Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 16, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
227011 7.5 危険 WordPress.org - WordPress の wp-login.php におけるデータベースの最初のユーザパスワードを強制的にリセットされる脆弱性 CWE-255
証明書・パスワード管理 		CVE-2009-2762 2012-12-20 19:10 2009-08-12 Show GitHub Exploit DB Packet Storm
227012 5.5 警告 Roundup - Roundup の cgi/actions.py におけるクラス内の任意の項目を変更される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2009-2737 2012-12-20 19:10 2009-08-11 Show GitHub Exploit DB Packet Storm
227013 6.5 警告 sun-jester - sun-jester OpenNews の admin.php における任意の PHP コードを挿入される脆弱性 CWE-94
コード・インジェクション 		CVE-2009-2736 2012-12-20 19:10 2009-08-11 Show GitHub Exploit DB Packet Storm
227014 6.8 警告 sun-jester - sun-jester OpenNews の admin.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2009-2735 2012-12-20 19:10 2009-08-11 Show GitHub Exploit DB Packet Storm
227015 5 警告 サン・マイクロシステムズ - Sun Java SE の Swing 実装におけるサービス運用妨害 (DoS) の脆弱性 CWE-noinfo
情報不足 		CVE-2009-2720 2012-12-20 19:10 2009-08-10 Show GitHub Exploit DB Packet Storm
227016 5 警告 サン・マイクロシステムズ - Sun Java SE の Java Web Start 実装におけるサービス運用妨害 (DoS) の脆弱性 CWE-119
バッファエラー 		CVE-2009-2719 2012-12-20 19:10 2009-08-10 Show GitHub Exploit DB Packet Storm
227017 6.8 警告 サン・マイクロシステムズ - Sun Java SE の AWT 実装におけるユーザに信頼されないアプレットと保護されない通信をさせる脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2009-2718 2012-12-20 19:10 2009-08-10 Show GitHub Exploit DB Packet Storm
227018 6.8 警告 サン・マイクロシステムズ - Windows 上で稼動している Sun Java SE の AWT 実装におけるユーザに信頼されないアプレットと保護されない通信をさせる脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2009-2717 2012-12-20 19:10 2009-08-10 Show GitHub Exploit DB Packet Storm
227019 7.5 危険 サン・マイクロシステムズ - Sun Java SE のプラグイン機能における "古い zip および証明書処理" の脆弱性を悪用される脆弱性 CWE-noinfo
情報不足 		CVE-2009-2716 2012-12-20 19:10 2009-08-10 Show GitHub Exploit DB Packet Storm
227020 4.9 警告 サン・マイクロシステムズ - Sun VirtualBox におけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認 		CVE-2009-2715 2012-12-20 19:10 2009-08-7 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 16, 2026, 4 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
209801 9.1 CRITICAL
Network 		ntop ndpi In nDPI through 3.2, the packet parsing code is vulnerable to a heap-based buffer over-read in ndpi_parse_packet_line_info in lib/ndpi_main.c. CWE-125
Out-of-bounds Read 		CVE-2020-15471 2024-11-21 14:05 2020-07-1 Show GitHub Exploit DB Packet Storm
209802 5.5 MEDIUM
Local 		rockcarry ffjpeg ffjpeg through 2020-02-24 has a heap-based buffer overflow in jfif_decode in jfif.c. CWE-787
 Out-of-bounds Write 		CVE-2020-15470 2024-11-21 14:05 2020-07-1 Show GitHub Exploit DB Packet Storm
209803 9.8 CRITICAL
Network 		persian_vip_download_script_project persian_vip_download_script Persian VIP Download Script 1.0 allows SQL Injection via the cart_edit.php active parameter. CWE-89
SQL Injection 		CVE-2020-15468 2024-11-21 14:05 2020-07-1 Show GitHub Exploit DB Packet Storm
209804 6.1 MEDIUM
Network 		nozominetworks guardian Nozomi Guardian before 19.0.4 allows attackers to achieve stored XSS (in the web front end) by leveraging the ability to create a custom field with a crafted field name. CWE-79
Cross-site Scripting 		CVE-2020-15307 2024-11-21 14:05 2020-07-1 Show GitHub Exploit DB Packet Storm
209805 9.8 CRITICAL
Network 		draytek vigor3900_firmware
vigor2960_firmware
vigor300b_firmware 		On DrayTek Vigor3900, Vigor2960, and Vigor300B devices before 1.5.1, cgi-bin/mainfunction.cgi/cvmcfgupload allows remote command execution via shell metacharacters in a filename when the text/x-pytho… CWE-78
OS Command  		CVE-2020-15415 2024-11-21 14:05 2020-06-30 Show GitHub Exploit DB Packet Storm
209806 4.3 MEDIUM
Network 		misp misp An issue was discovered in MISP 2.4.128. app/Controller/EventsController.php lacks an event ACL check before proceeding to allow a user to send an event contact form. CWE-862
 Missing Authorization 		CVE-2020-15412 2024-11-21 14:05 2020-06-30 Show GitHub Exploit DB Packet Storm
209807 9.8 CRITICAL
Network 		misp misp An issue was discovered in MISP 2.4.128. app/Controller/AttributesController.php has insufficient ACL checks in the attachment downloader. NVD-CWE-noinfo
CVE-2020-15411 2024-11-21 14:05 2020-06-30 Show GitHub Exploit DB Packet Storm
209808 4.4 MEDIUM
Local 		iobit malware_fighter IOBit Malware Fighter Pro 8.0.2.547 allows local users to gain privileges for file deletion by manipulating malicious flagged file locations with an NTFS junction and an Object Manager symbolic link. CWE-59
Link Following 		CVE-2020-15401 2024-11-21 14:05 2020-06-30 Show GitHub Exploit DB Packet Storm
209809 4.3 MEDIUM
Network 		cakefoundation cakephp CakePHP before 4.0.6 mishandles CSRF token generation. This might be remotely exploitable in conjunction with XSS. CWE-352
CWE-79
 Origin Validation Error
Cross-site Scripting 		CVE-2020-15400 2024-11-21 14:05 2020-06-30 Show GitHub Exploit DB Packet Storm
209810 7.8 HIGH
Local 		hylafax\+_project
ifax 		hylafax\+
hylafax_enterprise 		HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uuc… CWE-732
 Incorrect Permission Assignment for Critical Resource 		CVE-2020-15397 2024-11-21 14:05 2020-06-30 Show GitHub Exploit DB Packet Storm