Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 1, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
249931	4.3	警告	mark stosberg	-	Perl のData::FormValidator モジュールにおける汚染された保護メカニズムを回避される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2011-2201	2012-03-27 18:43	2011-09-14	Show	GitHub Exploit DB Packet Storm

249932	4.3	警告	Ruby on Rails project	-	Ruby on Rails のクロスサイトスクリプティング制限機能におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-2197	2012-03-27 18:43	2011-06-8	Show	GitHub Exploit DB Packet Storm

249933	6.8	警告	レッドハット	-	JBoss Seam 2 framework の jboss-seam.jar における任意の Java コードを実行される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2011-2196	2012-03-27 18:43	2011-07-18	Show	GitHub Exploit DB Packet Storm

249934	9.3	危険	VideoLAN	-	VideoLAN VLC media player の XSPF playlist パーサーにおける整数オーバーフローの脆弱性	CWE-189 数値処理の問題	CVE-2011-2194	2012-03-27 18:43	2011-06-8	Show	GitHub Exploit DB Packet Storm

249935	8.5	危険	Adaptive Computing	-	Terascale Open-Source Resource and Queue Manager におけるバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2011-2193	2012-03-27 18:43	2011-06-24	Show	GitHub Exploit DB Packet Storm

249936	5	警告	matthewwild	-	LuaExpat におけるサービス運用妨害 (DoS) の脆弱性	CWE-399 リソース管理の問題	CVE-2011-2188	2012-03-27 18:43	2011-06-20	Show	GitHub Exploit DB Packet Storm

249937	4.4	警告	fabfile	-	Fabric における任意のファイルを上書きされる脆弱性	CWE-59 リンク解釈の問題	CVE-2011-2185	2012-03-27 18:43	2011-07-26	Show	GitHub Exploit DB Packet Storm

249938	7.2	危険	Linux	-	Linux kernel の key_replace_session_keyring 関数におけるサービス運用妨害 (DoS) の脆弱性	CWE-Other その他	CVE-2011-2184	2012-03-27 18:43	2011-09-6	Show	GitHub Exploit DB Packet Storm

249939	7.5	危険	reallysimplechat	-	ARSC における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2011-2181	2012-03-27 18:43	2011-06-29	Show	GitHub Exploit DB Packet Storm

249940	4.3	警告	reallysimplechat	-	ARSC の dereferer.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-2180	2012-03-27 18:43	2011-06-29	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 2, 2026, 4:18 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
3261	3.9	LOW Local	-	-	FacturaScripts is an open source accounting and invoicing software. Versions 2025.7 and prior contain a Reflected Cross-Site Scripting (XSS) vulnerability through the fsNick cookie parameter. The app…	CWE-79 Cross-site Scripting	CVE-2026-27964	2026-05-19 23:44	2026-05-19	Show	GitHub Exploit DB Packet Storm

3262	6.5	MEDIUM Network	-	-	FacturaScripts is an open source accounting and invoicing software. In versions prior to 2026, the Library module stores and serves uploaded images byte-for-byte, without stripping EXIF/XMP/IPTC meta…	CWE-200 CWE-212 Information Exposure Improper Removal of Sensitive Information Before Storage or Transfer	CVE-2026-27892	2026-05-19 23:44	2026-05-19	Show	GitHub Exploit DB Packet Storm

3263	5.3	MEDIUM Network	-	-	Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unpriv…	CWE-200 CWE-524 CWE-672 Information Exposure Use of Cache Containing Sensitive Information Operation on a Resource after Expiration or Release	CVE-2026-32244	2026-05-19 23:44	2026-05-19	Show	GitHub Exploit DB Packet Storm

3264	-		-	-	Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, an authenticated user on a Discourse instance with the form templates feature…	CWE-862 Missing Authorization	CVE-2026-33514	2026-05-19 23:44	2026-05-19	Show	GitHub Exploit DB Packet Storm

3265	10.0	CRITICAL Network	-	-	HestiaCP versions 1.9.0 through 1.9.4 contain a deserialization vulnerability in the web terminal component caused by a session format mismatch between PHP and Node.js that allows unauthenticated rem…	CWE-502 Deserialization of Untrusted Data	CVE-2026-43633	2026-05-19 23:43	2026-05-19	Show	GitHub Exploit DB Packet Storm

3266	6.5	MEDIUM Network	vercel	turborepo	Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14, Turborepo's self-hosted login and SSO browser flows did not validate a CSRF state value on the l…	CWE-352 CWE-384 Origin Validation Error Session Fixation	CVE-2026-45773	2026-05-19 23:41	2026-05-16	Show	GitHub Exploit DB Packet Storm

3267	9.8	CRITICAL Network	vercel	turborepo	Turborepo is a high-performance build system for JavaScript and TypeScript codebases. From 1.1.0 to before 2.9.14, Turborepo can be vulnerable to arbitrary code execution when run in untrusted reposi…	CWE-426 Untrusted Search Path	CVE-2026-45772	2026-05-19 23:41	2026-05-16	Show	GitHub Exploit DB Packet Storm

3268	7.5	HIGH Network	ws_project	ws	ws is an open source WebSocket client and server for Node.js. Prior to 8.20.1, the websocket.close() implementation is vulnerable to uninitialized memory disclosure when a TypedArray is passed as the…	CWE-908 Use of Uninitialized Resource	CVE-2026-45736	2026-05-19 23:39	2026-05-16	Show	GitHub Exploit DB Packet Storm

3269	7.5	HIGH Network	-	-	The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like…	-	CVE-2025-15609	2026-05-19 23:38	2026-05-19	Show	GitHub Exploit DB Packet Storm

3270	9.8	CRITICAL Network	-	-	The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the 'pafe_ajax_form_builder' function in all versions up to, an…	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2026-4885	2026-05-19 23:38	2026-05-19	Show	GitHub Exploit DB Packet Storm