Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 9, 2026, 2 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
227121 2.6 注意 The phpMyAdmin Project - phpMyAdmin の pmd_pdf.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-4775 2012-12-20 18:52 2008-10-28 Show GitHub Exploit DB Packet Storm
227122 4.3 警告 questwork - QuestCMS の main/main.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-4774 2012-12-20 18:52 2008-10-28 Show GitHub Exploit DB Packet Storm
227123 5 警告 questwork - QuestCMS の main/main.php におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2008-4773 2012-12-20 18:52 2008-10-28 Show GitHub Exploit DB Packet Storm
227124 7.5 危険 questwork - QuestCMS の main/main.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-4772 2012-12-20 18:52 2008-10-28 Show GitHub Exploit DB Packet Storm
227125 9.3 危険 WordPress.org - WordPress の wp-includes/theme.php におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2008-4769 2012-12-20 18:52 2008-04-2 Show GitHub Exploit DB Packet Storm
227126 7.5 危険 tlm cms - TLM CMS における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-4768 2012-12-20 18:52 2008-10-28 Show GitHub Exploit DB Packet Storm
227127 9 危険 PHPNUKE - PHP-Nuke の DownloadsPlus モジュールにおける任意のコードを実行される脆弱性 CWE-20
不適切な入力確認 		CVE-2008-4767 2012-12-20 18:52 2008-10-28 Show GitHub Exploit DB Packet Storm
227128 4.3 警告 wikidsystems - WiKID wClient-PHP の sample.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-4763 2012-12-20 18:52 2008-10-27 Show GitHub Exploit DB Packet Storm
227129 5 警告 php-daily - PHP-Daily の download_file.php におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2008-4758 2012-12-20 18:52 2008-10-27 Show GitHub Exploit DB Packet Storm
227130 7.5 危険 php-daily - PHP-Daily における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-4757 2012-12-20 18:52 2008-10-27 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 9, 2026, 5:07 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
210291 8.8 HIGH
Network 		mozilla
canonical 		thunderbird
firefox
firefox_esr
ubuntu_linux 		Mozilla Developer Iain Ireland discovered a missing type check during unboxed objects removal, resulting in a crash. We presume that with enough effort that it could be exploited to run arbitrary cod… CWE-345
 Insufficient Verification of Data Authenticity 		CVE-2020-12406 2024-11-21 13:59 2020-07-10 Show GitHub Exploit DB Packet Storm
210292 5.3 MEDIUM
Network 		mozilla
canonical 		thunderbird
firefox
firefox_esr
ubuntu_linux 		When browsing a malicious page, a race condition in our SharedWorkerService could occur and lead to a potentially exploitable crash. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and… CWE-362
CWE-416
Race Condition
 Use After Free 		CVE-2020-12405 2024-11-21 13:59 2020-07-10 Show GitHub Exploit DB Packet Storm
210293 4.3 MEDIUM
Network 		mozilla firefox For native-to-JS bridging the app requires a unique token to be passed that ensures non-app code can't call the bridging functions. That token could leak when used for downloading files. This vulnera… CWE-79
Cross-site Scripting 		CVE-2020-12404 2024-11-21 13:59 2020-07-10 Show GitHub Exploit DB Packet Storm
210294 4.4 MEDIUM
Local 		mozilla
opensuse
fedoraproject
debian 		firefox
leap
fedora
debian_linux 		During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perfo… CWE-203
 Information Exposure Through Discrepancy 		CVE-2020-12402 2024-11-21 13:59 2020-07-10 Show GitHub Exploit DB Packet Storm
210295 4.4 MEDIUM
Local 		mozilla
debian 		thunderbird
firefox
firefox_esr
debian_linux 		NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys. This vulnerability affects Thunderbird < 68.9.0, Firefox < 77, and Firef… CWE-203
 Information Exposure Through Discrepancy 		CVE-2020-12399 2024-11-21 13:59 2020-07-10 Show GitHub Exploit DB Packet Storm
210296 7.5 HIGH
Network 		mozilla
canonical 		thunderbird
ubuntu_linux 		If Thunderbird is configured to use STARTTLS for an IMAP server, and the server sends a PREAUTH response, then Thunderbird will continue with an unencrypted connection, causing email data to be sent … CWE-319
Cleartext Transmission of Sensitive Information 		CVE-2020-12398 2024-11-21 13:59 2020-07-10 Show GitHub Exploit DB Packet Storm
210297 6.5 MEDIUM
Network 		mozilla
opensuse 		firefox
leap 		When constructing a permission prompt for WebRTC, a URI was supplied from the content process. This URI was untrusted, and could have been the URI of an origin that was previously granted permission;… CWE-276
Incorrect Default Permissions  		CVE-2020-12424 2024-11-21 13:59 2020-07-9 Show GitHub Exploit DB Packet Storm
210298 7.5 HIGH
Network 		apache
oracle 		camel
enterprise_repository
enterprise_manager_base_platform
communications_diameter_signaling_router 		Server-Side Template Injection and arbitrary file disclosure on Camel templating components CWE-74
Injection 		CVE-2020-11994 2024-11-21 13:59 2020-07-9 Show GitHub Exploit DB Packet Storm
210299 8.1 HIGH
Network 		ledger ledger_live Ledger Live before 2.7.0 does not handle Bitcoin's Replace-By-Fee (RBF). It increases the user's balance with the value of an unconfirmed transaction as soon as it is received (before the transaction… CWE-345
 Insufficient Verification of Data Authenticity 		CVE-2020-12119 2024-11-21 13:59 2020-07-3 Show GitHub Exploit DB Packet Storm
210300 7.8 HIGH
Local 		phoenixcontact pc_worx
pc_worx_express 		mwe file parsing in Phoenix Contact PC Worx and PC Worx Express version 1.87 and earlier is vulnerable to out-of-bounds read remote code execution. Manipulated PC Worx projects could lead to a remote… CWE-125
Out-of-bounds Read 		CVE-2020-12498 2024-11-21 13:59 2020-07-2 Show GitHub Exploit DB Packet Storm