Vulnerability Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 27, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
227361	3.3	注意	snom	-	snom VoIP Phone の Web インターフェースにおける制限を回避される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2010-2291	2012-12-20 19:29	2010-06-15	Show	GitHub Exploit DB Packet Storm

227362	3.3	注意	Wireshark	-	IPMI dissector の SMB PIPE 解析子におけるサービス運用妨害 (DoS) の脆弱性	CWE-Other その他	CVE-2010-2285	2012-12-20 19:29	2010-06-9	Show	GitHub Exploit DB Packet Storm

227363	5.1	警告	tomatocms	-	TomatoCMS におけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2010-2282	2012-12-20 19:29	2010-06-15	Show	GitHub Exploit DB Packet Storm

227364	4.3	警告	tomatocms	-	TomatoCMS の index.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-2281	2012-12-20 19:29	2010-06-15	Show	GitHub Exploit DB Packet Storm

227365	7.5	危険	Tamlyn Creative Pty	-	Joomla! 用の bfsurvey コンポーネントにおけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2010-2259	2012-12-20 19:29	2010-06-9	Show	GitHub Exploit DB Packet Storm

227366	7.5	危険	Tamlyn Creative Pty	-	Joomla! 用の bfsurvey_pro コンポーネントなどにおける SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2010-2255	2012-12-20 19:29	2010-06-9	Show	GitHub Exploit DB Packet Storm

227367	7.5	危険	shape5	-	Joomla! 用の Shape5 Bridge of Hope template における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2010-2254	2012-12-20 19:29	2010-06-9	Show	GitHub Exploit DB Packet Storm

227368	6.8	警告	Gisle Aas	-	libwww-perl の lwp-download におけるファイルを作成される脆弱性	CWE-20 不適切な入力確認	CVE-2010-2253	2012-12-20 19:29	2010-07-6	Show	GitHub Exploit DB Packet Storm

227369	2.1	注意	レッドハット	-	Red Hat Directory Server 用の setup-ds.pl および setup-ds-admin.pl における重要な情報を取得される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2010-2241	2012-12-20 19:29	2010-08-3	Show	GitHub Exploit DB Packet Storm

227370	2.1	注意	レッドハット	-	Red Hat Enterprise Virtualization Manager のスナップショットマージ機能における重要な情報を取得される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2010-2224	2012-12-20 19:29	2010-06-22	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 28, 2026, 4:16 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
202501	6.3	MEDIUM Network	prestashop	prestashop	In PrestaShop before version 1.7.6.4, when a customer edits their address, they can freely change the id_address in the form, and thus steal someone else's address. It is the same with CustomerForm, …	CWE-552 Files or Directories Accessible to External Parties	CVE-2020-5250	2024-11-21 14:33	2020-03-6	Show	GitHub Exploit DB Packet Storm

202502	5.3	MEDIUM Network	parseplatform	parse-server	In parser-server before version 4.1.0, you can fetch all the users objects, by using regex in the NoSQL query. Using the NoSQL, you can use a regex on sessionToken and find valid accounts this way.	CWE-863 Incorrect Authorization	CVE-2020-5251	2024-11-21 14:33	2020-03-5	Show	GitHub Exploit DB Packet Storm

202503	6.5	MEDIUM Network	puma	puma	In Puma (RubyGem) before 4.3.3 and 3.12.4, if an application using Puma allows untrusted input in an early-hints header, an attacker can use a carriage return character to end the header and inject m…	CWE-74 Injection	CVE-2020-5249	2024-11-21 14:33	2020-03-3	Show	GitHub Exploit DB Packet Storm

202504	7.5	HIGH Network	ruby-lang puma debian fedoraproject	ruby puma debian_linux fedora	In Puma (RubyGem) before 4.3.2 and before 3.12.3, if an application using Puma allows untrusted input in a response header, an attacker can use newline characters (i.e. `CR`, `LF` or`/r`, `/n`) to en…	-	CVE-2020-5247	2024-11-21 14:33	2020-02-29	Show	GitHub Exploit DB Packet Storm

202505	8.8	HIGH Network	dropwizard oracle	dropwizard_validation blockchain_platform	Dropwizard-Validation before 1.3.19, and 2.0.2 may allow arbitrary code execution on the host system, with the privileges of the Dropwizard service account, by injecting arbitrary Java Expression Lan…	CWE-74 Injection	CVE-2020-5245	2024-11-21 14:33	2020-02-25	Show	GitHub Exploit DB Packet Storm

202506	7.5	HIGH Network	buddypress	buddypress	In BuddyPress before 5.1.2, requests to a certain REST API endpoint can result in private user data getting exposed. Authentication is not needed. This has been patched in version 5.1.2.	CWE-200 Information Exposure	CVE-2020-5244	2024-11-21 14:33	2020-02-25	Show	GitHub Exploit DB Packet Storm

202507	6.5	MEDIUM Network	dnnsoftware	dotnetnuke	DNN (formerly DotNetNuke) through 9.4.4 has Insecure Permissions.	CWE-669 CWE-434 Incorrect Resource Transfer Between Spheres Unrestricted Upload of File with Dangerous Type	CVE-2020-5188	2024-11-21 14:33	2020-02-25	Show	GitHub Exploit DB Packet Storm

202508	8.8	HIGH Network	dnnsoftware	dotnetnuke	DNN (formerly DotNetNuke) through 9.4.4 allows Path Traversal (issue 2 of 2).	CWE-22 Path Traversal	CVE-2020-5187	2024-11-21 14:33	2020-02-25	Show	GitHub Exploit DB Packet Storm

202509	5.4	MEDIUM Network	dnnsoftware	dotnetnuke	DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2).	CWE-79 Cross-site Scripting	CVE-2020-5186	2024-11-21 14:33	2020-02-25	Show	GitHub Exploit DB Packet Storm

202510	7.5	HIGH Network	uap-core_project	uap-core	uap-core before 0.7.3 is vulnerable to a denial of service attack when processing crafted User-Agent strings. Some regexes are vulnerable to regular expression denial of service (REDoS) due to overla…	CWE-1333 Inefficient Regular Expression Complexity	CVE-2020-5243	2024-11-21 14:33	2020-02-21	Show	GitHub Exploit DB Packet Storm

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed