Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
331 7.5 重要
Network 		Fanvil Technology Co., Ltd. X210 Firmware Fanvil Technology Co., Ltd.のX210 Firmwareにおける古典的バッファオーバーフローの脆弱性 CWE-120
古典的バッファオーバーフロー 		CVE-2025-64053 2026-02-4 18:41 2025-12-5 Show GitHub Exploit DB Packet Storm
332 9.6 緊急
Network 		Fanvil Technology Co., Ltd. X210 Firmware Fanvil Technology Co., Ltd.のX210 Firmwareにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2025-64054 2026-02-4 18:41 2025-12-5 Show GitHub Exploit DB Packet Storm
333 9.8 緊急
Network 		Fanvil Technology Co., Ltd. X210 Firmware Fanvil Technology Co., Ltd.のX210 Firmwareにおける認証に関する脆弱性 CWE-287
不適切な認証 		CVE-2025-64055 2026-02-4 18:41 2025-12-3 Show GitHub Exploit DB Packet Storm
334 4.3 警告
Adjacent 		Fanvil Technology Co., Ltd. X210 Firmware Fanvil Technology Co., Ltd.のX210 Firmwareにおける重要な機能に対する認証の欠如に関する脆弱性 CWE-306
重要な機能に対する認証の欠如 解説 		CVE-2025-64056 2026-02-4 18:41 2025-12-5 Show GitHub Exploit DB Packet Storm
335 8.3 重要
Adjacent 		Fanvil Technology Co., Ltd. X210 Firmware Fanvil Technology Co., Ltd.のX210 Firmwareにおけるパストラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2025-64057 2026-02-4 18:41 2025-12-5 Show GitHub Exploit DB Packet Storm
336 7.5 重要
Network 		Argo Workflows project Argo Workflows argoprojのArgo Workflowsにおける複数の脆弱性 CWE-23
CWE-59
CWE-78
CVE-2025-66626 2026-02-4 18:41 2025-12-9 Show GitHub Exploit DB Packet Storm
337 8.4 重要
Local 		Kiso Innovations Technology Co.,Ltd KS-WR3600 Firmware Kiso Innovations Technology Co.,LtdのKS-WR3600 Firmwareにおける複数の脆弱性 CWE-284
CWE-306
CWE-521
CVE-2025-68716 2026-02-4 18:41 2026-01-8 Show GitHub Exploit DB Packet Storm
338 9.4 緊急
Network 		Kiso Innovations Technology Co.,Ltd KS-WR3600 Firmware Kiso Innovations Technology Co.,LtdのKS-WR3600 Firmwareにおける認証に関する脆弱性 CWE-287
不適切な認証 		CVE-2025-68717 2026-02-4 18:41 2026-01-8 Show GitHub Exploit DB Packet Storm
339 5.4 警告
Adjacent 		Kiso Innovations Technology Co.,Ltd KS-WR1200 Firmware Kiso Innovations Technology Co.,LtdのKS-WR1200 Firmwareにおける情報漏えいに関する脆弱性 CWE-200
情報漏えい 		CVE-2025-68718 2026-02-4 18:41 2026-01-8 Show GitHub Exploit DB Packet Storm
340 8.8 重要
Network 		Kiso Innovations Technology Co.,Ltd KS-WR3600 Firmware Kiso Innovations Technology Co.,LtdのKS-WR3600 Firmwareにおける複数の脆弱性 CWE-200
CWE-552
CVE-2025-68719 2026-02-4 18:41 2026-01-8 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 19, 2026, 4:09 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
21 - - - An example of BashOperator in Airflow documentation suggested a way of passing dag_run.conf in the way that could cause unsanitized user input to be used to escalate privileges of UI user to allow ex… New CWE-77
Command Injection 		CVE-2026-30898 2026-04-18 16:16 2026-04-18 Show GitHub Exploit DB Packet Storm
22 - - - Dag Authors, who normally should not be able to execute code in the webserver context could craft XCom payload causing the webserver to execute arbitrary code. Since Dag Authors are already highly tr… New CWE-502
 Deserialization of Untrusted Data 		CVE-2026-25917 2026-04-18 16:16 2026-04-18 Show GitHub Exploit DB Packet Storm
23 6.9 MEDIUM
Local 		- - In iTerm2 through 3.6.9, displaying a .txt file can cause code execution via DCS 2000p and OSC 135 data, if the working directory contains a malicious file whose name is valid output from the conduct… New CWE-829
 Inclusion of Functionality from Untrusted Control Sphere 		CVE-2026-41253 2026-04-18 15:16 2026-04-18 Show GitHub Exploit DB Packet Storm
24 8.8 HIGH
Network 		- - The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbitrary file upload and remote code execution in all versions up to, and including, 4.1.16 via the `c… New CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2026-6518 2026-04-18 14:16 2026-04-18 Show GitHub Exploit DB Packet Storm
25 6.4 MEDIUM
Network 		- - The Flipbox Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flipbox widget's button URL `custom_attributes` field in all versions up to, and including, 2… New CWE-79
Cross-site Scripting 		CVE-2026-6048 2026-04-18 14:16 2026-04-18 Show GitHub Exploit DB Packet Storm
26 6.4 MEDIUM
Network 		- - The Page Builder Gutenberg Blocks – CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via external iCal feed data in all versions up to, and including, 3.1.16 due to insuffic… New CWE-79
Cross-site Scripting 		CVE-2026-4801 2026-04-18 14:16 2026-04-18 Show GitHub Exploit DB Packet Storm
27 7.5 HIGH
Network 		- - Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remot… New CWE-321
CWE-502
 Use of Hard-coded Cryptographic Key
 Deserialization of Untrusted Data 		CVE-2026-5426 2026-04-18 13:16 2026-04-17 Show GitHub Exploit DB Packet Storm
28 7.5 HIGH
Network 		- - libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document. New CWE-331
 Insufficient Entropy 		CVE-2026-41080 2026-04-18 13:16 2026-04-17 Show GitHub Exploit DB Packet Storm
29 6.5 MEDIUM
Adjacent 		- - An issue in the Bluetooth Low Energy (BLE) control interface of the Yamaha SR-B30A sound bar firmware 2.40 (Mobile App: Sound Bar Remote / version: 2.40) allows remote attackers within BLE radio rang… New CWE-284
Improper Access Control 		CVE-2026-37100 2026-04-18 13:16 2026-04-17 Show GitHub Exploit DB Packet Storm
30 7.5 HIGH
Network 		- - JWT Tokens used by tasks were exposed in logs. This could allow UI users to act as Dag Authors. Users are advised to upgrade to Airflow version that contains fix. Users are recommended to upgrade t… New CWE-532
 Inclusion of Sensitive Information in Log Files 		CVE-2026-31987 2026-04-18 13:16 2026-04-16 Show GitHub Exploit DB Packet Storm