Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
227841 7.5 危険 gillius programming - GNE の ConsoleStreambuf.cpp におけるフォーマットストリングの脆弱性 - CVE-2006-3908 2012-12-20 18:02 2006-07-27 Show GitHub Exploit DB Packet Storm
227842 5 警告 シーメンス - Siemens SpeedStream におけるサービス運用妨害 (DoS) の脆弱性 - CVE-2006-3907 2012-12-20 18:02 2006-07-27 Show GitHub Exploit DB Packet Storm
227843 7.5 危険 mywebland - Webland MyBloggie における SQL インジェクションの脆弱性 - CVE-2006-3905 2012-12-20 18:02 2006-07-27 Show GitHub Exploit DB Packet Storm
227844 6.8 警告 Etomite Project - Etomite CMS の manager/index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2006-3904 2012-12-20 18:02 2006-07-27 Show GitHub Exploit DB Packet Storm
227845 5.8 警告 mywebland - myWebland MyBloggie における CRLF インジェクションの脆弱性 - CVE-2006-3903 2012-12-20 18:02 2006-07-27 Show GitHub Exploit DB Packet Storm
227846 4.3 警告 phpfaber - phpFaber TopSites の index.php におけるクロスサイトスクリプティングの脆弱性 - CVE-2006-3902 2012-12-20 18:02 2006-07-27 Show GitHub Exploit DB Packet Storm
227847 7.5 危険 tumbleweed - Tumbleweed EMF におけるスタックベースのバッファオーバーフローの脆弱性 - CVE-2006-3901 2012-12-20 18:02 2006-07-27 Show GitHub Exploit DB Packet Storm
227848 6.8 警告 tobias kloy - TP-Book の guestbook.php におけるクロスサイトスクリプティングの脆弱性 - CVE-2006-3900 2012-12-20 18:02 2006-07-27 Show GitHub Exploit DB Packet Storm
227849 5 警告 マイクロソフト - Windows 上で稼動する Microsoft Internet Explorer 6.0 におけるサービス運用妨害 (DoS) の脆弱性 - CVE-2006-3899 2012-12-20 18:02 2006-07-27 Show GitHub Exploit DB Packet Storm
227850 5 警告 マイクロソフト - Windows 上で稼動する Microsoft Internet Explorer 6.0 におけるサービス運用妨害 (DoS) の脆弱性 - CVE-2006-3898 2012-12-20 18:02 2006-07-27 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 26, 2026, 4:08 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1111 - - - Oxia is a metadata store and coordination system. Prior to 0.16.2, the OIDC authentication provider unconditionally sets SkipClientIDCheck: true in the go-oidc verifier configuration, disabling the s… CWE-287
Improper Authentication 		CVE-2026-40946 2026-04-23 05:28 2026-04-22 Show GitHub Exploit DB Packet Storm
1112 4.3 MEDIUM
Network 		- - BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have an Open Redirect through bigbluebutton/api/join via get-parameter "logoutURL." Version 3.0.24 has adjusted the handlin… CWE-601
Open Redirect 		CVE-2026-41126 2026-04-23 05:26 2026-04-22 Show GitHub Exploit DB Packet Storm
1113 6.5 MEDIUM
Network 		- - BigBlueButton is an open-source virtual classroom. Versions prior to 3.0.24 have a missing authorization that allows viewers to inject/overwrite captions Version 3.0.24 tightened the permissions on w… CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2026-41127 2026-04-23 05:26 2026-04-22 Show GitHub Exploit DB Packet Storm
1114 - - - Craft CMS is a content management system (CMS). In versions 5.6.0 through 5.9.14, the `actionSavePermissions()` endpoint allows a user with only `viewUsers` permission to remove arbitrary users from … CWE-862
 Missing Authorization 		CVE-2026-41128 2026-04-23 05:26 2026-04-22 Show GitHub Exploit DB Packet Storm
1115 - - - Craft CMS is a content management system (CMS). Versions on the 4.x branch through 4.17.8 and the 5.x branch through 5.9.14 are vulnerable to Server-Side Request Forgery. The exploitation requires a … CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-41129 2026-04-23 05:26 2026-04-22 Show GitHub Exploit DB Packet Storm
1116 - - - Craft CMS is a content management system (CMS). In versions on the 4.x branch through 4.17.8 and the 5.x branch through 5.9.14, the `resource-js` endpoint in Craft CMS allows unauthenticated requests… CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-41130 2026-04-23 05:26 2026-04-22 Show GitHub Exploit DB Packet Storm
1117 6.4 MEDIUM
Network 		- - The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagram_follow_text' setting in all versions up to, and including, … CWE-79
Cross-site Scripting 		CVE-2026-5162 2026-04-23 05:22 2026-04-17 Show GitHub Exploit DB Packet Storm
1118 6.5 MEDIUM
Network 		- - The Tutor LMS plugin for WordPress is vulnerable to SQL Injection in versions up to and including 3.9.8. This is due to insufficient escaping on the 'date' parameter combined with direct interpolatio… CWE-89
SQL Injection 		CVE-2026-6080 2026-04-23 05:22 2026-04-17 Show GitHub Exploit DB Packet Storm
1119 6.5 MEDIUM
Network 		- - The WP Statistics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 14.16.4. This is due to missing capability checks on multiple AJAX handlers includi… CWE-862
 Missing Authorization 		CVE-2026-3488 2026-04-23 05:22 2026-04-17 Show GitHub Exploit DB Packet Storm
1120 9.8 CRITICAL
Network 		- - All plugins by Essentialplugin for WordPress are vulnerable to an injected backdoor in various versions. This is due to the plugin being sold to a malicious threat actor that embedded a backdoor in a… CWE-506
 Embedded Malicious Code 		CVE-2026-6443 2026-04-23 05:22 2026-04-17 Show GitHub Exploit DB Packet Storm