Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 3, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
227881	7.5	危険	WordPress.org	-	Wordpress および MU における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2007-4894	2012-12-20 18:33	2007-09-8	Show	GitHub Exploit DB Packet Storm

227882	4.3	警告	WordPress.org	-	Wordpress および MU の wp-admin/admin-functions.php におけるクロスサイトスクリプティング (XSS) 攻撃を実行される脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2007-4893	2012-12-20 18:33	2007-09-8	Show	GitHub Exploit DB Packet Storm

227883	7.5	危険	swsoft	-	Windows 用の SWSoft Plesk における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2007-4892	2012-12-20 18:33	2007-09-14	Show	GitHub Exploit DB Packet Storm

227884	3.5	注意	XWiki	-	XWiki の "You are not allowed ..." のエラーハンドラにおける任意のドキュメントを読み取られる脆弱性	CWE-DesignError	CVE-2007-4888	2012-12-20 18:33	2007-01-11	Show	GitHub Exploit DB Packet Storm

227885	4.3	警告	techexcel inc.	-	TechExcel CustomerWise におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2007-4882	2012-12-20 18:33	2007-09-13	Show	GitHub Exploit DB Packet Storm

227886	7.5	危険	psi-labs	-	psisns の profile/myprofile.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2007-4881	2012-12-20 18:33	2007-09-13	Show	GitHub Exploit DB Packet Storm

227887	5	警告	Simplenews Project	-	SimpNews における任意の .inc ファイルをダウンロードされる脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2007-4873	2012-12-20 18:33	2007-09-27	Show	GitHub Exploit DB Packet Storm

227888	5	警告	Simplenews Project	-	SimpleNews における重要な情報を取得される脆弱性	CWE-DesignError	CVE-2007-4872	2012-12-20 18:33	2007-09-27	Show	GitHub Exploit DB Packet Storm

227889	6.8	警告	Quirm	-	SAXON の example.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2007-4863	2012-12-20 18:33	2007-10-30	Show	GitHub Exploit DB Packet Storm

227890	4.3	警告	Quirm	-	SAXON の admin/menu.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2007-4862	2012-12-20 18:33	2007-10-30	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 3, 2026, 4:06 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
200401	9.8	CRITICAL Network	karenderia_multiple_restaurant_system_project	karenderia_multiple_restaurant_system	A SQL injection vulnerability was discovered in Karenderia Multiple Restaurant System, affecting versions 5.4.2 and below. The vulnerability allows for an unauthenticated attacker to perform various …	CWE-89 SQL Injection	CVE-2020-28994	2024-11-21 14:23	2020-11-25	Show	GitHub Exploit DB Packet Storm

200402	5.5	MEDIUM Local	musl-libc debian fedoraproject oracle	musl debian_linux fedora graalvm	In musl libc through 1.2.1, wcsnrtombs mishandles particular combinations of destination buffer size and source character limit, as demonstrated by an invalid write access (buffer overflow).	CWE-787 Out-of-bounds Write	CVE-2020-28928	2024-11-21 14:23	2020-11-25	Show	GitHub Exploit DB Packet Storm

200403	8.8	HIGH Local	xen	xen	An issue was discovered in Xen through 4.14.x allowing x86 HVM guest OS users to cause a denial of service (stack corruption), cause a data leak, or possibly gain privileges because of an off-by-one …	CWE-787 CWE-193 Out-of-bounds Write Off-by-one Error	CVE-2020-29040	2024-11-21 14:23	2020-11-25	Show	GitHub Exploit DB Packet Storm

200404	6.1	MEDIUM Network	seeddms	seeddms	Open redirect in SeedDMS 6.0.13 via the dropfolderfileform1 parameter to out/out.AddDocument.php.	CWE-601 Open Redirect	CVE-2020-28726	2024-11-21 14:23	2020-11-25	Show	GitHub Exploit DB Packet Storm

200405	9.8	CRITICAL Network	misp	misp	MISP before 2.4.135 lacks an ACL check, related to app/Controller/GalaxyElementsController.php and app/Model/GalaxyElement.php.	CWE-862 Missing Authorization	CVE-2020-29006	2024-11-21 14:23	2020-11-25	Show	GitHub Exploit DB Packet Storm

200406	5.4	MEDIUM Network	mediawiki	mediawiki	The PollNY extension for MediaWiki through 1.35 allows XSS via an answer option for a poll question, entered during Special:CreatePoll or Special:UpdatePoll.	CWE-79 Cross-site Scripting	CVE-2020-29003	2024-11-21 14:23	2020-11-24	Show	GitHub Exploit DB Packet Storm

200407	4.8	MEDIUM Network	mediawiki	mediawiki	includes/CologneBlueTemplate.php in the CologneBlue skin for MediaWiki through 1.35 allows XSS via a qbfind message supplied by an administrator.	CWE-79 Cross-site Scripting	CVE-2020-29002	2024-11-21 14:23	2020-11-24	Show	GitHub Exploit DB Packet Storm

200408	9.8	CRITICAL Network	gitea	gitea	Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_…	NVD-CWE-noinfo	CVE-2020-28991	2024-11-21 14:23	2020-11-24	Show	GitHub Exploit DB Packet Storm

200409	9.8	CRITICAL Network	spip debian	spip debian_linux	prive/formulaires/configurer_preferences.php in SPIP before 3.2.8 does not properly validate the couleur, display, display_navigation, display_outils, imessage, and spip_ecran parameters.	NVD-CWE-noinfo	CVE-2020-28984	2024-11-21 14:23	2020-11-24	Show	GitHub Exploit DB Packet Storm

200410	6.1	MEDIUM Network	magicpin	magicpin	There is a Stored XSS in Magicpin v2.1 in the User Registration section. Each time an admin visits the manage user section from the admin panel, the XSS triggers and the attacker can able to steal th…	CWE-79 Cross-site Scripting	CVE-2020-28927	2024-11-21 14:23	2020-11-24	Show	GitHub Exploit DB Packet Storm