Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 15, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
229581	4.3	警告	siteup	-	Site-Up の index.cgi におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2007-5433	2012-12-20 18:33	2007-10-12	Show	GitHub Exploit DB Packet Storm

229582	7.5	危険	scottmanktelow	-	Stride における管理者権限を取得される脆脆弱性	CWE-200 情報漏えい	CVE-2007-5432	2012-12-20 18:33	2007-10-12	Show	GitHub Exploit DB Packet Storm

229583	7.5	危険	scottmanktelow	-	Stride における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2007-5430	2012-12-20 18:33	2007-10-12	Show	GitHub Exploit DB Packet Storm

229584	4.3	警告	Umisoft	-	UMI CMS におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2007-5428	2012-12-20 18:33	2007-10-12	Show	GitHub Exploit DB Packet Storm

229585	7.5	危険	Tiki Software Community Association	-	TikiWiki の tiki-graph_formula.php における任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2007-5423	2012-12-20 18:33	2007-10-12	Show	GitHub Exploit DB Packet Storm

229586	6.8	警告	quoc-huy	-	Joomla! 用の Quoc-Huy mp3_allopass コンポーネントにおける PHP リモートファイルインクルージョンの脆弱性	CWE-94 コード・インジェクション	CVE-2007-5412	2012-12-20 18:33	2007-10-12	Show	GitHub Exploit DB Packet Storm

229587	6.8	警告	picoflat cms	-	PicoFlat CMS の index.php における PHP リモートファイルインクルージョンの脆弱性	CWE-94 コード・インジェクション	CVE-2007-5390	2012-12-20 18:33	2007-10-12	Show	GitHub Exploit DB Packet Storm

229588	6.8	警告	webdesktop	-	WebDesktop における PHP リモートファイルインクルージョンの脆弱性	CWE-94 コード・インジェクション	CVE-2007-5388	2012-12-20 18:33	2007-10-12	Show	GitHub Exploit DB Packet Storm

229589	6.8	警告	pindorama	-	Pindorama の active/components/xmlrpc/client.php における PHP リモートファイルインクルージョンの脆弱性	CWE-94 コード・インジェクション	CVE-2007-5387	2012-12-20 18:33	2007-10-12	Show	GitHub Exploit DB Packet Storm

229590	4.3	警告	The phpMyAdmin Project	-	phpMyAdmin におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2007-5386	2012-12-20 18:33	2007-10-12	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 15, 2026, 4:28 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
223751	6.1	MEDIUM Network	fusionpbx	fusionpbx	In FusionPBX up to v4.5.7, the file app\contacts\contact_import.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS.	CWE-79 Cross-site Scripting	CVE-2019-16987	2024-11-21 13:31	2019-10-22	Show	GitHub Exploit DB Packet Storm

223752	6.5	MEDIUM Network	fusionpbx	fusionpbx	In FusionPBX up to v4.5.7, the file resources\download.php uses an unsanitized "f" variable coming from the URL, which takes any pathname and allows a download of it. (resources\secure_download.php i…	CWE-22 Path Traversal	CVE-2019-16986	2024-11-21 13:31	2019-10-22	Show	GitHub Exploit DB Packet Storm

223753	6.5	MEDIUM Network	fusionpbx	fusionpbx	In FusionPBX up to v4.5.7, the file app\xml_cdr\xml_cdr_delete.php uses an unsanitized "rec" variable coming from the URL, which is base64 decoded and allows deletion of any file of the system.	CWE-22 Path Traversal	CVE-2019-16985	2024-11-21 13:31	2019-10-22	Show	GitHub Exploit DB Packet Storm

223754	6.1	MEDIUM Network	fusionpbx	fusionpbx	In FusionPBX up to v4.5.7, the file app\recordings\recording_play.php uses an unsanitized "filename" variable coming from the URL, which is base64 decoded and reflected in HTML, leading to XSS.	CWE-79 Cross-site Scripting	CVE-2019-16984	2024-11-21 13:31	2019-10-22	Show	GitHub Exploit DB Packet Storm

223755	6.1	MEDIUM Network	fusionpbx	fusionpbx	In FusionPBX up to v4.5.7, the file resources\paging.php has a paging function (called by several pages of the interface), which uses an unsanitized "param" variable constructed partially from the UR…	CWE-79 Cross-site Scripting	CVE-2019-16983	2024-11-21 13:31	2019-10-22	Show	GitHub Exploit DB Packet Storm

223756	6.1	MEDIUM Network	fusionpbx	fusionpbx	In FusionPBX up to v4.5.7, the file app\access_controls\access_control_nodes.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.	CWE-79 Cross-site Scripting	CVE-2019-16982	2024-11-21 13:31	2019-10-22	Show	GitHub Exploit DB Packet Storm

223757	6.1	MEDIUM Network	fusionpbx	fusionpbx	In FusionPBX up to v4.5.7, the file app\conference_profiles\conference_profile_params.php uses an unsanitized "id" variable coming from the URL, which is reflected on 2 occasions in HTML, leading to …	CWE-79 Cross-site Scripting	CVE-2019-16981	2024-11-21 13:31	2019-10-22	Show	GitHub Exploit DB Packet Storm

223758	6.5	MEDIUM Network	fusionpbx	fusionpbx	In FusionPBX up to v4.5.7, the file app/music_on_hold/music_on_hold.php uses an unsanitized "file" variable coming from the URL, which takes any pathname (base64 encoded) and allows a download of it.	CWE-22 Path Traversal	CVE-2019-16990	2024-11-21 13:31	2019-10-22	Show	GitHub Exploit DB Packet Storm

223759	8.8	HIGH Network	fusionpbx	fusionpbx	In FusionPBX up to v4.5.7, the file app\call_broadcast\call_broadcast_edit.php uses an unsanitized "id" variable coming from the URL in an unparameterized SQL query, leading to SQL injection.	CWE-89 SQL Injection	CVE-2019-16980	2024-11-21 13:31	2019-10-22	Show	GitHub Exploit DB Packet Storm

223760	6.1	MEDIUM Network	fusionpbx	fusionpbx	In FusionPBX up to v4.5.7, the file app\contacts\contact_urls.php uses an unsanitized "id" variable coming from the URL, which is reflected in HTML, leading to XSS.	CWE-79 Cross-site Scripting	CVE-2019-16979	2024-11-21 13:31	2019-10-22	Show	GitHub Exploit DB Packet Storm