Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 2, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
248591 4.3 警告 cPanel - cPanel 10 におけるクロスサイトスクリプティングの脆弱性 - CVE-2006-4293 2012-06-26 15:37 2006-08-22 Show GitHub Exploit DB Packet Storm
248592 7.5 危険 fscripts - Fantastic News の news.php における PHP リモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2006-4285 2012-06-26 15:37 2006-08-22 Show GitHub Exploit DB Packet Storm
248593 7.5 危険 arthur konze webdesign - Mambo の akocomment モジュールの akocomments.php における PHP リモートファイルインクルージョンの脆弱性 - CVE-2006-4281 2012-06-26 15:37 2006-08-21 Show GitHub Exploit DB Packet Storm
248594 6.8 警告 devellion - CubeCart におけるクロスサイトスクリプティングの脆弱性 - CVE-2006-4268 2012-06-26 15:37 2006-08-17 Show GitHub Exploit DB Packet Storm
248595 7.5 危険 devellion - CubeCart における SQL インジェクションの脆弱性 - CVE-2006-4267 2012-06-26 15:37 2006-08-17 Show GitHub Exploit DB Packet Storm
248596 7.2 危険 ACME Laboratories - Debian GNU/Linux の thttpd における任意のファイルを作成される脆弱性 - CVE-2006-4248 2012-06-26 15:37 2006-10-31 Show GitHub Exploit DB Packet Storm
248597 7.5 危険 fusionphp - Fusion News における PHP リモートファイルインクルージョンの脆弱性 - CVE-2006-4240 2012-06-26 15:37 2006-08-21 Show GitHub Exploit DB Packet Storm
248598 7.5 危険 dotProject - dotProject の classes/query.class.php における PHP リモートファイルインクルージョンの脆弱性 - CVE-2006-4234 2012-06-26 15:37 2006-08-18 Show GitHub Exploit DB Packet Storm
248599 7.5 危険 david kent norman - David Kent Norman Thatware の config.php における PHP リモートファイルインクルージョンの脆弱性 - CVE-2006-4213 2012-06-26 15:37 2006-08-17 Show GitHub Exploit DB Packet Storm
248600 2.6 注意 andreas kansok - Andreas Kansok phPay の nu_mail.inc.php におけるサーバをオープンメール中継に使用される脆弱性 - CVE-2006-4210 2012-06-26 15:37 2006-08-17 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 2, 2026, 4:18 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
212151 7.5 HIGH
Network 		gnu gama A NULL-pointer deference issue was discovered in GNU_gama::set() in ellipsoid.h in Gama 2.04 which can lead to a denial of service (DOS) via segment faults caused by crafted inputs. CWE-476
 NULL Pointer Dereference 		CVE-2020-18395 2024-11-21 14:08 2021-05-29 Show GitHub Exploit DB Packet Storm
212152 5.5 MEDIUM
Local 		cesanta mjs Stack overflow vulnerability in parse_array Cesanta MJS 1.20.1, allows remote attackers to cause a Denial of Service (DoS) via a crafted file. CWE-674
 Uncontrolled Recursion 		CVE-2020-18392 2024-11-21 14:08 2021-05-29 Show GitHub Exploit DB Packet Storm
212153 4.8 MEDIUM
Network 		phpmywind phpmywind Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_switchshow" of component " /admin/web_config.php". CWE-79
Cross-site Scripting 		CVE-2020-18230 2024-11-21 14:08 2021-05-28 Show GitHub Exploit DB Packet Storm
212154 4.8 MEDIUM
Network 		phpmywind phpmywind Cross Site Scripting (XSS) in PHPMyWind v5.5 allows remote attackers to execute arbitrary code by injecting scripts into the parameter "$cfg_copyright" of component " /admin/web_config.php". CWE-79
Cross-site Scripting 		CVE-2020-18229 2024-11-21 14:08 2021-05-28 Show GitHub Exploit DB Packet Storm
212155 7.4 HIGH
Network 		apache fineract Apache Fineract prior to 1.5.0 disables HTTPS hostname verification in ProcessorHelper in the configureClient method. Under typical deployments, a man in the middle attack could be successful. NVD-CWE-Other
CVE-2020-17514 2024-11-21 14:08 2021-05-27 Show GitHub Exploit DB Packet Storm
212156 6.1 MEDIUM
Network 		typora typora Cross Site Scripting (XSS) in Typora v0.9.65 and earlier allows remote attackers to execute arbitrary code by injecting commands during block rendering of a mathematical formula. CWE-79
Cross-site Scripting 		CVE-2020-18221 2024-11-21 14:08 2021-05-27 Show GitHub Exploit DB Packet Storm
212157 7.5 HIGH
Network 		html-js doracms Weak Encoding for Password in DoraCMS v2.1.1 and earlier allows attackers to obtain sensitive information as it does not use a random salt or IV for its AES-CBC encryption, causes password encrypted … CWE-326
Inadequate Encryption Strength 		CVE-2020-18220 2024-11-21 14:08 2021-05-21 Show GitHub Exploit DB Packet Storm
212158 9.8 CRITICAL
Network 		hongcms_project hongcms Path Traversal in HongCMS v4.0.0 allows remote attackers to view, edit, and delete arbitrary files via a crafted POST request to the component "/hcms/admin/index.php/language/ajax." CWE-22
Path Traversal 		CVE-2020-18178 2024-11-21 14:08 2021-05-19 Show GitHub Exploit DB Packet Storm
212159 8.8 HIGH
Network 		pluck-cms pluck Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete specific images via the component " /admin.php?action=images." CWE-352
 Origin Validation Error 		CVE-2020-18198 2024-11-21 14:08 2021-05-18 Show GitHub Exploit DB Packet Storm
212160 8.8 HIGH
Network 		pluck-cms pluck Cross Site Request Forgery (CSRF) in Pluck CMS v4.7.9 allows remote attackers to execute arbitrary code and delete a specific article via the component " /admin.php?action=page." CWE-352
 Origin Validation Error 		CVE-2020-18195 2024-11-21 14:08 2021-05-18 Show GitHub Exploit DB Packet Storm