Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 11, 2026, 4:01 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
226551	7.5	危険	SUSE	-	SUSE Linux 上で稼動する yast2-ldap-server の YaST2 LDAP モジュールにおけるネットワークサービスをアクセスされる脆弱性	CWE-16 環境設定	CVE-2009-1648	2012-12-20 19:10	2009-07-3	Show	GitHub Exploit DB Packet Storm

226552	9.3	危険	ultrafunk	-	Ultrafunk Popcorn の popcorn.exe におけるヒープベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2009-1647	2012-12-20 19:10	2009-05-15	Show	GitHub Exploit DB Packet Storm

226553	9.3	危険	sorinara	-	Sorinara Streaming Audio Player におけるスタックベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2009-1644	2012-12-20 19:10	2009-05-15	Show	GitHub Exploit DB Packet Storm

226554	9.3	危険	sorinara	-	Sorinara Soritong MP3 Player におけるスタックベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2009-1643	2012-12-20 19:10	2009-05-15	Show	GitHub Exploit DB Packet Storm

226555	7.5	危険	t-dreams	-	Techno Dreams Job Career Package における認証を回避される脆弱性	CWE-287 不適切な認証	CVE-2009-1638	2012-12-20 19:10	2009-05-15	Show	GitHub Exploit DB Packet Storm

226556	6.4	警告	simplecustomer	-	Simple Customer の profile.php における admin 電子メールアドレスなどを変更される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2009-1637	2012-12-20 19:10	2009-05-15	Show	GitHub Exploit DB Packet Storm

226557	10	危険	Unisys	-	Windows 上で稼動している Unisys BIS におけるスタックベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2009-1628	2012-12-20 19:10	2009-06-26	Show	GitHub Exploit DB Packet Storm

226558	9.3	危険	sdp multimedia	-	SDP Downloader におけるスタックベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2009-1627	2012-12-20 19:10	2009-05-12	Show	GitHub Exploit DB Packet Storm

226559	7.5	危険	will kraft	-	EZ-Blog の public/specific.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-1626	2012-12-20 19:10	2009-05-12	Show	GitHub Exploit DB Packet Storm

226560	7.5	危険	teraway	-	Teraway FileStream における認証を回避される脆弱性	CWE-287 不適切な認証	CVE-2009-1619	2012-12-20 19:10	2009-05-12	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 11, 2026, 4:09 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
210621	6.1	MEDIUM Network	phplist	phplist	phpList before 3.5.3 allows XSS, with resultant privilege elevation, via lists/admin/template.php.	CWE-79 Cross-site Scripting	CVE-2020-12639	2024-11-21 13:59	2020-05-4	Show	GitHub Exploit DB Packet Storm

210622	5.5	MEDIUM Local	tp-link	omada_controller	TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for reading arbitrary files via com.tp_link.eap.web.portal.PortalController.getAdvertiseFile in /opt/tplink/EAPController/lib/eap-we…	CWE-22 Path Traversal	CVE-2020-12475	2024-11-21 13:59	2020-05-4	Show	GitHub Exploit DB Packet Storm

210623	9.8	CRITICAL Network	tp-link	nc200_firmware nc210_firmware nc220_firmware nc230_firmware nc250_firmware nc260_firmware nc450_firmware	Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, …	CWE-798 Use of Hard-coded Credentials	CVE-2020-12110	2024-11-21 13:59	2020-05-4	Show	GitHub Exploit DB Packet Storm

210624	5.4	MEDIUM Network	enhancesoft	osticket	include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA Name.	CWE-79 Cross-site Scripting	CVE-2020-12629	2024-11-21 13:59	2020-05-4	Show	GitHub Exploit DB Packet Storm

210625	4.7	MEDIUM Local	linux	linux_kernel	A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to …	CWE-362 Race Condition	CVE-2020-12114	2024-11-21 13:59	2020-05-4	Show	GitHub Exploit DB Packet Storm

210626	9.8	CRITICAL Network	janeczku	calibre-web	Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT' hardcoded secret key.	CWE-798 Use of Hard-coded Credentials	CVE-2020-12627	2024-11-21 13:59	2020-05-4	Show	GitHub Exploit DB Packet Storm

210627	6.5	MEDIUM Network	roundcube debian	webmail debian_linux	An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered.	CWE-352 Origin Validation Error	CVE-2020-12626	2024-11-21 13:59	2020-05-4	Show	GitHub Exploit DB Packet Storm

210628	6.1	MEDIUM Network	roundcube debian opensuse	webmail debian_linux leap backports_sle	An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message.	CWE-79 Cross-site Scripting	CVE-2020-12625	2024-11-21 13:59	2020-05-4	Show	GitHub Exploit DB Packet Storm

210629	6.5	MEDIUM Network	theleague	the_league	The League application before 2020-05-02 on Android sends a bearer token in an HTTP Authorization header to an arbitrary web site that hosts an external image because an OkHttp object is reused, whic…	CWE-459 Incomplete Cleanup	CVE-2020-12624	2024-11-21 13:59	2020-05-3	Show	GitHub Exploit DB Packet Storm

210630	6.5	MEDIUM Network	telegram	telegram telegram_desktop	Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, and Telegram through 6.0.1 for iOS allow an IDN Homograph attack via Punycode in a public URL or a group chat invitation URL.	NVD-CWE-noinfo	CVE-2020-12474	2024-11-21 13:59	2020-05-1	Show	GitHub Exploit DB Packet Storm