Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 20, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
228201	4.3	警告	シマンテック	-	Symantec Brightmail Gateway Appliance の Control Center におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-0063	2012-12-20 19:10	2009-04-23	Show	GitHub Exploit DB Packet Storm

228202	5	警告	zxid	-	ZXID における証明書チェーンの検証を回避される脆弱性	CWE-287 不適切な認証	CVE-2009-0051	2012-12-20 19:10	2009-01-7	Show	GitHub Exploit DB Packet Storm

228203	6.8	警告	PunBB	-	PunBB におけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2008-7241	2012-12-20 19:10	2009-09-17	Show	GitHub Exploit DB Packet Storm

228204	10	危険	ourproject.org	-	White_Dune White_Dune におけるフォーマットストリングの脆弱性	CWE-134 書式文字列の問題	CVE-2008-7228	2012-12-20 19:10	2009-09-14	Show	GitHub Exploit DB Packet Storm

228205	7.5	危険	PHPNUKE	-	PHP-Nuke 用の Recipes モジュールにおける SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-7226	2012-12-20 19:10	2009-09-14	Show	GitHub Exploit DB Packet Storm

228206	4.3	警告	runcms	-	RunCMS の system/admin.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-7222	2012-12-20 19:10	2009-09-14	Show	GitHub Exploit DB Packet Storm

228207	6.8	警告	runcms	-	RunCMS におけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2008-7221	2012-12-20 19:10	2009-09-14	Show	GitHub Exploit DB Packet Storm

228208	7.5	危険	prototypejs	-	Prototype JavaScript フレームワークにおける "クロスサイト ajax リクエスト" を実行される脆弱性	CWE-Other その他	CVE-2008-7220	2012-12-20 19:10	2009-09-13	Show	GitHub Exploit DB Packet Storm

228209	4.3	警告	WordPress.org	-	WordPress 用の Peter's Math Anti-Spam Spinoff プラグインにおける CAPTCHA 保護を回避される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2008-7216	2012-12-20 19:10	2009-09-11	Show	GitHub Exploit DB Packet Storm

228210	6.9	警告	soundblaster	-	Ensoniq PCI 1371 サウンドカードで使用されている CreativeLabs es1371mp.sys WDM 音声ドライバにおける SYSTEM 権限を取得される脆弱性	CWE-Other その他	CVE-2008-7211	2012-12-20 19:10	2009-09-11	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 20, 2026, 4:14 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
221211	8.1	HIGH Network	gnu	libredwg	An issue was discovered in GNU LibreDWG through 0.9.3. Crafted input will lead to a heap-based buffer over-read in decode_R13_R2000 in decode.c, a different vulnerability than CVE-2019-20011.	CWE-125 Out-of-bounds Read	CVE-2019-20910	2024-11-21 13:39	2020-07-17	Show	GitHub Exploit DB Packet Storm

221212	7.5	HIGH Network	gnu	libredwg	An issue was discovered in GNU LibreDWG through 0.9.3. There is a NULL pointer dereference in the function dwg_encode_LWPOLYLINE in dwg.spec.	CWE-476 NULL Pointer Dereference	CVE-2019-20909	2024-11-21 13:39	2020-07-17	Show	GitHub Exploit DB Packet Storm

221213	6.7	MEDIUM Local	linux opensuse canonical	linux_kernel leap ubuntu_linux	An issue was discovered in drivers/firmware/efi/efi.c in the Linux kernel before 5.4. Incorrect access permissions for the efivar_ssdt ACPI variable could be used by attackers to bypass lockdown or s…	NVD-CWE-noinfo	CVE-2019-20908	2024-11-21 13:39	2020-07-16	Show	GitHub Exploit DB Packet Storm

221214	7.5	HIGH Network	python opensuse debian fedoraproject canonical netapp oracle	python leap debian_linux fedora ubuntu_linux active_iq_unified_manager cloud_volumes_ontap_mediator zfs_storage_appliance_kit	In Lib/tarfile.py in Python through 3.8.3, an attacker is able to craft a TAR archive leading to an infinite loop when opened by tarfile.open, because _proc_pax lacks header validation.	CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')	CVE-2019-20907	2024-11-21 13:39	2020-07-13	Show	GitHub Exploit DB Packet Storm

221215	6.1	MEDIUM Network	atlassian	jira jira_server	The login.jsp resource in Jira before version 8.5.2, and from version 8.6.0 before version 8.6.1 allows remote attackers to redirect users to a different website which they may use as part of perform…	CWE-601 Open Redirect	CVE-2019-20901	2024-11-21 13:39	2020-07-13	Show	GitHub Exploit DB Packet Storm

221216	4.8	MEDIUM Network	atlassian	jira_server jira_data_center	Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the Add Field module. The af…	CWE-79 Cross-site Scripting	CVE-2019-20900	2024-11-21 13:39	2020-07-13	Show	GitHub Exploit DB Packet Storm

221217	5.3	MEDIUM Network	atlassian	jira jira_software_data_center jira_server jira_data_center	The Gadget API in Atlassian Jira Server and Data Center in affected versions allows remote attackers to make Jira unresponsive via repeated requests to a certain endpoint in the Gadget API. The affec…	NVD-CWE-noinfo	CVE-2019-20899	2024-11-21 13:39	2020-07-13	Show	GitHub Exploit DB Packet Storm

221218	7.5	HIGH Network	atlassian	jira_software_data_center jira	Affected versions of Atlassian Jira Server and Data Center allow remote attackers to access sensitive information without being authenticated in the Global permissions screen. The affected versions a…	NVD-CWE-noinfo	CVE-2019-20898	2024-11-21 13:39	2020-07-13	Show	GitHub Exploit DB Packet Storm

221219	6.5	MEDIUM Network	atlassian	jira jira_software_data_center jira_server jira_data_center	The avatar upload feature in affected versions of Atlassian Jira Server and Data Center allows remote attackers to achieve Denial of Service via a crafted PNG file. The affected versions are before v…	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2019-20897	2024-11-21 13:39	2020-07-13	Show	GitHub Exploit DB Packet Storm

221220	9.8	CRITICAL Network	webchess_project	webchess	WebChess 1.0 allows SQL injection via the messageFrom, gameID, opponent, messageID, or to parameter.	CWE-89 SQL Injection	CVE-2019-20896	2024-11-21 13:39	2020-07-8	Show	GitHub Exploit DB Packet Storm