Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 24, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
231471	7.5	危険	sam crew	-	Sam Crew MyBlog の games.php における PHP リモートファイルインクルージョンの脆弱性	-	CVE-2007-1990	2012-12-20 18:19	2007-04-12	Show	GitHub Exploit DB Packet Storm

231472	4.3	警告	phpecho cms	-	PHPEcho CMS の kernel/filters.inc.php におけるクロスサイトスクリプティングの脆弱性	-	CVE-2007-1988	2012-12-20 18:19	2007-04-11	Show	GitHub Exploit DB Packet Storm

231473	7.5	危険	phpexplorator	-	phpexplorator の phpexplorator.php における PHP リモートファイルインクルージョンの脆弱性	-	CVE-2007-1985	2012-12-20 18:19	2007-04-11	Show	GitHub Exploit DB Packet Storm

231474	7.5	危険	really simple php and ajax	-	RSPA における PHP リモートファイルインクルージョンの脆弱性	-	CVE-2007-1982	2012-12-20 18:19	2007-04-11	Show	GitHub Exploit DB Packet Storm

231475	7.5	危険	有限会社ブルームーン	-	XOOPS 用の PopnupBlog モジュールにおける SQL インジェクションの脆弱性	-	CVE-2007-1979	2012-12-20 18:19	2007-04-11	Show	GitHub Exploit DB Packet Storm

231476	7.5	危険	slaed	-	SLAED CMS における PHP リモートファイルインクルージョンの脆弱性	-	CVE-2007-1975	2012-12-20 18:19	2007-04-11	Show	GitHub Exploit DB Packet Storm

231477	7.5	危険	wf-sections XOOPS	-	Xoops モジュールで使用される WF-Section における SQL インジェクションの脆弱性	-	CVE-2007-1974	2012-12-20 18:19	2007-04-9	Show	GitHub Exploit DB Packet Storm

231478	4.3	警告	sam crew	-	Sam Crew MyBlog の admin/modify.php におけるクロスサイトスクリプティングの脆弱性	-	CVE-2007-1969	2012-12-20 18:19	2007-04-11	Show	GitHub Exploit DB Packet Storm

231479	6.8	警告	sam crew	-	Sam Crew MyBlog の games.php における PHP リモートファイルインクルージョンの脆弱性	-	CVE-2007-1968	2012-12-20 18:19	2007-04-11	Show	GitHub Exploit DB Packet Storm

231480	7.5	危険	XOOPS	-	XOOPS 用の WF-Snippets モジュールにおける SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2007-1962	2012-12-20 18:19	2007-04-11	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 24, 2026, 4:05 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
211411	5.3	MEDIUM Network	concretecms	concrete_cms	Concrete5 before 8.5.3 does not constrain the sort direction to a valid asc or desc value.	NVD-CWE-noinfo	CVE-2020-14961	2024-11-21 14:04	2020-06-22	Show	GitHub Exploit DB Packet Storm

211412	7.2	HIGH Network	php-fusion	php-fusion	A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype parameter,	CWE-89 SQL Injection	CVE-2020-14960	2024-11-21 14:04	2020-06-22	Show	GitHub Exploit DB Packet Storm

211413	5.4	MEDIUM Network	goldplugins	easy_testimonials	Multiple XSS vulnerabilities in the Easy Testimonials plugin before 3.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the wp-admin/post.php Client Name, Position, We…	CWE-79 Cross-site Scripting	CVE-2020-14959	2024-11-21 14:04	2020-06-22	Show	GitHub Exploit DB Packet Storm

211414	6.5	MEDIUM Network	gogs	gogs	In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a "not the owner of the email" check.	CWE-281 Improper Preservation of Permissions	CVE-2020-14958	2024-11-21 14:04	2020-06-22	Show	GitHub Exploit DB Packet Storm

211415	5.9	MEDIUM Network	mutt debian neomutt fedoraproject canonical opensuse	mutt debian_linux neomutt fedora ubuntu_linux leap	Mutt before 1.14.4 and NeoMutt before 2020-06-19 have a STARTTLS buffering issue that affects IMAP, SMTP, and POP3. When a server sends a "begin TLS" response, the client reads additional data (e.g.,…	CWE-74 Injection	CVE-2020-14954	2024-11-21 14:04	2020-06-22	Show	GitHub Exploit DB Packet Storm

211416	8.8	HIGH Network	aapanel	aapanel	aaPanel through 6.6.6 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a modified /system?action=ServiceAdmin request (start, stop, or restart) to the setti…	CWE-78 OS Command	CVE-2020-14950	2024-11-21 14:04	2020-06-22	Show	GitHub Exploit DB Packet Storm

211417	9.8	CRITICAL Network	tendenci	tendenci	Tendenci 12.0.10 allows unrestricted deserialization in apps\helpdesk\views\staff.py.	CWE-502 Deserialization of Untrusted Data	CVE-2020-14942	2024-11-21 14:04	2020-06-22	Show	GitHub Exploit DB Packet Storm

211418	8.8	HIGH Network	squirrelmail	squirrelmail	compose.php in SquirrelMail 1.4.22 calls unserialize for the $attachments value, which originates from an HTTP POST request. NOTE: the vendor disputes this because these two conditions for PHP object…	CWE-502 Deserialization of Untrusted Data	CVE-2020-14933	2024-11-21 14:04	2020-06-20	Show	GitHub Exploit DB Packet Storm

211419	9.8	CRITICAL Network	squirrelmail	squirrelmail	compose.php in SquirrelMail 1.4.22 calls unserialize for the $mailtodata value, which originates from an HTTP GET request. This is related to mailto.php.	CWE-502 Deserialization of Untrusted Data	CVE-2020-14932	2024-11-21 14:04	2020-06-20	Show	GitHub Exploit DB Packet Storm

211420	9.8	CRITICAL Network	dmitry_project	dmitry	A stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) 1.3a might allow remote WHOIS servers to execute arbitrary code via a long line in a response that is mishandled by nic_…	CWE-787 Out-of-bounds Write	CVE-2020-14931	2024-11-21 14:04	2020-06-20	Show	GitHub Exploit DB Packet Storm