Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":April 30, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
227351	7.5	危険	vu	-	VU Case Manager の default.asp における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2007-6143	2012-12-20 18:34	2007-11-27	Show	GitHub Exploit DB Packet Storm

227352	4.3	警告	salims softhouse	-	ph03y3nk JAF CMS におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2007-6142	2012-12-20 18:34	2007-11-27	Show	GitHub Exploit DB Packet Storm

227353	4.3	警告	vbtube	-	vBTube の vBTube.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2007-6141	2012-12-20 18:34	2007-11-27	Show	GitHub Exploit DB Packet Storm

227354	7.5	危険	vu	-	VU Mass Mailer の redir.asp における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2007-6138	2012-12-20 18:33	2007-11-27	Show	GitHub Exploit DB Packet Storm

227355	4.3	警告	phpslideshow	-	PHPSlideShow の phpslideshow.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2007-6135	2012-12-20 18:33	2007-11-27	Show	GitHub Exploit DB Packet Storm

227356	7.5	危険	PHPKIT	-	PHPKIT の pkinc/public/article.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2007-6134	2012-12-20 18:33	2007-11-27	Show	GitHub Exploit DB Packet Storm

227357	2.1	注意	レッドハット	-	scanbuttond の buttonpressed.sh における任意のファイルを上書きされる脆弱性	CWE-16 環境設定	CVE-2007-6131	2012-12-20 18:33	2007-11-14	Show	GitHub Exploit DB Packet Storm

227358	7.5	危険	project alumni	-	project alumni における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2007-6127	2012-12-20 18:33	2007-11-26	Show	GitHub Exploit DB Packet Storm

227359	4.3	警告	project alumni	-	project alumni におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2007-6126	2012-12-20 18:33	2007-11-26	Show	GitHub Exploit DB Packet Storm

227360	7.5	危険	softbiz	-	Softbiz Freelancers Script の search_form.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2007-6125	2012-12-20 18:33	2007-11-26	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 1, 2026, 4:54 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1091	6.1	MEDIUM Network	-	-	A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/selectindices.php via the namecontains parameter New	CWE-79 Cross-site Scripting	CVE-2026-38936	2026-04-28 03:35	2026-04-28	Show	GitHub Exploit DB Packet Storm

1092	9.8	CRITICAL Network	-	-	A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the … New	CWE-77 CWE-78 Command Injection OS Command	CVE-2026-7139	2026-04-28 03:35	2026-04-28	Show	GitHub Exploit DB Packet Storm

1093	9.8	CRITICAL Network	-	-	A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the arg… New	CWE-77 CWE-78 Command Injection OS Command	CVE-2026-7140	2026-04-28 03:35	2026-04-28	Show	GitHub Exploit DB Packet Storm

1094	5.4	MEDIUM Network	-	-	A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php of the component Invit… New	CWE-285 CWE-639 Improper Authorization Authorization Bypass Through User-Controlled Key	CVE-2026-7145	2026-04-28 03:35	2026-04-28	Show	GitHub Exploit DB Packet Storm

1095	4.0	MEDIUM Local	gnupg	libgcrypt	Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data. Update	CWE-787 Out-of-bounds Write	CVE-2026-41990	2026-04-28 03:33	2026-04-23	Show	GitHub Exploit DB Packet Storm

1096	6.7	MEDIUM Local	gnupg	libgcrypt	Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt. Update	CWE-787 Out-of-bounds Write	CVE-2026-41989	2026-04-28 03:33	2026-04-23	Show	GitHub Exploit DB Packet Storm

1097	7.8	HIGH Local	-	-	In the Linux kernel, the following vulnerability has been resolved: af_unix: read UNIX_DIAG_VFS data under unix_state_lock Exact UNIX diag lookups hold a reference to the socket, but not to u->path… Update	-	CVE-2026-31673	2026-04-28 03:32	2026-04-25	Show	GitHub Exploit DB Packet Storm

1098	7.1	HIGH Local	-	-	In the Linux kernel, the following vulnerability has been resolved: netfilter: ip6t_rt: reject oversized addrnr in rt_mt6_check() Reject rt match rules whose addrnr exceeds IP6T_RT_HOPS. rt_mt6() … Update	-	CVE-2026-31674	2026-04-28 03:32	2026-04-25	Show	GitHub Exploit DB Packet Storm

1099	7.8	HIGH Local	-	-	In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_netem: fix out-of-bounds access in packet corruption In netem_enqueue(), the packet corruption logic uses get_rand… Update	-	CVE-2026-31675	2026-04-28 03:32	2026-04-25	Show	GitHub Exploit DB Packet Storm

1100	7.5	HIGH Network	-	-	In the Linux kernel, the following vulnerability has been resolved: rxrpc: only handle RESPONSE during service challenge Only process RESPONSE packets while the service connection is still in RXRPC… Update	-	CVE-2026-31676	2026-04-28 03:32	2026-04-25	Show	GitHub Exploit DB Packet Storm