Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
238781 7.2 危険 ESET - ESET Smart Security の easdrv.sys におけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認 		CVE-2008-7107 2012-06-26 16:10 2009-08-28 Show GitHub Exploit DB Packet Storm
238782 7.8 危険 アルバネットワークス株式会社 - Aruba Mobility Controller の ArubaOS の SNMP デーモンにおける SNMPv3 ユーザ名を読まれる脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2008-7095 2012-06-26 16:10 2009-08-27 Show GitHub Exploit DB Packet Storm
238783 6.8 警告 ekkaia
rssmodule		 - Pie Web M{a,e}sher の RSS モジュールにおける PHP リモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2008-7073 2012-06-26 16:10 2009-08-25 Show GitHub Exploit DB Packet Storm
238784 4.3 警告 Chipmunk Scripts - Chipmunk Topsites の index.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-7072 2012-06-26 16:10 2009-08-25 Show GitHub Exploit DB Packet Storm
238785 7.5 危険 Chipmunk Scripts - Chipmunk Topsites の authenticate.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-7071 2012-06-26 16:10 2009-08-25 Show GitHub Exploit DB Packet Storm
238786 7.5 危険 2enetworx - OpenForum における認証を回避される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2008-7066 2012-06-26 16:10 2009-08-25 Show GitHub Exploit DB Packet Storm
238787 7.5 危険 aled owen - One-News Beta の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-7059 2012-06-26 16:10 2009-08-24 Show GitHub Exploit DB Packet Storm
238788 6.8 警告 grayscalecms - BandSite CMS におけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2008-7058 2012-06-26 16:10 2009-08-24 Show GitHub Exploit DB Packet Storm
238789 4.3 警告 grayscalecms - BandSite CMS の merchandise.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-7057 2012-06-26 16:10 2009-08-24 Show GitHub Exploit DB Packet Storm
238790 5 警告 grayscalecms - BandSite CMS におけるデータベースのコピーを取得される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2008-7056 2012-06-26 16:10 2009-08-24 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 26, 2026, 4:08 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
591 7.5 HIGH
Network 		vmware spring_security Vulnerability in Spring Spring Security. If an application is using securityMatchers(String) and a PathPatternRequestMatcher.Builder bean to prepend a servlet path, matching requests to that filter c… New CWE-693
 Protection Mechanism Failure 		CVE-2026-22753 2026-04-24 23:17 2026-04-22 Show GitHub Exploit DB Packet Storm
592 7.5 HIGH
Network 		vmware spring_security Vulnerability in Spring Spring Security. If an application uses <sec:intercept-url servlet-path="/servlet-path" pattern="/endpoint/**"/> to define the servlet path for computing a path matcher, then … New CWE-284
Improper Access Control 		CVE-2026-22754 2026-04-24 23:16 2026-04-22 Show GitHub Exploit DB Packet Storm
593 7.5 HIGH
Network 		nestjs nest Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.19, when an attacker sends many small, valid JSON messages in one TCP frame, handleData() recurses once per m… New CWE-674
 Uncontrolled Recursion 		CVE-2026-40879 2026-04-24 22:46 2026-04-22 Show GitHub Exploit DB Packet Storm
594 5.0 MEDIUM
Network 		openfga helm_charts
openfga 		OpenFGA is an authorization/permission engine built for developers. Prior to version 1.14.1, in specific scenarios, models using conditions with caching enabled can result in two different check requ… New CWE-706
CWE-863
 Use of Incorrectly-Resolved Name or Reference
 Incorrect Authorization 		CVE-2026-41131 2026-04-24 22:44 2026-04-22 Show GitHub Exploit DB Packet Storm
595 8.8 HIGH
Local 		packagekit_project packagekit PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3… New CWE-367
 Time-of-check Time-of-use (TOCTOU) Race Condition 		CVE-2026-41651 2026-04-24 22:43 2026-04-22 Show GitHub Exploit DB Packet Storm
596 7.5 HIGH
Network 		coturn_project coturn Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.10.0, the STUN/TURN attribute parsing functions in coturn perform unsafe pointer casts from uint8_t * to uint16_t * wit… New CWE-704
 Incorrect Type Conversion or Cast 		CVE-2026-40613 2026-04-24 22:41 2026-04-22 Show GitHub Exploit DB Packet Storm
597 4.8 MEDIUM
Network 		mitmproxy mitmproxy mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmproxy 12.2.1 and below, the b… New CWE-90
LDAP Injection 		CVE-2026-40606 2026-04-24 22:33 2026-04-22 Show GitHub Exploit DB Packet Storm
598 2.7 LOW
Network 		openbao openbao OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Prior to version 2.5.3, a tenant who leaks token accessors can have their tok… New CWE-1259
 Improper Restriction of Security Token Assignment 		CVE-2026-40264 2026-04-24 22:29 2026-04-21 Show GitHub Exploit DB Packet Storm
599 4.9 MEDIUM
Network 		openbao openbao OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, when OpenBao revoked privileges on a role in the PostgreSQL database secrets engine, OpenBao failed to use … New CWE-89
SQL Injection 		CVE-2026-39946 2026-04-24 22:28 2026-04-21 Show GitHub Exploit DB Packet Storm
600 3.1 LOW
Network 		openbao openbao OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authentication method, when a token renewal is requested and `disable_binding=true` i… New CWE-295
Improper Certificate Validation  		CVE-2026-39388 2026-04-24 22:27 2026-04-21 Show GitHub Exploit DB Packet Storm