Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 12, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
230351	10	危険	tufat	-	FlashBB の phpbb/getmsg.php における PHP リモートファイルインクルージョンの脆弱性	-	CVE-2006-7032	2012-12-20 18:18	2007-02-22	Show	GitHub Exploit DB Packet Storm

230352	7.8	危険	サン・マイクロシステムズ	-	Netra など Solaris が稼動しているシングル CPU Sun システムにおけるサービス運用妨害 (DoS) の脆弱性	-	CVE-2006-7028	2012-12-20 18:18	2007-02-22	Show	GitHub Exploit DB Packet Storm

230353	7.5	危険	sangwan kim	-	Bookmark4U の admin/config.php における SQL インジェクションの脆弱性	-	CVE-2006-7025	2012-12-20 18:18	2007-02-22	Show	GitHub Exploit DB Packet Storm

230354	7.5	危険	Plume CMS	-	Plume CMS の manager/tools/link/dbinstall.php における PHP リモートファイルインクルージョンの脆弱性	CWE-94 コード・インジェクション	CVE-2006-7021	2012-12-20 18:18	2007-02-14	Show	GitHub Exploit DB Packet Storm

230355	7.5	危険	phpwcms	-	phpwcms における任意のコードを実行される脆弱性	-	CVE-2006-7019	2012-12-20 18:18	2007-02-14	Show	GitHub Exploit DB Packet Storm

230356	7.5	危険	phpjobboard	-	phpjobboard における認証を回避される脆弱性	-	CVE-2006-7016	2012-12-20 18:18	2007-02-14	Show	GitHub Exploit DB Packet Storm

230357	10	危険	scart	-	SCart の scart.cgi における任意のコマンドを実行される脆弱性	-	CVE-2006-7012	2012-12-20 18:18	2007-02-14	Show	GitHub Exploit DB Packet Storm

230358	4.3	警告	wheatblog	-	wB の add_comment.php におけるクロスサイトスクリプティングの脆弱性	-	CVE-2006-7002	2012-12-20 18:18	2007-02-12	Show	GitHub Exploit DB Packet Storm

230359	7.1	危険	phpmychat plus	-	PhpMyChat Plus の avatar.php におけるディレクトリトラバーサルの脆弱性	-	CVE-2006-7001	2012-12-20 18:18	2007-02-12	Show	GitHub Exploit DB Packet Storm

230360	4.3	警告	the war forge	-	warforge.NEWS におけるクロスサイトスクリプティングの脆弱性	-	CVE-2006-6996	2012-12-20 18:18	2007-02-12	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 12, 2026, 5:06 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
197791	2.7	LOW Network	sap	leasing	Missing authorization check in a transaction within SAP Leasing (update provided in SAP_APPL 6.18, EA-APPL 6.0, 6.02, 6.03, 6.04, 6.05, 6.06, 6.16 and 6.17).	CWE-862 Missing Authorization	CVE-2020-6306	2024-11-21 14:35	2020-01-15	Show	GitHub Exploit DB Packet Storm

197792	6.1	MEDIUM Network	sap	process_integration	PI Rest Adapter of SAP Process Integration (update provided in SAP_XIAF 7.31, 7.40, 7.50) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.	CWE-79 Cross-site Scripting	CVE-2020-6305	2024-11-21 14:35	2020-01-15	Show	GitHub Exploit DB Packet Storm

197793	5.4	MEDIUM Network	sap	disclosure_management	SAP Disclosure Management, before version 10.1, does not validate user input properly in specific use cases leading to Cross-Site Scripting.	CWE-79 Cross-site Scripting	CVE-2020-6303	2024-11-21 14:35	2020-01-15	Show	GitHub Exploit DB Packet Storm

197794	8.8	HIGH Network	google opensuse fedoraproject redhat debian	chrome leap backports_sle fedora enterprise_linux_desktop enterprise_linux_workstation debian_linux	Use after free in audio in Google Chrome prior to 79.0.3945.117 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	CWE-416 Use After Free	CVE-2020-6377	2024-11-21 14:35	2020-01-11	Show	GitHub Exploit DB Packet Storm

197795	7.5	HIGH Network	sap	netweaver_internet_communication_manager_\(kernel\) netweaver_internet_communication_manager_\(krnl32nuc\) netweaver_internet_communication_manager_\(krnl32uc\) netweaver_internet_communicat…	Improper input validation in SAP NetWeaver Internet Communication Manager (update provided in KRNL32NUC & KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT KRNL64NUC & KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49…	CWE-20 Improper Input Validation	CVE-2020-6304	2024-11-21 14:35	2020-01-15	Show	GitHub Exploit DB Packet Storm

197796	9.1	CRITICAL Network	bftpd_project	bftpd	An issue was discovered in Bftpd 5.3. Under certain circumstances, an out-of-bounds read is triggered due to an uninitialized value. The daemon crashes at startup in the hidegroups_init function in d…	CWE-125 Out-of-bounds Read	CVE-2020-6162	2024-11-21 14:35	2020-01-11	Show	GitHub Exploit DB Packet Storm

197797	7.6	HIGH Network	webfactoryltd	minimal_coming_soon_\&_maintenance_mode	A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows authenticated users with basic access to enable and disable maintenance-mode settings (impacting the availa…	CWE-862 Missing Authorization	CVE-2020-6168	2024-11-21 14:35	2020-01-10	Show	GitHub Exploit DB Packet Storm

197798	5.4	MEDIUM Network	webfactoryltd	minimal_coming_soon_\&_maintenance_mode	A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.15, allows authenticated users with basic access to export settings and change maintenance-mode themes.	CWE-276 Incorrect Default Permissions	CVE-2020-6166	2024-11-21 14:35	2020-01-10	Show	GitHub Exploit DB Packet Storm

197799	8.8	HIGH Network	webfactoryltd	minimal_coming_soon_\&_maintenance_mode	A flaw in the WordPress plugin, Minimal Coming Soon & Maintenance Mode through 2.10, allows a CSRF attack to enable maintenance mode, inject XSS, modify several important settings, or include remote …	CWE-352 Origin Validation Error	CVE-2020-6167	2024-11-21 14:35	2020-01-10	Show	GitHub Exploit DB Packet Storm

197800	9.8	CRITICAL Network	genexis	platinum-4410_firmware	An authentication bypass vulnerability on Genexis Platinum-4410 v2.1 P4410-V2 1.28 devices allows attackers to obtain cleartext credentials from the HTML source code of the cgi-bin/index2.asp URI.	CWE-200 CWE-306 Information Exposure Missing Authentication for Critical Function	CVE-2020-6170	2024-11-21 14:35	2020-01-8	Show	GitHub Exploit DB Packet Storm