Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 9, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
3561 6.1 警告
Network 		AnyComment AnyComment.io AnyCommentのAnyComment.ioにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2025-67025 2026-02-2 19:30 2026-01-15 Show GitHub Exploit DB Packet Storm
3562 7.5 重要
Network 		Revotech I6032W-FHW Firmware RevotechのI6032W-FHW Firmwareにおける認証に関する脆弱性 CWE-287
不適切な認証 		CVE-2025-67158 2026-02-2 19:30 2026-01-2 Show GitHub Exploit DB Packet Storm
3563 7.5 重要
Network 		Vatilon PA4 Firmware VatilonのPA4 Firmwareにおける重要な情報の平文での送信に関する脆弱性 CWE-319
重要な情報の平文での送信 		CVE-2025-67159 2026-02-2 19:30 2026-01-2 Show GitHub Exploit DB Packet Storm
3564 7.5 重要
Network 		Vatilon PA4 Firmware VatilonのPA4 Firmwareにおけるパストラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2025-67160 2026-02-2 19:30 2026-01-2 Show GitHub Exploit DB Packet Storm
3565 6.5 警告
Network 		Abacre Limited Abacre Retail Point of Sale (POS) Abacre LimitedのAbacre Retail Point of Sale (POS)におけるSQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2025-67261 2026-02-2 19:30 2026-01-20 Show GitHub Exploit DB Packet Storm
3566 6.1 警告
Network 		Abacre Limited Abacre Retail Point of Sale (POS) Abacre LimitedのAbacre Retail Point of Sale (POS)におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2025-67263 2026-02-2 19:30 2026-01-20 Show GitHub Exploit DB Packet Storm
3567 7.5 重要
Network 		comfy ComfyUI Manager comfyのComfyUI Managerにおける保護されていない代替チャネルに関する脆弱性 CWE-420
保護されていない代替チャネル 		CVE-2025-67303 2026-02-2 19:30 2026-01-5 Show GitHub Exploit DB Packet Storm
3568 9.8 緊急
Network 		Qode Interactive Wilmer Qode InteractiveのWordPress用WilmerにおけるPHP リモートファイルインクルージョンの脆弱性 CWE-98
PHP リモートファイルインクルージョン 		CVE-2025-67515 2026-02-2 19:30 2025-12-9 Show GitHub Exploit DB Packet Storm
3569 9.8 緊急
Network 		yunjie.xiao openvpn-cms-flask yunjie.xiaoのopenvpn-cms-flaskにおける複数の脆弱性 CWE-74
CWE-77
CWE-77
CVE-2025-6775 2026-02-2 19:30 2025-06-27 Show GitHub Exploit DB Packet Storm
3570 9.8 緊急
Network 		yunjie.xiao openvpn-cms-flask yunjie.xiaoのopenvpn-cms-flaskにおけるパストラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2025-6776 2026-02-2 19:30 2025-06-27 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 10, 2026, 4:58 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
349971 - cerulean_studios trillian Cerulean Studios Trillian 0.73 and earlier use weak encrypttion (XOR) for storing user passwords in .ini files in the Trillian directory, which allows local users to gain access to other user account… NVD-CWE-Other
CVE-2002-2162 2008-09-6 05:32 2002-12-31 Show GitHub Exploit DB Packet Storm
349972 - killervault kvpoll KvPoll 1.1 allows remote authenticated users to vote more than once by setting the "already_voted" cookie by various methods, including a direct call to clear_cookies.php. NVD-CWE-Other
CVE-2002-2163 2008-09-6 05:32 2002-12-31 Show GitHub Exploit DB Packet Storm
349973 - microsoft outlook_express Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (crash) via a long <A HREF> link. NVD-CWE-Other
CVE-2002-2164 2008-09-6 05:32 2002-12-31 Show GitHub Exploit DB Packet Storm
349974 - imho imho_webmail The IMHO Webmail module 0.97.3 and earlier for Roxen leaks the REFERER from the browser's previous login session in an error page, which allows local users to read another user's inbox. NVD-CWE-Other
CVE-2002-2165 2008-09-6 05:32 2002-12-31 Show GitHub Exploit DB Packet Storm
349975 - e-zone_media_inc. fusetalk Cross-site scripting (XSS) vulnerability in FuseTalk 2.0 and 3.0 allows remote attackers to insert arbitrary HTML and web script. NVD-CWE-Other
CVE-2002-2166 2008-09-6 05:32 2002-12-31 Show GitHub Exploit DB Packet Storm
349976 - thorsten_korner 123tkshop Directory traversal vulnerability in function_foot_1.inc.php for Thorsten Korner 123tkShop before 0.3.1 allows remote attackers to read arbitrary files via .. (dot dot) sequences terminated by a null… NVD-CWE-Other
CVE-2002-2167 2008-09-6 05:32 2002-12-31 Show GitHub Exploit DB Packet Storm
349977 - thorsten_korner 123tkshop SQL injection vulnerability in Thorsten Korner 123tkShop before 0.3.1 allows remote attackers to execute arbitrary SQL queries via various programs including function_describe_item1.inc.php. NVD-CWE-Other
CVE-2002-2168 2008-09-6 05:32 2002-12-31 Show GitHub Exploit DB Packet Storm
349978 - aol instant_messenger Cross-site scripting vulnerability AOL Instant Messenger (AIM) 4.5 and 4.7 for MacOS and Windows allows remote attackers to conduct unauthorized activities, such as adding buddies and groups to a use… NVD-CWE-Other
CVE-2002-2169 2008-09-6 05:32 2002-12-31 Show GitHub Exploit DB Packet Storm
349979 - working_resources_inc. badblue Working Resources Inc. BadBlue Enterprise Edition 1.7 through 1.74 attempts to restrict administrator actions to the IP address of the local host, but does not provide additional authentication, whic… NVD-CWE-Other
CVE-2002-2170 2008-09-6 05:32 2002-12-31 Show GitHub Exploit DB Packet Storm
349980 - shana informed_designer
informed_filler 		Informed (1) Designer and (2) Filler 3.05 does not zero out newly allocated disk blocks as an encrypted file grows in size, which may allow attackers to obtain sensitive information. NVD-CWE-Other
CVE-2002-2172 2008-09-6 05:32 2002-12-31 Show GitHub Exploit DB Packet Storm