Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 9, 2026, 4:11 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
228751 7.8 危険 ウインドリバー株式会社 - Wind River VxWorks の FTP デーモンにおけるアクセス権を取得される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2010-2968 2012-12-20 19:29 2010-08-5 Show GitHub Exploit DB Packet Storm
228752 7.8 危険 ウインドリバー株式会社 - Wind River VxWorks の loginLib におけるアクセス権を取得される脆弱性 CWE-310
暗号の問題 		CVE-2010-2967 2012-12-20 19:29 2010-08-5 Show GitHub Exploit DB Packet Storm
228753 7.8 危険 ウインドリバー株式会社 - Wind River VxWorks の INCLUDE_SECURITY 機能におけるアクセス権を取得される脆弱性 CWE-255
証明書・パスワード管理 		CVE-2010-2966 2012-12-20 19:29 2010-08-5 Show GitHub Exploit DB Packet Storm
228754 10 危険 Rockwell Automation
ウインドリバー株式会社		 - Rockwell Automation 1756-ENBT series A で使用されている Wind River VxWorks における任意のメモリ領域を読まれる脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2010-2965 2012-12-20 19:29 2010-08-5 Show GitHub Exploit DB Packet Storm
228755 6.9 警告 simone rota - SLiM における権限を取得される脆弱性 CWE-16
環境設定 		CVE-2010-2945 2012-12-20 19:29 2010-08-30 Show GitHub Exploit DB Packet Storm
228756 5 警告 VideoLAN - VideoLAN VLC Media Player の TagLib プラグインにおけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認 		CVE-2010-2937 2012-12-20 19:29 2010-08-20 Show GitHub Exploit DB Packet Storm
228757 5 警告 ZNC - ZNC におけるサービス運用妨害 (DoS) の脆弱性 CWE-noinfo
情報不足 		CVE-2010-2934 2012-12-20 19:29 2010-08-3 Show GitHub Exploit DB Packet Storm
228758 9.3 危険 topazsystems - SigPlus Pro ActiveX コントロールにおけるスタックベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2010-2931 2012-12-20 19:29 2010-08-5 Show GitHub Exploit DB Packet Storm
228759 7.5 危険 solucija - sNews の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2010-2926 2012-12-20 19:29 2010-07-30 Show GitHub Exploit DB Packet Storm
228760 7.5 危険 silvercover - WordPress 用の myLinksDump プラグインにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2010-2924 2012-12-20 19:29 2010-07-30 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 9, 2026, 4:16 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
207571 6.1 MEDIUM
Network 		mediawiki
fedoraproject 		mediawiki
fedora 		In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that t… CWE-79
Cross-site Scripting 		CVE-2020-35474 2024-11-21 14:27 2020-12-18 Show GitHub Exploit DB Packet Storm
207572 9.8 CRITICAL
Network 		spotweb_project spotweb Time-based SQL injection exists in Spotweb 1.4.9 via the query string. CWE-89
SQL Injection 		CVE-2020-35545 2024-11-21 14:27 2020-12-18 Show GitHub Exploit DB Packet Storm
207573 8.1 HIGH
Network 		fasterxml
netapp
debian
oracle 		jackson-databind
service_level_manager
debian_linux
webcenter_portal
application_testing_suite
banking_platform
agile_plm
sd-wan_edge
communications_services_gatekeeper
ret… 		FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource. CWE-502
 Deserialization of Untrusted Data 		CVE-2020-35491 2024-11-21 14:27 2020-12-18 Show GitHub Exploit DB Packet Storm
207574 8.1 HIGH
Network 		fasterxml
netapp
debian
oracle 		jackson-databind
service_level_manager
debian_linux
webcenter_portal
application_testing_suite
banking_platform
agile_plm
communications_services_gatekeeper
retail_merchandisi… 		FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource. CWE-502
 Deserialization of Untrusted Data 		CVE-2020-35490 2024-11-21 14:27 2020-12-18 Show GitHub Exploit DB Packet Storm
207575 10.0 CRITICAL
Network 		rocklobster contact_form_7 The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters. CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2020-35489 2024-11-21 14:27 2020-12-18 Show GitHub Exploit DB Packet Storm
207576 5.3 MEDIUM
Network 		hashicorp vault HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Fixed in 1.5.6 and 1.6.1. NVD-CWE-noinfo
CVE-2020-35453 2024-11-21 14:27 2020-12-17 Show GitHub Exploit DB Packet Storm
207577 9.8 CRITICAL
Network 		opentsdb opentsdb A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is… CWE-78
OS Command  		CVE-2020-35476 2024-11-21 14:27 2020-12-16 Show GitHub Exploit DB Packet Storm
207578 9.8 CRITICAL
Network 		softwareag terracotta_server_oss The Software AG Terracotta Server OSS Docker image 5.4.1 contains a blank password for the root user. Systems deployed using affected versions of the Terracotta Server OSS container may allow a remot… CWE-306
Missing Authentication for Critical Function 		CVE-2020-35469 2024-11-21 14:27 2020-12-16 Show GitHub Exploit DB Packet Storm
207579 9.8 CRITICAL
Network 		appbase streams The Appbase streams Docker image 2.1.2 contains a blank password for the root user. Systems deployed using affected versions of the streams container may allow a remote attacker to achieve root acces… CWE-306
Missing Authentication for Critical Function 		CVE-2020-35468 2024-11-21 14:27 2020-12-16 Show GitHub Exploit DB Packet Storm
207580 9.8 CRITICAL
Network 		docker docs The Docker Docs Docker image through 2020-12-14 contains a blank password for the root user. Systems deployed using affected versions of the Docker Docs container may allow a remote attacker to achie… CWE-306
Missing Authentication for Critical Function 		CVE-2020-35467 2024-11-21 14:27 2020-12-16 Show GitHub Exploit DB Packet Storm