Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 6, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
3311 9.8 緊急
Network 		Nitro Software Inc. Nitro PDF Pro Nitro Software Inc.のNitro PDF Proにおける同一生成元ポリシー違反に関する脆弱性 CWE-346
同一生成元ポリシー違反 		CVE-2025-67825 2026-01-28 12:41 2026-01-8 Show GitHub Exploit DB Packet Storm
3312 8.1 重要
Network 		Qode Interactive Wellspring Qode InteractiveのWordPress用WellspringにおけるPHP リモートファイルインクルージョンの脆弱性 CWE-98
PHP リモートファイルインクルージョン 		CVE-2025-67934 2026-01-28 12:41 2026-01-8 Show GitHub Exploit DB Packet Storm
3313 6.5 警告
Network 		Apache Software Foundation Apache Spatial Information System (SIS) Apache Software FoundationのApache Spatial Information System (SIS)におけるXML 外部エンティティの脆弱性 CWE-611
XML 外部エンティティ参照の不適切な制限 		CVE-2025-68280 2026-01-28 12:41 2026-01-5 Show GitHub Exploit DB Packet Storm
3314 4.8 警告
Network 		Centreon Centreon Open Tickets CentreonのCentreon Open Ticketsにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2025-8460 2026-01-28 12:41 2025-12-22 Show GitHub Exploit DB Packet Storm
3315 4.3 警告
Network 		cdata API Server cdataのAPI Serverにおける外部からアクセス可能なファイルまたはディレクトリに関する脆弱性 CWE-552
外部からアクセス可能なファイルまたはディレクトリ 		CVE-2025-9273 2026-01-28 12:41 2025-09-2 Show GitHub Exploit DB Packet Storm
3316 7.6 重要
Network 		OPEXUS eCASE Audit OPEXUSのeCASE Auditにおける不正な認証に関する脆弱性 CWE-863
不正な認証 		CVE-2026-22230 2026-01-28 12:41 2026-01-8 Show GitHub Exploit DB Packet Storm
3317 8.8 重要
Network 		Microhard IPn4Gb Firmware
BulletPlus Firmware
IPn3Gb Firmware
VIP4G-WiFi-N Firmware
IPn4G Firmware
Bullet-3G Firmware
Dragon-LTE Firmware
VIP4Gb Fir… 		MicrohardのBullet-3G Firmware等の複数製品におけるOS コマンドインジェクションの脆弱性 CWE-78
OSコマンド・インジェクション 		CVE-2018-25143 2026-01-28 12:41 2025-12-24 Show GitHub Exploit DB Packet Storm
3318 9.8 緊急
Network 		Microhard IPn4Gb Firmware
BulletPlus Firmware
IPn3Gb Firmware
VIP4G-WiFi-N Firmware
IPn4G Firmware
Bullet-3G Firmware
Dragon-LTE Firmware
VIP4Gb Fir… 		MicrohardのBullet-3G Firmware等の複数製品におけるパストラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2018-25144 2026-01-28 12:41 2025-12-24 Show GitHub Exploit DB Packet Storm
3319 6.5 警告
Network 		Microhard IPn4Gb Firmware
BulletPlus Firmware
IPn3Gb Firmware
VIP4G-WiFi-N Firmware
IPn4G Firmware
Bullet-3G Firmware
Dragon-LTE Firmware
VIP4Gb Fir… 		MicrohardのBullet-3G Firmware等の複数製品における外部からアクセス可能なファイルまたはディレクトリに関する脆弱性 CWE-552
外部からアクセス可能なファイルまたはディレクトリ 		CVE-2018-25145 2026-01-28 12:40 2025-12-24 Show GitHub Exploit DB Packet Storm
3320 8.1 重要
Network 		Microhard IPn4Gb Firmware
BulletPlus Firmware
IPn3Gb Firmware
VIP4G-WiFi-N Firmware
IPn4G Firmware
Bullet-3G Firmware
Dragon-LTE Firmware
VIP4Gb Fir… 		MicrohardのBullet-3G Firmware等の複数製品における不正な認証に関する脆弱性 CWE-863
不正な認証 		CVE-2018-25146 2026-01-28 12:40 2025-12-24 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 7, 2026, 4:22 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
349331 - aquonics_scripting aquonics_file_manager Directory traversal vulnerability in source.php in Aquonics File Manager 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP query string. NVD-CWE-Other
CVE-2002-1926 2008-09-6 05:31 2002-12-31 Show GitHub Exploit DB Packet Storm
349332 - software602 602pro_lan_suite 602Pro LAN SUITE 2002 allows remote attackers to view the directory tree via an HTTP GET request with a trailing "~" (tilde) or ".bak" extension. NVD-CWE-Other
CVE-2002-1928 2008-09-6 05:31 2002-12-31 Show GitHub Exploit DB Packet Storm
349333 - php_arena pafiledb Cross-site scripting (XSS) vulnerability in pafiledb.php in PHP Arena paFileDB 1.1.3 through 3.0 allows remote attackers to inject arbitrary web script or HTML via the query string in the (1) rate, (… NVD-CWE-Other
CVE-2002-1929 2008-09-6 05:31 2002-12-31 Show GitHub Exploit DB Packet Storm
349334 - an an-httpd Buffer overflow in AN HTTPd 1.38 through 1.4.1c allows remote attackers to execute arbitrary code via a SOCKS4 request with a long username. NVD-CWE-Other
CVE-2002-1930 2008-09-6 05:31 2002-12-31 Show GitHub Exploit DB Packet Storm
349335 - php_arena pafiledb Cross-site scripting (XSS) vulnerability in PHP Arena paFileDB 1.1.3 and 2.1.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the search string. NVD-CWE-Other
CVE-2002-1931 2008-09-6 05:31 2002-12-31 Show GitHub Exploit DB Packet Storm
349336 - microsoft windows_2000_terminal_services The terminal services screensaver for Microsoft Windows 2000 does not automatically lock the terminal window if the window is minimized, which could allow local users to gain access to the terminal s… NVD-CWE-Other
CVE-2002-1933 2008-09-6 05:31 2002-12-31 Show GitHub Exploit DB Packet Storm
349337 - utstarcom bas_1000 UTStarcom BAS 1000 3.1.10 creates several default or back door accounts and passwords, which allows remote attackers to gain access via (1) field account with a password of "*field", (2) guru account… NVD-CWE-Other
CVE-2002-1936 2008-09-6 05:31 2002-12-31 Show GitHub Exploit DB Packet Storm
349338 - symantec firewall_vpn_appliance_100
firewall_vpn_appliance_200
firewall_vpn_appliance_200r 		Symantec Firewall/VPN Appliance 100 through 200R hardcodes the administrator's MAC address inside the firewall's configuration, which allows remote attackers to spoof the administrator's MAC address … NVD-CWE-Other
CVE-2002-1937 2008-09-6 05:31 2002-12-31 Show GitHub Exploit DB Packet Storm
349339 - virgil cgi_scanner Virgil CGI Scanner 0.9 allows remote attackers to execute arbitrary commands via the (1) tar (TARGET) or (2) zielport (ZIELPORT) parameters. NVD-CWE-Other
CVE-2002-1938 2008-09-6 05:31 2002-12-31 Show GitHub Exploit DB Packet Storm
349340 - flashfxp flashfxp FlashFXP 1.4 prints FTP passwords in plaintext when there are transfers in the queue, which allows attackers to obtain FTP passwords of other users by editing the queue properties. NVD-CWE-Other
CVE-2002-1939 2008-09-6 05:31 2002-12-31 Show GitHub Exploit DB Packet Storm