Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 8, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
227811	7.5	危険	site sift media	-	Site Sift Listings における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-1869	2012-12-20 18:52	2008-04-17	Show	GitHub Exploit DB Packet Storm

227812	7.5	危険	pixel motion	-	Blog Pixel Motion の admin/sauvBase.php における重要な情報を含む blogPM.sql ファイルの結果を取得される脆弱性	CWE-287 不適切な認証	CVE-2008-1868	2012-12-20 18:52	2008-04-17	Show	GitHub Exploit DB Packet Storm

227813	7.5	危険	pixel motion	-	Blog Pixel Motion における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-1867	2012-12-20 18:52	2008-04-17	Show	GitHub Exploit DB Packet Storm

227814	9	危険	pixel motion	-	Blog Pixel Motion の admin/modif_config.php における任意の PHP スクリプトをアップロードされる脆弱性	CWE-94 コード・インジェクション	CVE-2008-1866	2012-12-20 18:52	2008-04-17	Show	GitHub Exploit DB Packet Storm

227815	7.5	危険	prozilla	-	Prozilla Freelancers の project.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-1864	2012-12-20 18:52	2008-04-17	Show	GitHub Exploit DB Packet Storm

227816	7.5	危険	prozilla	-	Prozilla Cheat Script の view_reviews.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-1863	2012-12-20 18:52	2008-04-17	Show	GitHub Exploit DB Packet Storm

227817	5	警告	SmarterTools Inc.	-	SmarterMail の SmarterMail Web Server におけるサービス運用妨害 (DoS) の脆弱性	CWE-DesignError	CVE-2008-1854	2012-12-20 18:52	2008-04-16	Show	GitHub Exploit DB Packet Storm

227818	4.3	警告	SAP	-	SAP NetWeaver のデフォルト設定におけるクロスサイトスクリプティング攻撃を実行される脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-1846	2012-12-20 18:52	2008-04-16	Show	GitHub Exploit DB Packet Storm

227819	7.5	危険	w2b	-	W2B phpHotResources の cat.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-1844	2012-12-20 18:52	2008-04-16	Show	GitHub Exploit DB Packet Storm

227820	7.5	危険	w2b	-	W2B DatingClub の browse.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-1843	2012-12-20 18:52	2008-04-16	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 8, 2026, 4:54 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
2531	9.8	CRITICAL Network	-	-	A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setNtpCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation…	CWE-77 CWE-78 Command Injection OS Command	CVE-2026-7138	2026-04-28 03:35	2026-04-28	Show	GitHub Exploit DB Packet Storm

2532	4.3	MEDIUM Network	-	-	An open redirect in the /api/google/authorize endpoint of hunvreus DevPush v0.3.2 allows attackers to redirect users to malicious sites via supplying a crafted URL.	CWE-601 Open Redirect	CVE-2026-30346	2026-04-28 03:35	2026-04-28	Show	GitHub Exploit DB Packet Storm

2533	4.3	MEDIUM Network	-	-	A path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to execute a directory traversal.	CWE-22 Path Traversal	CVE-2026-30462	2026-04-28 03:35	2026-04-28	Show	GitHub Exploit DB Packet Storm

2534	8.8	HIGH Network	-	-	Cross Site Request Forgery vulnerability in diskoverdata diskover-community v.2.3.5. and before allows a remote attacker to escalate privileges and obtain sensitive information via the public/setting…	CWE-352 Origin Validation Error	CVE-2026-38934	2026-04-28 03:35	2026-04-28	Show	GitHub Exploit DB Packet Storm

2535	6.1	MEDIUM Network	-	-	A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/view.php via the doctype parameter	CWE-79 Cross-site Scripting	CVE-2026-38935	2026-04-28 03:35	2026-04-28	Show	GitHub Exploit DB Packet Storm

2536	6.1	MEDIUM Network	-	-	A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/selectindices.php via the namecontains parameter	CWE-79 Cross-site Scripting	CVE-2026-38936	2026-04-28 03:35	2026-04-28	Show	GitHub Exploit DB Packet Storm

2537	9.8	CRITICAL Network	-	-	A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the …	CWE-77 CWE-78 Command Injection OS Command	CVE-2026-7139	2026-04-28 03:35	2026-04-28	Show	GitHub Exploit DB Packet Storm

2538	9.8	CRITICAL Network	-	-	A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the arg…	CWE-77 CWE-78 Command Injection OS Command	CVE-2026-7140	2026-04-28 03:35	2026-04-28	Show	GitHub Exploit DB Packet Storm

2539	5.4	MEDIUM Network	-	-	A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php of the component Invit…	CWE-285 CWE-639 Improper Authorization Authorization Bypass Through User-Controlled Key	CVE-2026-7145	2026-04-28 03:35	2026-04-28	Show	GitHub Exploit DB Packet Storm

2540	4.0	MEDIUM Local	gnupg	libgcrypt	Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.	CWE-787 Out-of-bounds Write	CVE-2026-41990	2026-04-28 03:33	2026-04-23	Show	GitHub Exploit DB Packet Storm