Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
731 6.5 警告
Adjacent 		UI UniFi Connect EV Station Lite Firmware UIのUniFi Connect EV Station Lite Firmwareにおけるアクセス制御に関する脆弱性 CWE-284
不適切なアクセス制御 		CVE-2026-21635 2026-02-2 19:29 2026-01-5 Show GitHub Exploit DB Packet Storm
732 8.2 重要
Network 		Shopify Remix
React Router 		ShopifyのReact Router等の複数製品におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-21884 2026-02-2 19:29 2026-01-10 Show GitHub Exploit DB Packet Storm
733 4.2 警告
Local 		オラクル Oracle Enterprise Planning and Budgeting Cloud Service オラクルのOracle Enterprise Planning and Budgeting Cloud Serviceにおける不特定の脆弱性 CWE-noinfo
情報不足 		CVE-2026-21922 2026-02-2 19:29 2026-01-20 Show GitHub Exploit DB Packet Storm
734 6.5 警告
Network 		オラクル Oracle Life Sciences Central Designer オラクルのOracle Life Sciences Central Designerにおける不特定の脆弱性 CWE-noinfo
情報不足 		CVE-2026-21923 2026-02-2 19:29 2026-01-20 Show GitHub Exploit DB Packet Storm
735 7.5 重要
Network 		オラクル Siebel CRM Deployment オラクルのSiebel CRM Deploymentにおける不特定の脆弱性 CWE-noinfo
情報不足 		CVE-2026-21926 2026-02-2 19:29 2026-01-20 Show GitHub Exploit DB Packet Storm
736 5.3 警告
Network 		オラクル MySQL Server オラクルのMySQL Serverにおける不特定の脆弱性 CWE-noinfo
情報不足 		CVE-2026-21929 2026-02-2 19:29 2026-01-20 Show GitHub Exploit DB Packet Storm
737 4.9 警告
Network 		オラクル MySQL Cluster
MySQL Server 		オラクルのMySQL Cluster等の複数製品における不特定の脆弱性 CWE-noinfo
情報不足 		CVE-2026-21936 2026-02-2 19:29 2026-01-20 Show GitHub Exploit DB Packet Storm
738 4.9 警告
Network 		オラクル MySQL Server オラクルのMySQL Serverにおける不特定の脆弱性 CWE-noinfo
情報不足 		CVE-2026-21937 2026-02-2 19:29 2026-01-20 Show GitHub Exploit DB Packet Storm
739 4.9 警告
Network 		オラクル MySQL Server オラクルのMySQL Serverにおけるリソースの枯渇に関する脆弱性 CWE-400
リソースの枯渇 		CVE-2026-21941 2026-02-2 19:29 2026-01-20 Show GitHub Exploit DB Packet Storm
740 4.9 警告
Network 		オラクル MySQL Server オラクルのMySQL Serverにおけるリソースの枯渇に関する脆弱性 CWE-400
リソースの枯渇 		CVE-2026-21948 2026-02-2 19:29 2026-01-20 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 25, 2026, 4:08 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
281 - - - Vite+ is a unified toolchain and entry point for web development. Prior to version 0.1.17, `downloadPackageManager()` accepts an untrusted `version` string and uses it directly in filesystem paths. A… New CWE-22
Path Traversal 		CVE-2026-41211 2026-04-24 23:50 2026-04-23 Show GitHub Exploit DB Packet Storm
282 - - - OpenLearn is open-source educational forum software. Prior to commit 844b2a40a69d0c4911580fe501923f0b391313ab, when `safeMode` is enabled, unapproved forum posts are hidden from the public list, but … New CWE-284
Improper Access Control 		CVE-2026-41243 2026-04-24 23:50 2026-04-23 Show GitHub Exploit DB Packet Storm
283 - - - Noir is a Domain Specific Language for SNARK proving systems that is designed to use any ACIR compatible proving system, and Brillig is the bytecode ACIR uses for non-determinism. Noir programs can i… New CWE-131
Incorrect Calculation of Buffer Size 		CVE-2026-41197 2026-04-24 23:50 2026-04-23 Show GitHub Exploit DB Packet Storm
284 - - - STIG Manager is an API and web client for managing Security Technical Implementation Guides (STIG) assessments of Information Systems. Versions 1.5.10 through 1.6.7 have a reflected Cross-Site Scrip… New CWE-79
Cross-site Scripting 		CVE-2026-41200 2026-04-24 23:50 2026-04-23 Show GitHub Exploit DB Packet Storm
285 8.8 HIGH
Network 		- - Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Versions of @paperclipai/server prior to 2026.416.0 contain a privilege escalation vulnerability th… New CWE-78
OS Command  		CVE-2026-41208 2026-04-24 23:50 2026-04-23 Show GitHub Exploit DB Packet Storm
286 10.0 CRITICAL
Network 		- - Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on … New CWE-287
CWE-862
CWE-1188
Improper Authentication
 Missing Authorization
 Insecure Default Initialization of Resource 		CVE-2026-41679 2026-04-24 23:50 2026-04-23 Show GitHub Exploit DB Packet Storm
287 5.4 MEDIUM
Network 		- - Successful exploitation of the stored cross-site scripting (XSS) vulnerability could allow an attacker to execute arbitrary JavaScript on any user account that has access to Koollab LMS’ courselet fe… New - CVE-2026-3007 2026-04-24 23:50 2026-04-23 Show GitHub Exploit DB Packet Storm
288 9.9 CRITICAL
Network 		- - Froxlor is open source server administration software. Prior to version 2.3.6, the Froxlor API endpoint `Customers.update` (and `Admins.update`) does not validate the `def_language` parameter against… New CWE-98
 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') 		CVE-2026-41228 2026-04-24 23:50 2026-04-23 Show GitHub Exploit DB Packet Storm
289 9.1 CRITICAL
Network 		- - Froxlor is open source server administration software. Prior to version 2.3.6, `PhpHelper::parseArrayToString()` writes string values into single-quoted PHP string literals without escaping single qu… New CWE-94
Code Injection 		CVE-2026-41229 2026-04-24 23:50 2026-04-23 Show GitHub Exploit DB Packet Storm
290 8.5 HIGH
Network 		- - Froxlor is open source server administration software. Prior to version 2.3.6, `DomainZones::add()` accepts arbitrary DNS record types without a whitelist and does not sanitize newline characters in … New CWE-93
CRLF Injection 		CVE-2026-41230 2026-04-24 23:50 2026-04-23 Show GitHub Exploit DB Packet Storm