed in a user's web browser. CWE-79
Cross-site Scripting 		CVE-2026-26291 2026-04-18 00:38 2026-04-15 Show GitHub Exploit DB Packet Storm
1813 7.5 HIGH
Network 		- - Deadwood in MaraDNS 3.5.0036 allows attackers to exhaust connection slots via a zone whose authoritative nameserver address cannot be resolved. CWE-670
 Always-Incorrect Control Flow Implementation 		CVE-2026-40719 2026-04-18 00:38 2026-04-15 Show GitHub Exploit DB Packet Storm
1814 7.5 HIGH
Network 		- - Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for salts. The _make_salt and _make_salt_bcrypt methods will attept to load Crypt::URandom and then Bytes::… CWE-338
 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) 		CVE-2026-5088 2026-04-18 00:38 2026-04-15 Show GitHub Exploit DB Packet Storm
1815 - - - Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the LiveTV M3U tuner endpoint (POST /LiveTv/TunerHosts), where the tuner URL is not val… CWE-73
CWE-918
 External Control of File Name or Path
Server-Side Request Forgery (SSRF)  		CVE-2026-35032 2026-04-18 00:38 2026-04-15 Show GitHub Exploit DB Packet Storm
1816 - - - Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain an unauthenticated arbitrary file read vulnerability via ffmpeg argument injection through the StreamOptions que… CWE-88
CWE-862
Argument Injection
 Missing Authorization 		CVE-2026-35033 2026-04-18 00:38 2026-04-15 Show GitHub Exploit DB Packet Storm
1817 8.0 HIGH
Network 		- - nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking (CSWSH) vulnerability exists in the bridge's WebSocket server in bridge/src/server.ts, resulting f… CWE-1385
 Missing Origin Validation in WebSockets 		CVE-2026-35589 2026-04-18 00:38 2026-04-15 Show GitHub Exploit DB Packet Storm
1818 7.2 HIGH
Network 		- - BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are vulnerable to a critical Local File Inclusion (LFI) … CWE-98
 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') 		CVE-2026-39387 2026-04-18 00:38 2026-04-15 Show GitHub Exploit DB Packet Storm
1819 9.6 CRITICAL
Network 		- - NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply … CWE-20
CWE-22
 Improper Input Validation 
Path Traversal 		CVE-2026-39399 2026-04-18 00:38 2026-04-15 Show GitHub Exploit DB Packet Storm
1820 8.1 HIGH
Network 		- - An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authen… CWE-863
 Incorrect Authorization 		CVE-2025-40897 2026-04-18 00:38 2026-04-15 Show GitHub Exploit DB Packet Storm