Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 22, 2026, 6:01 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
225331 4.3 警告 Matrix42 - Matrix42 Service Store の Service Desk におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2013-2504 2014-01-6 15:54 2013-04-18 Show GitHub Exploit DB Packet Storm
225332 7.4 危険 レッドハット - Red Hat Enterprise Virtualization Hypervisor などの製品で使用される libspice における任意の QEMU メモリを読まれるまたは書き込まれる脆弱性 CWE-119
バッファエラー 		CVE-2010-0430 2014-01-6 15:23 2010-03-30 Show GitHub Exploit DB Packet Storm
225333 4.3 警告 マイクロソフト - Windows XP 上で稼働する Microsoft Windows Movie Maker におけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認 		CVE-2013-4858 2014-01-6 15:03 2013-07-18 Show GitHub Exploit DB Packet Storm
225334 9.3 危険 マイクロソフト - Microsoft Internet Explorer 9 および 10 における任意のコードを実行される脆弱性 CWE-399
リソース管理の問題 		CVE-2013-3846 2014-01-6 15:01 2013-07-9 Show GitHub Exploit DB Packet Storm
225335 10 危険 Zimbra - Zimbra Collaboration Server におけるクリティカルな影響を受ける脆弱性 CWE-noinfo
情報不足 		CVE-2013-7217 2013-12-27 11:55 2013-12-12 Show GitHub Exploit DB Packet Storm
225336 5.2 警告 Xen プロジェクト - Xen の XEN_DOMCTL_getmemlist hypercall におけるサービス運用妨害 (DoS) の脆弱性 CWE-119
バッファエラー 		CVE-2013-4553 2013-12-27 11:31 2013-11-26 Show GitHub Exploit DB Packet Storm
225337 5 警告 FFmpeg - FFmpeg の libavcodec/h264.c におけるサービス運用妨害 (DoS) の脆弱性 CWE-noinfo
情報不足 		CVE-2013-4358 2013-12-27 11:26 2013-09-16 Show GitHub Exploit DB Packet Storm
225338 2.6 注意 FFmpeg - FFmpeg の libavformat/utils.c の av_probe_input_buffer 関数におけるサービス運用妨害 (DoS) の脆弱性 CWE-119
バッファエラー 		CVE-2012-6618 2013-12-27 11:25 2012-12-5 Show GitHub Exploit DB Packet Storm
225339 4.3 警告 FFmpeg - FFmpeg の ffserver.c の prepare_sdp_description 関数におけるサービス運用妨害 (DoS) の脆弱性 CWE-DesignError
CVE-2012-6617 2013-12-27 11:24 2012-12-10 Show GitHub Exploit DB Packet Storm
225340 5 警告 FFmpeg - FFmpeg の libavcodec/movtextdec.c の mov_text_decode_frame 関数におけるサービス運用妨害 (DoS) の脆弱性 CWE-119
バッファエラー 		CVE-2012-6616 2013-12-27 11:24 2012-12-31 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 23, 2026, 4 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
209641 8.8 HIGH
Network 		steedos steedos Steedos Platform through 1.21.24 allows NoSQL injection because the /api/collection/findone implementation in server/packages/steedos_base.js mishandles req.body validation, as demonstrated by MongoD… CWE-89
SQL Injection 		CVE-2020-35666 2024-11-21 14:27 2020-12-24 Show GitHub Exploit DB Packet Storm
209642 9.8 CRITICAL
Network 		terra-master terramaster_operating_system An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation. CWE-78
OS Command  		CVE-2020-35665 2024-11-21 14:27 2020-12-24 Show GitHub Exploit DB Packet Storm
209643 7.5 HIGH
Network 		advanced_comment_system_project advanced_comment_system ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=..%2f URI. NOTE: this might be the same as CVE-2009-4623 CWE-22
Path Traversal 		CVE-2020-35598 2024-11-21 14:27 2020-12-24 Show GitHub Exploit DB Packet Storm
209644 8.8 HIGH
Network 		raysync raysync A RCE vulnerability exists in Raysync below 3.3.3.8. An unauthenticated unauthorized attacker sending a specifically crafted request to override the specific file in server with malicious content can… CWE-22
Path Traversal 		CVE-2020-35370 2024-11-21 14:27 2020-12-24 Show GitHub Exploit DB Packet Storm
209645 8.8 HIGH
Network 		nagios nagios_core Nagios Core application version 4.2.4 is vulnerable to Site-Wide Cross-Site Request Forgery (CSRF) in many functions, like adding – deleting for hosts or servers. CWE-352
 Origin Validation Error 		CVE-2020-35269 2024-11-21 14:27 2020-12-24 Show GitHub Exploit DB Packet Storm
209646 6.1 MEDIUM
Network 		egavilanmedia user_registration_and_login_system_with_admin_panel Cross Site Scripting (XSS) vulnerability via the 'Full Name' parameter in the User Registration section of User Registration & Login System with Admin Panel 1.0. CWE-79
Cross-site Scripting 		CVE-2020-35252 2024-11-21 14:27 2020-12-24 Show GitHub Exploit DB Packet Storm
209647 6.1 MEDIUM
Network 		uncannyowl uncanny_groups_for_learndash Multiple cross-site scripting (XSS) vulnerabilities in Uncanny Groups for LearnDash before v3.7 allow authenticated remote attackers to inject arbitrary JavaScript or HTML via the ulgm_code_redeem PO… CWE-79
Cross-site Scripting 		CVE-2020-35650 2024-11-21 14:27 2020-12-24 Show GitHub Exploit DB Packet Storm
209648 7.5 HIGH
Network 		mersive solstice_firmware In Solstice Pod before 3.0.3, the firmware can easily be decompiled/disassembled. The decompiled/disassembled files contain non-obfuscated code. NOTE: it is unclear whether lack of obfuscation is dir… NVD-CWE-noinfo
CVE-2020-35587 2024-11-21 14:27 2020-12-24 Show GitHub Exploit DB Packet Storm
209649 7.5 HIGH
Network 		mersive solstice_pod_firmware In Solstice Pod before 3.3.0 (or Open4.3), the Administrator password can be enumerated using brute-force attacks via the /Config/service/initModel?password= Solstice Open Control API because there i… CWE-307
mproper Restriction of Excessive Authentication Attempts 		CVE-2020-35586 2024-11-21 14:27 2020-12-24 Show GitHub Exploit DB Packet Storm
209650 7.5 HIGH
Network 		mersive solstice_pod_firmware In Solstice Pod before 3.3.0 (or Open4.3), the screen key can be enumerated using brute-force attacks via the /lookin/info Solstice Open Control API because there are only 1.7 million possibilities. CWE-307
mproper Restriction of Excessive Authentication Attempts 		CVE-2020-35585 2024-11-21 14:27 2020-12-24 Show GitHub Exploit DB Packet Storm