Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":April 28, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
227701 6.8 警告 request it - Request It の index.php における PHP リモートファイルインクルージョンの脆弱性 - CVE-2007-2015 2012-12-20 18:19 2007-04-12 Show GitHub Exploit DB Packet Storm
227702 6.8 警告 simpcms - SimpCMS Light の filename.asp における PHP リモートファイルインクルージョンの脆弱性 - CVE-2007-2009 2012-12-20 18:19 2007-04-12 Show GitHub Exploit DB Packet Storm
227703 7.5 危険 pl-php - pL-PHP の admin.php におけるディレクトリトラバーサルの脆弱性 - CVE-2007-2008 2012-12-20 18:19 2007-04-12 Show GitHub Exploit DB Packet Storm
227704 10 危険 stephen craton - Stephen Craton Chatness の admin/options.php における classes/vars.php などの設定ファイルを読まれる脆弱性 - CVE-2007-2147 2012-12-20 18:19 2007-04-19 Show GitHub Exploit DB Packet Storm
227705 7.5 危険 shoutpro - ShoutPro の shoutbox.php における shouts.php へ任意の PHP コードを挿入される脆弱性 - CVE-2007-2141 2012-12-20 18:19 2007-04-19 Show GitHub Exploit DB Packet Storm
227706 7.5 危険 rha7 downloads - XOOPS 用の rha7downloads モジュールにおける SQL インジェクションの脆弱性 - CVE-2007-2107 2012-12-20 18:19 2007-04-18 Show GitHub Exploit DB Packet Storm
227707 6.8 警告 wabbit - Wabbit PHP Gallery の showpic.php におけるクロスサイトスクリプティングの脆弱性 - CVE-2007-2098 2012-12-20 18:19 2007-04-18 Show GitHub Exploit DB Packet Storm
227708 7.5 危険 tsdisplay4xoops - TSD4XOOPS の blocks/tsdisplay4xoops_block2.php における PHP リモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2007-2091 2012-12-20 18:19 2007-04-18 Show GitHub Exploit DB Packet Storm
227709 6.8 警告 tumusika evolution - TuMusika Evolution の index.php におけるクロスサイトスクリプティングの脆弱性 - CVE-2007-2090 2012-12-20 18:19 2007-04-18 Show GitHub Exploit DB Packet Storm
227710 7.5 危険 pl-php - pL-PHP の admin.php における認証を回避される脆弱性 - CVE-2007-2007 2012-12-20 18:19 2007-04-12 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 28, 2026, 4:09 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
199681 6.5 MEDIUM
Network 		iris star_practice_management An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access WIP details about jobs he should not have access to. NVD-CWE-noinfo
CVE-2020-28401 2024-11-21 14:22 2021-01-29 Show GitHub Exploit DB Packet Storm
199682 9.8 CRITICAL
Network 		schneider-electric ecostruxure_operator_terminal_expert
pro-face_blue 		A CWE-20: Improper Input Validation vulnerability exists in EcoStruxure™ Operator Terminal Expert and Pro-face BLUE (version details in the notification) that could cause arbitrary code execution whe… - CVE-2020-28221 2024-11-21 14:22 2021-01-27 Show GitHub Exploit DB Packet Storm
199683 6.8 MEDIUM
Network 		visjs vis-timeline This affects the package vis-timeline before 7.4.4. An attacker with the ability to control the items of a Timeline element can inject additional script code into the generated application. CWE-79
Cross-site Scripting 		CVE-2020-28487 2024-11-21 14:22 2021-01-23 Show GitHub Exploit DB Packet Storm
199684 7.1 HIGH
Network 		gin-gonic gin This affects all versions of package github.com/gin-gonic/gin. When gin is exposed directly to the internet, a client's IP can be spoofed by setting the X-Forwarded-For header. CWE-444
HTTP Request Smuggling 		CVE-2020-28483 2024-11-21 14:22 2021-01-21 Show GitHub Exploit DB Packet Storm
199685 8.8 HIGH
Network 		softwaremill akka-http-session This affects the package com.softwaremill.akka-http-session:core_2.12 from 0 and before 0.6.1; all versions of package com.softwaremill.akka-http-session:core_2.11; the package com.softwaremill.akka-… CWE-352
 Origin Validation Error 		CVE-2020-28452 2024-11-21 14:22 2021-01-21 Show GitHub Exploit DB Packet Storm
199686 8.8 HIGH
Network 		fastify fastify-csrf This affects the package fastify-csrf before 3.0.0. 1. The generated cookie used insecure defaults, and did not have the httpOnly flag on: cookieOpts: { path: '/', sameSite: true } 2. The CSRF token … CWE-200
CWE-732
Information Exposure
 Incorrect Permission Assignment for Critical Resource 		CVE-2020-28482 2024-11-21 14:22 2021-01-20 Show GitHub Exploit DB Packet Storm
199687 4.3 MEDIUM
Network 		socket socket.io The package socket.io before 2.4.0 are vulnerable to Insecure Defaults due to CORS Misconfiguration. All domains are whitelisted by default. CWE-346
 Origin Validation Error 		CVE-2020-28481 2024-11-21 14:22 2021-01-20 Show GitHub Exploit DB Packet Storm
199688 9.8 CRITICAL
Network 		jointjs jointjs The package jointjs before 3.3.0 are vulnerable to Prototype Pollution via util.setByPath (https://resources.jointjs.com/docs/jointjs/v3.2/joint.htmlutil.setByPath). The path used the access the obje… NVD-CWE-Other
CVE-2020-28480 2024-11-21 14:22 2021-01-20 Show GitHub Exploit DB Packet Storm
199689 7.5 HIGH
Network 		jointjs jointjs The package jointjs before 3.3.0 are vulnerable to Denial of Service (DoS) via the unsetByPath function. NVD-CWE-noinfo
CVE-2020-28479 2024-11-21 14:22 2021-01-20 Show GitHub Exploit DB Packet Storm
199690 7.5 HIGH
Network 		greensock greensock_animation_platform This affects the package gsap before 3.6.0. NVD-CWE-noinfo
CVE-2020-28478 2024-11-21 14:22 2021-01-19 Show GitHub Exploit DB Packet Storm