Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 6, 2026, 4 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
228941	7.5	危険	x-dev	-	X-dev xNews の classes/class.news.php における SQL インジェクションの脆弱性	-	CVE-2007-0630	2012-12-20 18:19	2007-01-31	Show	GitHub Exploit DB Packet Storm

228942	6.4	警告	plain black	-	Plain Black WebGUI の www_purgeList メソッドにおける許可されていないアセットを削除される脆弱性	-	CVE-2007-0629	2012-12-20 18:19	2007-01-31	Show	GitHub Exploit DB Packet Storm

228943	4.3	警告	サン・マイクロシステムズ	-	Sun Java System Access Manager におけるクロスサイトスクリプティングの脆弱性	-	CVE-2007-0628	2012-12-20 18:19	2007-01-29	Show	GitHub Exploit DB Packet Storm

228944	5	警告	vlad leont	-	FD Script の download.php における特定の拡張子を伴う Web 文書ルート配下のファイルのソースを読み取られる脆弱性	-	CVE-2007-0620	2012-12-20 18:19	2007-01-31	Show	GitHub Exploit DB Packet Storm

228945	7.8	危険	Zenphoto	-	zenphoto の zen/template-functions.php におけるディレクトリトラバーサルの脆弱性	-	CVE-2007-0616	2012-12-20 18:19	2007-01-31	Show	GitHub Exploit DB Packet Storm

228946	4.3	警告	W-Agora	-	Web-Agora におけるアプリケーションのパス情報を取得される脆弱性	-	CVE-2007-0607	2012-12-20 18:19	2007-03-20	Show	GitHub Exploit DB Packet Storm

228947	5	警告	W-Agora	-	w-agora における重要な情報を取得される脆弱性	-	CVE-2007-0606	2012-12-20 18:19	2007-03-21	Show	GitHub Exploit DB Packet Storm

228948	6.8	警告	シックス・アパート株式会社	-	Movable Type におけるクロスサイトスクリプティングの脆弱性	-	CVE-2007-0604	2012-12-20 18:19	2007-01-30	Show	GitHub Exploit DB Packet Storm

228949	6.9	警告	トレンドマイクロ	-	Linux 用の Trend Micro VirusWall におけるバッファオーバーフローの脆弱性	-	CVE-2007-0602	2012-12-20 18:19	2007-01-30	Show	GitHub Exploit DB Packet Storm

228950	5	警告	siteman	-	Siteman におけるパスワードハッシュを含むデータベースをダウンロードされる脆弱性	-	CVE-2007-0594	2012-12-20 18:19	2007-01-30	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 6, 2026, 4:08 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1861	4.3	MEDIUM Network	-	-	An open redirect in the /api/google/authorize endpoint of hunvreus DevPush v0.3.2 allows attackers to redirect users to malicious sites via supplying a crafted URL.	CWE-601 Open Redirect	CVE-2026-30346	2026-04-28 03:35	2026-04-28	Show	GitHub Exploit DB Packet Storm

1862	4.3	MEDIUM Network	-	-	A path traversal vulnerability in the Blocks module of Daylight Studio FuelCMS v1.5.2 allows attackers to execute a directory traversal.	CWE-22 Path Traversal	CVE-2026-30462	2026-04-28 03:35	2026-04-28	Show	GitHub Exploit DB Packet Storm

1863	8.8	HIGH Network	-	-	Cross Site Request Forgery vulnerability in diskoverdata diskover-community v.2.3.5. and before allows a remote attacker to escalate privileges and obtain sensitive information via the public/setting…	CWE-352 Origin Validation Error	CVE-2026-38934	2026-04-28 03:35	2026-04-28	Show	GitHub Exploit DB Packet Storm

1864	6.1	MEDIUM Network	-	-	A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/view.php via the doctype parameter	CWE-79 Cross-site Scripting	CVE-2026-38935	2026-04-28 03:35	2026-04-28	Show	GitHub Exploit DB Packet Storm

1865	6.1	MEDIUM Network	-	-	A reflected cross-site scripting (XSS) vulnerability exists in diskover-community <= 2.3.5 in public/selectindices.php via the namecontains parameter	CWE-79 Cross-site Scripting	CVE-2026-38936	2026-04-28 03:35	2026-04-28	Show	GitHub Exploit DB Packet Storm

1866	9.8	CRITICAL Network	-	-	A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setWiFiAclRules of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the …	CWE-77 CWE-78 Command Injection OS Command	CVE-2026-7139	2026-04-28 03:35	2026-04-28	Show	GitHub Exploit DB Packet Storm

1867	9.8	CRITICAL Network	-	-	A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function CsteSystem of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the arg…	CWE-77 CWE-78 Command Injection OS Command	CVE-2026-7140	2026-04-28 03:35	2026-04-28	Show	GitHub Exploit DB Packet Storm

1868	5.4	MEDIUM Network	-	-	A weakness has been identified in mettle sendportal up to 3.0.1. Affected is the function destroy of the file app/Http/Controllers/Workspaces/WorkspaceInvitationsController.php of the component Invit…	CWE-285 CWE-639 Improper Authorization Authorization Bypass Through User-Controlled Key	CVE-2026-7145	2026-04-28 03:35	2026-04-28	Show	GitHub Exploit DB Packet Storm

1869	4.0	MEDIUM Local	gnupg	libgcrypt	Libgcrypt before 1.12.2 mishandles Dilithium signing. Writes to a static array lack a bounds check but do not use attacker-controlled data.	CWE-787 Out-of-bounds Write	CVE-2026-41990	2026-04-28 03:33	2026-04-23	Show	GitHub Exploit DB Packet Storm

1870	6.7	MEDIUM Local	gnupg	libgcrypt	Libgcrypt before 1.12.2 sometimes allows a heap-based buffer overflow and denial of service via crafted ECDH ciphertext to gcry_pk_decrypt.	CWE-787 Out-of-bounds Write	CVE-2026-41989	2026-04-28 03:33	2026-04-23	Show	GitHub Exploit DB Packet Storm