Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
227871 2.6 注意 OWASP - WebScarab におけるクロスサイトスクリプティングの脆弱性 - CVE-2006-3841 2012-12-20 18:02 2006-07-25 Show GitHub Exploit DB Packet Storm
227872 10 危険 eiqnetworks - eIQnetworks ESA におけるスタックベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2006-3838 2012-12-20 18:02 2006-07-26 Show GitHub Exploit DB Packet Storm
227873 5 警告 professional home page tools - Professional Home Page Tools Guestbook の delcookie.php における管理者のパスワードハッシュを取得され脆弱性 - CVE-2006-3837 2012-12-20 18:02 2006-07-25 Show GitHub Exploit DB Packet Storm
227874 5 警告 unidomedia - UNIDOmedia Chameleon LE および Chameleon PRO におけるディレクトリトラバーサルの脆弱性 - CVE-2006-3836 2012-12-20 18:02 2006-07-25 Show GitHub Exploit DB Packet Storm
227875 5 警告 ej3 - EJ3 TOPo におけるエントリパスワードを取得される脆弱性 - CVE-2006-3834 2012-12-20 18:02 2006-07-25 Show GitHub Exploit DB Packet Storm
227876 5 警告 ej3 - EJ3 TOPo の index.php における既存のエントリを上書きされる脆弱性 - CVE-2006-3833 2012-12-20 18:02 2006-07-25 Show GitHub Exploit DB Packet Storm
227877 7.5 危険 gerrit van aaken - Gerrit van Aaken Loudblog の index.php における SQL インジェクションの脆弱性 - CVE-2006-3832 2012-12-20 18:02 2006-07-25 Show GitHub Exploit DB Packet Storm
227878 5 警告 kailash nadh - Kailash Nadh boastMachine の Backup セレクションにおける重要な情報を取得される脆弱性 - CVE-2006-3831 2012-12-20 18:02 2006-07-25 Show GitHub Exploit DB Packet Storm
227879 4 警告 kailash nadh - Kailash Nadh boastMachine におけるファイルをアップロードされる脆弱性 - CVE-2006-3830 2012-12-20 18:02 2006-07-25 Show GitHub Exploit DB Packet Storm
227880 5 警告 kailash nadh - Kailash Nadh boastMachine の bmc/admin.php におけるクロスサイトリクエストフォージェリの脆弱性 - CVE-2006-3829 2012-12-20 18:02 2006-07-25 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 25, 2026, 4:08 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
981 8.6 HIGH
Network 		- - Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where an HTTP redirect to unaut… New CWE-497
 Exposure of Sensitive System Information to an Unauthorized Control Sphere 		CVE-2026-34413 2026-04-23 06:18 2026-04-23 Show GitHub Exploit DB Packet Storm
982 7.1 HIGH
Network 		- - Xerte Online Toolkits versions 3.15 and earlier contain a relative path traversal vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where the name parameter in re… New CWE-22
Path Traversal 		CVE-2026-34414 2026-04-23 06:18 2026-04-23 Show GitHub Exploit DB Packet Storm
983 9.8 CRITICAL
Network 		- - Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint that fails to block PHP-executable extensions .php4 due to an i… New CWE-184
 Incomplete Blacklist 		CVE-2026-34415 2026-04-23 06:18 2026-04-23 Show GitHub Exploit DB Packet Storm
984 5.3 MEDIUM
Network 		- - Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthenticated attackers to retrieve the full server-side filesystem path of the applicati… New CWE-497
 Exposure of Sensitive System Information to an Unauthorized Control Sphere 		CVE-2026-41459 2026-04-23 06:18 2026-04-23 Show GitHub Exploit DB Packet Storm
985 8.7 HIGH
Adjacent 		- - Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection present in the same application, these p… New CWE-1104
 Use of Unmaintained Third Party Components 		CVE-2026-41468 2026-04-23 06:18 2026-04-23 Show GitHub Exploit DB Packet Storm
986 5.2 MEDIUM
Adjacent 		- - Beghelli Sicuro24 SicuroWeb does not enforce a Content Security Policy, allowing unrestricted loading of external JavaScript resources from attacker-controlled origins. When chained with the template… New CWE-693
 Protection Mechanism Failure 		CVE-2026-41469 2026-04-23 06:18 2026-04-23 Show GitHub Exploit DB Packet Storm
987 5.7 MEDIUM
Network 		- - Twenty is an open source CRM. Prior to 1.20.6, a Stored Cross-Site Scripting (XSS) vulnerability exists in the BlockNote editor component. Due to a lack of protocol validation in the FileBlock compon… New CWE-79
Cross-site Scripting 		CVE-2026-35451 2026-04-23 06:17 2026-04-22 Show GitHub Exploit DB Packet Storm
988 9.4 CRITICAL
Network 		- - excel-mcp-server is a Model Context Protocol server for Excel file manipulation. A path traversal vulnerability exists in excel-mcp-server versions up to and including 0.1.7. When running in SSE or S… New CWE-22
Path Traversal 		CVE-2026-40576 2026-04-23 06:17 2026-04-22 Show GitHub Exploit DB Packet Storm
989 8.8 HIGH
Network 		- - Let's Encrypt client and ACME library written in Go (Lego). Prior to 4.34.0, the webroot HTTP-01 challenge provider in lego is vulnerable to arbitrary file write and deletion via path traversal. A ma… New CWE-22
Path Traversal 		CVE-2026-40611 2026-04-23 06:17 2026-04-22 Show GitHub Exploit DB Packet Storm
990 5.3 MEDIUM
Local 		- - A stack-use-after-return issue exists in the Arduino_Core_STM32 library prior to version 1.7.0. The pwm_start() function allocates a TIM_HandleTypeDef structure on the stack and passes its address to… Update CWE-562
CVE-2026-26399 2026-04-23 06:16 2026-04-21 Show GitHub Exploit DB Packet Storm