Vulnerability Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 10, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
250411	7.5	危険	シスコシステムズ	-	Cisco Unified Operations Manager における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2011-0960	2011-12-1 10:43	2011-05-18	Show	GitHub Exploit DB Packet Storm

250412	4.3	警告	シスコシステムズ	-	Cisco Unified Operations Manager におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-0959	2011-12-1 10:43	2011-05-18	Show	GitHub Exploit DB Packet Storm

250413	7.8	危険	シスコシステムズ	-	Cisco Wireless LAN Controller Software におけるサービス運用妨害 (DoS) の脆弱性	CWE-noinfo 情報不足	CVE-2011-1613	2011-12-1 10:42	2011-04-27	Show	GitHub Exploit DB Packet Storm

250414	6.4	警告	シスコシステムズ	-	Cisco Unified Communications Manager における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2011-1610	2011-12-1 10:41	2011-04-27	Show	GitHub Exploit DB Packet Storm

250415	8.5	危険	シスコシステムズ	-	Cisco Unified Communications Manager における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2011-1609	2011-12-1 10:40	2011-04-27	Show	GitHub Exploit DB Packet Storm

250416	6.5	警告	シスコシステムズ	-	Cisco Unified Communications Manager におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2011-1607	2011-12-1 10:40	2011-04-27	Show	GitHub Exploit DB Packet Storm

250417	7.8	危険	シスコシステムズ	-	Cisco Unified Communications Manager におけるサービス運用妨害 (プロセス障害) の脆弱性	CWE-noinfo 情報不足	CVE-2011-1606	2011-12-1 10:38	2011-04-27	Show	GitHub Exploit DB Packet Storm

250418	7.8	危険	シスコシステムズ	-	Cisco Unified Communications Manager におけるサービス運用妨害 (プロセス障害) の脆弱性	CWE-noinfo 情報不足	CVE-2011-1605	2011-12-1 10:36	2011-04-27	Show	GitHub Exploit DB Packet Storm

250419	7.1	危険	シスコシステムズ	-	Cisco Unified Communications Manager におけるメモリリークの脆弱性	CWE-399 リソース管理の問題	CVE-2011-1604	2011-12-1 10:35	2011-04-27	Show	GitHub Exploit DB Packet Storm

250420	4.3	警告	John Godley	-	WordPress 用 Redirection プラグインにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-4562	2011-11-30 16:50	2011-11-28	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 11, 2026, 4:09 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
210621	6.1	MEDIUM Network	phplist	phplist	phpList before 3.5.3 allows XSS, with resultant privilege elevation, via lists/admin/template.php.	CWE-79 Cross-site Scripting	CVE-2020-12639	2024-11-21 13:59	2020-05-4	Show	GitHub Exploit DB Packet Storm

210622	5.5	MEDIUM Local	tp-link	omada_controller	TP-Link Omada Controller Software 3.2.6 allows Directory Traversal for reading arbitrary files via com.tp_link.eap.web.portal.PortalController.getAdvertiseFile in /opt/tplink/EAPController/lib/eap-we…	CWE-22 Path Traversal	CVE-2020-12475	2024-11-21 13:59	2020-05-4	Show	GitHub Exploit DB Packet Storm

210623	9.8	CRITICAL Network	tp-link	nc200_firmware nc210_firmware nc220_firmware nc230_firmware nc250_firmware nc260_firmware nc450_firmware	Certain TP-Link devices have a Hardcoded Encryption Key. This affects NC200 2.1.9 build 200225, N210 1.0.9 build 200304, NC220 1.3.0 build 200304, NC230 1.3.0 build 200304, NC250 1.3.0 build 200304, …	CWE-798 Use of Hard-coded Credentials	CVE-2020-12110	2024-11-21 13:59	2020-05-4	Show	GitHub Exploit DB Packet Storm

210624	5.4	MEDIUM Network	enhancesoft	osticket	include/class.sla.php in osTicket before 1.14.2 allows XSS via the SLA Name.	CWE-79 Cross-site Scripting	CVE-2020-12629	2024-11-21 13:59	2020-05-4	Show	GitHub Exploit DB Packet Storm

210625	4.7	MEDIUM Local	linux	linux_kernel	A pivot_root race condition in fs/namespace.c in the Linux kernel 4.4.x before 4.4.221, 4.9.x before 4.9.221, 4.14.x before 4.14.178, 4.19.x before 4.19.119, and 5.x before 5.3 allows local users to …	CWE-362 Race Condition	CVE-2020-12114	2024-11-21 13:59	2020-05-4	Show	GitHub Exploit DB Packet Storm

210626	9.8	CRITICAL Network	janeczku	calibre-web	Calibre-Web 0.6.6 allows authentication bypass because of the 'A0Zr98j/3yX R~XHH!jmN]LWX/,?RT' hardcoded secret key.	CWE-798 Use of Hard-coded Credentials	CVE-2020-12627	2024-11-21 13:59	2020-05-4	Show	GitHub Exploit DB Packet Storm

210627	6.5	MEDIUM Network	roundcube debian	webmail debian_linux	An issue was discovered in Roundcube Webmail before 1.4.4. A CSRF attack can cause an authenticated user to be logged out because POST was not considered.	CWE-352 Origin Validation Error	CVE-2020-12626	2024-11-21 13:59	2020-05-4	Show	GitHub Exploit DB Packet Storm

210628	6.1	MEDIUM Network	roundcube debian opensuse	webmail debian_linux leap backports_sle	An issue was discovered in Roundcube Webmail before 1.4.4. There is a cross-site scripting (XSS) vulnerability in rcube_washtml.php because JavaScript code can occur in the CDATA of an HTML message.	CWE-79 Cross-site Scripting	CVE-2020-12625	2024-11-21 13:59	2020-05-4	Show	GitHub Exploit DB Packet Storm

210629	6.5	MEDIUM Network	theleague	the_league	The League application before 2020-05-02 on Android sends a bearer token in an HTTP Authorization header to an arbitrary web site that hosts an external image because an OkHttp object is reused, whic…	CWE-459 Incomplete Cleanup	CVE-2020-12624	2024-11-21 13:59	2020-05-3	Show	GitHub Exploit DB Packet Storm

210630	6.5	MEDIUM Network	telegram	telegram telegram_desktop	Telegram Desktop through 2.0.1, Telegram through 6.0.1 for Android, and Telegram through 6.0.1 for iOS allow an IDN Homograph attack via Punycode in a public URL or a group chat invitation URL.	NVD-CWE-noinfo	CVE-2020-12474	2024-11-21 13:59	2020-05-1	Show	GitHub Exploit DB Packet Storm

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed