Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":April 30, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
228761 7.5 危険 sme - SmE FileMailer の index.php および dl.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2007-0350 2012-12-20 18:19 2007-01-18 Show GitHub Exploit DB Packet Storm
228762 7.5 危険 sme - SmE FileMailer の index.php における SQL インジェクションの脆弱性 - CVE-2007-0346 2012-12-20 18:19 2007-01-17 Show GitHub Exploit DB Packet Storm
228763 6.8 警告 The phpMyAdmin Project - phpMyAdmin におけるクロスサイトスクリプティングの脆弱性 - CVE-2007-0341 2012-12-20 18:19 2007-01-17 Show GitHub Exploit DB Packet Storm
228764 7.5 危険 thwboard - ThWboard の inc/header.inc.php における SQL インジェクションの脆弱性 - CVE-2007-0340 2012-12-20 18:19 2007-01-17 Show GitHub Exploit DB Packet Storm
228765 7.5 危険 scriptme - Scriptme SMe FileMailer の index.php における SQL インジェクションの脆弱性 - CVE-2007-0339 2012-12-20 18:19 2007-01-17 Show GitHub Exploit DB Packet Storm
228766 4.4 警告 rixstep - Rixstep Undercover の Undercover.app/Contents/Resources/uc における任意のファイルを上書きされる脆弱性 - CVE-2007-0336 2012-12-20 18:19 2007-01-17 Show GitHub Exploit DB Packet Storm
228767 7.5 危険 xentraz - liens_dynamiques の admin/adminlien.php3 などにおける許可されていない管理者の操作を実行される脆弱性 - CVE-2007-0332 2012-12-20 18:19 2007-01-17 Show GitHub Exploit DB Packet Storm
228768 6.8 警告 xentraz - liens_dynamiques の liens.php3 におけるクロスサイトスクリプティングの脆弱性 - CVE-2007-0331 2012-12-20 18:19 2007-01-17 Show GitHub Exploit DB Packet Storm
228769 9.3 危険 トレンドマイクロ - Trend Micro OfficeScan Web-Deployment SetupINICtrl ActiveX コントロールにおけるバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2007-0325 2012-12-20 18:19 2007-02-12 Show GitHub Exploit DB Packet Storm
228770 7.5 危険 BlackBerry - RIM の TeamOn Import Object ActiveX コントロールにおけるバッファオーバーフローの脆弱性 - CVE-2007-0323 2012-12-20 18:19 2007-05-8 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 30, 2026, 4:58 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1071 8.5 HIGH
Network 		socialengine socialengine SocialEngine versions 7.8.0 and prior contain a blind server-side request forgery vulnerability in the /core/link/preview endpoint where user-supplied input passed via the uri request parameter is no… CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-41461 2026-04-27 23:53 2026-04-24 Show GitHub Exploit DB Packet Storm
1072 8.8 HIGH
Network 		goshs goshs goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs leaks file-based ACL credentials through its public collaborator feed when the server is deployed without global ba… CWE-200
NVD-CWE-noinfo
Information Exposure 		CVE-2026-40885 2026-04-27 23:51 2026-04-22 Show GitHub Exploit DB Packet Storm
1073 8.7 HIGH
Local 		linaro op-tee OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. In versions 3.13.0 through 4.10.0, mi… CWE-125
CWE-787
Out-of-bounds Read
 Out-of-bounds Write 		CVE-2026-33317 2026-04-27 23:50 2026-04-24 Show GitHub Exploit DB Packet Storm
1074 6.5 MEDIUM
Network 		apache activemq
activemq_web 		Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. An authenticated attacker can show malicious content when browsin… CWE-79
CWE-915
Cross-site Scripting
 Improperly Controlled Modification of Dynamically-Determined Object Attributes 		CVE-2026-41043 2026-04-27 23:49 2026-04-24 Show GitHub Exploit DB Packet Storm
1075 8.8 HIGH
Network 		apache activemq
activemq_broker 		Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use … CWE-20
CWE-94
 Improper Input Validation 
Code Injection 		CVE-2026-41044 2026-04-27 23:49 2026-04-24 Show GitHub Exploit DB Packet Storm
1076 9.8 CRITICAL
Network 		ericsson codechecker CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the URL ends with Authentication with certain… CWE-290
CWE-863
 Authentication Bypass by Spoofing
 Incorrect Authorization 		CVE-2026-25660 2026-04-27 23:48 2026-04-24 Show GitHub Exploit DB Packet Storm
1077 8.8 HIGH
Network 		mathjs mathjs Math.js is an extensive math library for JavaScript and Node.js. From 13.1.1 to before 15.2.0, a vulnerability allowed executing arbitrary JavaScript via the expression parser of mathjs. You can be a… CWE-915
 Improperly Controlled Modification of Dynamically-Determined Object Attributes 		CVE-2026-40897 2026-04-27 23:47 2026-04-25 Show GitHub Exploit DB Packet Storm
1078 4.3 MEDIUM
Network 		xibosignage xibo Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to version 4.4.1, any authenticated user can manually construct a URL t… CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2026-31956 2026-04-27 23:44 2026-04-24 Show GitHub Exploit DB Packet Storm
1079 4.9 MEDIUM
Network 		xibosignage xibo Xibo is an open source digital signage platform with a web content management system and Windows display player software. An authenticated Server-Side Request Forgery (SSRF) vulnerability in versions… CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-31955 2026-04-27 23:43 2026-04-24 Show GitHub Exploit DB Packet Storm
1080 5.4 MEDIUM
Network 		xibosignage xibo Xibo is an open source digital signage platform with a web content management system and Windows display player software. A stored Cross-Site Scripting (XSS) vulnerability in versions prior to 4.4.1 … CWE-79
Cross-site Scripting 		CVE-2026-31953 2026-04-27 23:43 2026-04-24 Show GitHub Exploit DB Packet Storm