Vulnerability Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 18, 2026, 10 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
226081	3.5	注意	ZNC	-	ZNC の znc.cpp におけるサービス運用妨害 (DoS) の脆弱性	CWE-Other その他	CVE-2010-2448	2012-12-20 19:29	2010-06-13	Show	GitHub Exploit DB Packet Storm

226082	9.3	危険	upRedSun Corporation	-	Subtitle Translation Wizard の st-wizard.exe におけるスタックベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2010-2440	2012-12-20 19:29	2010-06-24	Show	GitHub Exploit DB Packet Storm

226083	5	警告	salvo tomaselli	-	Weborf HTTP Server におけるサービス運用妨害 (DoS) の脆弱性	CWE-20 不適切な入力確認	CVE-2010-2435	2012-12-20 19:29	2010-06-22	Show	GitHub Exploit DB Packet Storm

226084	4.3	警告	Splunk	-	Splunk におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-2429	2012-12-20 19:29	2010-06-7	Show	GitHub Exploit DB Packet Storm

226085	4.3	警告	WING FTP software	-	Windows 用の Wing FTP Server の Administrator Web インターフェースにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-2428	2012-12-20 19:29	2010-06-24	Show	GitHub Exploit DB Packet Storm

226086	4	警告	South River Technologies	-	South River Technologies Titan FTP Server の TitanFTPd におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2010-2426	2012-12-20 19:29	2010-06-24	Show	GitHub Exploit DB Packet Storm

226087	6.5	警告	South River Technologies	-	South River Technologies Titan FTP Server の TitanFTPd におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2010-2425	2012-12-20 19:29	2010-06-24	Show	GitHub Exploit DB Packet Storm

226088	4.3	警告	Plone Foundation	-	Plone の PortalTransforms におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-2422	2012-12-20 19:29	2010-06-24	Show	GitHub Exploit DB Packet Storm

226089	4.3	警告	pilotgroup	-	PG eLMS Pro の subscribe.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-2356	2012-12-20 19:29	2010-06-21	Show	GitHub Exploit DB Packet Storm

226090	4.3	警告	pilotgroup	-	PG eLMS Pro の error.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-2355	2012-12-20 19:29	2010-06-21	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 18, 2026, 4:12 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
200411	5.3	MEDIUM Network	parseplatform	parse-server	In parser-server before version 4.1.0, you can fetch all the users objects, by using regex in the NoSQL query. Using the NoSQL, you can use a regex on sessionToken and find valid accounts this way.	CWE-863 Incorrect Authorization	CVE-2020-5251	2024-11-21 14:33	2020-03-5	Show	GitHub Exploit DB Packet Storm

200412	6.5	MEDIUM Network	puma	puma	In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject m…	CWE-74 Injection	CVE-2020-5249	2024-11-21 14:33	2020-03-3	Show	GitHub Exploit DB Packet Storm

200413	7.5	HIGH Network	ruby-lang puma debian fedoraproject	ruby puma debian_linux fedora	In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to en…	-	CVE-2020-5247	2024-11-21 14:33	2020-02-29	Show	GitHub Exploit DB Packet Storm

200414	8.8	HIGH Network	dropwizard oracle	dropwizard_validation blockchain_platform	Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Lan…	CWE-74 Injection	CVE-2020-5245	2024-11-21 14:33	2020-02-25	Show	GitHub Exploit DB Packet Storm

200415	7.5	HIGH Network	buddypress	buddypress	In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2.	CWE-200 Information Exposure	CVE-2020-5244	2024-11-21 14:33	2020-02-25	Show	GitHub Exploit DB Packet Storm

200416	6.5	MEDIUM Network	dnnsoftware	dotnetnuke	DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions.	CWE-669 CWE-434 Incorrect Resource Transfer Between Spheres Unrestricted Upload of File with Dangerous Type	CVE-2020-5188	2024-11-21 14:33	2020-02-25	Show	GitHub Exploit DB Packet Storm

200417	8.8	HIGH Network	dnnsoftware	dotnetnuke	DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2).	CWE-22 Path Traversal	CVE-2020-5187	2024-11-21 14:33	2020-02-25	Show	GitHub Exploit DB Packet Storm

200418	5.4	MEDIUM Network	dnnsoftware	dotnetnuke	DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2).	CWE-79 Cross-site Scripting	CVE-2020-5186	2024-11-21 14:33	2020-02-25	Show	GitHub Exploit DB Packet Storm

200419	7.5	HIGH Network	uap-core_project	uap-core	uap-core before 0.7.3 is vulnerable to a denial of service attack when processing crafted User-Agent strings. Some regexes are vulnerable to regular expression denial of service (REDoS) due to overla…	CWE-1333 Inefficient Regular Expression Complexity	CVE-2020-5243	2024-11-21 14:33	2020-02-21	Show	GitHub Exploit DB Packet Storm

200420	8.8	HIGH Network	openhab	openhab	openHAB before 2.5.2 allow a remote attacker to use REST calls to install the EXEC binding or EXEC transformation service and execute arbitrary commands on the system with the privileges of the user …	CWE-863 Incorrect Authorization	CVE-2020-5242	2024-11-21 14:33	2020-02-21	Show	GitHub Exploit DB Packet Storm

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed