Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 11, 2026, 12:16 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
229581	8.3	危険	Wikka Development Team	-	WikkaWiki における任意の設定ファイルをアップロードされる脆弱性	-	CVE-2007-2613	2012-12-20 18:19	2007-05-11	Show	GitHub Exploit DB Packet Storm

229582	7.5	危険	Wikka Development Team	-	WikkaWiki の libs/Wakka.class.php における SQL インジェクションの脆弱性	-	CVE-2007-2612	2012-12-20 18:19	2007-05-11	Show	GitHub Exploit DB Packet Storm

229583	6.8	警告	wavelink media	-	TutorialCMS におけるクロスサイトスクリプティングの脆弱性	-	CVE-2007-2600	2012-12-20 18:19	2007-05-11	Show	GitHub Exploit DB Packet Storm

229584	7.5	危険	wavelink media	-	TutorialCMS における SQL インジェクションの脆弱性	-	CVE-2007-2599	2012-12-20 18:19	2007-05-11	Show	GitHub Exploit DB Packet Storm

229585	10	危険	Simplenews Project	-	SimpleNews の print.php における SQL インジェクションの脆弱性	-	CVE-2007-2598	2012-12-20 18:19	2007-05-11	Show	GitHub Exploit DB Packet Storm

229586	7.5	危険	telltargetcms	-	telltarget CMS における PHP リモートファイルインクルージョンの脆弱性	-	CVE-2007-2597	2012-12-20 18:19	2007-05-11	Show	GitHub Exploit DB Packet Storm

229587	6.5	警告	rscript	-	RSAuction におけるユーザ自身のアカウントステータスを Suspended から Active に変更される脆弱性	-	CVE-2007-2595	2012-12-20 18:19	2007-05-11	Show	GitHub Exploit DB Packet Storm

229588	7.5	危険	phpmyportal	-	phpMyPortal の inc/articles.inc.php における PHP リモートファイルインクルージョンの脆弱性	-	CVE-2007-2594	2012-12-20 18:19	2007-05-11	Show	GitHub Exploit DB Packet Storm

229589	7.5	危険	vm watermark	-	Gallery 用の vm watermark における PHP リモートファイルインクルージョンの脆弱性	CWE-94 コード・インジェクション	CVE-2007-2575	2012-12-20 18:19	2007-05-9	Show	GitHub Exploit DB Packet Storm

229590	7.5	危険	phptree	-	PHPtree の plugin/HP_DEV/cms2.php における PHP リモートファイルインクルージョンの脆弱性	-	CVE-2007-2573	2012-12-20 18:19	2007-05-9	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 11, 2026, 4:09 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
213911	7.5	HIGH Network	mishubd	wp_human_resource_management	The WP Human Resource Management plugin before 2.2.6 for WordPress does not ensure that a leave modification occurs in the context of the Administrator or HR Manager role.	CWE-862 Missing Authorization	CVE-2019-9574	2024-11-21 13:51	2019-03-6	Show	GitHub Exploit DB Packet Storm

213912	7.5	HIGH Network	mishubd	wp_human_resource_management	The WP Human Resource Management plugin before 2.2.6 for WordPress mishandles leave applications.	CWE-19 Data Processing Errors	CVE-2019-9573	2024-11-21 13:51	2019-03-6	Show	GitHub Exploit DB Packet Storm

213913	7.2	HIGH Network	schoolcms	schoolcms	SchoolCMS version 2.3.1 allows file upload via the theme upload feature at admin.php?m=admin&c=theme&a=upload by using the .zip extension along with the _Static substring, changing the Content-Type t…	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2019-9572	2024-11-21 13:51	2019-03-5	Show	GitHub Exploit DB Packet Storm

213914	4.8	MEDIUM Network	yzmcms	yzmcms	An issue was discovered in YzmCMS 5.2.0. It has XSS via the bottom text field to the admin/system_manage/save.html URI, related to the site_code parameter.	CWE-79 Cross-site Scripting	CVE-2019-9570	2024-11-21 13:51	2019-03-5	Show	GitHub Exploit DB Packet Storm

213915	6.5	MEDIUM Network	incsub	forminator	The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has SQL Injection via the wp-admin/admin.php?page=forminator-entries entry[] parameter if the attacker has the delet…	CWE-89 SQL Injection	CVE-2019-9568	2024-11-21 13:51	2019-03-5	Show	GitHub Exploit DB Packet Storm

213916	6.1	MEDIUM Network	incsub	forminator	The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has XSS via a custom input field of a poll.	CWE-79 Cross-site Scripting	CVE-2019-9567	2024-11-21 13:51	2019-03-5	Show	GitHub Exploit DB Packet Storm

213917	9.8	CRITICAL Network	flarumchina	flarumchina	FlarumChina v0.1.0-beta.7C has SQL injection via a /?q= request.	CWE-89 SQL Injection	CVE-2019-9566	2024-11-21 13:51	2019-03-5	Show	GitHub Exploit DB Packet Storm

213918	9.1	CRITICAL Network	druide	antidote	Druide Antidote RX, HD, 8 before 8.05.2287, 9 before 9.5.3937 and 10 before 10.1.2147 allows remote attackers to steal NTLM hashes or perform SMB relay attacks upon a direct launch of the product, or…	NVD-CWE-noinfo	CVE-2019-9565	2024-11-21 13:51	2019-03-4	Show	GitHub Exploit DB Packet Storm

213919	7.5	HIGH Network	bluemind	bluemind	In BlueMind 3.5.x before 3.5.11 Hotfix 7 and 4.x before 4.0-beta3, the contact application mishandles temporary uploads.	CWE-19 Data Processing Errors	CVE-2019-9563	2024-11-21 13:51	2019-03-4	Show	GitHub Exploit DB Packet Storm

213920	9.8	CRITICAL Network	eloan_project	eloan	Eloan V3.0 through 2018-09-20 allows remote attackers to list files via a direct request to the p2p/api/ or p2p/lib/ or p2p/images/ URI.	CWE-425 Direct Request ('Forced Browsing')	CVE-2019-9552	2024-11-21 13:51	2019-03-4	Show	GitHub Exploit DB Packet Storm