Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 5, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
226461	3.5	注意	シマンテック	-	Symantec Brightmail Gateway におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-1611	2013-05-10 14:07	2013-05-8	Show	GitHub Exploit DB Packet Storm

226462	4.3	警告	Invensys	-	Invensys Wonderware Information Server におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-0688	2013-05-10 14:07	2013-05-7	Show	GitHub Exploit DB Packet Storm

226463	9.3	危険	Invensys	-	Invensys Wonderware Information Server における任意のファイルを読まれる脆弱性	CWE-20 不適切な入力確認	CVE-2013-0686	2013-05-10 14:06	2013-05-7	Show	GitHub Exploit DB Packet Storm

226464	9.3	危険	Invensys	-	Invensys Wonderware Information Server における任意のコードを実行される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2013-0685	2013-05-10 14:06	2013-05-7	Show	GitHub Exploit DB Packet Storm

226465	7.5	危険	Invensys	-	Invensys Wonderware Information Server における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2013-0684	2013-05-10 14:05	2013-05-7	Show	GitHub Exploit DB Packet Storm

226466	9.3	危険	IBM	-	IBM WebSphere DataPower XC10 アプライアンスデバイスにおける認証を回避される脆弱性	CWE-noinfo 情報不足	CVE-2013-0600	2013-05-10 14:04	2013-05-3	Show	GitHub Exploit DB Packet Storm

226467	9.3	危険	マイクロソフト	-	Microsoft Internet Explorer における任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2012-1876	2013-05-9 19:47	2012-06-12	Show	GitHub Exploit DB Packet Storm

226468	6.8	警告	GroundWork	-	GroundWork Monitor Enterprise におけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2013-3513	2013-05-9 16:33	2013-03-7	Show	GitHub Exploit DB Packet Storm

226469	6.5	警告	GroundWork	-	GroundWork Monitor Enterprise の Cacti コンポーネントにおける構成の設定を読まれるの脆弱性	CWE-20 不適切な入力確認	CVE-2013-3512	2013-05-9 16:33	2013-03-7	Show	GitHub Exploit DB Packet Storm

226470	5.8	警告	GroundWork	-	GroundWork Monitor Enterprise の NeDi コンポーネントにおけるオープンリダイレクトの脆弱性	CWE-20 不適切な入力確認	CVE-2013-3511	2013-05-9 16:32	2013-03-7	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 6, 2026, 4:18 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
208891	9.8	CRITICAL Network	water_billing_system_project	water_billing_system	SQL injection vulnerability in SourceCodester Water Billing System 1.0 via the username and password parameters to process.php.	CWE-89 SQL Injection	CVE-2020-28183	2024-11-21 14:22	2020-11-18	Show	GitHub Exploit DB Packet Storm

208892	6.1	MEDIUM Network	pescms	pescms_team	PESCMS Team 2.3.2 has multiple reflected XSS via the id parameter:?g=Team&m=Task&a=my&status=3&id=,?g=Team&m=Task&a=my&status=0&id=,?g=Team&m=Task&a=my&status=1&id=,?g=Team&m=Task&a=my&status=10&id=	CWE-79 Cross-site Scripting	CVE-2020-28092	2024-11-21 14:22	2020-11-18	Show	GitHub Exploit DB Packet Storm

208893	9.8	CRITICAL Network	online_library_management_system_project	online_library_management_system	An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add be…	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2020-28130	2024-11-21 14:22	2020-11-18	Show	GitHub Exploit DB Packet Storm

208894	6.1	MEDIUM Network	adrianmercurio	gym_management_system	Stored Cross-site scripting (XSS) vulnerability in SourceCodester Gym Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php?page=packages via vulnerable fields…	CWE-79 Cross-site Scripting	CVE-2020-28129	2024-11-21 14:22	2020-11-18	Show	GitHub Exploit DB Packet Storm

208895	8.8	HIGH Network	phpgurukul	tourism_management_system	An Arbitrary File Upload is discovered in SourceCodester Tourism Management System 1.0 allows the user to conduct remote code execution via admin/create-package.php vulnerable page.	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2020-28136	2024-11-21 14:22	2020-11-18	Show	GitHub Exploit DB Packet Storm

208896	9.8	CRITICAL Network	simple_grocery_store_sales_and_inventory_sales_project	simple_grocery_store_sales_and_inventory_system	An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. There was authentication bypass in web login functionality allows an attacker to gain client privileges …	CWE-89 SQL Injection	CVE-2020-28133	2024-11-21 14:22	2020-11-18	Show	GitHub Exploit DB Packet Storm

208897	9.8	CRITICAL Network	online_clothing_store_project	online_clothing_store	SourceCodester Online Clothing Store 1.0 is affected by an arbitrary file upload via the image upload feature of Products.php.	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2020-28140	2024-11-21 14:22	2020-11-18	Show	GitHub Exploit DB Packet Storm

208898	6.1	MEDIUM Network	online_clothing_store_project	online_clothing_store	SourceCodester Online Clothing Store 1.0 is affected by a cross-site scripting (XSS) vulnerability via a Offer Detail field in offer.php.	CWE-79 Cross-site Scripting	CVE-2020-28139	2024-11-21 14:22	2020-11-18	Show	GitHub Exploit DB Packet Storm

208899	9.8	CRITICAL Network	online_clothing_store_project	online_clothing_store	SourceCodester Online Clothing Store 1.0 is affected by a SQL Injection via the txtUserName parameter to login.php.	CWE-89 SQL Injection	CVE-2020-28138	2024-11-21 14:22	2020-11-18	Show	GitHub Exploit DB Packet Storm

208900	5.4	MEDIUM Network	nagios	nagios_xi	Nagios XI before 5.7.5 is vulnerable to XSS in Account Information (Email field).	CWE-79 Cross-site Scripting	CVE-2020-27991	2024-11-21 14:22	2020-11-17	Show	GitHub Exploit DB Packet Storm