Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
228351	4.3	警告	Phase2 Technology	-	Drupal 用 Feeds モジュールにおける任意のノードを作成される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2012-5543	2012-12-5 16:56	2012-10-10	Show	GitHub Exploit DB Packet Storm

228352	6.8	警告	Pedro Cambra	-	Drupal 用 Commerce Extra Panes モジュールにおけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2012-5542	2012-12-5 16:55	2012-10-3	Show	GitHub Exploit DB Packet Storm

228353	4.3	警告	Twitter Pull Project	-	Drupal用 Twitter Pull モジュールにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-5541	2012-12-5 16:54	2012-10-3	Show	GitHub Exploit DB Packet Storm

228354	4.3	警告	Tekritisoftware	-	Drupal 用 Hostip モジュールにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-5540	2012-12-5 16:54	2012-10-3	Show	GitHub Exploit DB Packet Storm

228355	3.5	注意	Moshe Weitzman	-	Drupal 用 Organic Groups モジュールにおける任意のグループに投稿される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2012-5539	2012-12-5 16:51	2012-09-26	Show	GitHub Exploit DB Packet Storm

228356	2.1	注意	Nathan Haug	-	Drupal 用 FileField Sources モジュールにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-5538	2012-12-5 16:48	2012-09-19	Show	GitHub Exploit DB Packet Storm

228357	6	警告	Simplenews Scheduler Project	-	Drupal 用 Simplenews Scheduler モジュールにおける任意の PHP コードを挿入される脆弱性	CWE-94 コード・インジェクション	CVE-2012-5537	2012-12-5 16:44	2012-09-19	Show	GitHub Exploit DB Packet Storm

228358	5	警告	Erik Webb	-	Drupal 用 Password policy モジュールにおけるパスワードハッシュを取得される脆弱性	CWE-200 情報漏えい	CVE-2012-5552	2012-12-5 16:21	2012-10-31	Show	GitHub Exploit DB Packet Storm

228359	4.3	警告	ThinkShout	-	Drupal 用 MailChimp モジュールにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-5551	2012-12-5 16:17	2012-10-23	Show	GitHub Exploit DB Packet Storm

228360	7.5	危険	Carlos Carvalhar	-	Drupal 用 Time Spent モジュールにおける SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2012-5550	2012-12-5 16:05	2012-10-24	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:April 24, 2026, 4 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
212911	8.8	HIGH Network	puppet	puppet_enterprise	Parts of the Puppet Enterprise Console 3.x were found to be susceptible to clickjacking and CSRF (Cross-Site Request Forgery) attacks. This would allow an attacker to redirect user input to an untrus…	CWE-352 CWE-1021 Origin Validation Error Improper Restriction of Rendered UI Layers or Frames	CVE-2015-5686	2024-11-21 11:33	2020-02-27	Show	GitHub Exploit DB Packet Storm

212912	9.8	CRITICAL Network	enorth	webpublisher_cms	SQL injection vulnerability in pub/m_pending_news/delete_pending_news.jsp in Enorth Webpublisher CMS allows remote attackers to execute arbitrary SQL commands via the cbNewsId parameter.	CWE-89 SQL Injection	CVE-2015-5617	2024-11-21 11:33	2020-02-13	Show	GitHub Exploit DB Packet Storm

212913	9.8	CRITICAL Network	golang redhat	go enterprise_linux openstack	The net/http library in net/http/transfer.go in Go before 1.4.3 does not properly parse HTTP headers, which allows remote attackers to conduct HTTP request smuggling attacks via a request that contai…	CWE-444 HTTP Request Smuggling	CVE-2015-5741	2024-11-21 11:33	2020-02-9	Show	GitHub Exploit DB Packet Storm

212914	9.8	CRITICAL Network	yokogawa	centum_cs_1000_firmware centum_cs_3000_firmware centum_cs_3000_entry_firmware centum_vp_firmware centum_vp_entry_firmware prosafe-rs_firmware exapilot exaquantum\/batch exaqua…	Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP …	CWE-787 Out-of-bounds Write	CVE-2015-5628	2024-11-21 11:33	2020-02-6	Show	GitHub Exploit DB Packet Storm

212915	9.8	CRITICAL Network	yokogawa	centum_cs_1000_firmware centum_cs_3000_firmware centum_cs_3000_entry_firmware centum_vp_firmware centum_vp_entry_firmware prosafe-rs_firmware exapilot exaquantum\/batch exaqua…	Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP …	CWE-787 Out-of-bounds Write	CVE-2015-5627	2024-11-21 11:33	2020-02-6	Show	GitHub Exploit DB Packet Storm

212916	9.8	CRITICAL Network	yokogawa	centum_cs_1000_firmware centum_cs_3000_firmware centum_cs_3000_entry_firmware centum_vp_firmware centum_vp_entry_firmware prosafe-rs_firmware exapilot exaquantum\/batch exaqua…	Stack-based buffer overflow in Yokogawa CENTUM CS 1000 R3.08.70 and earlier, CENTUM CS 3000 R3.09.50 and earlier, CENTUM CS 3000 Entry R3.09.50 and earlier, CENTUM VP R5.04.20 and earlier, CENTUM VP …	CWE-787 Out-of-bounds Write	CVE-2015-5626	2024-11-21 11:33	2020-02-6	Show	GitHub Exploit DB Packet Storm

212917	8.8	HIGH Network	private_only_project	private_only	Multiple cross-site request forgery (CSRF) vulnerabilities in the Private Only plugin 3.5.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) a…	CWE-352 Origin Validation Error	CVE-2015-5483	2024-11-21 11:33	2020-01-29	Show	GitHub Exploit DB Packet Storm

212918	6.5	MEDIUM Network	qemu fedoraproject arista	qemu fedora eos	Buffer overflow in the send_control_msg function in hw/char/virtio-serial-bus.c in QEMU before 2.4.0 allows guest users to cause a denial of service (QEMU process crash) via a crafted virtio control …	CWE-120 Classic Buffer Overflow	CVE-2015-5745	2024-11-21 11:33	2020-01-24	Show	GitHub Exploit DB Packet Storm

212919	5.4	MEDIUM Network	plot	plotly	Cross-site scripting (XSS) vulnerability in the Plotly plugin before 1.0.3 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via a post.	CWE-79 Cross-site Scripting	CVE-2015-5484	2024-11-21 11:33	2020-01-16	Show	GitHub Exploit DB Packet Storm

212920	7.8	HIGH Local	sis	xgi_vga_display_manager	Silicon Integrated Systems XGI WindowsXP Display Manager (aka XGI VGA Driver Manager and VGA Display Manager) 6.14.10.1090 allows local users to gain privileges via a crafted 0x96002404 IOCTL call.	CWE-269 Improper Privilege Management	CVE-2015-5466	2024-11-21 11:33	2020-01-16	Show	GitHub Exploit DB Packet Storm