Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":April 30, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
228891 7.5 危険 Plume CMS - Plume CMS の manager/tools/link/dbinstall.php における PHP リモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2006-7021 2012-12-20 18:18 2007-02-14 Show GitHub Exploit DB Packet Storm
228892 7.5 危険 phpwcms - phpwcms における任意のコードを実行される脆弱性 - CVE-2006-7019 2012-12-20 18:18 2007-02-14 Show GitHub Exploit DB Packet Storm
228893 7.5 危険 phpjobboard - phpjobboard における認証を回避される脆弱性 - CVE-2006-7016 2012-12-20 18:18 2007-02-14 Show GitHub Exploit DB Packet Storm
228894 10 危険 scart - SCart の scart.cgi における任意のコマンドを実行される脆弱性 - CVE-2006-7012 2012-12-20 18:18 2007-02-14 Show GitHub Exploit DB Packet Storm
228895 4.3 警告 wheatblog - wB の add_comment.php におけるクロスサイトスクリプティングの脆弱性 - CVE-2006-7002 2012-12-20 18:18 2007-02-12 Show GitHub Exploit DB Packet Storm
228896 7.1 危険 phpmychat plus - PhpMyChat Plus の avatar.php におけるディレクトリトラバーサルの脆弱性 - CVE-2006-7001 2012-12-20 18:18 2007-02-12 Show GitHub Exploit DB Packet Storm
228897 4.3 警告 the war forge - warforge.NEWS におけるクロスサイトスクリプティングの脆弱性 - CVE-2006-6996 2012-12-20 18:18 2007-02-12 Show GitHub Exploit DB Packet Storm
228898 6 警告 v3chat - V3 Chat の mycontacts.php における他のユーザとして権限を取得される脆弱性 - CVE-2006-6995 2012-12-20 18:18 2007-02-12 Show GitHub Exploit DB Packet Storm
228899 7.8 危険 softinform - FineBrowser Freeware における他のドメインから制限された情報をアクセスされる脆弱性 - CVE-2006-6987 2012-12-20 18:18 2007-02-8 Show GitHub Exploit DB Packet Storm
228900 7.5 危険 phpgraphy - phpGraphy における任意の PHP コードを実行される脆弱性 - CVE-2006-6966 2012-12-20 18:18 2007-02-3 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 1, 2026, 4:54 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
671 6.8 MEDIUM
Network 		- - OpenClaw before 2026.3.31 contains a sandbox escape vulnerability allowing attackers to traverse directory boundaries through symlink exploitation during file synchronization operations. Remote attac… New CWE-59
Link Following 		CVE-2026-41397 2026-04-29 05:10 2026-04-29 Show GitHub Exploit DB Packet Storm
672 7.5 HIGH
Network 		- - OpenClaw before 2026.3.31 parses MS Teams webhook request bodies before performing JWT validation, allowing unauthenticated attackers to trigger resource exhaustion. Remote attackers can send malicio… New CWE-408
 Incorrect Behavior Order: Early Amplification 		CVE-2026-41405 2026-04-29 05:10 2026-04-29 Show GitHub Exploit DB Packet Storm
673 5.4 MEDIUM
Network 		- - OpenClaw before 2026.3.31 contains a sender allowlist bypass vulnerability that allows remote attackers to access restricted messages. Attackers can exploit fetched quoted, root, and thread context m… New CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2026-41406 2026-04-29 05:10 2026-04-29 Show GitHub Exploit DB Packet Storm
674 3.7 LOW
Network 		- - OpenClaw before 2026.4.2 contains a timing side channel vulnerability in shared-secret comparison call sites that use early length-mismatch checks instead of fixed-length comparison helpers. Attacker… New CWE-208
 Information Exposure Through Timing Discrepancy 		CVE-2026-41407 2026-04-29 05:10 2026-04-29 Show GitHub Exploit DB Packet Storm
675 4.3 MEDIUM
Network 		- - OpenClaw before 2026.3.31 contains a resource exhaustion vulnerability in media downloads that bypasses core safety limits for file size, count, and cleanup operations. Attackers can exhaust disk spa… New CWE-770
 Allocation of Resources Without Limits or Throttling 		CVE-2026-41408 2026-04-29 05:10 2026-04-29 Show GitHub Exploit DB Packet Storm
676 4.3 MEDIUM
Network 		- - OpenClaw before 2026.4.8 omits owner-only enforcement for cross-channel allowlist writes in the /allowlist endpoint. An authorized non-owner sender can bypass access controls to perform allowlist mod… New CWE-863
 Incorrect Authorization 		CVE-2026-41910 2026-04-29 05:10 2026-04-29 Show GitHub Exploit DB Packet Storm
677 6.5 MEDIUM
Network 		- - OpenClaw before 2026.4.8 contains a filesystem policy bypass vulnerability in docx upload processing that allows local file reads outside workspace boundaries. Attackers can exploit upload_file and u… New CWE-22
Path Traversal 		CVE-2026-41911 2026-04-29 05:10 2026-04-29 Show GitHub Exploit DB Packet Storm
678 7.6 HIGH
Network 		- - OpenClaw before 2026.4.8 contains a server-side request forgery policy bypass vulnerability allowing attackers to trigger navigations bypassing normal SSRF checks. Attackers can exploit browser inter… New CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-41912 2026-04-29 05:10 2026-04-29 Show GitHub Exploit DB Packet Storm
679 - - - A vulnerability affecting the detailed versions of Cryptobox allows a legitimate user to prevent another to login by triggering an account lockout via sending a specially crafted request. New CWE-694
 Use of Multiple Resources with Duplicate Identifier 		CVE-2026-5794 2026-04-29 05:10 2026-04-29 Show GitHub Exploit DB Packet Storm
680 5.5 MEDIUM
Local 		- - A vulnerability in GRASSMARLIN v3.2.1 allows crafted session data to trigger improper handling of XML input, which may result in unintended exposure of sensitive information. The flaw stems from in… New CWE-611
XXE 		CVE-2026-6807 2026-04-29 05:10 2026-04-29 Show GitHub Exploit DB Packet Storm