Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 28, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
231041 10 危険 runcms - RunCms の newbb_plus における脆弱性 CWE-noinfo
情報不足 		CVE-2007-5535 2012-12-20 18:33 2007-10-17 Show GitHub Exploit DB Packet Storm
231042 4.6 警告 sitebar - SiteBar の translator.php における任意の PHP コードを実行される脆弱性 CWE-94
コード・インジェクション 		CVE-2007-5492 2012-12-20 18:33 2007-10-17 Show GitHub Exploit DB Packet Storm
231043 9 危険 sitebar - SiteBar の translator.php におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2007-5491 2012-12-20 18:33 2007-10-17 Show GitHub Exploit DB Packet Storm
231044 5 警告 wwwisis - WWWISIS の wxis.exe におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2007-5484 2012-12-20 18:33 2007-10-16 Show GitHub Exploit DB Packet Storm
231045 6.4 警告 サン・マイクロシステムズ - Sun StorEdge/StorageTek 3510 FC Array の FTP サービスにおけるサービス運用妨害 (DoS) の脆弱性 CWE-noinfo
情報不足 		CVE-2007-5482 2012-12-20 18:33 2007-10-15 Show GitHub Exploit DB Packet Storm
231046 4.3 警告 xcomputer - Xcomputer の Search.asp におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2007-5479 2012-12-20 18:33 2007-10-16 Show GitHub Exploit DB Packet Storm
231047 4.3 警告 valve software - WebMod Half-Life Dedicated Server プラグインの auth.w におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2007-5477 2012-12-20 18:33 2007-10-16 Show GitHub Exploit DB Packet Storm
231048 7.8 危険 SUSE - SUSE Linux Enterprise Server の ISC BIND named デーモンで使用される libgssapi におけるサービス運用妨害 (DoS) の脆弱性 CWE-DesignError
CVE-2007-5471 2012-12-20 18:33 2007-10-15 Show GitHub Exploit DB Packet Storm
231049 5 警告 viart - ViArt Shop の iDEAL payment モジュール における証明書および鍵ファイルのパス名を取得される脆弱性 CWE-22
パス・トラバーサル 		CVE-2007-5463 2012-12-20 18:33 2007-10-15 Show GitHub Exploit DB Packet Storm
231050 4.3 警告 wwwisis - WWWISIS の wxis.exe におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2007-5455 2012-12-20 18:33 2007-10-14 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 29, 2026, 4:16 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
210241 6.1 MEDIUM
Network 		apache sling_cms Scripts in Sling CMS before 0.16.0 do not property escape the Sling Selector from URLs when generating navigational elements for the administrative consoles and are vulnerable to reflected XSS attack… CWE-79
Cross-site Scripting 		CVE-2020-1949 2024-11-21 14:11 2020-04-2 Show GitHub Exploit DB Packet Storm
210242 6.1 MEDIUM
Network 		apache ofbiz Data sent with contentId to /control/stream is not sanitized, allowing XSS attacks in Apache OFBiz 16.11.01 to 16.11.07. CWE-79
Cross-site Scripting 		CVE-2020-1943 2024-11-21 14:11 2020-04-2 Show GitHub Exploit DB Packet Storm
210243 7.8 HIGH
Local 		systemd_project
redhat
debian 		systemd
enterprise_linux
openshift_container_platform
discovery
migration_toolkit
ceph_storage
debian_linux 		A heap use-after-free vulnerability was found in systemd before version v245-rc1, where asynchronous Polkit queries are performed while handling dbus messages. A local unprivileged attacker can abuse… CWE-416
 Use After Free 		CVE-2020-1712 2024-11-21 14:11 2020-04-1 Show GitHub Exploit DB Packet Storm
210244 8.1 HIGH
Network 		otrs otrs An attacker with the ability to generate session IDs or password reset tokens, either by being able to authenticate or by exploiting OSA-2020-09, may be able to predict other users session IDs, passw… CWE-331
 Insufficient Entropy 		CVE-2020-1773 2024-11-21 14:11 2020-03-27 Show GitHub Exploit DB Packet Storm
210245 7.5 HIGH
Network 		otrs
opensuse
debian 		otrs
leap
backports_sle
debian_linux 		It's possible to craft Lost Password requests with wildcards in the Token value, which allows attacker to retrieve valid Token(s), generated by users which already requested new passwords. This issue… NVD-CWE-noinfo
CVE-2020-1772 2024-11-21 14:11 2020-03-27 Show GitHub Exploit DB Packet Storm
210246 5.4 MEDIUM
Network 		otrs otrs Attacker is able craft an article with a link to the customer address book with malicious content (JavaScript). When agent opens the link, JavaScript code is executed due to the missing parameter enc… CWE-79
Cross-site Scripting 		CVE-2020-1771 2024-11-21 14:11 2020-03-27 Show GitHub Exploit DB Packet Storm
210247 4.3 MEDIUM
Network 		otrs
opensuse
debian 		otrs
leap
backports_sle
debian_linux 		Support bundle generated files could contain sensitive information that might be unwanted to be disclosed. This issue affects: ((OTRS)) Community Edition: 5.0.41 and prior versions, 6.0.26 and prior … CWE-200
Information Exposure 		CVE-2020-1770 2024-11-21 14:11 2020-03-27 Show GitHub Exploit DB Packet Storm
210248 4.3 MEDIUM
Network 		otrs
opensuse 		otrs
leap
backports_sle 		In the login screens (in agent and customer interface), Username and Password fields use autocomplete, which might be considered as security issue. This issue affects: ((OTRS)) Community Edition: 5.0… NVD-CWE-noinfo
CVE-2020-1769 2024-11-21 14:11 2020-03-27 Show GitHub Exploit DB Packet Storm
210249 7.8 HIGH
Local 		huawei p30_firmware HUAWEI smartphones P30 with versions earlier than 10.0.0.185(C00E85R1P11) have an improper access control vulnerability. The software incorrectly restricts access to a function interface from an unau… NVD-CWE-noinfo
CVE-2020-1800 2024-11-21 14:11 2020-03-27 Show GitHub Exploit DB Packet Storm
210250 8.6 HIGH
Network 		kiali
redhat 		kiali
openshift_service_mesh 		A hard-coded cryptographic key vulnerability in the default configuration file was found in Kiali, all versions prior to 1.15.1. A remote attacker could abuse this flaw by creating their own JWT sign… CWE-798
 Use of Hard-coded Credentials 		CVE-2020-1764 2024-11-21 14:11 2020-03-26 Show GitHub Exploit DB Packet Storm