NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:June 14, 2026, 4:12 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
311551	4.3	MEDIUM	ibm	advanced_management_module	Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remot…	CWE-79 Cross-site Scripting	CVE-2010-2654	2024-11-21 10:17	2010-07-8	Show	GitHub Exploit DB Packet Storm

311552	4.3	MEDIUM	libtiff	libtiff	LibTIFF 3.9.0 ignores tags in certain situations during the first stage of TIFF file processing and does not properly handle this during the second stage, which allows remote attackers to cause a den…	CWE-20 Improper Input Validation	CVE-2010-2631	2024-11-21 10:17	2010-07-7	Show	GitHub Exploit DB Packet Storm

311553	4.3	MEDIUM	libtiff	libtiff	The TIFFReadDirectory function in LibTIFF 3.9.0 does not properly validate the data types of codec-specific tags that have an out-of-order position in a TIFF file, which allows remote attackers to ca…	CWE-20 Improper Input Validation	CVE-2010-2630	2024-11-21 10:17	2010-07-7	Show	GitHub Exploit DB Packet Storm

311554	5.0	MEDIUM	google	chrome	Google Chrome before 5.0.375.99 does not properly implement modal dialogs, which allows attackers to cause a denial of service (application crash) via unspecified vectors.	NVD-CWE-noinfo	CVE-2010-2652	2024-11-21 10:17	2010-07-7	Show	GitHub Exploit DB Packet Storm

311555	9.3	HIGH	google	chrome	The Cascading Style Sheets (CSS) implementation in Google Chrome before 5.0.375.99 does not properly perform style rendering, which allows remote attackers to cause a denial of service (memory corrup…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2010-2651	2024-11-21 10:17	2010-07-7	Show	GitHub Exploit DB Packet Storm

311556	9.3	HIGH	google	chrome	Unspecified vulnerability in Google Chrome before 5.0.375.99 has unknown impact and attack vectors, related to an "annoyance with print dialogs."	NVD-CWE-noinfo	CVE-2010-2650	2024-11-21 10:17	2010-07-7	Show	GitHub Exploit DB Packet Storm

311557	4.3	MEDIUM	google	chrome	Unspecified vulnerability in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (application crash) via an invalid image.	NVD-CWE-noinfo	CVE-2010-2649	2024-11-21 10:17	2010-07-7	Show	GitHub Exploit DB Packet Storm

311558	9.3	HIGH	google opensuse canonical	chrome opensuse ubuntu_linux	The implementation of the Unicode Bidirectional Algorithm (aka Bidi algorithm or UBA) in Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or po…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2010-2648	2024-11-21 10:17	2010-07-7	Show	GitHub Exploit DB Packet Storm

311559	9.3	HIGH	google canonical	chrome ubuntu_linux	Google Chrome before 5.0.375.99 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via an invalid SVG document.	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2010-2647	2024-11-21 10:17	2010-07-7	Show	GitHub Exploit DB Packet Storm

311560	9.3	HIGH	google	chrome	Google Chrome before 5.0.375.99 does not properly isolate sandboxed IFRAME elements, which has unspecified impact and remote attack vectors.	NVD-CWE-noinfo	CVE-2010-2646	2024-11-21 10:17	2010-07-7	Show	GitHub Exploit DB Packet Storm

311561	6.8	MEDIUM	google	chrome	Unspecified vulnerability in Google Chrome before 5.0.375.99, when WebGL is used, allows remote attackers to cause a denial of service (out-of-bounds read) via unknown vectors.	NVD-CWE-noinfo	CVE-2010-2645	2024-11-21 10:17	2010-07-7	Show	GitHub Exploit DB Packet Storm

311562	7.5	HIGH	cisco	content_services_switch_11500 ace_4710	The Cisco Content Services Switch (CSS) 11500 with software 8.20.4.02 and the Application Control Engine (ACE) 4710 with software A2(3.0) do not properly handle LF header terminators in situations wh…	CWE-20 Improper Input Validation	CVE-2010-2629	2024-11-21 10:17	2010-07-7	Show	GitHub Exploit DB Packet Storm

311563	6.8	MEDIUM	ea	battlefield_2142 battlefield_2	Multiple directory traversal vulnerabilities in the Refractor 2 engine, as used in Battlefield 2 1.50 (1.5.3153-802.0) and earlier, and Battlefield 2142 (1.10.48.0) and earlier, allow remote servers …	CWE-22 Path Traversal	CVE-2010-2627	2024-11-21 10:17	2010-07-3	Show	GitHub Exploit DB Packet Storm

311564	7.5	HIGH	miyabi-seo	cgi_tools_seo_links	index.pl in Miyabi CGI Tools SEO Links 1.02 allows remote attackers to execute arbitrary commands via shell metacharacters in the fn command. NOTE: some of these details are obtained from third party…	CWE-94 Code Injection	CVE-2010-2626	2024-11-21 10:17	2010-07-3	Show	GitHub Exploit DB Packet Storm

311565	7.8	HIGH	hitachi	serverconductor_\/_deployment_manager jp1\/_serverconductor_\/_deployment_manager	Unspecified vulnerability in the Client Service for DPM in Hitachi ServerConductor / Deployment Manager 01-00, 01-01, and 06-00 through 06-00-/A; ServerConductor / Deployment Manager Standard Edition…	NVD-CWE-noinfo	CVE-2010-2625	2024-11-21 10:17	2010-07-3	Show	GitHub Exploit DB Packet Storm

311566	7.5	HIGH	iscripts	easysnaps	Multiple SQL injection vulnerabilities in iScripts EasySnaps 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) comment parameter to add_comments.php, (2) values parameter to ta…	CWE-89 SQL Injection	CVE-2010-2624	2024-11-21 10:17	2010-07-3	Show	GitHub Exploit DB Packet Storm

311567	7.5	HIGH	internetdm	bed_and_breakfast	SQL injection vulnerability in pages.php in Internet DM Specialist Bed and Breakfast allows remote attackers to execute arbitrary SQL commands via the pp_id parameter.	CWE-89 SQL Injection	CVE-2010-2623	2024-11-21 10:17	2010-07-3	Show	GitHub Exploit DB Packet Storm

311568	7.5	HIGH	joomanager	joomanager	SQL injection vulnerability in the Joomanager component, possibly 1.1.1, for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.	CWE-89 SQL Injection	CVE-2010-2622	2024-11-21 10:17	2010-07-3	Show	GitHub Exploit DB Packet Storm

311569	5.0	MEDIUM	digia qt	qt	The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed …	CWE-20 Improper Input Validation	CVE-2010-2621	2024-11-21 10:17	2010-07-3	Show	GitHub Exploit DB Packet Storm

311570	9.3	HIGH	open-ftpd	open-ftpd	Open&Compact FTP Server (Open-FTPD) 1.2 and earlier allows remote attackers to bypass authentication by sending (1) LIST, (2) RETR, (3) STOR, or other commands without performing the required login s…	CWE-287 Improper Authentication	CVE-2010-2620	2024-11-21 10:17	2010-07-3	Show	GitHub Exploit DB Packet Storm

311571	1.9	LOW	citrix	xenserver	Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and earlier, when using a pvops kernel, allows guest users to cause a denial of service in the host via unspecified vectors that trigger "i…	NVD-CWE-Other	CVE-2010-2619	2024-11-21 10:17	2010-07-3	Show	GitHub Exploit DB Packet Storm

311572	6.8	MEDIUM	insanevisions	adapcms	PHP remote file inclusion vulnerability in inc/smarty/libs/init.php in AdaptCMS 2.0.0 Beta, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the si…	CWE-94 Code Injection	CVE-2010-2618	2024-11-21 10:17	2010-07-2	Show	GitHub Exploit DB Packet Storm

311573	4.3	MEDIUM	paul_mcenery	php_bible_search	Cross-site scripting (XSS) vulnerability in bible.php in PHP Bible Search allows remote attackers to inject arbitrary web script or HTML via the chapter parameter.	CWE-79 Cross-site Scripting	CVE-2010-2617	2024-11-21 10:17	2010-07-2	Show	GitHub Exploit DB Packet Storm

311574	7.5	HIGH	paul_mcenery	php_bible_search	SQL injection vulnerability in bible.php in PHP Bible Search, probably 0.99, allows remote attackers to execute arbitrary SQL commands via the chapter parameter.	CWE-89 SQL Injection	CVE-2010-2616	2024-11-21 10:17	2010-07-2	Show	GitHub Exploit DB Packet Storm

311575	4.3	MEDIUM	grafik-power	grafik_cms	Multiple cross-site scripting (XSS) vulnerabilities in admin/admin.php in Grafik CMS 1.1.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) page_menu a…	CWE-79 Cross-site Scripting	CVE-2010-2615	2024-11-21 10:17	2010-07-2	Show	GitHub Exploit DB Packet Storm

311576	7.5	HIGH	grafik-power	grafik_cms	SQL injection vulnerability in admin/admin.php in Grafik CMS 1.1.2, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit_page action.	CWE-89 SQL Injection	CVE-2010-2614	2024-11-21 10:17	2010-07-2	Show	GitHub Exploit DB Packet Storm

311577	4.3	MEDIUM	harmistechnology	com_awd_song	Cross-site scripting (XSS) vulnerability in the JExtensions JE Awd Song (com_awd_song) component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the song review field, …	CWE-79 Cross-site Scripting	CVE-2010-2613	2024-11-21 10:17	2010-07-2	Show	GitHub Exploit DB Packet Storm

311578	2.1	LOW	hp	openvms openvms_for_integrity_servers	Unspecified vulnerability in the HP OpenVMS Auditing feature in OpenVMS ALPHA 7.3-2, 8.2, and 8.3; and OpenVMS for Integrity Servers 8.3 AND 8.3-1H1; allows local users to obtain sensitive informatio…	CWE-200 NVD-CWE-noinfo Information Exposure	CVE-2010-2612	2024-11-21 10:17	2010-07-2	Show	GitHub Exploit DB Packet Storm

311579	5.5	MEDIUM Local	clusterlabs	cluster_glue pacemaker	stonith-ng in pacemaker and cluster-glue passed passwords as commandline parameters, making it possible for local attackers to gain access to passwords of the HA stack and potentially influence its o…	CWE-287 Improper Authentication	CVE-2010-2496	2024-11-21 10:16	2021-10-18	Show	GitHub Exploit DB Packet Storm

311580	7.8	HIGH Local	linux	linux_kernel	A flaw was discovered in gfs2 file system’s handling of acls (access control lists). An unprivileged local attacker could exploit this flaw to gain access or execute any file stored in the gfs2 file …	-	CVE-2010-2525	2024-11-21 10:16	2021-06-22	Show	GitHub Exploit DB Packet Storm

311581	7.5	HIGH Network	znc	znc	NULL pointer dereference vulnerability in ZNC before 0.092 caused by traffic stats when there are unauthenticated connections.	CWE-476 NULL Pointer Dereference	CVE-2010-2488	2024-11-21 10:16	2019-11-13	Show	GitHub Exploit DB Packet Storm

311582	9.8	CRITICAL Network	syscp_project	syscp	syscp 1.4.2.1 allows attackers to add arbitrary paths via the documentroot of a domain by appending a colon to it and setting the open basedir path to use that domain documentroot.	CWE-20 Improper Input Validation	CVE-2010-2476	2024-11-21 10:16	2019-11-8	Show	GitHub Exploit DB Packet Storm

311583	7.5	HIGH Network	shibboleth debian	service_provider debian_linux	The keygen.sh script in Shibboleth SP 2.0 (located in /usr/local/etc/shibboleth by default) uses OpenSSL to create a DES private key which is placed in sp-key.pm. It relies on the root umask (default…	CWE-200 CWE-916 Information Exposure Use of Password Hash With Insufficient Computational Effort	CVE-2010-2450	2024-11-21 10:16	2019-11-8	Show	GitHub Exploit DB Packet Storm

311584	6.5	MEDIUM Network	gource	gource	Gource through 0.26 logs to a predictable file name (/tmp/gource-$UID.tmp), enabling attackers to overwrite an arbitrary file via a symlink attack.	CWE-20 Improper Input Validation	CVE-2010-2449	2024-11-21 10:16	2019-11-8	Show	GitHub Exploit DB Packet Storm

311585	9.8	CRITICAL Network	gitolite	gitolite	gitolite before 1.4.1 does not filter src/ or hooks/ from path names.	CWE-20 Improper Input Validation	CVE-2010-2447	2024-11-21 10:16	2019-11-8	Show	GitHub Exploit DB Packet Storm

311586	6.5	MEDIUM Network	drupal	drupal	Drupal 6.x before 6.16 and 5.x before version 5.22 does not properly block users under certain circumstances. A user with an open session that was blocked could maintain their session on the Drupal s…	CWE-20 Improper Input Validation	CVE-2010-2473	2024-11-21 10:16	2019-11-8	Show	GitHub Exploit DB Packet Storm

311587	4.8	MEDIUM Network	drupal	drupal	Locale module and dependent contributed modules in Drupal 6.x before 6.16 and 5.x before version 5.22 do not sanitize the display of language codes, native and English language names properly which c…	CWE-79 Cross-site Scripting	CVE-2010-2472	2024-11-21 10:16	2019-11-8	Show	GitHub Exploit DB Packet Storm

311588	6.1	MEDIUM Network	drupal	drupal	Drupal 5.x and 6.x before 6.16 uses a user-supplied value in output during site installation which could allow an attacker to craft a URL and perform a cross-site scripting attack.	CWE-79 Cross-site Scripting	CVE-2010-2250	2024-11-21 10:16	2019-11-8	Show	GitHub Exploit DB Packet Storm

311589	7.5	HIGH Network	linux	linux_kernel	A vulnerability exists in kernel/time/clocksource.c in the Linux kernel before 2.6.34 where on non-GENERIC_TIME systems (GENERIC_TIME=n), accessing /sys/devices/system/clocksource/clocksource0/curren…	CWE-20 Improper Input Validation	CVE-2010-2243	2024-11-21 10:16	2019-11-8	Show	GitHub Exploit DB Packet Storm

311590	6.1	MEDIUM Network	drupal debian	drupal debian_linux	Drupal versions 5.x and 6.x has open redirection	CWE-601 Open Redirect	CVE-2010-2471	2024-11-21 10:16	2019-11-7	Show	GitHub Exploit DB Packet Storm

311591	9.8	CRITICAL Network	ruby-rbot	rbot	Rbot Reaction plugin allows command execution	CWE-20 Improper Input Validation	CVE-2010-2446	2024-11-21 10:16	2019-11-7	Show	GitHub Exploit DB Packet Storm

311592	7.5	HIGH Network	makepasswd_project	makepasswd	makepasswd 1.10 default settings generate insecure passwords	CWE-1188 Insecure Default Initialization of Resource	CVE-2010-2247	2024-11-21 10:16	2019-11-7	Show	GitHub Exploit DB Packet Storm

311593	7.5	HIGH Network	redhat	directory_server 389_directory_server	The _ger_parse_control function in Red Hat Directory Server 8 and the 389 Directory Server allows attackers to cause a denial of service (NULL pointer dereference) via a crafted search query.	CWE-476 NULL Pointer Dereference	CVE-2010-2222	2024-11-21 10:16	2019-11-6	Show	GitHub Exploit DB Packet Storm

311594	9.1	CRITICAL Network	redhat	icedtea6	IcedTea6 before 1.7.4 does not properly check property access, which allows unsigned apps to read and write arbitrary files.	CWE-863 Incorrect Authorization	CVE-2010-2548	2024-11-21 10:16	2019-11-1	Show	GitHub Exploit DB Packet Storm

311595	6.5	MEDIUM Network	mumble debian	mumble debian_linux	Mumble: murmur-server has DoS due to malformed client query	CWE-20 Improper Input Validation	CVE-2010-2490	2024-11-21 10:16	2019-11-1	Show	GitHub Exploit DB Packet Storm

311596	7.5	HIGH Network	apache	derby	In Apache Derby 10.1.2.1, 10.2.2.0, 10.3.1.4, and 10.4.1.3, Export processing may allow an attacker to overwrite an existing file.	CWE-284 Improper Access Control	CVE-2010-2232	2024-11-21 10:16	2017-10-23	Show	GitHub Exploit DB Packet Storm

311597	7.4	HIGH Network	apache	wink	XML External Entity (XXE) vulnerability in Apache Wink 1.1.1 and earlier allows remote attackers to read arbitrary files or cause a denial of service via a crafted XML document.	CWE-611 XXE	CVE-2010-2245	2024-11-21 10:16	2017-08-9	Show	GitHub Exploit DB Packet Storm

311598	6.0	MEDIUM	redhat	spacewalk-java network_proxy satellite	The monitoring probe display in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 4.0.0 through 4.2.0 and 5.1.0 through 5.3.0, and Proxy 5.3.0, allows remote authenticated users wit…	CWE-20 Improper Input Validation	CVE-2010-2236	2024-11-21 10:16	2014-04-16	Show	GitHub Exploit DB Packet Storm

311599	1.9	LOW	gnome	gnome_display_manager	vicious-extensions/ve-misc.c in GNOME Display Manager (gdm) 2.20.x before 2.20.11, when GDM debug is enabled, logs the user password when it contains invalid UTF8 encoded characters, which might allo…	CWE-255 Credentials Management	CVE-2010-2387	2024-11-21 10:16	2012-12-21	Show	GitHub Exploit DB Packet Storm

311600	5.1	MEDIUM	feh_project	feh	feh before 1.8, when the --wget-timestamp option is enabled, might allow remote attackers to execute arbitrary commands via shell metacharacters in a URL.	CWE-20 Improper Input Validation	CVE-2010-2246	2024-11-21 10:16	2011-05-27	Show	GitHub Exploit DB Packet Storm