Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 2, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
228581 6.8 警告 wabbit - Wabbit PHP Gallery の showpic.php におけるクロスサイトスクリプティングの脆弱性 - CVE-2007-2098 2012-12-20 18:19 2007-04-18 Show GitHub Exploit DB Packet Storm
228582 7.5 危険 tsdisplay4xoops - TSD4XOOPS の blocks/tsdisplay4xoops_block2.php における PHP リモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2007-2091 2012-12-20 18:19 2007-04-18 Show GitHub Exploit DB Packet Storm
228583 6.8 警告 tumusika evolution - TuMusika Evolution の index.php におけるクロスサイトスクリプティングの脆弱性 - CVE-2007-2090 2012-12-20 18:19 2007-04-18 Show GitHub Exploit DB Packet Storm
228584 7.5 危険 pl-php - pL-PHP の admin.php における認証を回避される脆弱性 - CVE-2007-2007 2012-12-20 18:19 2007-04-12 Show GitHub Exploit DB Packet Storm
228585 7.5 危険 pl-php - pL-PHP の login.php における SQL インジェクションの脆弱性 - CVE-2007-2006 2012-12-20 18:19 2007-04-12 Show GitHub Exploit DB Packet Storm
228586 7.5 危険 raphael limbach - Crea-Book の admin/admin.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2007-2000 2012-12-20 18:19 2007-04-12 Show GitHub Exploit DB Packet Storm
228587 4.3 警告 Youngzsoft - CmailServer WebMail の mail/signup.asp におけるクロスサイトスクリプティングの脆弱性 - CVE-2007-1991 2012-12-20 18:19 2007-04-12 Show GitHub Exploit DB Packet Storm
228588 7.5 危険 sam crew - Sam Crew MyBlog の games.php における PHP リモートファイルインクルージョンの脆弱性 - CVE-2007-1990 2012-12-20 18:19 2007-04-12 Show GitHub Exploit DB Packet Storm
228589 4.3 警告 phpecho cms - PHPEcho CMS の kernel/filters.inc.php におけるクロスサイトスクリプティングの脆弱性 - CVE-2007-1988 2012-12-20 18:19 2007-04-11 Show GitHub Exploit DB Packet Storm
228590 7.5 危険 phpexplorator - phpexplorator の phpexplorator.php における PHP リモートファイルインクルージョンの脆弱性 - CVE-2007-1985 2012-12-20 18:19 2007-04-11 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 3, 2026, 4:06 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
223161 8.8 HIGH
Network 		mirumee saleor In Mirumee Saleor 2.7.0 (fixed in 2.8.0), CSRF protection middleware was accidentally disabled, which allowed attackers to send a POST request without a valid CSRF token and be accepted by the server. CWE-352
 Origin Validation Error 		CVE-2019-13594 2024-11-21 13:25 2019-07-15 Show GitHub Exploit DB Packet Storm
223162 5.5 MEDIUM
Local 		sound_exchange_project sound_exchange An issue was discovered in libsox.a in SoX 14.4.2. In sox-fmt.h (startread function), there is an integer overflow on the result of integer addition (wraparound to 0) fed into the lsx_calloc macro th… CWE-190
CWE-476
 Integer Overflow or Wraparound
 NULL Pointer Dereference 		CVE-2019-13590 2024-11-21 13:25 2019-07-15 Show GitHub Exploit DB Packet Storm
223163 9.8 CRITICAL
Network 		anjlab paranoid2 The paranoid2 gem 1.1.6 for Ruby, as distributed on RubyGems.org, included a code-execution backdoor inserted by a third party. The current version, without this backdoor, is 1.1.5. CWE-829
 Inclusion of Functionality from Untrusted Control Sphere 		CVE-2019-13589 2024-11-21 13:25 2019-07-15 Show GitHub Exploit DB Packet Storm
223164 8.8 HIGH
Network 		zoom zoom The Zoom Client before 4.4.53932.0709 on macOS allows remote code execution, a different vulnerability than CVE-2019-13450. If the ZoomOpener daemon (aka the hidden web server) is running, but the Zo… CWE-78
OS Command  		CVE-2019-13567 2024-11-21 13:25 2019-07-12 Show GitHub Exploit DB Packet Storm
223165 7.8 HIGH
Local 		castlerock simple_network_management_protocol_console nodeimp.exe in Castle Rock SNMPc before 9.0.12.1 and 10.x before 10.0.9 has a stack-based buffer overflow via a long variable string in a Map Objects text file. CWE-787
 Out-of-bounds Write 		CVE-2019-13494 2024-11-21 13:25 2019-07-12 Show GitHub Exploit DB Packet Storm
223166 7.8 HIGH
Local 		minimagick_project
debian 		minimagick
debian_linux 		In lib/mini_magick/image.rb in MiniMagick before 4.9.4, a fetched remote image filename could cause remote command execution because Image.open input is directly passed to Kernel#open, which accepts … CWE-78
OS Command  		CVE-2019-13574 2024-11-21 13:25 2019-07-12 Show GitHub Exploit DB Packet Storm
223167 6.1 MEDIUM
Network 		pingidentity agentless_integration_kit XSS exists in Ping Identity Agentless Integration Kit before 1.5. CWE-79
Cross-site Scripting 		CVE-2019-13564 2024-11-21 13:25 2019-07-12 Show GitHub Exploit DB Packet Storm
223168 8.8 HIGH
Network 		dlink dir-655_firmware D-Link DIR-655 C devices before 3.02B05 BETA03 allow CSRF for the entire management console. CWE-352
 Origin Validation Error 		CVE-2019-13563 2024-11-21 13:25 2019-07-12 Show GitHub Exploit DB Packet Storm
223169 6.1 MEDIUM
Network 		dlink dir-655_firmware D-Link DIR-655 C devices before 3.02B05 BETA03 allow XSS, as demonstrated by the /www/ping_response.cgi ping_ipaddr parameter, the /www/ping6_response.cgi ping6_ipaddr parameter, and the /www/apply_s… CWE-79
Cross-site Scripting 		CVE-2019-13562 2024-11-21 13:25 2019-07-12 Show GitHub Exploit DB Packet Storm
223170 9.8 CRITICAL
Network 		dlink dir-655_firmware D-Link DIR-655 C devices before 3.02B05 BETA03 allow remote attackers to execute arbitrary commands via shell metacharacters in the online_firmware_check.cgi check_fw_url parameter. CWE-78
OS Command  		CVE-2019-13561 2024-11-21 13:25 2019-07-12 Show GitHub Exploit DB Packet Storm