Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 6, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
228251 7.5 危険 phpecho cms - PHPEcho CMS の管理パネルにおける SQL インジェクションの脆弱性 - CVE-2007-3335 2012-12-20 18:19 2007-06-21 Show GitHub Exploit DB Packet Storm
228252 5 警告 PHPNUKE - PHP-Nuke 用の Satel Lite におけるディレクトリトラバーサルの脆弱性 - CVE-2007-3332 2012-12-20 18:19 2007-06-21 Show GitHub Exploit DB Packet Storm
228253 5 警告 stphp - STphp EasyNews におけるクロスサイトリクエストフォージェリの脆弱性 - CVE-2007-3331 2012-12-20 18:19 2007-06-21 Show GitHub Exploit DB Packet Storm
228254 4.3 警告 stphp - STphp EasyNews におけるクロスサイトスクリプティングの脆弱性 - CVE-2007-3330 2012-12-20 18:19 2007-06-21 Show GitHub Exploit DB Packet Storm
228255 6.8 警告 xvid - Xvid の src/bitstream/mbcoding.c における任意のコードを実行される脆弱性 CWE-DesignError
CVE-2007-3329 2012-12-20 18:19 2007-04-28 Show GitHub Exploit DB Packet Storm
228256 9.3 危険 VideoLAN - VideoLAN VLC Media Player のプラグインにおけるフォーマットストリングの脆弱性 - CVE-2007-3316 2012-12-20 18:19 2007-06-12 Show GitHub Exploit DB Packet Storm
228257 6.8 警告 yourfreescreamer - YourFreeScreamer における PHP リモートファイルインクルージョンの脆弱性 - CVE-2007-3315 2012-12-20 18:19 2007-06-21 Show GitHub Exploit DB Packet Storm
228258 7.5 危険 XOOPS - Xoops 用の Articles モジュールにおける SQL インジェクションの脆弱性 - CVE-2007-3311 2012-12-20 18:19 2007-06-21 Show GitHub Exploit DB Packet Storm
228259 4.3 警告 tdizin - TDizin の arama.asp におけるクロスサイトスクリプティングの脆弱性 - CVE-2007-3310 2012-12-20 18:19 2007-06-20 Show GitHub Exploit DB Packet Storm
228260 7.5 危険 Simple Machines - SMF におけるメッセージの作成時に任意の PHP コードを実行され脆弱性 - CVE-2007-3309 2012-12-20 18:19 2007-06-20 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 6, 2026, 4:08 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
200811 8.8 HIGH
Network 		artworks_gallery_in_php\
_css\
_javascript\
_and_mysql_project 		artworks_gallery_in_php\
_css\
_javascript\
_and_mysql 		The add artwork functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files. CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2020-28688 2024-11-21 14:23 2020-11-17 Show GitHub Exploit DB Packet Storm
200812 8.8 HIGH
Network 		artworks_gallery_in_php\
_css\
_javascript\
_and_mysql_project 		artworks_gallery_in_php\
_css\
_javascript\
_and_mysql 		The edit profile functionality in ARTWORKS GALLERY IN PHP, CSS, JAVASCRIPT, AND MYSQL 1.0 allows remote attackers to upload arbitrary files. CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2020-28687 2024-11-21 14:23 2020-11-17 Show GitHub Exploit DB Packet Storm
200813 5.4 MEDIUM
Network 		progress moveit_transfer In Progress MOVEit Transfer before 2020.1, a malicious user could craft and store a payload within the application. If a victim within the MOVEit Transfer instance interacts with the stored payload, … CWE-79
Cross-site Scripting 		CVE-2020-28647 2024-11-21 14:23 2020-11-17 Show GitHub Exploit DB Packet Storm
200814 8.8 HIGH
Network 		horizontcms_project horizontcms An unrestricted file upload issue in HorizontCMS 1.0.0-beta allows an authenticated remote attacker to upload PHP code through a zip file by uploading a theme, and executing the PHP file via an HTTP … CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2020-28693 2024-11-21 14:23 2020-11-17 Show GitHub Exploit DB Packet Storm
200815 7.2 HIGH
Network 		gilacms gila_cms In Gila CMS 1.16.0, an attacker can upload a shell to tmp directy and abuse .htaccess through the logs function for executing PHP files. CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2020-28692 2024-11-21 14:23 2020-11-17 Show GitHub Exploit DB Packet Storm
200816 7.5 HIGH
Network 		cloudavid pparam Memory leak in IPv6Param::setAddress in CloudAvid PParam 1.3.1. CWE-401
 Missing Release of Memory after Effective Lifetime 		CVE-2020-28723 2024-11-21 14:23 2020-11-17 Show GitHub Exploit DB Packet Storm
200817 6.8 MEDIUM
Physics 		vw polo_firmware The update functionality of the Discover Media infotainment system in Volkswagen Polo 2019 vehicles allows physically proximate attackers to execute arbitrary code because some unsigned parts of a me… CWE-354
 Improper Validation of Integrity Check Value 		CVE-2020-28656 2024-11-21 14:23 2020-11-16 Show GitHub Exploit DB Packet Storm
200818 5.4 MEDIUM
Network 		wpbakery page_builder The WPBakery plugin before 6.4.1 for WordPress allows XSS because it calls kses_remove_filters to disable the standard WordPress XSS protection mechanism for the Author and Contributor roles. CWE-79
Cross-site Scripting 		CVE-2020-28650 2024-11-21 14:23 2020-11-16 Show GitHub Exploit DB Packet Storm
200819 8.8 HIGH
Network 		orbisius child_theme_creator The orbisius-child-theme-creator plugin before 1.5.2 for WordPress allows CSRF via orbisius_ctc_theme_editor_manage_file. CWE-352
 Origin Validation Error 		CVE-2020-28649 2024-11-21 14:23 2020-11-16 Show GitHub Exploit DB Packet Storm
200820 8.8 HIGH
Network 		nagios nagios_xi Improper input validation in the Auto-Discovery component of Nagios XI before 5.7.5 allows an authenticated attacker to execute remote code. CWE-20
 Improper Input Validation  		CVE-2020-28648 2024-11-21 14:23 2020-11-16 Show GitHub Exploit DB Packet Storm