Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 4, 2026, noon

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
226551 7.5 危険 spice classifieds - Spice Classifieds の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-4039 2012-12-20 18:52 2008-09-11 Show GitHub Exploit DB Packet Storm
226552 4.3 警告 PunBB - PunBB の userlist.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-3968 2012-12-20 18:52 2008-08-20 Show GitHub Exploit DB Packet Storm
226553 2.6 注意 ssmtp - ssmtp の ssmtp.c における重要な情報を取得される脆弱性 CWE-200
情報漏えい 		CVE-2008-3962 2012-12-20 18:52 2008-08-10 Show GitHub Exploit DB Packet Storm
226554 7.5 危険 Vastal I-Tech & Co. - Vastal I-Tech Shaadi Zone の keyword_search_action.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-3953 2012-12-20 18:52 2008-09-10 Show GitHub Exploit DB Packet Storm
226555 7.5 危険 Vastal I-Tech & Co. - Vastal I-Tech Agent Zone の view_ann.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-3951 2012-12-20 18:52 2008-09-10 Show GitHub Exploit DB Packet Storm
226556 7.2 危険 SUSE - Emacs の emacs/lisp/progmodes/python.el における任意のコードを実行される脆弱性 CWE-94
コード・インジェクション 		CVE-2008-3949 2012-12-20 18:52 2008-09-19 Show GitHub Exploit DB Packet Storm
226557 7.5 危険 xrms - XRMS の admin/users/self-2.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-3948 2012-12-20 18:52 2008-09-5 Show GitHub Exploit DB Packet Storm
226558 7.5 危険 source workshop - Words タグの index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-3945 2012-12-20 18:52 2008-09-5 Show GitHub Exploit DB Packet Storm
226559 6.9 警告 r foundation - javareconf における任意のファイルを上書きされる脆弱性 CWE-59
リンク解釈の問題 		CVE-2008-3931 2012-12-20 18:52 2008-09-4 Show GitHub Exploit DB Packet Storm
226560 7.2 危険 tiger - genmsgidx の Tiger における任意のファイルを上書きされる脆弱性 CWE-59
リンク解釈の問題 		CVE-2008-3927 2012-12-20 18:52 2008-09-4 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 4, 2026, 4:06 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
931 6.3 MEDIUM
Network 		- - A vulnerability was found in Bagisto up to 2.3.15. Affected is the function copy of the component Downloadable Link Handler. The manipulation results in server-side request forgery. The attack may be… CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-6744 2026-04-29 10:00 2026-04-22 Show GitHub Exploit DB Packet Storm
932 3.5 LOW
Network 		- - A vulnerability was determined in Bagisto up to 2.3.15. Affected by this vulnerability is an unknown functionality of the component Custom Scripts Handler. This manipulation causes cross site scripti… CWE-79
CWE-94
Cross-site Scripting
Code Injection 		CVE-2026-6745 2026-04-29 10:00 2026-04-22 Show GitHub Exploit DB Packet Storm
933 6.3 MEDIUM
Network 		- - A security flaw has been discovered in Comfast CF-N1-S 2.6.0.1. Affected by this issue is some unknown functionality of the file /cgi-bin/mbox-config?method=SET&section=ping_config of the component E… CWE-74
CWE-77
Injection
Command Injection 		CVE-2026-6799 2026-04-29 10:00 2026-04-22 Show GitHub Exploit DB Packet Storm
934 4.3 MEDIUM
Network 		- - A vulnerability was determined in ericc-ch copilot-api up to 0.7.0. This impacts an unknown function of the file /token of the component Header Handler. Executing a manipulation of the argument Host … CWE-350
 Reliance on Reverse DNS Resolution for a Security-Critical Action 		CVE-2026-6874 2026-04-29 10:00 2026-04-23 Show GitHub Exploit DB Packet Storm
935 5.6 MEDIUM
Network 		- - A vulnerability was identified in ByteDance verl up to 0.7.0. Affected is the function math_equal of the file prime_math/grader.py. The manipulation leads to sandbox issue. It is possible to initiate… CWE-264
CWE-265
Permissions, Privileges, and Access Controls
 Privilege Issues 		CVE-2026-6878 2026-04-29 10:00 2026-04-23 Show GitHub Exploit DB Packet Storm
936 9.8 CRITICAL
Network 		- - Versions of the package simple-git before 3.36.0 are vulnerable to Remote Code Execution (RCE) due to an incomplete fix for [CVE-2022-25912](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221) t… CWE-94
Code Injection 		CVE-2026-6951 2026-04-29 10:00 2026-04-25 Show GitHub Exploit DB Packet Storm
937 7.3 HIGH
Network 		- - A security vulnerability has been detected in vanna-ai vanna up to 2.0.2. The affected element is an unknown function of the component Legacy Flask API. The manipulation leads to improper authorizati… CWE-266
CWE-285
 Incorrect Privilege Assignment
Improper Authorization 		CVE-2026-6977 2026-04-29 10:00 2026-04-25 Show GitHub Exploit DB Packet Storm
938 4.7 MEDIUM
Network 		- - A vulnerability was detected in JiZhiCMS up to 2.5.6. The impacted element is the function htmlspecialchars_decode of the file /index.php/admins/Sys/addcache.html. The manipulation of the argument sq… CWE-74
CWE-89
Injection
SQL Injection 		CVE-2026-6978 2026-04-29 10:00 2026-04-25 Show GitHub Exploit DB Packet Storm
939 6.3 MEDIUM
Network 		- - A flaw has been found in devlikeapro WAHA up to 2026.3.4. This affects an unknown function of the file src/api/media.controller.ts of the component API Request Handler. This manipulation causes serve… CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-6979 2026-04-29 10:00 2026-04-25 Show GitHub Exploit DB Packet Storm
940 4.7 MEDIUM
Network 		- - A vulnerability was identified in pagekit up to 1.0.18. Affected by this issue is some unknown functionality of the file /index.php/admin/system/update/download. The manipulation of the argument url … CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-6983 2026-04-29 10:00 2026-04-26 Show GitHub Exploit DB Packet Storm