Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 28, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
228951	5	警告	ryneezy	-	Ryneezy phoSheezy における管理者のパスワードハッシュを含むファイルをダウンロードされる脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2009-0250	2012-12-20 19:10	2009-01-22	Show	GitHub Exploit DB Packet Storm

228952	3.5	注意	tigris	-	WebSVN の listing.php における制限されたプロジェクトに対するチェンジログを読まれる脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2009-0240	2012-12-20 19:10	2009-01-20	Show	GitHub Exploit DB Packet Storm

228953	9.3	危険	vuplayer	-	VUPlayer におけるバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2009-0182	2012-12-20 19:10	2009-01-20	Show	GitHub Exploit DB Packet Storm

228954	9.3	危険	vuplayer	-	VUPlayer におけるバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2009-0181	2012-12-20 19:10	2009-01-20	Show	GitHub Exploit DB Packet Storm

228955	9.3	危険	vuplayer	-	VUPlayer におけるスタックベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2009-0174	2012-12-20 19:10	2009-01-20	Show	GitHub Exploit DB Packet Storm

228956	9.3	危険	share2	-	AAA EasyGrid ActiveX の EasyGrid.ocx における任意のファイルを作成される脆弱性	CWE-Other その他	CVE-2009-0134	2012-12-20 19:10	2009-01-16	Show	GitHub Exploit DB Packet Storm

228957	7.5	危険	riotpix	-	RiotPix の read.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-0110	2012-12-20 19:10	2009-01-9	Show	GitHub Exploit DB Packet Storm

228958	7.5	危険	riotpix	-	RiotPix の index.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-0109	2012-12-20 19:10	2009-01-9	Show	GitHub Exploit DB Packet Storm

228959	7.5	危険	phpauctions	-	PHPAuctions における管理者アクセス権を取得される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2009-0108	2012-12-20 19:10	2009-01-9	Show	GitHub Exploit DB Packet Storm

228960	4.3	警告	phpauctions	-	PHPAuctions の profile.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-0107	2012-12-20 19:10	2009-01-9	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 29, 2026, 4:16 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
208391	9.8	CRITICAL Network	gnuplot_project	gnuplot	com_line() in command.c in gnuplot 5.4 leads to an out-of-bounds-write from strncpy() that may lead to arbitrary code execution.	CWE-787 Out-of-bounds Write	CVE-2020-25412	2024-11-21 14:17	2020-09-16	Show	GitHub Exploit DB Packet Storm

208392	8.8	HIGH Network	blackcat-cms	blackcat_cms	An issue was discovered in BlackCat CMS before 1.4. There is a CSRF vulnerability (bypass csrf_token) that allows remote arbitrary code execution.	CWE-352 Origin Validation Error	CVE-2020-25453	2024-11-21 14:17	2020-09-16	Show	GitHub Exploit DB Packet Storm

208393	5.4	MEDIUM Network	niftypm	nifty	Nifty Project Management Web Application 2020-08-26 allows XSS, via Add Task, that is rendered upon a Project Home visit. Note: It has been argued that this is not reproducible. "The original issue w…	CWE-79 Cross-site Scripting	CVE-2020-25071	2024-11-21 14:17	2020-09-16	Show	GitHub Exploit DB Packet Storm

208394	5.4	MEDIUM Network	recall-products_project	recall-products	Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 is affected by: Cross Site Scripting (XSS) via the 'Recall Settings' field in admin.php. An attacker can inject JavaScript code that wil…	CWE-79 Cross-site Scripting	CVE-2020-25380	2024-11-21 14:17	2020-09-15	Show	GitHub Exploit DB Packet Storm

208395	8.8	HIGH Network	recall-products_project	recall-products	Wordpress Plugin Store / Mike Rooijackers Recall Products V0.8 fails to sanitize input from the 'Manufacturer[]' parameter which allows an authenticated attacker to inject a malicious SQL query.	CWE-89 SQL Injection	CVE-2020-25379	2024-11-21 14:17	2020-09-15	Show	GitHub Exploit DB Packet Storm

208396	6.1	MEDIUM Network	accesspressthemes	wp_floating_menu	Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting (XSS) via the id GET parameter.	CWE-79 Cross-site Scripting	CVE-2020-25378	2024-11-21 14:17	2020-09-15	Show	GitHub Exploit DB Packet Storm

208397	5.4	MEDIUM Network	softrade	wp_smart_crm_\&_invoices	Wordpress Plugin Store / SoftradeWeb SNC WP SMART CRM V1.8.7 is affected by: Cross Site Scripting via the Business Name field, Tax Code field, First Name field, Address field, Town field, Phone field…	CWE-79 Cross-site Scripting	CVE-2020-25375	2024-11-21 14:17	2020-09-15	Show	GitHub Exploit DB Packet Storm

208398	7.8	HIGH Local	kingsoft	wps_office	GdiDrawHoriLineIAlt in Kingsoft WPS Office before 11.2.0.9403 allows remote heap corruption via a crafted PLTE chunk in PNG data within a Word document. This is related to QBrush::setMatrix in gui/pa…	CWE-787 Out-of-bounds Write	CVE-2020-25291	2024-11-21 14:17	2020-09-14	Show	GitHub Exploit DB Packet Storm

208399	5.5	MEDIUM Local	avast	secureline_vpn	The VPN service in AVAST SecureLine before 5.6.4982.470 allows local users to write to arbitrary files via an Object Manager symbolic link from the log directory (which has weak permissions).	CWE-59 Link Following	CVE-2020-25289	2024-11-21 14:17	2020-09-14	Show	GitHub Exploit DB Packet Storm

208400	7.2	HIGH Network	pligg_project	pligg	Pligg 2.0.3 allows remote authenticated users to execute arbitrary commands because the template editor can edit any file, as demonstrated by an admin/admin_editor.php the_file=..%2Findex.php&open=Op…	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2020-25287	2024-11-21 14:17	2020-09-14	Show	GitHub Exploit DB Packet Storm