Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 14, 2026, 10 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
228631 7.5 危険 PreProject.com - PreProjects.com Pre Hotels & Resorts Management System の user_login.asp における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-0744 2012-12-20 18:34 2008-02-12 Show GitHub Exploit DB Packet Storm
228632 7.5 危険 powerscripts - PowerScripts PowerNews におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2008-0742 2012-12-20 18:34 2008-02-12 Show GitHub Exploit DB Packet Storm
228633 7.5 危険 shoppingtree - CP の admin/SA_shipFedExMeter.asp における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-0739 2012-12-20 18:34 2008-02-12 Show GitHub Exploit DB Packet Storm
228634 7.5 危険 shoppingtree - CP における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-0738 2012-12-20 18:34 2008-02-12 Show GitHub Exploit DB Packet Storm
228635 7.5 危険 shoppingtree - CP の admin/utilities_ConfigHelp.asp における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-0737 2012-12-20 18:34 2008-02-12 Show GitHub Exploit DB Packet Storm
228636 5 警告 shoppingtree - CP の admin/SA_shipFedExMeter.asp におけるパスを取得される脆弱性 CWE-200
情報漏えい 		CVE-2008-0736 2012-12-20 18:34 2008-02-12 Show GitHub Exploit DB Packet Storm
228637 10 危険 titan - Titan FTP Server の FTP サービスなどにおけるヒープベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2008-0725 2012-12-20 18:34 2008-02-11 Show GitHub Exploit DB Packet Storm
228638 5 警告 the everything development company - The Everything Development System の The Everything Development Engine におけるユーザアカウントへアクセス権を取得される脆弱性 CWE-255
証明書・パスワード管理 		CVE-2008-0724 2012-12-20 18:34 2008-02-11 Show GitHub Exploit DB Packet Storm
228639 4.3 警告 planetluc - MyNews の mynews.inc.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-0723 2012-12-20 18:34 2008-02-11 Show GitHub Exploit DB Packet Storm
228640 4.3 警告 Webmin Project - Webmin および Usermin におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-0720 2012-12-20 18:34 2008-02-11 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 14, 2026, 4 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
209181 5.4 MEDIUM
Network 		bloomreach experience_manager An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows XSS in the login page via the loginmessage parameter, the text editor via the src attribute of HTML ele… CWE-79
Cross-site Scripting 		CVE-2020-14988 2024-11-21 14:04 2021-03-12 Show GitHub Exploit DB Packet Storm
209182 7.2 HIGH
Network 		bloomreach experience_manager An issue was discovered in Bloomreach Experience Manager (brXM) 4.1.0 through 14.2.2. It allows remote attackers to execute arbitrary code because there is a mishandling of the capability for adminis… CWE-74
CWE-862
Injection
 Missing Authorization 		CVE-2020-14987 2024-11-21 14:04 2021-03-12 Show GitHub Exploit DB Packet Storm
209183 9.1 CRITICAL
Network 		loklak_project loklak loklak is an open-source server application which is able to collect messages from various sources, including twitter. The server contains a search index and a peer-to-peer index sharing interface. A… - CVE-2020-15097 2024-11-21 14:04 2021-02-3 Show GitHub Exploit DB Packet Storm
209184 9.8 CRITICAL
Network 		oracle utilities_framework
coherence 		Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core Components). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1… NVD-CWE-noinfo
CVE-2020-14756 2024-11-21 14:04 2021-01-21 Show GitHub Exploit DB Packet Storm
209185 4.7 MEDIUM
Network 		oracle cloud_infrastructure_identity_and_access_management Vulnerability in the Oracle Cloud Infrastructure Identity and Access Management product of Oracle Cloud Services. Easily exploitable vulnerability allows high privileged attacker with network access … NVD-CWE-noinfo
CVE-2020-14874 2024-11-21 14:04 2020-12-23 Show GitHub Exploit DB Packet Storm
209186 5.9 MEDIUM
Network 		askey ap5100w_firmware Askey AP5100W devices through AP5100W_Dual_SIG_1.01.097 are affected by WPS PIN offline brute-force cracking. This arises because of issues with the random number selection for the Diffie-Hellman exc… CWE-330
 Use of Insufficiently Random Values 		CVE-2020-15023 2024-11-21 14:04 2020-12-12 Show GitHub Exploit DB Packet Storm
209187 9.8 CRITICAL
Network 		oracle fusion_middleware Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.… NVD-CWE-noinfo
CVE-2020-14750 2024-11-21 14:04 2020-11-3 Show GitHub Exploit DB Packet Storm
209188 4.8 MEDIUM
Network 		open-xchange open-xchange_appsuite OX App Suite through 7.10.3 allows stats/diagnostic?param= XSS. CWE-79
Cross-site Scripting 		CVE-2020-15004 2024-11-21 14:04 2020-10-23 Show GitHub Exploit DB Packet Storm
209189 4.3 MEDIUM
Network 		open-xchange open-xchange_appsuite OX App Suite through 7.10.3 allows Information Exposure because a user can obtain the IP address and User-Agent string of a different user (via the session API during shared Drive access). NVD-CWE-noinfo
CVE-2020-15003 2024-11-21 14:04 2020-10-23 Show GitHub Exploit DB Packet Storm
209190 5.0 MEDIUM
Network 		open-xchange open-xchange_appsuite OX App Suite through 7.10.3 allows SSRF via the the /ajax/messaging/message message API. CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2020-15002 2024-11-21 14:04 2020-10-23 Show GitHub Exploit DB Packet Storm