Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 8, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
228311 4.3 警告 Real Time Logic - BarracudaDrive Web Server におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2007-6316 2012-12-20 18:34 2007-12-11 Show GitHub Exploit DB Packet Storm
228312 4 警告 Real Time Logic - Group Chat の BarracudaDrive Web Server におけるサービス運用妨害 (DoS) の脆弱性 CWE-119
バッファエラー 		CVE-2007-6315 2012-12-20 18:34 2007-12-11 Show GitHub Exploit DB Packet Storm
228313 5 警告 Real Time Logic - BarracudaDrive Web Server における Web スクリプトに対するソースコードを読まれる脆弱性 CWE-20
不適切な入力確認 		CVE-2007-6314 2012-12-20 18:34 2007-12-11 Show GitHub Exploit DB Packet Storm
228314 4.3 警告 ウェブセンス - Websense Enterprise および Web Security Suite の Web Reporting Tools portal におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2007-6312 2012-12-20 18:34 2007-12-11 Show GitHub Exploit DB Packet Storm
228315 4.3 警告 webSPELL - webSPELL の index.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2007-6309 2012-12-20 18:34 2007-12-11 Show GitHub Exploit DB Packet Storm
228316 5 警告 phpmychat - phpMyChat の users_popupL.php3 における PHP リモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2007-6296 2012-12-20 18:34 2007-12-10 Show GitHub Exploit DB Packet Storm
228317 7.5 危険 xigla - Xigla Absolute Banner Manager .NET の abm.aspx における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2007-6291 2012-12-20 18:34 2007-12-10 Show GitHub Exploit DB Packet Storm
228318 7.5 危険 tecnick.com - TCExam における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2007-6288 2012-12-20 18:34 2007-12-10 Show GitHub Exploit DB Packet Storm
228319 10 危険 stbernard - St. Bernard Open File Manager の Open File Manager service におけるヒープベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2007-6281 2012-12-20 18:34 2007-12-19 Show GitHub Exploit DB Packet Storm
228320 9.3 危険 SonicWALL - SonicWALL GLobal VPN Client のコンフィギュレーションファイルにおけるフォーマットストリングの脆弱性 CWE-134
書式文字列の問題 		CVE-2007-6273 2012-12-20 18:34 2007-12-7 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 8, 2026, 4:54 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
2401 5.5 MEDIUM
Local 		linux linux_kernel In the Linux kernel, the following vulnerability has been resolved: net: rfkill: prevent unlimited numbers of rfkill events from being created Userspace can create an unlimited number of rfkill eve… NVD-CWE-noinfo
CVE-2026-31670 2026-04-28 05:10 2026-04-25 Show GitHub Exploit DB Packet Storm
2402 5.5 MEDIUM
Local 		linux linux_kernel In the Linux kernel, the following vulnerability has been resolved: xfrm: clear trailing padding in build_polexpire() build_expire() clears the trailing padding bytes of struct xfrm_user_expire aft… NVD-CWE-noinfo
CVE-2026-31664 2026-04-28 04:59 2026-04-25 Show GitHub Exploit DB Packet Storm
2403 9.1 CRITICAL
Network 		microsoft asp.net_core Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network. CWE-347
 Improper Verification of Cryptographic Signature 		CVE-2026-40372 2026-04-28 04:57 2026-04-22 Show GitHub Exploit DB Packet Storm
2404 3.7 LOW
Network 		bacnetstack bacnet_stack BACnet Stack is a BACnet open source protocol stack C library for embedded systems. Prior to 1.4.3, decode_signed32() in src/bacnet/bacint.c reconstructs a 32-bit signed integer from four APDU bytes … CWE-758
 Reliance on Undefined, Unspecified, or Implementation-Defined Behavior 		CVE-2026-40279 2026-04-28 04:49 2026-04-22 Show GitHub Exploit DB Packet Storm
2405 6.8 MEDIUM
Network 		oauth2_proxy_project oauth2_proxy OAuth2 Proxy is a reverse proxy that provides authentication using OAuth2 providers. Prior to 7.15.2, an authorization bypass exists in OAuth2 Proxy as part of the email_domain enforcement option. An… CWE-863
 Incorrect Authorization 		CVE-2026-40574 2026-04-28 04:49 2026-04-22 Show GitHub Exploit DB Packet Storm
2406 7.5 HIGH
Network 		ransomlook ransomlook RansomLook is a tool to monitor Ransomware groups and markets and extract their victims. Prior to 1.9.0, the API in the affected application improperly filters private location entries in website/web… CWE-200
Information Exposure 		CVE-2026-40584 2026-04-28 04:47 2026-04-22 Show GitHub Exploit DB Packet Storm
2407 9.0 CRITICAL
Network 		craftycontrol crafty_controller An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actions via improper API permiss… CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2026-5652 2026-04-28 04:47 2026-04-22 Show GitHub Exploit DB Packet Storm
2408 4.8 MEDIUM
Network 		pyload-ng_project pyload-ng pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev98, the set_session_cookie_secure before_request handler in src/pyload/webui/app/__init__.py reads the X-Forwa… CWE-346
 Origin Validation Error 		CVE-2026-40594 2026-04-28 04:43 2026-04-22 Show GitHub Exploit DB Packet Storm
2409 5.6 MEDIUM
Local 		home-assistant-ecosystem home_assistant_command-line_interface The Home Assistant Command-line interface (hass-cli) is a command-line tool for Home Assistant. Up to 1.0.0 of home-assitant-cli an unrestricted environment was used to handle Jninja2 templates inste… CWE-94
CWE-1336
Code Injection
 Improper Neutralization of Special Elements Used in a Template Engine 		CVE-2026-40602 2026-04-28 04:43 2026-04-22 Show GitHub Exploit DB Packet Storm
2410 5.5 MEDIUM
Local 		dayuanjiang next_ai_draw.io Next AI Draw.io is a next.js web application that integrates AI capabilities with draw.io diagrams. Prior to 0.4.15, the embedded HTTP sidecar contains three POST handlers (/api/state, /api/restore, … CWE-770
 Allocation of Resources Without Limits or Throttling 		CVE-2026-40608 2026-04-28 04:41 2026-04-22 Show GitHub Exploit DB Packet Storm