Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 24, 2026, 2 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
231511	6.8	警告	sky gunning	-	Sky GUNNING MySpeach の chat.php における PHP リモートファイルインクルージョンの脆弱性	-	CVE-2007-1895	2012-12-20 18:19	2007-04-9	Show	GitHub Exploit DB Packet Storm

231512	4.3	警告	WordPress.org	-	WordPress の wp-includes/general-template.php におけるクロスサイトスクリプティングの脆弱性	-	CVE-2007-1894	2012-12-20 18:19	2007-03-9	Show	GitHub Exploit DB Packet Storm

231513	4.9	警告	WordPress.org	-	WordPress の xmlrpc におけるアクセス制限を回避される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2007-1893	2012-12-20 18:19	2007-04-9	Show	GitHub Exploit DB Packet Storm

231514	7.8	危険	VMware	-	VMware Workstation におけるゲスト OS がサービス運用妨害 (DoS) 状態となる脆弱性	-	CVE-2007-1877	2012-12-20 18:19	2007-05-2	Show	GitHub Exploit DB Packet Storm

231515	7.2	危険	VMware	-	VMware Workstation における "仮想マシンに登録されたコンテキストが破損" する脆弱性	-	CVE-2007-1876	2012-12-20 18:19	2007-05-2	Show	GitHub Exploit DB Packet Storm

231516	4.3	警告	toenda software development	-	toendaCMS におけるクロスサイトスクリプティングの脆弱性	-	CVE-2007-1872	2012-12-20 18:19	2007-04-13	Show	GitHub Exploit DB Packet Storm

231517	7.5	危険	webasyst llc	-	Shop-Script FREE の smarty/smarty_class.php における PHP リモートファイルインクルージョンの脆弱性	-	CVE-2007-1855	2012-12-20 18:19	2007-04-3	Show	GitHub Exploit DB Packet Storm

231518	7.5	危険	really simple php and ajax	-	RSPA におけるディレクトリトラバーサルの脆弱性	-	CVE-2007-1851	2012-12-20 18:19	2007-04-3	Show	GitHub Exploit DB Packet Storm

231519	7.5	危険	XOOPS	-	XOOPS 用の Repository モジュールにおける SQL インジェクションの脆弱性	-	CVE-2007-1847	2012-12-20 18:19	2007-04-3	Show	GitHub Exploit DB Packet Storm

231520	7.5	危険	XOOPS	-	Xoops 用の MyAds モジュールにおける SQL インジェクションの脆弱性	-	CVE-2007-1846	2012-12-20 18:19	2007-04-3	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 24, 2026, 4:05 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
211331	7.5	HIGH Network	openvpn	openvpn_access_server	OpenVPN Access Server older than version 2.8.4 and version 2.9.5 generates new user authentication tokens instead of reusing exiting tokens on reconnect making it possible to circumvent the initial t…	CWE-613 Insufficient Session Expiration	CVE-2020-15074	2024-11-21 14:04	2020-07-15	Show	GitHub Exploit DB Packet Storm

211332	5.4	MEDIUM Network	envoyproxy	envoy	In Envoy before versions 1.12.6, 1.13.4, 1.14.4, and 1.15.0 when validating TLS certificates, Envoy would incorrectly allow a wildcard DNS Subject Alternative Name apply to multiple subdomains. For e…	CWE-346 Origin Validation Error	CVE-2020-15104	2024-11-21 14:04	2020-07-15	Show	GitHub Exploit DB Packet Storm

211333	7.5	HIGH Network	supremainc	biostar_2	An issue was discovered in the Video Extension in Suprema BioStar 2 before 2.8.2. Remote attackers can read arbitrary files from the server via Directory Traversal.	CWE-22 Path Traversal	CVE-2020-15050	2024-11-21 14:04	2020-07-14	Show	GitHub Exploit DB Packet Storm

211334	5.4	MEDIUM Network	django_two-factor_authentication_project	django_two-factor_authentication	Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username…	CWE-312 Cleartext Storage of Sensitive Information	CVE-2020-15105	2024-11-21 14:04	2020-07-11	Show	GitHub Exploit DB Packet Storm

211335	8.6	HIGH Network	amazon	tough	The tough library (Rust/crates.io) prior to version 0.7.1 does not properly verify the threshold of cryptographic signatures. It allows an attacker to duplicate a valid signature in order to circumve…	CWE-347 Improper Verification of Cryptographic Signature	CVE-2020-15093	2024-11-21 14:04	2020-07-10	Show	GitHub Exploit DB Packet Storm

211336	4.8	MEDIUM Network	northwestern	timelinejs	In TimelineJS before version 3.7.0, some user data renders as HTML. An attacker could implement an XSS exploit with maliciously crafted content in a number of data fields. This risk is present whethe…	CWE-79 Cross-site Scripting	CVE-2020-15092	2024-11-21 14:04	2020-07-10	Show	GitHub Exploit DB Packet Storm

211337	5.3	MEDIUM Adjacent	yubico	yubikey_5_nfc_firmware	An information leak was discovered on Yubico YubiKey 5 NFC devices 5.0.0 to 5.2.6 and 5.3.0 to 5.3.1. The OTP application allows a user to set optional access codes on OTP slots. This access code is …	CWE-862 Missing Authorization	CVE-2020-15001	2024-11-21 14:04	2020-07-10	Show	GitHub Exploit DB Packet Storm

211338	5.9	MEDIUM Network	yubico	yubikey_5_nfc_firmware	A PIN management problem was discovered on Yubico YubiKey 5 devices 5.2.0 to 5.2.6. OpenPGP has three passwords: Admin PIN, Reset Code, and User PIN. The Reset Code is used to reset the User PIN, but…	NVD-CWE-Other	CVE-2020-15000	2024-11-21 14:04	2020-07-10	Show	GitHub Exploit DB Packet Storm

211339	5.4	MEDIUM Network	phplist	phplist	An issue was discovered in phpList through 3.5.4. An XSS vulnerability occurs within the Import Administrators section via upload of an edited text document. This also affects the Subscriber Lists se…	CWE-79 Cross-site Scripting	CVE-2020-15073	2024-11-21 14:04	2020-07-9	Show	GitHub Exploit DB Packet Storm

211340	8.8	HIGH Network	phplist	phplist	An issue was discovered in phpList through 3.5.4. An error-based SQL Injection vulnerability exists via the Import Administrators section.	CWE-89 SQL Injection	CVE-2020-15072	2024-11-21 14:04	2020-07-9	Show	GitHub Exploit DB Packet Storm