Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 27, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
230501 6.8 警告 webportal - WebPortal CMS における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-0142 2012-12-20 18:34 2008-01-8 Show GitHub Exploit DB Packet Storm
230502 7.5 危険 webportal - WebPortal CMS の actions.php における任意のアカウントへのアクセス権を取得される脆弱性 CWE-255
証明書・パスワード管理 		CVE-2008-0141 2012-12-20 18:34 2008-01-8 Show GitHub Exploit DB Packet Storm
230503 6.4 警告 uebimiau - Uebimiau Webmail の error.php におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2008-0140 2012-12-20 18:34 2008-01-8 Show GitHub Exploit DB Packet Storm
230504 7.5 危険 snetworks - SNETWORKS PHP CLASSIFIEDS の config.inc.php における PHP リモートファイルインクルージョンの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-0137 2012-12-20 18:34 2008-01-8 Show GitHub Exploit DB Packet Storm
230505 5 警告 snitz forums 2000 - Snitz Forums 2000 における重要な情報を取得される脆弱性 CWE-200
情報漏えい 		CVE-2008-0136 2012-12-20 18:34 2008-01-8 Show GitHub Exploit DB Packet Storm
230506 5 警告 snitz forums 2000 - Snitz Forums 2000 におけるデータベースをダウンロードされる脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2008-0135 2012-12-20 18:34 2008-01-8 Show GitHub Exploit DB Packet Storm
230507 4.3 警告 snitz forums 2000 - Snitz Forums 2000 の Forums/setup.asp におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-0134 2012-12-20 18:34 2008-01-8 Show GitHub Exploit DB Packet Storm
230508 7.5 危険 thomas perez - Tribisur における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-0133 2012-12-20 18:34 2008-01-8 Show GitHub Exploit DB Packet Storm
230509 5 警告 pragma systems - Pragma FortressSSH におけるサービス運用妨害 (DoS) の脆弱性 CWE-399
リソース管理の問題 		CVE-2008-0132 2012-12-20 18:34 2008-01-8 Show GitHub Exploit DB Packet Storm
230510 6.8 警告 siteatschool - Site@School の starnet/addons/slideshow_full.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-0129 2012-12-20 18:34 2008-01-8 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 27, 2026, 4:52 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
213681 8.8 HIGH
Network 		gogogate ismartgate_pro_firmware iSmartgate PRO 1.5.9 is vulnerable to CSRF via the busca parameter in the form used for searching for users, accessible via /index.php. (This can be combined with reflected XSS.) CWE-352
 Origin Validation Error 		CVE-2020-12282 2024-11-21 13:59 2020-09-25 Show GitHub Exploit DB Packet Storm
213682 6.5 MEDIUM
Network 		gogogate ismartgate_pro_firmware iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to create a new user via /index.php. CWE-352
 Origin Validation Error 		CVE-2020-12281 2024-11-21 13:59 2020-09-25 Show GitHub Exploit DB Packet Storm
213683 6.5 MEDIUM
Network 		gogogate ismartgate_pro_firmware iSmartgate PRO 1.5.9 is vulnerable to CSRF that allows remote attackers to open/close a specified garage door/gate via /isg/opendoor.php. CWE-352
 Origin Validation Error 		CVE-2020-12280 2024-11-21 13:59 2020-09-25 Show GitHub Exploit DB Packet Storm
213684 7.2 HIGH
Network 		apache syncope In Apache Syncope 2.1.X releases prior to 2.1.7, when the Flowable extension is enabled, an administrator with workflow entitlements can use Shell Service Tasks to perform malicious operations, inclu… NVD-CWE-noinfo
CVE-2020-11977 2024-11-21 13:59 2020-09-16 Show GitHub Exploit DB Packet Storm
213685 7.5 HIGH
Network 		apache cocoon When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system. CWE-611
XXE 		CVE-2020-11991 2024-11-21 13:59 2020-09-11 Show GitHub Exploit DB Packet Storm
213686 9.8 CRITICAL
Network 		apache
oracle 		activemq
flexcube_private_banking
enterprise_repository
communications_diameter_signaling_router
communications_element_manager
communications_session_route_manager
communications_s… 		A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it l… NVD-CWE-noinfo
CVE-2020-11998 2024-11-21 13:59 2020-09-11 Show GitHub Exploit DB Packet Storm
213687 9.8 CRITICAL
Network 		apache netbeans To be able to analyze gradle projects, the build scripts need to be executed. Apache NetBeans follows this pattern. This causes the code of the build script to be invoked at load time of the project.… NVD-CWE-noinfo
CVE-2020-11986 2024-11-21 13:59 2020-09-10 Show GitHub Exploit DB Packet Storm
213688 8.8 HIGH
Network 		foxitsoftware phantompdf
reader 		In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can execute arbitrary code via a heap-based buffer overflow because dirty image-resource data is mishandled. CWE-787
 Out-of-bounds Write 		CVE-2020-12248 2024-11-21 13:59 2020-09-4 Show GitHub Exploit DB Packet Storm
213689 7.1 HIGH
Local 		foxitsoftware phantompdf
reader 		In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information from an out-of-bounds read because a text-string index continues to be used after… CWE-125
Out-of-bounds Read 		CVE-2020-12247 2024-11-21 13:59 2020-09-4 Show GitHub Exploit DB Packet Storm
213690 6.1 MEDIUM
Network 		oscommerce ce_phoenix Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 allow an attacker to inject and execute arbitrary JavaScript code. The malicious code can be injected as follows: the page paramete… CWE-79
Cross-site Scripting 		CVE-2020-12058 2024-11-21 13:59 2020-09-3 Show GitHub Exploit DB Packet Storm