Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 10, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
229391 7.5 危険 XOOPS - Xoops 用の MyAds モジュールにおける SQL インジェクションの脆弱性 - CVE-2007-1846 2012-12-20 18:19 2007-04-3 Show GitHub Exploit DB Packet Storm
229392 7.5 危険 XOOPS - Xoops 用の Friendfinder モジュールにおける SQL インジェクションの脆弱性 - CVE-2007-1838 2012-12-20 18:19 2007-04-2 Show GitHub Exploit DB Packet Storm
229393 5 警告 web-app.org - web-app.org WebAPP における特定のファイルをアップロードされる脆弱性 - CVE-2007-1832 2012-12-20 18:19 2007-04-2 Show GitHub Exploit DB Packet Storm
229394 6 警告 web-app.org - web-app.org WebAPP におけるファイルを開かれる脆弱性 - CVE-2007-1831 2012-12-20 18:19 2007-04-2 Show GitHub Exploit DB Packet Storm
229395 4.3 警告 web-app.org - web-app.org WebAPP 用の Username Hijacking Patch における管理アクセス権限を取得される脆弱性 - CVE-2007-1830 2012-12-20 18:19 2007-04-2 Show GitHub Exploit DB Packet Storm
229396 7.5 危険 web-app.net - web-app.net WebAPP における脆弱性 - CVE-2007-1829 2012-12-20 18:19 2007-03-17 Show GitHub Exploit DB Packet Storm
229397 3.5 注意 web-app.org - web-app.org WebAPP におけるクロスサイトスクリプティングの脆弱性 - CVE-2007-1828 2012-12-20 18:19 2007-04-2 Show GitHub Exploit DB Packet Storm
229398 6 警告 web-app.org - web-app.org WebAPP のフォーム入力検証におけるデータファイルを破損される脆弱性 - CVE-2007-1827 2012-12-20 18:19 2007-04-2 Show GitHub Exploit DB Packet Storm
229399 10 危険 T-Mobile - T-Mobile ボイスメールシステムにおけるメッセージを収集または削除される脆弱性 - CVE-2007-1823 2012-12-20 18:19 2007-04-2 Show GitHub Exploit DB Packet Storm
229400 9.3 危険 softartisans - SoftArtisans XFile の SAFmgPws.dll におけるスタックベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2007-1682 2012-12-20 18:19 2008-08-27 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 11, 2026, 4:09 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
223161 9.8 CRITICAL
Network 		sitos sitos_six An unrestricted file upload vulnerability in SITOS six Build v6.2.1 allows remote attackers to execute arbitrary code by uploading a SCORM file with an executable extension. This allows an unauthenti… CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2019-15751 2024-11-21 13:29 2019-10-7 Show GitHub Exploit DB Packet Storm
223162 6.1 MEDIUM
Network 		sitos sitos_six A Cross-Site Scripting (XSS) vulnerability in the blog function in SITOS six Build v6.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. CWE-79
Cross-site Scripting 		CVE-2019-15750 2024-11-21 13:29 2019-10-7 Show GitHub Exploit DB Packet Storm
223163 6.5 MEDIUM
Network 		sitos sitos_six SITOS six Build v6.2.1 allows a user to change their password and recovery email address without requiring them to confirm the change with their old password. This would allow an attacker with access… CWE-640
 Weak Password Recovery Mechanism for Forgotten Password 		CVE-2019-15749 2024-11-21 13:29 2019-10-7 Show GitHub Exploit DB Packet Storm
223164 9.8 CRITICAL
Network 		sitos sitos_six SITOS six Build v6.2.1 permits unauthorised users to upload and import a SCORM 2004 package by browsing directly to affected pages. An unauthenticated attacker could use the upload and import functio… CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2019-15748 2024-11-21 13:29 2019-10-7 Show GitHub Exploit DB Packet Storm
223165 8.8 HIGH
Network 		sitos sitos_six SITOS six Build v6.2.1 allows a user with the user role of Seminar Coordinator to escalate their permission to the Systemadministrator role due to insufficient checks on the server side. CWE-269
 Improper Privilege Management 		CVE-2019-15747 2024-11-21 13:29 2019-10-7 Show GitHub Exploit DB Packet Storm
223166 9.8 CRITICAL
Network 		sitos sitos_six SITOS six Build v6.2.1 allows an attacker to inject arbitrary PHP commands. As a result, an attacker can compromise the running server and execute system commands in the context of the web user. CWE-94
CWE-78
Code Injection
OS Command  		CVE-2019-15746 2024-11-21 13:29 2019-10-7 Show GitHub Exploit DB Packet Storm
223167 8.8 HIGH
Network 		kslabs ksweb The KSLABS KSWEB (aka ru.kslabs.ksweb) application 3.93 for Android allows authenticated remote code execution via a POST request to the AJAX handler with the configFile parameter set to the arbitrar… CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2019-15766 2024-11-21 13:29 2019-10-4 Show GitHub Exploit DB Packet Storm
223168 4.7 MEDIUM
Local 		microchip
tecsec
thalesgroup
cryptsoft
athena-scs 		atmel_toolbox
armored_card
etoken_4300
s\/a_idflex_v
idprotect 		Smart cards from the Athena SCS manufacturer, based on the Atmel Toolbox 00.03.11.05 and the AT90SC chip, contain a timing side channel in ECDSA signature generation. This allows a local attacker, ab… CWE-203
 Information Exposure Through Discrepancy 		CVE-2019-15809 2024-11-21 13:29 2019-10-3 Show GitHub Exploit DB Packet Storm
223169 9.8 CRITICAL
Network 		govicture pc530_firmware Victure PC530 devices allow unauthenticated TELNET access as root. CWE-306
Missing Authentication for Critical Function 		CVE-2019-15940 2024-11-21 13:29 2019-10-1 Show GitHub Exploit DB Packet Storm
223170 6.1 MEDIUM
Network 		netdisco netdisco Insufficient sanitization during device search in Netdisco 2.042010 allows for reflected XSS via manipulation of a URL parameter. CWE-79
Cross-site Scripting 		CVE-2019-15810 2024-11-21 13:29 2019-10-1 Show GitHub Exploit DB Packet Storm