Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 3, 2026, 10 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
251631 4.3 警告 idevSpot - IDevSpot idev-BusinessDirectory におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2012-1779 2012-03-22 17:33 2012-03-19 Show GitHub Exploit DB Packet Storm
251632 7.5 危険 CreateVision - CreateVision CMS の artykul_print.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2012-1778 2012-03-22 17:32 2012-03-19 Show GitHub Exploit DB Packet Storm
251633 6.8 警告 Webfolio CMS - Webfolio CMS におけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2012-1498 2012-03-22 17:25 2012-03-19 Show GitHub Exploit DB Packet Storm
251634 4.3 警告 NetMechanica - NetMechanica NetDecision の HTTP Server におけるスタックベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2012-1465 2012-03-22 17:22 2012-03-19 Show GitHub Exploit DB Packet Storm
251635 5 警告 NetMechanica - NetMechanica NetDecision の Dashboard Server におけるインストールパスを取得される脆弱性 CWE-200
情報漏えい 		CVE-2012-1464 2012-03-22 17:22 2012-03-19 Show GitHub Exploit DB Packet Storm
251636 6.8 警告 Contao - Contao の main.php におけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2012-1297 2012-03-22 17:18 2012-03-19 Show GitHub Exploit DB Packet Storm
251637 4.3 警告 tskynet - Kongreg8 におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2012-1789 2012-03-22 17:16 2012-03-19 Show GitHub Exploit DB Packet Storm
251638 7.5 危険 Dotclear - Dotclear の inc/swf/swfupload.swf における任意のコードを実行される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2011-5083 2012-03-22 17:15 2012-03-19 Show GitHub Exploit DB Packet Storm
251639 4.3 警告 WonderDesk - WonderDesk SQL の wonderdesk.cgi におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2012-1788 2012-03-22 16:59 2012-03-19 Show GitHub Exploit DB Packet Storm
251640 4.3 警告 s2Member - WordPress 用 s2Member Pro プラグインにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2011-5082 2012-03-22 16:55 2012-03-19 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 3, 2026, 4:18 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
224761 9.8 CRITICAL
Network 		tk-star q90_junior_gps_horloge_firmware An issue was discovered in SeTracker2 for TK-Star Q90 Junior GPS horloge 3.1042.9.8656 devices. It has unnecessary permissions such as READ_EXTERNAL_STORAGE, WRITE_EXTERNAL_STORAGE, and READ_CONTACTS. CWE-276
Incorrect Default Permissions  		CVE-2019-20468 2024-11-21 13:38 2021-02-2 Show GitHub Exploit DB Packet Storm
224762 8.1 HIGH
Network 		vikisolutions vera An issue was discovered in Viki Vera 4.9.1.26180. A user without access to a project could download or upload project files by opening the Project URL directly in the browser after logging in. CWE-425
 Direct Request ('Forced Browsing') 		CVE-2019-20484 2024-11-21 13:38 2021-01-6 Show GitHub Exploit DB Packet Storm
224763 5.4 MEDIUM
Network 		vikisolutions vera An issue was discovered in Viki Vera 4.9.1.26180. An attacker could set a user's last name to an XSS Payload, and read another user's cookie and use that to login to the application. CWE-79
Cross-site Scripting 		CVE-2019-20483 2024-11-21 13:38 2021-01-6 Show GitHub Exploit DB Packet Storm
224764 6.1 MEDIUM
Network 		treasuryxpress treasuryxpress An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed throughout the application. A malicious paylo… CWE-79
Cross-site Scripting 		CVE-2019-20152 2024-11-21 13:38 2020-08-20 Show GitHub Exploit DB Packet Storm
224765 6.1 MEDIUM
Network 		treasuryxpress treasuryxpress An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed by the application's administrator(s). A mali… CWE-79
Cross-site Scripting 		CVE-2019-20151 2024-11-21 13:38 2020-08-20 Show GitHub Exploit DB Packet Storm
224766 6.5 MEDIUM
Network 		treasuryxpress treasuryxpress In TreasuryXpress 19191105, a logged-in user can discover saved credentials, even though the UI hides them. Using functionality within the application and a malicious host, it is possible to force th… NVD-CWE-noinfo
CVE-2019-20150 2024-11-21 13:38 2020-08-20 Show GitHub Exploit DB Packet Storm
224767 7.8 HIGH
Local 		abbyy finereader ABBYY network license server in ABBYY FineReader 15 before Release 4 (aka 15.0.112.2130) allows escalation of privileges by local users via manipulations involving files and using symbolic links. CWE-59
Link Following 		CVE-2019-20383 2024-11-21 13:38 2020-08-14 Show GitHub Exploit DB Packet Storm
224768 7.8 HIGH
Local 		atlassian jira_server
jira_data_center 		Affected versions of Atlassian Jira Server and Data Center allow remote attackers to execute arbitrary code via a DLL hijacking vulnerability in Tomcat. The affected versions are before version 8.5.5… CWE-427
 Uncontrolled Search Path Element 		CVE-2019-20419 2024-11-21 13:38 2020-07-3 Show GitHub Exploit DB Packet Storm
224769 6.5 MEDIUM
Network 		atlassian jira_software_data_center
jira 		Affected versions of Atlassian Jira Server and Data Center allow remote attackers to prevent users from accessing the instance via an Application Denial of Service vulnerability in the /rendering/wik… NVD-CWE-noinfo
CVE-2019-20418 2024-11-21 13:38 2020-07-3 Show GitHub Exploit DB Packet Storm
224770 5.3 MEDIUM
Network 		atlassian jira The /plugins/servlet/gadgets/makeRequest resource in Jira before version 8.7.0 allows remote attackers to access the content of internal network resources via a Server Side Request Forgery (SSRF) vul… CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2019-20408 2024-11-21 13:38 2020-07-1 Show GitHub Exploit DB Packet Storm