Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 21, 2026, 6:01 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
238441 7.8 危険 minb - minb におけるユーザ名などを含むデータベースをダウンロードされる脆弱性 - CVE-2007-4093 2012-09-25 16:47 2007-07-30 Show GitHub Exploit DB Packet Storm
238442 5 警告 ifoto - iFoto の index.php におけるディレクトリトラバーサルの脆弱性 - CVE-2007-4092 2012-09-25 16:47 2007-07-30 Show GitHub Exploit DB Packet Storm
238443 7.5 危険 index script - IndexScript の show_cat.php における SQL インジェクションの脆弱性 - CVE-2007-4069 2012-09-25 16:47 2007-07-26 Show GitHub Exploit DB Packet Storm
238444 7.8 危険 Tenable, Inc. - Nessus Vulnerability Scanner の SCANCTRL.ScanCtrlCtrl.1 ActiveX コントロールにおける任意のファイルを削除される脆弱性 CWE-22
パス・トラバーサル 		CVE-2007-4062 2012-09-25 16:47 2007-07-30 Show GitHub Exploit DB Packet Storm
238445 9.3 危険 Tenable, Inc. - Nessus Vulnerability Scanner の特定の ActiveX コントロールにおけるディレクトリトラバーサルの脆弱性 - CVE-2007-4061 2012-09-25 16:47 2007-07-30 Show GitHub Exploit DB Packet Storm
238446 6.5 警告 Neocrome - Neocrome Seditio の pfs.php における任意の PHP コードをアップロードされる脆弱性 - CVE-2007-4057 2012-09-25 16:47 2007-07-30 Show GitHub Exploit DB Packet Storm
238447 7.5 危険 php123 - PHP123 Top Sites の category.php における SQL インジェクションの脆弱性 - CVE-2007-4054 2012-09-25 16:47 2007-07-30 Show GitHub Exploit DB Packet Storm
238448 7.5 危険 LinPHA - LinPHA の include/img_view.class.php における SQL インジェクションの脆弱性 - CVE-2007-4053 2012-09-25 16:47 2007-07-30 Show GitHub Exploit DB Packet Storm
238449 4.3 警告 nukedit - nukedit の utilities/login.asp におけるクロスサイトスクリプティングの脆弱性 - CVE-2007-4052 2012-09-25 16:47 2007-07-30 Show GitHub Exploit DB Packet Storm
238450 7.5 危険 Joomla! - Joomla! 用の Pony Gallery における SQL インジェクションの脆弱性 - CVE-2007-4046 2012-09-25 16:47 2007-07-27 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 21, 2026, 4:10 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
2151 - - - Craft CMS is a content management system (CMS). From 5.0.0-RC1 to before 5.9.18, AssetsController::actionShowInFolder() fetches an asset by ID and returns its filename and complete folder hierarchy (… CWE-862
 Missing Authorization 		CVE-2026-44012 2026-05-13 23:54 2026-05-13 Show GitHub Exploit DB Packet Storm
2152 9.9 CRITICAL
Network 		openedx openedx Open edX Platform enables the authoring and delivery of online learning at any scale. The sync_provider_data endpoint in SAMLProviderDataViewSet allows authenticated Enterprise Admin users to supply … CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-42858 2026-05-13 23:53 2026-05-12 Show GitHub Exploit DB Packet Storm
2153 8.5 HIGH
Network 		openedx edx-enterprise The Open edx Enterprise Service app provides enterprise features to the Open edX platform. From 7.0.2 to 7.0.4, the sync_provider_data endpoint in SAMLProviderDataViewSet fetches SAML metadata from a… CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-42860 2026-05-13 23:50 2026-05-12 Show GitHub Exploit DB Packet Storm
2154 - - - Improper enforcement of the LFENCE serialization property may allow an attacker to bypass speculation barriers and potentially disclose sensitive information, potentially resulting in loss of confide… CWE-693
 Protection Mechanism Failure 		CVE-2024-36315 2026-05-13 23:49 2026-05-13 Show GitHub Exploit DB Packet Storm
2155 - - - Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to modify MMIO routing configurations, potentially resulting in loss of SEV-SNP guest integrity. CWE-1233
 Security-Sensitive Hardware Controls with Missing Lock Bit Protection 		CVE-2025-61971 2026-05-13 23:49 2026-05-13 Show GitHub Exploit DB Packet Storm
2156 - - - Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network (SMN) access, potentially resulting in arbitrary code executio… CWE-1233
 Security-Sensitive Hardware Controls with Missing Lock Bit Protection 		CVE-2025-61972 2026-05-13 23:49 2026-05-13 Show GitHub Exploit DB Packet Storm
2157 - - - A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2025-62623 2026-05-13 23:49 2026-05-13 Show GitHub Exploit DB Packet Storm
2158 - - - A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. CWE-122
Heap-based Buffer Overflow 		CVE-2025-62624 2026-05-13 23:49 2026-05-13 Show GitHub Exploit DB Packet Storm
2159 - - - An untrusted pointer dereference in the ionic cloud driver for VMWare ESXi could allow an attacker with an unprivileged VM to read kernel memory or co-located guest VM memory, potentially resulting i… CWE-822
 Untrusted Pointer Dereference 		CVE-2025-62627 2026-05-13 23:49 2026-05-13 Show GitHub Exploit DB Packet Storm
2160 6.3 MEDIUM
Network 		- - A vulnerability has been found in CodeAstro Online Catering Ordering System 1.0. This affects an unknown function of the file /deleteorder.php. The manipulation of the argument ID leads to sql inject… CWE-74
CWE-89
Injection
SQL Injection 		CVE-2026-8231 2026-05-13 23:48 2026-05-10 Show GitHub Exploit DB Packet Storm