Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 1, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
231281 7.5 危険 ultrashareware - Ultra Crypto コンポーネントの CryptoX.dll におけるバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2007-4903 2012-12-20 18:33 2007-09-17 Show GitHub Exploit DB Packet Storm
231282 6.4 警告 ultrashareware - Ultra Crypto コンポーネントの CryptoX.dll における絶対パストラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2007-4902 2012-12-20 18:33 2007-09-17 Show GitHub Exploit DB Packet Storm
231283 4.3 警告 RSAセキュリティ - RSA EnVision のログオンページにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2007-4900 2012-12-20 18:33 2007-09-14 Show GitHub Exploit DB Packet Storm
231284 2.1 注意 XWiki - XWiki Enterprise の Multiwiki プラグインにおける重要な情報を取得される脆弱性 CWE-noinfo
情報不足 		CVE-2007-4898 2012-12-20 18:33 2007-09-14 Show GitHub Exploit DB Packet Storm
231285 4.3 警告 toms-seiten.at - Toms Gaestebuch の admin/header.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2007-4896 2012-12-20 18:33 2007-09-14 Show GitHub Exploit DB Packet Storm
231286 5 警告 sisfo kampus - Semarang 3 の dwoprn.php におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2007-4895 2012-12-20 18:33 2007-09-14 Show GitHub Exploit DB Packet Storm
231287 7.5 危険 WordPress.org - Wordpress および MU における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2007-4894 2012-12-20 18:33 2007-09-8 Show GitHub Exploit DB Packet Storm
231288 4.3 警告 WordPress.org - Wordpress および MU の wp-admin/admin-functions.php におけるクロスサイトスクリプティング (XSS) 攻撃を実行される脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2007-4893 2012-12-20 18:33 2007-09-8 Show GitHub Exploit DB Packet Storm
231289 7.5 危険 swsoft - Windows 用の SWSoft Plesk における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2007-4892 2012-12-20 18:33 2007-09-14 Show GitHub Exploit DB Packet Storm
231290 3.5 注意 XWiki - XWiki の "You are not allowed ..." のエラーハンドラにおける任意のドキュメントを読み取られる脆弱性 CWE-DesignError
CVE-2007-4888 2012-12-20 18:33 2007-01-11 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 2, 2026, 4:18 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
210271 7.5 HIGH
Network 		etherpad ueberdb In Etherpad UeberDB < 0.4.4, due to MySQL omitting trailing spaces on char / varchar columns during comparisons, retrieving database records using UeberDB's MySQL connector could allow bypassing acce… CWE-697
 Incorrect Comparison 		CVE-2020-22784 2024-11-21 14:13 2021-04-29 Show GitHub Exploit DB Packet Storm
210272 6.5 MEDIUM
Network 		etherpad etherpad Etherpad <1.8.3 stored passwords used by users insecurely in the database and in log files. This affects every database backend supported by Etherpad. CWE-312
 Cleartext Storage of Sensitive Information 		CVE-2020-22783 2024-11-21 14:13 2021-04-29 Show GitHub Exploit DB Packet Storm
210273 7.5 HIGH
Network 		etherpad etherpad Etherpad < 1.8.3 is affected by a denial of service in the import functionality. Upload of binary file to the import endpoint would crash the instance. NVD-CWE-noinfo
CVE-2020-22782 2024-11-21 14:13 2021-04-29 Show GitHub Exploit DB Packet Storm
210274 7.5 HIGH
Network 		etherpad etherpad In Etherpad < 1.8.3, a specially crafted URI would raise an unhandled exception in the cache mechanism and cause a denial of service (crash the instance). CWE-89
SQL Injection 		CVE-2020-22781 2024-11-21 14:13 2021-04-29 Show GitHub Exploit DB Packet Storm
210275 9.8 CRITICAL
Network 		homeautomation_project homeautomation HomeAutomation 3.3.2 suffers from an authentication bypass vulnerability when spoofing client IP address using the X-Forwarded-For header with the local (loopback) IP address value allowing remote co… CWE-290
 Authentication Bypass by Spoofing 		CVE-2020-22001 2024-11-21 14:13 2021-04-28 Show GitHub Exploit DB Packet Storm
210276 8.0 HIGH
Network 		homeautomation_project homeautomation HomeAutomation 3.3.2 suffers from an authenticated OS command execution vulnerability using custom command v0.1 plugin. This can be exploited with a CSRF vulnerability to execute arbitrary shell comm… CWE-352
CWE-78
 Origin Validation Error
OS Command  		CVE-2020-22000 2024-11-21 14:13 2021-04-28 Show GitHub Exploit DB Packet Storm
210277 7.5 HIGH
Network 		realtek rtl8723de_firmware An issue was discovered in Realtek rtl8723de BLE Stack <= 4.1 that allows remote attackers to cause a Denial of Service via the interval field to the CONNECT_REQ message. CWE-476
 NULL Pointer Dereference 		CVE-2020-23539 2024-11-21 14:13 2021-04-9 Show GitHub Exploit DB Packet Storm
210278 9.8 CRITICAL
Network 		zzcms zzcms zzcms 201910 contains an access control vulnerability through escalation of privileges in /user/adv.php, which allows an attacker to modify data for further attacks such as CSRF. CWE-352
 Origin Validation Error 		CVE-2020-23426 2024-11-21 14:13 2021-04-9 Show GitHub Exploit DB Packet Storm
210279 7.5 HIGH
Network 		unionpayintl union_pay Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile a… CWE-347
 Improper Verification of Cryptographic Signature 		CVE-2020-23533 2024-11-21 14:13 2021-04-7 Show GitHub Exploit DB Packet Storm
210280 6.1 MEDIUM
Network 		aryanic high_cms Cross Site Scripting (XSS) vulnerability in Aryanic HighMail (High CMS) versions 2020 and before allows remote attackers to inject arbitrary web script or HTML, via 'user' to LoginForm. CWE-79
Cross-site Scripting 		CVE-2020-23517 2024-11-21 14:13 2021-03-26 Show GitHub Exploit DB Packet Storm