Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
21	9.8	緊急 Network	EUROLAB srl	ELTS 100 Firmware	EUROLAB srlのELTS 100 Firmwareにおけるアクセス制御に関する脆弱性	CWE-284 不適切なアクセス制御	CVE-2025-63225	2026-02-6 10:40	2025-11-18	Show	GitHub Exploit DB Packet Storm

22	3.5	低 Adjacent	Freebox	Freebox One Firmware Freebox v5 HD Firmware Freebox v5 Crystal Firmware Freebox v6 Revolution Firmware Freebox Mini 4K&nbs…	FreeboxのFreebox Mini 4K Firmware等の複数製品における重要な情報の平文での送信に関する脆弱性	CWE-319 重要な情報の平文での送信	CVE-2025-63292	2026-02-6 10:40	2025-11-17	Show	GitHub Exploit DB Packet Storm

23	6.5	警告 Network	workdo	HRM SaaS	WorkDoのHRM SaaSにおける認証の欠如に関する脆弱性	CWE-862 認証の欠如	CVE-2025-63294	2026-02-6 10:40	2025-11-4	Show	GitHub Exploit DB Packet Storm

24	7.5	重要 Network	kiloview	E3 Firmware	Kiloview Electronics Co., Ltd.のE3 Firmwareにおけるリソースの枯渇に関する脆弱性	CWE-400 リソースの枯渇	CVE-2025-63560	2026-02-6 10:40	2025-11-6	Show	GitHub Exploit DB Packet Storm

25	6.5	警告 Network	GuoMinJim	PersonManage	GuoMinJimのPersonManageにおけるアクセス制御に関する脆弱性	CWE-284 不適切なアクセス制御	CVE-2025-63686	2026-02-6 10:40	2025-11-7	Show	GitHub Exploit DB Packet Storm

26	5.4	警告 Network	Magento, Inc.	E-Commerce	Bhabishya-123のE-commerceにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2025-63883	2026-02-6 10:40	2025-11-18	Show	GitHub Exploit DB Packet Storm

27	5.3	警告 Network	Salesforce.com, inc.	MuleSoft Anypoint Extension Pack	Salesforce.com, inc.のMuleSoft Anypoint Extension Packにおけるコードインジェクションの脆弱性	CWE-94 コード・インジェクション	CVE-2025-64318	2026-02-6 10:40	2025-11-4	Show	GitHub Exploit DB Packet Storm

28	5.3	警告 Network	Salesforce.com, inc.	MuleSoft Anypoint Extension Pack	Salesforce.com, inc.のMuleSoft Anypoint Extension Packにおける重要なリソースに対する不適切なパーミッションの割り当てに関する脆弱性	CWE-732 重要なリソースに対する不適切なパーミッションの割り当て	CVE-2025-64319	2026-02-6 10:40	2025-11-4	Show	GitHub Exploit DB Packet Storm

29	6.5	警告 Network	Salesforce.com, inc.	Agentforce Vibes	Salesforce.com, inc.のAgentforce Vibesにおけるコードインジェクションの脆弱性	CWE-94 コード・インジェクション	CVE-2025-64320	2026-02-6 10:40	2025-11-4	Show	GitHub Exploit DB Packet Storm

30	5.3	警告 Network	Salesforce.com, inc.	Agentforce Vibes	Salesforce.com, inc.のAgentforce Vibesにおけるコードインジェクションの脆弱性	CWE-94 コード・インジェクション	CVE-2025-64321	2026-02-6 10:40	2025-11-4	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:April 17, 2026, 4:13 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
61	-		-	-	SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_category.php. New	-	CVE-2026-37341	2026-04-17 00:17	2026-04-17	Show	GitHub Exploit DB Packet Storm

62	-		-	-	SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/edit_music.php. New	-	CVE-2026-37340	2026-04-17 00:17	2026-04-17	Show	GitHub Exploit DB Packet Storm

63	-		-	-	SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_genre.php. New	-	CVE-2026-37339	2026-04-17 00:17	2026-04-17	Show	GitHub Exploit DB Packet Storm

64	7.4	HIGH Network	-	-	@fastify/middie versions 9.3.1 and earlier are vulnerable to middleware bypass when the deprecated Fastify ignoreDuplicateSlashes option is enabled. The middleware path matching logic does not accoun… New	CWE-436 Interpretation Conflict	CVE-2026-33804	2026-04-17 00:17	2026-04-17	Show	GitHub Exploit DB Packet Storm

65	9.8	CRITICAL Network	-	-	Slah CMS v1.5.0 and below was discovered to contain a remote code execution (RCE) vulnerability in the session() function at config.php. This vulnerability is exploitable via a crafted input. New	CWE-94 Code Injection	CVE-2026-30993	2026-04-17 00:17	2026-04-16	Show	GitHub Exploit DB Packet Storm

66	9.8	CRITICAL Network	-	-	Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. A… New	CWE-77 Command Injection	CVE-2026-30625	2026-04-17 00:17	2026-04-16	Show	GitHub Exploit DB Packet Storm

67	8.3	HIGH Network	-	-	Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the /controllers/Installer.php and the function add_git_submodule. New	CWE-77 Command Injection	CVE-2026-30461	2026-04-17 00:17	2026-04-16	Show	GitHub Exploit DB Packet Storm

68	6.4	MEDIUM Network	-	-	The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eeb_mailto' shortcode in all versions up to, and including, 2.… New	CWE-79 Cross-site Scripting	CVE-2026-2840	2026-04-17 00:17	2026-04-17	Show	GitHub Exploit DB Packet Storm

69	7.5	HIGH Network	-	-	Nordic Semiconductor IronSide SE for nRF54H20 before 23.0.2+17 has an Algorithmic complexity issue. New	CWE-407 Inefficient Algorithmic Complexity	CVE-2025-67841	2026-04-17 00:17	2026-04-16	Show	GitHub Exploit DB Packet Storm

70	5.7	MEDIUM Network	-	-	monetr is a budgeting application focused on planning for recurring expenses. Prior to 1.12.3, a transaction integrity flaw allows an authenticated tenant user to soft-delete synced non-manual transa… New	CWE-285 Improper Authorization	CVE-2026-39901	2026-04-16 23:57	2026-04-9	Show	GitHub Exploit DB Packet Storm