Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 26, 2026, 10 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
230411	6.8	警告	setcms	-	SetCMS の index.php におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2008-0478	2012-12-20 18:34	2008-01-29	Show	GitHub Exploit DB Packet Storm

230412	6.4	警告	webwiz	-	Web Wiz Rich Text Editor の RTE_popup_save_file.asp における .html ファイルなどをアップロードされる脆弱性	CWE-20 不適切な入力確認	CVE-2008-0473	2012-12-20 18:34	2008-01-29	Show	GitHub Exploit DB Packet Storm

230413	4.3	警告	woltlab	-	wBB の modcp.php におけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2008-0472	2012-12-20 18:34	2008-01-29	Show	GitHub Exploit DB Packet Storm

230414	4.3	警告	phpBB	-	phpBB の privmsg.php におけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2008-0471	2012-12-20 18:34	2008-01-29	Show	GitHub Exploit DB Packet Storm

230415	7.5	危険	tiger php news system	-	TPNS の index.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-0469	2012-12-20 18:34	2008-01-29	Show	GitHub Exploit DB Packet Storm

230416	5	警告	webwiz	-	Web Wiz Rich Text Edito などで使用されている Web Wiz RTE_file_browser.asp におけるディレクトリトラバーサルの脆弱性	CWE-287 不適切な認証	CVE-2008-0466	2012-12-20 18:34	2008-01-28	Show	GitHub Exploit DB Packet Storm

230417	5	警告	seagullproject.org	-	Seagull の optimizer.php におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2008-0465	2012-12-20 18:34	2008-01-25	Show	GitHub Exploit DB Packet Storm

230418	6.8	警告	slaed	-	SLAED CMS の function/sources.php におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2008-0458	2012-12-20 18:34	2008-01-25	Show	GitHub Exploit DB Packet Storm

230419	10	危険	シマンテック	-	Symantec Backup Exec System Recovery Manager で使用される Symantec LiveState Apache Tomcat サーバで稼動している FileUpload クラスにおける任意の JSP ファイルをアップロードされる脆弱性	CWE-20 不適切な入力確認	CVE-2008-0457	2012-12-20 18:34	2008-02-4	Show	GitHub Exploit DB Packet Storm

230420	5	警告	siteman	-	Siteman の articles.php におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2008-0452	2012-12-20 18:34	2008-01-24	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 26, 2026, 4:05 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
200751	7.2	HIGH Network	gilacms	gila_cms	Gila CMS 1.11.8 allows /admin/sql?query= SQL Injection.	CWE-89 SQL Injection	CVE-2020-5515	2024-11-21 14:34	2020-01-7	Show	GitHub Exploit DB Packet Storm

200752	9.1	CRITICAL Network	gilacms	gila_cms	Gila CMS 1.11.8 allows Unrestricted Upload of a File with a Dangerous Type via .phar or .phtml to the lzld/thumb?src= URI.	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2020-5514	2024-11-21 14:34	2020-01-7	Show	GitHub Exploit DB Packet Storm

200753	7.5	HIGH Network	hashbrowncms	hashbrown_cms	An issue was discovered in HashBrown CMS before 1.3.2. Server/Entity/Resource/Connection.js allows an attacker to reach a parent directory via a crafted name or ID field.	CWE-22 Path Traversal	CVE-2020-5840	2024-11-21 14:34	2020-01-7	Show	GitHub Exploit DB Packet Storm

200754	9.8	CRITICAL Network	litespeedtech	openlitespeed	The WebAdmin Console in OpenLiteSpeed before v1.6.5 does not strictly check request URLs, as demonstrated by the "Server Configuration > External App" screen.	CWE-20 Improper Input Validation	CVE-2020-5519	2024-11-21 14:34	2020-01-6	Show	GitHub Exploit DB Packet Storm

200755	9.8	CRITICAL Network	apache	rust_sgx_sdk	Baidu Rust SGX SDK through 1.0.8 has an enclave ID race. There are non-deterministic results in which, sometimes, two global IDs are the same.	NVD-CWE-noinfo	CVE-2020-5499	2024-11-21 14:34	2020-01-4	Show	GitHub Exploit DB Packet Storm

200756	6.1	MEDIUM Network	mitreid	connect	The OpenID Connect reference implementation for MITREid Connect through 1.3.3 allows XSS due to userInfoJson being included in the page unsanitized. This is related to header.tag. The issue can be ex…	CWE-79 Cross-site Scripting	CVE-2020-5497	2024-11-21 14:34	2020-01-4	Show	GitHub Exploit DB Packet Storm

200757	8.8	HIGH Network	fontforge opensuse	fontforge leap	FontForge 20190801 has a heap-based buffer overflow in the Type2NotDefSplines() function in splinesave.c.	CWE-787 Out-of-bounds Write	CVE-2020-5496	2024-11-21 14:34	2020-01-4	Show	GitHub Exploit DB Packet Storm

200758	8.8	HIGH Network	fontforge fedoraproject opensuse	fontforge fedora leap	FontForge 20190801 has a use-after-free in SFD_GetFontMetaData in sfd.c.	CWE-416 Use After Free	CVE-2020-5395	2024-11-21 14:34	2020-01-4	Show	GitHub Exploit DB Packet Storm

200759	5.3	MEDIUM Network	ibm	safer_payments	IBM Counter Fraud Management for Safer Payments 5.7.0.00 through 5.7.0.10, 6.0.0.00 through 6.0.0.07, 6.1.0.00 through 6.1.0.05, and 6.2.0.00 through 6.2.1.00 could allow an authenticated attacker un…	NVD-CWE-noinfo	CVE-2020-4729	2024-11-21 14:33	2023-04-28	Show	GitHub Exploit DB Packet Storm

200760	8.2	HIGH Network	ibm	spectrum_scale	A vulnerability in the Spectrum Scale 5.0.5.0 through 5.1.6.1 core component could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID…	NVD-CWE-noinfo	CVE-2020-4927	2024-11-21 14:33	2023-03-16	Show	GitHub Exploit DB Packet Storm