Vulnerability Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 26, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
230531	4.3	警告	phpcredo	-	PHCDownload の search.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2007-6669	2012-12-20 18:34	2008-01-7	Show	GitHub Exploit DB Packet Storm

230532	7.5	危険	Zenphoto	-	Zenphoto の rss.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2007-6666	2012-12-20 18:34	2008-01-4	Show	GitHub Exploit DB Packet Storm

230533	7.5	危険	webportal	-	WebPortal CMS の index.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2007-6664	2012-12-20 18:34	2008-01-4	Show	GitHub Exploit DB Packet Storm

230534	7.5	危険	pragmaticutopia	-	Joomla! 用の Pragmatic Utopia PU Arcade コンポーネントにおける SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2007-6663	2012-12-20 18:34	2008-01-4	Show	GitHub Exploit DB Packet Storm

230535	7.5	危険	xcms	-	XCMS の cpie.php における静的コードを直接挿入する攻撃を実行される脆弱性	CWE-94 コード・インジェクション	CVE-2007-6652	2012-12-20 18:34	2008-01-4	Show	GitHub Exploit DB Packet Storm

230536	5	警告	sanybee gallery	-	SanyBee Gallery の index.php におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2007-6648	2012-12-20 18:34	2008-01-4	Show	GitHub Exploit DB Packet Storm

230537	7.5	危険	W-Agora	-	w-Agora の index.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2007-6647	2012-12-20 18:34	2008-01-4	Show	GitHub Exploit DB Packet Storm

230538	6.8	警告	xml2owl	-	xml2owl の showCode.php における任意のコマンドを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2007-6632	2012-12-20 18:34	2008-01-3	Show	GitHub Exploit DB Packet Storm

230539	6.8	警告	pnphpbb	-	PNphpBB2 の printview.php におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2007-6624	2012-12-20 18:34	2008-01-3	Show	GitHub Exploit DB Packet Storm

230540	5	警告	zeuscms	-	ZeusCMS における絶対パストラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2007-6623	2012-12-20 18:34	2008-01-3	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 26, 2026, 4:05 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
214081	6.5	MEDIUM Network	freerdp opensuse debian	freerdp leap debian_linux	In FreeRDP less than or equal to 2.0.0, when running with logger set to "WLOG_TRACE", a possible crash of application could occur due to a read of an invalid array index. Data could be printed as str…	-	CVE-2020-11019	2024-11-21 13:56	2020-05-30	Show	GitHub Exploit DB Packet Storm

214082	6.5	MEDIUM Network	freerdp opensuse debian	freerdp leap debian_linux	In FreeRDP less than or equal to 2.0.0, a possible resource exhaustion vulnerability can be performed. Malicious clients could trigger out of bound reads causing memory allocation with random size. T…	-	CVE-2020-11018	2024-11-21 13:56	2020-05-30	Show	GitHub Exploit DB Packet Storm

214083	6.5	MEDIUM Network	freerdp opensuse debian	freerdp leap debian_linux	In FreeRDP less than or equal to 2.0.0, by providing manipulated input a malicious client can create a double free condition and crash the server. This is fixed in version 2.1.0.	-	CVE-2020-11017	2024-11-21 13:56	2020-05-30	Show	GitHub Exploit DB Packet Storm

214084	6.1	MEDIUM Network	kaminari_project debian	kaminari debian_linux	In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links. This has been fixed in 1.2.1.	-	CVE-2020-11082	2024-11-21 13:56	2020-05-29	Show	GitHub Exploit DB Packet Storm

214085	9.8	CRITICAL Network	node-dns-sync_project	node-dns-sync	node-dns-sync (npm module dns-sync) through 0.2.0 allows execution of arbitrary commands . This issue may lead to remote code execution if a client of the library calls the vulnerable method with unt…	CWE-77 Command Injection	CVE-2020-11079	2024-11-21 13:56	2020-05-29	Show	GitHub Exploit DB Packet Storm

214086	9.9	CRITICAL Network	anchore	engine	In Anchore Engine version 0.7.0, a specially crafted container image manifest, fetched from a registry, can be used to trigger a shell escape flaw in the anchore engine analyzer service during an ima…	NVD-CWE-Other	CVE-2020-11075	2024-11-21 13:56	2020-05-28	Show	GitHub Exploit DB Packet Storm

214087	7.5	HIGH Network	aegir_project	aegir	In AEgir greater than or equal to 21.7.0 and less than 21.10.1, aegir publish and aegir build may leak secrets from environment variables in the browser bundle published to npm. This has been fixed i…	CWE-200 Information Exposure	CVE-2020-11059	2024-11-21 13:56	2020-05-28	Show	GitHub Exploit DB Packet Storm

214088	7.8	HIGH Local	sympa fedoraproject debian canonical	sympa fedora debian_linux ubuntu_linux	Sympa before 6.2.56 allows privilege escalation.	CWE-269 Improper Privilege Management	CVE-2020-10936	2024-11-21 13:56	2020-05-28	Show	GitHub Exploit DB Packet Storm

214089	6.1	MEDIUM Network	centreon	centreon_host-monitoring_widget centreon_tactical-overview_widget centreon_service-monitoring_widget	Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script or HTML via the page parameter to service-monitoring/src/index.php. This vulnerability is fixed in vers…	CWE-79 Cross-site Scripting	CVE-2020-10946	2024-11-21 13:56	2020-05-28	Show	GitHub Exploit DB Packet Storm

214090	4.3	MEDIUM Adjacent	centreon	widget-host-monitoring centreon	Centreon before 19.10.7 exposes Session IDs in server responses.	CWE-200 Information Exposure	CVE-2020-10945	2024-11-21 13:56	2020-05-28	Show	GitHub Exploit DB Packet Storm

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed