Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
239581	9.3	危険	friendly technologies	-	Friendly Technologies FriendlyPPPoE Client における任意のファイルを読まれる脆弱性	CWE-20 不適切な入力確認	CVE-2008-4050	2012-06-26 16:02	2008-09-11	Show	GitHub Exploit DB Packet Storm

239582	6.8	警告	friendly technologies	-	Friendly Technologies FriendlyPPPoE Client の fwRemoteCfg.dll における任意のプログラムを実行される脆弱性	CWE-20 不適切な入力確認	CVE-2008-4049	2012-06-26 16:02	2008-09-11	Show	GitHub Exploit DB Packet Storm

239583	6.8	警告	friendly technologies	-	Friendly Technologies FriendlyPPPoE Client の fwRemoteCfg.dll におけるヒープベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2008-4048	2012-06-26 16:02	2008-09-11	Show	GitHub Exploit DB Packet Storm

239584	7.5	危険	elitecms	-	eliteCMS の index.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-4046	2012-06-26 16:02	2008-09-11	Show	GitHub Exploit DB Packet Storm

239585	4.3	警告	@mail	-	@Mail におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-4045	2012-06-26 16:02	2008-09-11	Show	GitHub Exploit DB Packet Storm

239586	7.5	危険	aj square	-	AJ Square aj-hyip の article/readarticle.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-4044	2012-06-26 16:02	2008-09-11	Show	GitHub Exploit DB Packet Storm

239587	7.5	危険	aj square	-	AJ Square AJ HYIP Acme における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-4043	2012-06-26 16:02	2008-09-11	Show	GitHub Exploit DB Packet Storm

239588	9.3	危険	gmanedit2	-	gmanedit の open_man_file 関数におけるヒープベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2008-3971	2012-06-26 16:02	2008-09-10	Show	GitHub Exploit DB Packet Storm

239589	7.5	危険	bitlbee	-	BitlBee における既存のアカウントを "上書き" される脆弱性	CWE-264 CWE-399	CVE-2008-3969	2012-06-26 16:02	2008-09-10	Show	GitHub Exploit DB Packet Storm

239590	7.5	危険	AlstraSoft	-	AlstraSoft Forum Pay Per Post Exchange の index.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-3954	2012-06-26 16:02	2008-09-10	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:April 18, 2026, 4:11 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
141	7.5	HIGH Network	-	-	Deadwood in MaraDNS 3.5.0036 allows attackers to exhaust connection slots via a zone whose authoritative nameserver address cannot be resolved. New	CWE-670 Always-Incorrect Control Flow Implementation	CVE-2026-40719	2026-04-18 00:38	2026-04-15	Show	GitHub Exploit DB Packet Storm

142	-		-	-	Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a vulnerability chain in the LiveTV M3U tuner endpoint (POST /LiveTv/TunerHosts), where the tuner URL is not val… Update	CWE-73 CWE-918 External Control of File Name or Path Server-Side Request Forgery (SSRF)	CVE-2026-35032	2026-04-18 00:38	2026-04-15	Show	GitHub Exploit DB Packet Storm

143	-		-	-	Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain an unauthenticated arbitrary file read vulnerability via ffmpeg argument injection through the StreamOptions que… Update	CWE-88 CWE-862 Argument Injection Missing Authorization	CVE-2026-35033	2026-04-18 00:38	2026-04-15	Show	GitHub Exploit DB Packet Storm

144	8.0	HIGH Network	-	-	nanobot is a personal AI assistant. Versions prior to 0.1.5 contain a Cross-Site WebSocket Hijacking (CSWSH) vulnerability exists in the bridge's WebSocket server in bridge/src/server.ts, resulting f… Update	CWE-1385 Missing Origin Validation in WebSockets	CVE-2026-35589	2026-04-18 00:38	2026-04-15	Show	GitHub Exploit DB Packet Storm

145	7.2	HIGH Network	-	-	BoidCMS is an open-source, PHP-based flat-file CMS for building simple websites and blogs, using JSON as its database. Versions prior to 2.1.3 are vulnerable to a critical Local File Inclusion (LFI) … Update	CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')	CVE-2026-39387	2026-04-18 00:38	2026-04-15	Show	GitHub Exploit DB Packet Storm

146	9.6	CRITICAL Network	-	-	NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply … Update	CWE-20 CWE-22 Improper Input Validation Path Traversal	CVE-2026-39399	2026-04-18 00:38	2026-04-15	Show	GitHub Exploit DB Packet Storm

147	7.5	HIGH Network	-	-	Apache::API::Password versions through v0.5.2 for Perl can generate insecure random values for salts. The _make_salt and _make_salt_bcrypt methods will attept to load Crypt::URandom and then Bytes::… New	CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)	CVE-2026-5088	2026-04-18 00:38	2026-04-15	Show	GitHub Exploit DB Packet Storm

148	8.1	HIGH Network	-	-	An access control vulnerability was discovered in the Threat Intelligence functionality due to a specific access restriction not being properly enforced for users with view-only privileges. An authen… New	CWE-863 Incorrect Authorization	CVE-2025-40897	2026-04-18 00:38	2026-04-15	Show	GitHub Exploit DB Packet Storm

149	8.9	HIGH Network	-	-	A Stored Cross-Site Scripting vulnerability was discovered in the Assets and Nodes functionality due to improper validation of an input parameter. An authenticated user with custom fields privileges … New	CWE-79 Cross-site Scripting	CVE-2025-40899	2026-04-18 00:38	2026-04-15	Show	GitHub Exploit DB Packet Storm

150	9.9	CRITICAL Network	-	-	OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expression injection vulnerabilities in the rules engine that allow arbitrary code execution on the serve… New	CWE-94 CWE-917 Code Injection Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')	CVE-2026-39842	2026-04-18 00:38	2026-04-15	Show	GitHub Exploit DB Packet Storm