Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":April 29, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
227431 6.8 警告 PHPMailer project - PHPMailer における任意のシェルコマンドを実行される脆弱性 - CVE-2007-3215 2012-12-20 18:19 2007-06-11 Show GitHub Exploit DB Packet Storm
227432 10 危険 PhpWiki - PhpWiki の lib/WikiUser/LDAP.php における認証を回避される脆弱性 - CVE-2007-3193 2012-12-20 18:19 2007-06-12 Show GitHub Exploit DB Packet Storm
227433 6.8 警告 vincent hor - Calendarix における SQL インジェクションの脆弱性 - CVE-2007-3183 2012-12-20 18:19 2007-06-26 Show GitHub Exploit DB Packet Storm
227434 4.3 警告 vincent hor - Calendarix におけるクロスサイトスクリプティングの脆弱性 - CVE-2007-3182 2012-12-20 18:19 2007-06-26 Show GitHub Exploit DB Packet Storm
227435 7.5 危険 zindizayn okul web sistemi - Zindizayn Okul Web Sistemi における SQL インジェクションの脆弱性 - CVE-2007-3178 2012-12-20 18:19 2007-06-11 Show GitHub Exploit DB Packet Storm
227436 7.5 危険 w2b - W2B Online Banking における SQL インジェクションの脆弱性 - CVE-2007-3175 2012-12-20 18:19 2007-06-11 Show GitHub Exploit DB Packet Storm
227437 4.3 警告 w2b - W2B Online Banking の auth.w2b におけるクロスサイトスクリプティングの脆弱性 - CVE-2007-3174 2012-12-20 18:19 2007-06-11 Show GitHub Exploit DB Packet Storm
227438 5 警告 uebimiau - Uebimiau Webmail の demo/pop3/error.php におけるディレクトリトラバーサルの脆弱性 - CVE-2007-3172 2012-12-20 18:19 2007-06-11 Show GitHub Exploit DB Packet Storm
227439 5 警告 uebimiau - Uebimiau Webmail における重要な情報を取得される脆弱性 - CVE-2007-3171 2012-12-20 18:19 2007-06-11 Show GitHub Exploit DB Packet Storm
227440 4.3 警告 uebimiau - Uebimiau Webmail におけるクロスサイトスクリプティングの脆弱性 - CVE-2007-3170 2012-12-20 18:19 2007-06-11 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 30, 2026, 4:58 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1051 5.4 MEDIUM
Network 		gfi helpdesk GFI HelpDesk before 4.99.10 contains a stored cross-site scripting vulnerability in the Reports module where the title parameter is passed directly to SWIFT_Report::Create() without HTML sanitization… Update CWE-79
Cross-site Scripting 		CVE-2026-23757 2026-04-27 23:59 2026-04-21 Show GitHub Exploit DB Packet Storm
1052 9.8 CRITICAL
Network 		totolink a3300r_firmware An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMinAlive parameter to /cgi-bin/cstecgi.cgi. Update CWE-78
OS Command  		CVE-2026-31177 2026-04-27 23:59 2026-04-24 Show GitHub Exploit DB Packet Storm
1053 9.8 CRITICAL
Network 		totolink a3300r_firmware An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMaxAlive parameter to /cgi-bin/cstecgi.cgi. Update CWE-78
OS Command  		CVE-2026-31178 2026-04-27 23:58 2026-04-24 Show GitHub Exploit DB Packet Storm
1054 10.0 CRITICAL
Network 		paperclip paperclipai
paperclipai\/server 		Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on … Update CWE-287
CWE-862
CWE-1188
Improper Authentication
 Missing Authorization
 Insecure Default Initialization of Resource 		CVE-2026-41679 2026-04-27 23:58 2026-04-23 Show GitHub Exploit DB Packet Storm
1055 6.5 MEDIUM
Network 		totolink a3300r_firmware An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunPort parameter to /cgi-bin/cstecgi.cgi. Update CWE-77
Command Injection 		CVE-2026-31179 2026-04-27 23:58 2026-04-24 Show GitHub Exploit DB Packet Storm
1056 9.8 CRITICAL
Network 		totolink a3300r_firmware An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunServerAddr parameter to /cgi-bin/cstecgi.cgi. Update CWE-78
OS Command  		CVE-2026-31181 2026-04-27 23:58 2026-04-24 Show GitHub Exploit DB Packet Storm
1057 5.4 MEDIUM
Network 		gfi helpdesk GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the ticket subject field that allows authenticated staff members to inject malicious JavaScript by manipulating the … Update CWE-79
Cross-site Scripting 		CVE-2026-23758 2026-04-27 23:58 2026-04-21 Show GitHub Exploit DB Packet Storm
1058 6.5 MEDIUM
Network 		totolink a3300r_firmware An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the ttlWay parameter to /cgi-bin/cstecgi.cgi. Update CWE-77
Command Injection 		CVE-2026-31162 2026-04-27 23:57 2026-04-24 Show GitHub Exploit DB Packet Storm
1059 6.5 MEDIUM
Network 		totolink a3300r_firmware An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the dhcpMtu parameter to /cgi-bin/cstecgi.cgi. Update CWE-77
Command Injection 		CVE-2026-31163 2026-04-27 23:57 2026-04-24 Show GitHub Exploit DB Packet Storm
1060 7.8 HIGH
Local 		radare radare2 radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured project directory by importing a malic… Update CWE-59
CWE-22
Link Following
Path Traversal 		CVE-2026-6941 2026-04-27 23:57 2026-04-24 Show GitHub Exploit DB Packet Storm