Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":April 29, 2026, 4 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
227341	2.3	注意	BlackBerry	-	Research in Motion BlackBerry 7270 におけるフォーマットストリングの脆弱性	-	CVE-2007-3442	2012-12-20 18:19	2007-06-26	Show	GitHub Exploit DB Packet Storm

227342	6.4	警告	snom	-	Snom 320 SIP Phone における任意の電話番号へ発信される脆弱性	-	CVE-2007-3440	2012-12-20 18:19	2007-06-26	Show	GitHub Exploit DB Packet Storm

227343	5	警告	snom	-	Snom 320 SIP Phone における不在着信を読まれる脆弱性	-	CVE-2007-3439	2012-12-20 18:19	2007-06-26	Show	GitHub Exploit DB Packet Storm

227344	9.3	危険	rkd software	-	RKD Software の BarCodeAx.dll におけるスタックベースのバッファオーバーフローの脆弱性	-	CVE-2007-3435	2012-12-20 18:19	2007-06-26	Show	GitHub Exploit DB Packet Storm

227345	7.5	危険	PluXml	-	Pluxml の admin/images.php における任意のコードをアップロードおよび実行される脆弱性	-	CVE-2007-3432	2012-12-20 18:19	2007-06-26	Show	GitHub Exploit DB Packet Storm

227346	6.8	警告	valerio capello	-	Valerio Capello Dagger - The Cutting Edge r23jan2007 の cal.func.php における PHP リモートファイルインクルージョンの脆弱性	-	CVE-2007-3431	2012-12-20 18:19	2007-06-26	Show	GitHub Exploit DB Packet Storm

227347	7.5	危険	Simple Invoices	-	Simple Invoices 2007 の index.php における SQL インジェクションの脆弱性	-	CVE-2007-3430	2012-12-20 18:19	2007-06-26	Show	GitHub Exploit DB Packet Storm

227348	7.5	危険	ZoneO-soft	-	phpTrafficA における脆弱性	-	CVE-2007-3428	2012-12-20 18:19	2007-06-26	Show	GitHub Exploit DB Packet Storm

227349	7.5	危険	ZoneO-soft	-	phpTrafficA の index.php における SQL インジェクションの脆弱性	-	CVE-2007-3427	2012-12-20 18:19	2007-06-26	Show	GitHub Exploit DB Packet Storm

227350	4.3	警告	ZoneO-soft	-	phpTrafficA の index.php におけるクロスサイトスクリプティングの脆弱性	-	CVE-2007-3426	2012-12-20 18:19	2007-06-26	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:April 29, 2026, 4:51 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
761	8.8	HIGH Network	paperclip	paperclipai	Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Versions of @paperclipai/server prior to 2026.416.0 contain a privilege escalation vulnerability th… Update	CWE-78 OS Command	CVE-2026-41208	2026-04-28 00:14	2026-04-23	Show	GitHub Exploit DB Packet Storm

762	10.0	CRITICAL Network	wwbn	avideo	WWBN AVideo is an open source video platform. In versions 29.0 and prior, the YPTSocket plugin's WebSocket server relays attacker-supplied JSON message bodies to every connected client without saniti… Update	CWE-94 Code Injection	CVE-2026-40911	2026-04-28 00:12	2026-04-22	Show	GitHub Exploit DB Packet Storm

763	9.8	CRITICAL Network	roxy-wi	roxy-wi	Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 8.2.6.4 have a SQL injection vulnerability in the haproxy_section_save function in app/routes/… Update	CWE-89 SQL Injection	CVE-2026-33078	2026-04-28 00:10	2026-04-24	Show	GitHub Exploit DB Packet Storm

764	9.9	CRITICAL Network	openclaw	openclaw	OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate privileges via heartbeat context inheritance and senderIsOwner parameter manipulation. Attackers can e… Update	CWE-648 Incorrect Use of Privileged APIs	CVE-2026-41329	2026-04-28 00:09	2026-04-21	Show	GitHub Exploit DB Packet Storm

765	7.2	HIGH Network	espocrm	espocrm	EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, the admin template management endpoints accept attacker-controlled `name` and `scope` values and pass t… Update	CWE-23 Relative Path Traversal	CVE-2026-33733	2026-04-28 00:08	2026-04-23	Show	GitHub Exploit DB Packet Storm

766	4.4	MEDIUM Local	openclaw	openclaw	OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass sec… Update	CWE-453 Insecure Default Variable Initialization	CVE-2026-41330	2026-04-28 00:08	2026-04-21	Show	GitHub Exploit DB Packet Storm

767	5.3	MEDIUM Network	openclaw	openclaw	OpenClaw before 2026.3.31 contains a resource consumption vulnerability in Telegram audio preflight transcription that allows unauthorized group senders to trigger transcription processing. Attackers… Update	CWE-408	CVE-2026-41331	2026-04-28 00:08	2026-04-21	Show	GitHub Exploit DB Packet Storm

768	4.8	MEDIUM Network	gfi	helpdesk	GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the template group creation and editing functionality that allows authenticated administrators to inject arbitrary J… Update	CWE-79 Cross-site Scripting	CVE-2026-23752	2026-04-28 00:07	2026-04-21	Show	GitHub Exploit DB Packet Storm

769	8.6	HIGH Local	openclaw	openclaw	OpenClaw before 2026.3.28 loads the current working directory .env file before trusted state-dir configuration, allowing environment variable injection. Attackers can place a malicious .env file in a… Update	CWE-15 External Control of System or Configuration Setting	CVE-2026-41294	2026-04-28 00:07	2026-04-21	Show	GitHub Exploit DB Packet Storm

770	4.8	MEDIUM Network	gfi	helpdesk	GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the language management functionality where the charset POST parameter is passed directly to SWIFT_Language::Create(… Update	CWE-79 Cross-site Scripting	CVE-2026-23753	2026-04-28 00:07	2026-04-21	Show	GitHub Exploit DB Packet Storm