Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 26, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
224151 4.3 警告 IBM - IBM SPSS Analytical Decision Management におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2013-4047 2013-09-17 22:16 2013-09-12 Show GitHub Exploit DB Packet Storm
224152 6.3 警告 シスコシステムズ - Cisco NX-OS の Open Network Environment Platform におけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認 		CVE-2013-5496 2013-09-17 21:43 2013-09-13 Show GitHub Exploit DB Packet Storm
224153 4.3 警告 シスコシステムズ - Cisco Unified MeetingPlace の Application Server の Web フレームワークにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2013-5495 2013-09-17 21:41 2013-09-13 Show GitHub Exploit DB Packet Storm
224154 6.8 警告 シスコシステムズ - Cisco Unified MeetingPlace Solution の Web フレームワークにおけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2013-5494 2013-09-17 21:40 2013-09-13 Show GitHub Exploit DB Packet Storm
224155 6.8 警告 シスコシステムズ - Cisco Virtualization Experience Client のファームウェアにおけるアクセス制限を回避される脆弱性 CWE-20
不適切な入力確認 		CVE-2013-5493 2013-09-17 21:39 2013-09-12 Show GitHub Exploit DB Packet Storm
224156 5 警告 シスコシステムズ - Cisco SocialMiner の administration.jsp における重要な情報を取得される脆弱性 CWE-310
暗号の問題 		CVE-2013-5492 2013-09-17 21:38 2013-09-13 Show GitHub Exploit DB Packet Storm
224157 5 警告 シスコシステムズ - Cisco SocialMiner のガジェットの実装における重要な情報を取得される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2013-5489 2013-09-17 21:37 2013-09-10 Show GitHub Exploit DB Packet Storm
224158 4.3 警告 シスコシステムズ - Cisco Prime LAN Management Solution におけるクリックジャッキングを実行される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2013-5482 2013-09-17 21:37 2013-09-12 Show GitHub Exploit DB Packet Storm
224159 5.5 警告 アップル - Apple Mac OS X の画面ロックにおけるロックを回避される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2013-1033 2013-09-17 20:18 2013-09-12 Show GitHub Exploit DB Packet Storm
224160 6.9 警告 アップル - Apple Mac OS X の Power Management におけるアクセス制限を回避される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2013-1031 2013-09-17 20:17 2013-09-12 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 27, 2026, 4:52 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
314041 5.4 MEDIUM
Network 		webhammer wp_custom_fields_search The WP Custom Fields Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpcfs-preset shortcode in all versions up to, and including, 1.2.35 due to insufficient … CWE-79
Cross-site Scripting 		CVE-2024-8364 2024-09-26 00:08 2024-09-19 Show GitHub Exploit DB Packet Storm
314042 9.8 CRITICAL
Network 		freeimage_project freeimage libfreeimage in FreeImage 3.4.0 through 3.18.0 has a stack-based buffer overflow in the PluginXPM.cpp Load function via an XPM file. CWE-787
 Out-of-bounds Write 		CVE-2024-31570 2024-09-25 23:57 2024-09-20 Show GitHub Exploit DB Packet Storm
314043 9.8 CRITICAL
Network 		spx spx_graphics_controller An issue in TuomoKu SPx-GC v.1.3.0 and before allows a remote attacker to execute arbitrary code via the child_process.js function. CWE-94
Code Injection 		CVE-2024-44623 2024-09-25 23:53 2024-09-17 Show GitHub Exploit DB Packet Storm
314044 9.8 CRITICAL
Network 		ergophone
yealink 		tiptel_ip_286_firmware
sip-t28p_firmware 		Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function. CWE-22
Path Traversal 		CVE-2024-33109 2024-09-25 23:47 2024-09-20 Show GitHub Exploit DB Packet Storm
314045 9.8 CRITICAL
Network 		closed-loop cless_server An arbitrary file upload vulnerability in the Media Manager function of Closed-Loop Technology CLESS Server v4.5.2 allows attackers to execute arbitrary code via uploading a crafted PHP file to the u… CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2024-40125 2024-09-25 23:46 2024-09-20 Show GitHub Exploit DB Packet Storm
314046 6.1 MEDIUM
Network 		surecart surecart Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SureCart allows Reflected XSS.This issue affects SureCart: from n/a through 2.29.3. CWE-79
Cross-site Scripting 		CVE-2024-43970 2024-09-25 23:18 2024-09-18 Show GitHub Exploit DB Packet Storm
314047 4.8 MEDIUM
Network 		pagelayer pagelayer Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Pagelayer Team PageLayer allows Stored XSS.This issue affects PageLayer: from n/a through … CWE-79
Cross-site Scripting 		CVE-2024-43972 2024-09-25 23:16 2024-09-18 Show GitHub Exploit DB Packet Storm
314048 5.4 MEDIUM
Network 		podlove podlove_podcast_publisher Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Podlove Podlove Podcast Publisher allows Stored XSS.This issue affects Podlove Podcast Pub… CWE-79
Cross-site Scripting 		CVE-2024-43983 2024-09-25 23:11 2024-09-18 Show GitHub Exploit DB Packet Storm
314049 5.4 MEDIUM
Network 		wayneconnor sliding_door Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wayneconnor Sliding Door allows Stored XSS.This issue affects Sliding Door: from n/a throu… CWE-79
Cross-site Scripting 		CVE-2024-43987 2024-09-25 23:08 2024-09-18 Show GitHub Exploit DB Packet Storm
314050 5.4 MEDIUM
Network 		digitalnature mystique Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in digitalnature Mystique allows Stored XSS.This issue affects Mystique: from n/a through 2.5… CWE-79
Cross-site Scripting 		CVE-2024-43988 2024-09-25 22:55 2024-09-18 Show GitHub Exploit DB Packet Storm