Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
351 5.3 警告
Network 		Ralph Slooten Mailpit Ralph SlootenのMailpitにおけるサーバサイドのリクエストフォージェリの脆弱性 CWE-918
サーバサイドリクエストフォージェリ 		CVE-2026-21859 2026-02-4 18:40 2026-01-8 Show GitHub Exploit DB Packet Storm
352 9.8 緊急
Network 		Bluspark BLUVOYIX BlusparkのBLUVOYIXにおける認証に関する脆弱性 CWE-287
不適切な認証 		CVE-2026-22236 2026-02-4 18:40 2026-01-14 Show GitHub Exploit DB Packet Storm
353 9.8 緊急
Network 		Bluspark BLUVOYIX BlusparkのBLUVOYIXにおける情報漏えいに関する脆弱性 CWE-200
情報漏えい 		CVE-2026-22237 2026-02-4 18:40 2026-01-14 Show GitHub Exploit DB Packet Storm
354 9.8 緊急
Network 		Bluspark BLUVOYIX BlusparkのBLUVOYIXにおける複数の脆弱性 CWE-269
CWE-306
CVE-2026-22238 2026-02-4 18:40 2026-01-14 Show GitHub Exploit DB Packet Storm
355 5.3 警告
Network 		Bluspark BLUVOYIX BlusparkのBLUVOYIXにおけるリソースの枯渇に関する脆弱性 CWE-400
CWE-noinfo
CVE-2026-22239 2026-02-4 18:40 2026-01-14 Show GitHub Exploit DB Packet Storm
356 7.5 重要
Network 		Bluspark BLUVOYIX BlusparkのBLUVOYIXにおける複数の脆弱性 CWE-200
CWE-312
CWE-522
CWE-522
CVE-2026-22240 2026-02-4 18:40 2026-01-14 Show GitHub Exploit DB Packet Storm
357 9.8 緊急
Network 		franklioxygen MyTube franklioxygenのMyTubeにおける不正な認証に関する脆弱性 CWE-863
不正な認証 		CVE-2026-23837 2026-02-4 18:40 2026-01-19 Show GitHub Exploit DB Packet Storm
358 5.3 警告
Network 		franklioxygen MyTube franklioxygenのMyTubeにおけるセキュリティ決定の信頼できない入力への依存に関する脆弱性 CWE-807
セキュリティ決定の信頼できない入力への依存 		CVE-2026-23848 2026-02-4 18:40 2026-01-19 Show GitHub Exploit DB Packet Storm
359 9.8 緊急
Network 		Arcane Arcane Arcaneにおける重要な機能に対する認証の欠如に関する脆弱性 CWE-306
重要な機能に対する認証の欠如 解説 		CVE-2026-23944 2026-02-4 18:40 2026-01-19 Show GitHub Exploit DB Packet Storm
360 5.5 警告
Local 		Copier Copier CopierにおけるUNIX Symbolic Link のフォローに関する脆弱性 CWE-61
UNIX Symbolic Link のフォロー 		CVE-2026-23968 2026-02-4 18:40 2026-01-21 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 26, 2026, 4:08 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
621 6.5 MEDIUM
Network 		wwbn avideo WWBN AVideo is an open source video platform. In versions 29.0 and prior, the endpoint `plugin/Live/view/Live_restreams/list.json.php` contains an Insecure Direct Object Reference (IDOR) vulnerabilit… New CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2026-40907 2026-04-24 04:12 2026-04-22 Show GitHub Exploit DB Packet Storm
622 5.3 MEDIUM
Network 		wwbn avideo WWBN AVideo is an open source video platform. In versions 29.0 and prior, the file `git.json.php` at the web root executes `git log -1` and returns the full output as JSON to any unauthenticated user… New CWE-200
Information Exposure 		CVE-2026-40908 2026-04-24 04:09 2026-04-22 Show GitHub Exploit DB Packet Storm
623 6.5 MEDIUM
Network 		wwbn avideo WWBN AVideo is an open source video platform. In versions 29.0 and prior, the locale save endpoint (`locale/save.php`) constructs a file path by directly concatenating `$_POST['flag']` into the path … New CWE-22
Path Traversal 		CVE-2026-40909 2026-04-24 03:55 2026-04-22 Show GitHub Exploit DB Packet Storm
624 6.1 MEDIUM
Network 		oracle identity_manager Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware (component: Identity Console). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitabl… New CWE-284
CWE-601
Improper Access Control
Open Redirect 		CVE-2026-34283 2026-04-24 03:50 2026-04-22 Show GitHub Exploit DB Packet Storm
625 6.1 MEDIUM
Network 		oracle business_process_management_suite Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware (component: Human workflow 11g+). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.… New CWE-284
CWE-601
Improper Access Control
Open Redirect 		CVE-2026-34284 2026-04-24 03:50 2026-04-22 Show GitHub Exploit DB Packet Storm
626 8.7 HIGH
Network 		oracle http_server Vulnerability in the Oracle HTTP Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability… New CWE-284
Improper Access Control 		CVE-2026-34291 2026-04-24 03:48 2026-04-22 Show GitHub Exploit DB Packet Storm
627 7.2 HIGH
Network 		oracle weblogic_server Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerabili… New CWE-284
Improper Access Control 		CVE-2026-34292 2026-04-24 03:47 2026-04-22 Show GitHub Exploit DB Packet Storm
628 8.8 HIGH
Network 		nicolargo glances Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, a Server-Side Request Forgery (SSRF) vulnerability exists in the Glances IP plugin due to improper validation … New CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-35587 2026-04-24 03:42 2026-04-21 Show GitHub Exploit DB Packet Storm
629 9.8 CRITICAL
Network 		reconurge flowsint Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Flowsint allows a user to create investigations, which are used to ma… New CWE-78
OS Command  		CVE-2026-32311 2026-04-24 03:41 2026-04-21 Show GitHub Exploit DB Packet Storm
630 8.4 HIGH
Local 		gitlawb openclaude OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Versions prior to 0.5.1 have a logic flaw in `bashToolHasPermission()` inside `src/tools/BashTool… New CWE-22
CWE-284
Path Traversal
Improper Access Control 		CVE-2026-35570 2026-04-24 03:37 2026-04-21 Show GitHub Exploit DB Packet Storm