Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 13, 2026, 10 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
226031	4.3	警告	phpgroupware	-	phpGroupWare の login.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-4416	2012-12-20 19:28	2009-12-24	Show	GitHub Exploit DB Packet Storm

226032	7.5	危険	phpgroupware	-	phpGroupWare におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2009-4415	2012-12-20 19:28	2009-12-24	Show	GitHub Exploit DB Packet Storm

226033	6.8	警告	phpgroupware	-	phpGroupWare の phpgwapi /inc/class.auth_sql.inc.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-4414	2012-12-20 19:28	2009-12-24	Show	GitHub Exploit DB Packet Storm

226034	5	警告	pps.jussieu	-	Polipo の client.c におけるサービス運用妨害 (DoS) の脆弱性	CWE-189 数値処理の問題	CVE-2009-4413	2012-12-20 19:28	2009-12-24	Show	GitHub Exploit DB Packet Storm

226035	6	警告	s9y	-	Serendipity における任意のコードを実行される脆弱性	CWE-Other その他	CVE-2009-4412	2012-12-20 19:28	2009-12-21	Show	GitHub Exploit DB Packet Storm

226036	3.7	注意	xfs	-	XFS acl の setfacl および getfacl コマンドにおける任意のファイルなど対する ACL を変更される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2009-4411	2012-12-20 19:28	2009-12-24	Show	GitHub Exploit DB Packet Storm

226037	4.3	警告	pyforum	-	PyForum および zForum の models.parser におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-4408	2012-12-20 19:28	2009-12-23	Show	GitHub Exploit DB Packet Storm

226038	6.8	警告	pyforum	-	PyForum などにおけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2009-4407	2012-12-20 19:28	2009-12-23	Show	GitHub Exploit DB Packet Storm

226039	4.3	警告	rumbacms	-	Rumba XML の index.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-4403	2012-12-20 19:28	2009-12-23	Show	GitHub Exploit DB Packet Storm

226040	7.5	危険	sql-ledger	-	SQL-Ledger の初期設定における管理操作を実行される脆弱性	CWE-16 環境設定	CVE-2009-4402	2012-12-20 19:28	2009-12-23	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 13, 2026, 5:05 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
197361	9.8	CRITICAL Network	schneider-electric	andover_continuum_9680_firmware andover_continuum_5740_firmware andover_continuum_5720_firmware andover_continuum_bcx4040_firmware andover_continuum_bcx9640_firmware andover_continuum_…	A CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability exists in Andover Continuum (All versions), which could cause files on the application server filesystem to be viewab…	CWE-94 Code Injection	CVE-2020-7480	2024-11-21 14:37	2020-03-24	Show	GitHub Exploit DB Packet Storm

197362	7.8	HIGH Local	schneider-electric	interactive_graphical_scada_system	A CWE-306: Missing Authentication for Critical Function vulnerability exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a local user to execute processes that ot…	CWE-306 Missing Authentication for Critical Function	CVE-2020-7479	2024-11-21 14:37	2020-03-24	Show	GitHub Exploit DB Packet Storm

197363	7.5	HIGH Network	schneider-electric	interactive_graphical_scada_system	A CWE-22: Improper Limitation of a Pathname to a Restricted Directory exists in IGSS (Versions 14 and prior using the service: IGSSupdate), which could allow a remote unauthenticated attacker to read…	CWE-22 Path Traversal	CVE-2020-7478	2024-11-21 14:37	2020-03-24	Show	GitHub Exploit DB Packet Storm

197364	7.8	HIGH Local	schneider-electric	ulti_zigbee_installation_toolkit	A CWE-426: Untrusted Search Path vulnerability exists in ZigBee Installation Kit (Versions prior to 1.0.1), which could cause execution of malicious code when a malicious file is put in the search pa…	CWE-426 Untrusted Search Path	CVE-2020-7476	2024-11-21 14:37	2020-03-24	Show	GitHub Exploit DB Packet Storm

197365	7.5	HIGH Network	schneider-electric	140noe77101_firmware 140noe77111_firmware tsxh5744m_firmware tsxh5724m_firmware tsxp576634m_firmware tsxp57554m_firmware tsxp575634m_firmware tsxp57454m_firmware tsxp574634m_f…	A CWE-754: Improper Check for Unusual or Exceptional Conditions vulnerability exists in Quantum Ethernet Network module 140NOE771x1 (Versions 7.0 and prior), Quantum processors with integrated Ethern…	CWE-754 Improper Check for Unusual or Exceptional Conditions	CVE-2020-7477	2024-11-21 14:37	2020-03-24	Show	GitHub Exploit DB Packet Storm

197366	9.8	CRITICAL Network	schneider-electric	unity_pro ecostruxure_control_expert modicon_m340_firmware modicon_m580_firmware	A CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection'), reflective DLL, vulnerability exists in EcoStruxure Control Expert (all versions prior to…	CWE-74 Injection	CVE-2020-7475	2024-11-21 14:37	2020-03-24	Show	GitHub Exploit DB Packet Storm

197367	7.8	HIGH Local	schneider-electric	pmepxm0100_prosoft_configurator	A CWE-427: Uncontrolled Search Path Element vulnerability exists in ProSoft Configurator (v1.002 and prior), for the PMEPXM0100 (H) module, which could cause the execution of untrusted code when usin…	CWE-427 Uncontrolled Search Path Element	CVE-2020-7474	2024-11-21 14:37	2020-03-24	Show	GitHub Exploit DB Packet Storm

197368	5.3	MEDIUM Local	yargs	yargs-parser	yargs-parser could be tricked into adding or modifying properties of Object.prototype using a "__proto__" payload.	CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	CVE-2020-7608	2024-11-21 14:37	2020-03-17	Show	GitHub Exploit DB Packet Storm

197369	9.8	CRITICAL Network	gulp-styledocco_project	gulp-styledocco	gulp-styledocco through 0.0.3 allows execution of arbitrary commands. The argument 'options' of the exports function in 'index.js' can be controlled by users without any sanitization.	CWE-78 OS Command	CVE-2020-7607	2024-11-21 14:37	2020-03-16	Show	GitHub Exploit DB Packet Storm

197370	9.8	CRITICAL Network	docker-compose-remote-api_project	docker-compose-remote-api	docker-compose-remote-api through 0.1.4 allows execution of arbitrary commands. Within 'index.js' of the package, the function 'exec(serviceName, cmd, fnStdout, fnStderr, fnExit)' uses the variable '…	CWE-78 OS Command	CVE-2020-7606	2024-11-21 14:37	2020-03-16	Show	GitHub Exploit DB Packet Storm