Vulnerability Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 13, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
226851	10	危険	snom	-	snom VoIP phones snom 300 などの Web インターフェースにおける認証を回避される脆弱性	CWE-287 不適切な認証	CVE-2009-1048	2012-12-20 19:10	2009-08-14	Show	GitHub Exploit DB Packet Storm

226852	9.3	危険	winasm	-	WinAsm Studio におけるバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2009-1040	2012-12-20 19:10	2009-03-20	Show	GitHub Exploit DB Packet Storm

226853	6.5	警告	yap	-	YAP Blog における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-1038	2012-12-20 19:10	2009-03-20	Show	GitHub Exploit DB Packet Storm

226854	7.5	危険	YABSoft	-	YABSoft AIH Script の gallery_list.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-1032	2012-12-20 19:10	2009-03-20	Show	GitHub Exploit DB Packet Storm

226855	7.8	危険	Rhino Software	-	Rhino Software Serv-U File Server の FTP サーバにおけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2009-1031	2012-12-20 19:10	2009-03-19	Show	GitHub Exploit DB Packet Storm

226856	9.3	危険	poppeeper	-	POP Peeper におけるスタックベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2009-1029	2012-12-20 19:10	2009-03-19	Show	GitHub Exploit DB Packet Storm

226857	7.5	危険	phpComasy	-	phpComasy の index.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-1023	2012-12-20 19:10	2009-03-19	Show	GitHub Exploit DB Packet Storm

226858	6.8	警告	phpprobid	-	PHP Pro Bid の includes/class_image.php における PHP リモートファイルインクルージョンの脆弱性	CWE-94 コード・インジェクション	CVE-2009-0970	2012-12-20 19:10	2009-03-19	Show	GitHub Exploit DB Packet Storm

226859	6.8	警告	Moxi9	-	phpFoX の account/settings/account/index.php におけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2009-0969	2012-12-20 19:10	2009-03-19	Show	GitHub Exploit DB Packet Storm

226860	4	警告	Rhino Software	-	Serv-U の FTP サーバにおけるサービス運用妨害 (DoS) の脆弱性	CWE-399 リソース管理の問題	CVE-2009-0967	2012-12-20 19:10	2009-03-19	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 14, 2026, 4 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
196361	9.8	CRITICAL Network	iteris	vantage_velocity_firmware	Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two users that are not documented and are configured with weak passwords (User bluetooth, password bluetooth; User eclipse, password ec…	CWE-521 Weak Password Requirements	CVE-2020-9023	2024-11-21 14:39	2020-02-17	Show	GitHub Exploit DB Packet Storm

196362	6.1	MEDIUM Network	cambiumnetworks	xh2-120_firmware xr2436_firmware xr520_firmware xr620_firmware	An issue was discovered on Xirrus XR520, XR620, XR2436, and XH2-120 devices. The cgi-bin/ViewPage.cgi user parameter allows XSS.	CWE-79 Cross-site Scripting	CVE-2020-9022	2024-11-21 14:39	2020-02-17	Show	GitHub Exploit DB Packet Storm

196363	9.8	CRITICAL Network	postoaktraffic	awam_bluetooth_field_device_firmware	Post Oak AWAM Bluetooth Field Device 7400v2.08.21.2018, 7800SD.2015.1.16, 2011.3, 7400v2.02.01.2019, and 7800SD.2012.12.5 is vulnerable to injections of operating system commands through timeconfig.p…	CWE-78 OS Command	CVE-2020-9021	2024-11-21 14:39	2020-02-17	Show	GitHub Exploit DB Packet Storm

196364	9.8	CRITICAL Network	iteris	vantage_velocity_firmware	Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field.	CWE-78 OS Command	CVE-2020-9020	2024-11-21 14:39	2020-02-17	Show	GitHub Exploit DB Packet Storm

196365	7.5	HIGH Network	microchip	syncserver_s100_firmware syncserver_s200_firmware syncserver_s250_firmware syncserver_s300_firmware syncserver_s350_firmware	Symmetricom SyncServer S100 2.90.70.3, S200 1.30, S250 1.25, S300 2.65.0, and S350 2.80.1 devices mishandle session validation, leading to unauthenticated creation, modification, or elimination of us…	NVD-CWE-noinfo	CVE-2020-9034	2024-11-21 14:39	2020-02-17	Show	GitHub Exploit DB Packet Storm

196366	5.4	MEDIUM Network	dolibarr	dolibarr_erp\/crm	Dolibarr 11.0 allows XSS via the joinfiles, topic, or code parameter, or the HTTP Referer header.	CWE-79 Cross-site Scripting	CVE-2020-9016	2024-11-21 14:39	2020-02-17	Show	GitHub Exploit DB Packet Storm

196367	4.3	MEDIUM Network	arvato	skillpipe	Arvato Skillpipe 3.0 allows attackers to bypass intended print restrictions by deleting <div id="watermark"> from the HTML source code.	CWE-20 Improper Input Validation	CVE-2020-9013	2024-11-21 14:39	2020-02-17	Show	GitHub Exploit DB Packet Storm

196368	6.1	MEDIUM Network	gluu	gluu_server	A cross-site scripting (XSS) vulnerability in the Import People functionality in Gluu Identity Configuration 4.0 allows remote attackers to inject arbitrary web script or HTML via the filename parame…	CWE-79 Cross-site Scripting	CVE-2020-9012	2024-11-21 14:39	2020-02-17	Show	GitHub Exploit DB Packet Storm

196369	5.4	MEDIUM Network	codologic	codoforum	Codoforum 4.8.8 allows self-XSS via the title of a new topic.	CWE-79 Cross-site Scripting	CVE-2020-9007	2024-11-21 14:39	2020-02-17	Show	GitHub Exploit DB Packet Storm

196370	8.8	HIGH Adjacent	abbott	freestyle_libre_firmware	Older generation Abbott FreeStyle Libre sensors allow remote attackers within close proximity to enable write access to memory via a specific NFC unlock command. NOTE: The vulnerability is not presen…	CWE-787 Out-of-bounds Write	CVE-2020-8997	2024-11-21 14:39	2020-02-17	Show	GitHub Exploit DB Packet Storm

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed