Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 12, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
236831	7.5	危険	Mambo Foundation parkviewconsultants	-	Mambo 用の SimpleFAQ コンポーネントにおける SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2007-4456	2012-09-25 16:59	2007-08-21	Show	GitHub Exploit DB Packet Storm

236832	6.8	警告	olate	-	od の environment.php における任意の PHP コードを実行される脆弱性	-	CVE-2007-4454	2012-09-25 16:59	2007-08-21	Show	GitHub Exploit DB Packet Storm

236833	4.6	警告	The PHP Group	-	PHP 用の win32std エクステンションにおけるバッファオーバーフローの脆弱性	-	CVE-2007-4441	2012-09-25 16:59	2007-08-20	Show	GitHub Exploit DB Packet Storm

236834	7.5	危険	lighthouse development	-	Squirrelcart の popup_window.php における PHP リモートファイルインクルージョンの脆弱性	-	CVE-2007-4439	2012-09-25 16:59	2007-08-20	Show	GitHub Exploit DB Packet Storm

236835	3.5	注意	intersystems	-	InterSystems Cache' の CSP 実装のログインページのリダイレクトロジックにおけるサーバ上のデータを変更される脆弱性	-	CVE-2007-4427	2012-09-25 16:59	2007-08-20	Show	GitHub Exploit DB Packet Storm

236836	5	警告	live for speed	-	LFS におけるサービス運用妨害 (DoS) の脆弱性	-	CVE-2007-4426	2012-09-25 16:59	2007-08-20	Show	GitHub Exploit DB Packet Storm

236837	6	警告	live for speed	-	LFS におけるバッファオーバーフローの脆弱性	-	CVE-2007-4425	2012-09-25 16:59	2007-08-20	Show	GitHub Exploit DB Packet Storm

236838	5	警告	IBM	-	IBM DB2 UDB におけるスタックベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2007-4423	2012-09-25 16:59	2007-08-18	Show	GitHub Exploit DB Packet Storm

236839	9.3	危険	olate	-	od の Admin.php における SQL インジェクションの脆弱性	-	CVE-2007-4421	2012-09-25 16:59	2007-08-18	Show	GitHub Exploit DB Packet Storm

236840	9.3	危険	olate	-	od の Admin.php における Admin エリアへアクセスされる脆弱性	CWE-287 不適切な認証	CVE-2007-4419	2012-09-25 16:59	2007-08-18	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 12, 2026, 5:06 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
551	7.5	HIGH Network	-	-	pygeoapi is a Python server implementation of the OGC API suite of standards. From version 0.23.0 to before version 0.23.3, a raw string path concatenation vulnerability in pygeoapi's STAC FileSystem…	CWE-22 Path Traversal	CVE-2026-42351	2026-05-9 08:16	2026-05-9	Show	GitHub Exploit DB Packet Storm

552	-		-	-	Kargo manages and automates the promotion of software artifacts. Prior to versions 1.7.10, 1.8.13, 1.9.8, and 1.10.2, Kargo is vulnerable to open redirect in UI OIDC login flow via the redirectTo que…	CWE-601 Open Redirect	CVE-2026-42350	2026-05-9 08:16	2026-05-9	Show	GitHub Exploit DB Packet Storm

553	6.5	MEDIUM Network	-	-	Postiz is an AI social media scheduling tool. From version 2.16.6 to before version 2.21.7, all SSRF protections added in v2.21.4–v2.21.6 share a fundamental TOCTOU (Time-of-Check-Time-of-Use) vulner…	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-42346	2026-05-9 08:16	2026-05-9	Show	GitHub Exploit DB Packet Storm

554	7.7	HIGH Network	-	-	FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress() function in packages/service/common/system/utils.ts blocks cloud metadata endpoints using a full…	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-42345	2026-05-9 08:16	2026-05-9	Show	GitHub Exploit DB Packet Storm

555	6.3	MEDIUM Network	-	-	FastGPT is an AI Agent building platform. In versions 4.14.11 and prior, FastGPT's isInternalAddress() function in packages/service/common/system/utils.ts is vulnerable to DNS rebinding (TOCTOU — Tim…	CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition	CVE-2026-42344	2026-05-9 08:16	2026-05-9	Show	GitHub Exploit DB Packet Storm

556	-		-	-	FastGPT is an AI Agent building platform. In versions 4.14.13 and prior, the code-sandbox component suffers from insufficient resource isolation and uncontrolled resource consumption. The service rel…	CWE-400 Uncontrolled Resource Consumption	CVE-2026-42343	2026-05-9 08:16	2026-05-9	Show	GitHub Exploit DB Packet Storm

557	4.4	MEDIUM Local	-	-	Vim is an open source, command line text editor. Prior to version 9.2.0383, an OS command injection vulnerability exists in the netrw standard plugin bundled with Vim. By inducing a user to open a cr…	CWE-78 OS Command	CVE-2026-42307	2026-05-9 08:16	2026-05-9	Show	GitHub Exploit DB Packet Storm

558	9.8	CRITICAL Network	-	-	FastGPT is an AI Agent building platform. From version 4.14.10 to before version 4.14.13, the agent-sandbox component of FastGPT is vulnerable to unauthenticated Remote Code Execution (RCE). The star…	CWE-306 Missing Authentication for Critical Function	CVE-2026-42302	2026-05-9 08:16	2026-05-9	Show	GitHub Exploit DB Packet Storm

559	10.0	CRITICAL Network	-	-	Postiz is an AI social media scheduling tool. Prior to commit da44801, a "Pwn Request" vulnerability in the Build and Publish PR Docker Image workflow (.github/workflows/pr-docker-build.yml) allows a…	CWE-94 Code Injection	CVE-2026-42298	2026-05-9 08:16	2026-05-9	Show	GitHub Exploit DB Packet Storm

560	6.8	MEDIUM Network	-	-	SysReptor is a fully customizable pentest reporting platform. From version 2026.4 to before version 2026.27, the endpoints for reading and creating sharing links for personal notes is not properly au…	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2026-42291	2026-05-9 08:16	2026-05-9	Show	GitHub Exploit DB Packet Storm