Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":April 30, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
229301 2.6 注意 シマンテック - Norton AntiVirus などの Symantec Automated Support Assistant で使用される ActiveX コントロールにおける重要な情報を取得される脆弱性 - CVE-2006-5404 2012-12-20 18:02 2006-10-5 Show GitHub Exploit DB Packet Storm
229302 5.1 警告 シマンテック - Norton AntiVirus などの Symantec Automated Support Assistant で使用される ActiveX コントロールにおけるスタックベースのバッファオーバーフローの脆弱性 - CVE-2006-5403 2012-12-20 18:02 2006-10-5 Show GitHub Exploit DB Packet Storm
229303 7.5 危険 phpmybibli - PHPmybibli における PHP リモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2006-5402 2012-12-20 18:02 2006-10-18 Show GitHub Exploit DB Packet Storm
229304 7.5 危険 phprecipebook - PHPRecipeBook の classes/Import_MM.class.php における PHP リモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2006-5399 2012-12-20 18:02 2006-10-18 Show GitHub Exploit DB Packet Storm
229305 7.5 危険 simplog - Simplog の comments.php における SQL インジェクションの脆弱性 - CVE-2006-5398 2012-12-20 18:02 2006-10-18 Show GitHub Exploit DB Packet Storm
229306 2.1 注意 X.Org Foundation - X.Org libX11 の Xinput モジュールにおける XCOMPOSEFILE 環境変数によって使用されるファイルが読み込まれる脆弱性 - CVE-2006-5397 2012-12-20 18:02 2006-11-2 Show GitHub Exploit DB Packet Storm
229307 5 警告 xfire - Xfire におけるサービス運用妨害 (DoS) の脆弱性 - CVE-2006-5391 2012-12-20 18:02 2006-10-18 Show GitHub Exploit DB Packet Storm
229308 6.8 警告 phpBB - phpBB 用の MMW モジュールにおける PHP リモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2006-5390 2012-12-20 18:02 2006-10-18 Show GitHub Exploit DB Packet Storm
229309 5 警告 wyana - PHP-Wyana の tools/tellhim.php における重要な情報を取得される脆弱性 - CVE-2006-5389 2012-12-20 18:02 2006-10-18 Show GitHub Exploit DB Packet Storm
229310 7.5 危険 webSPELL - WebSPELL の index.php における SQL インジェクションの脆弱性 - CVE-2006-5388 2012-12-20 18:02 2006-10-18 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 30, 2026, 4:58 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
198541 6.1 MEDIUM
Network 		mediawiki
fedoraproject 		mediawiki
fedora 		MediaWiki before 1.35.1 allows XSS via BlockLogFormatter.php. MediaWiki:blanknamespace potentially can be output as raw HTML with SCRIPT tags via LogFormatter::makePageLink(). This affects MediaWiki … CWE-79
Cross-site Scripting 		CVE-2020-35478 2024-11-21 14:27 2020-12-18 Show GitHub Exploit DB Packet Storm
198542 5.3 MEDIUM
Network 		mediawiki
debian
fedoraproject 		mediawiki
debian_linux
fedora 		MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggl… CWE-670
 Always-Incorrect Control Flow Implementation 		CVE-2020-35477 2024-11-21 14:27 2020-12-18 Show GitHub Exploit DB Packet Storm
198543 7.5 HIGH
Network 		mediawiki
debian
fedoraproject 		mediawiki
debian_linux
fedora 		In MediaWiki before 1.35.1, the messages userrights-expiry-current and userrights-expiry-none can contain raw HTML. XSS can happen when a user visits Special:UserRights but does not have rights to ch… CWE-79
Cross-site Scripting 		CVE-2020-35475 2024-11-21 14:27 2020-12-18 Show GitHub Exploit DB Packet Storm
198544 6.1 MEDIUM
Network 		mediawiki
fedoraproject 		mediawiki
fedora 		In MediaWiki before 1.35.1, the combination of Html::rawElement and Message::text leads to XSS because the definition of MediaWiki:recentchanges-legend-watchlistexpiry can be changed onwiki so that t… CWE-79
Cross-site Scripting 		CVE-2020-35474 2024-11-21 14:27 2020-12-18 Show GitHub Exploit DB Packet Storm
198545 9.8 CRITICAL
Network 		spotweb_project spotweb Time-based SQL injection exists in Spotweb 1.4.9 via the query string. CWE-89
SQL Injection 		CVE-2020-35545 2024-11-21 14:27 2020-12-18 Show GitHub Exploit DB Packet Storm
198546 8.1 HIGH
Network 		fasterxml
netapp
debian
oracle 		jackson-databind
service_level_manager
debian_linux
webcenter_portal
application_testing_suite
banking_platform
agile_plm
sd-wan_edge
communications_services_gatekeeper
ret… 		FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource. CWE-502
 Deserialization of Untrusted Data 		CVE-2020-35491 2024-11-21 14:27 2020-12-18 Show GitHub Exploit DB Packet Storm
198547 8.1 HIGH
Network 		fasterxml
netapp
debian
oracle 		jackson-databind
service_level_manager
debian_linux
webcenter_portal
application_testing_suite
banking_platform
agile_plm
communications_services_gatekeeper
retail_merchandisi… 		FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource. CWE-502
 Deserialization of Untrusted Data 		CVE-2020-35490 2024-11-21 14:27 2020-12-18 Show GitHub Exploit DB Packet Storm
198548 10.0 CRITICAL
Network 		rocklobster contact_form_7 The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters. CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2020-35489 2024-11-21 14:27 2020-12-18 Show GitHub Exploit DB Packet Storm
198549 5.3 MEDIUM
Network 		hashicorp vault HashiCorp Vault Enterprise’s Sentinel EGP policy feature incorrectly allowed requests to be processed in parent and sibling namespaces. Fixed in 1.5.6 and 1.6.1. NVD-CWE-noinfo
CVE-2020-35453 2024-11-21 14:27 2020-12-17 Show GitHub Exploit DB Packet Storm
198550 9.8 CRITICAL
Network 		opentsdb opentsdb A remote code execution vulnerability occurs in OpenTSDB through 2.4.0 via command injection in the yrange parameter. The yrange value is written to a gnuplot file in the /tmp directory. This file is… CWE-78
OS Command  		CVE-2020-35476 2024-11-21 14:27 2020-12-16 Show GitHub Exploit DB Packet Storm