Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 23, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
252271 7.5 危険 SugarCRM - SugarCRM の Leads モジュールにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2011-4833 2011-12-19 15:08 2011-12-15 Show GitHub Exploit DB Packet Storm
252272 7.5 危険 Moxiecode Systems AB
phpMyFAQ
PHPletter		 - 複数の製品で使用される inc/function.base.php における PHP コードを挿入される脆弱性 CWE-94
コード・インジェクション 		CVE-2011-4825 2011-12-19 15:07 2011-10-25 Show GitHub Exploit DB Packet Storm
252273 7.5 危険 The Cacti Group - Cacti の auth_login.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2011-4824 2011-12-19 15:06 2011-09-26 Show GitHub Exploit DB Packet Storm
252274 4.3 警告 Atlassian - Atlassian FishEye のユーザプロファイル機能におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2011-4822 2011-12-19 15:05 2011-10-24 Show GitHub Exploit DB Packet Storm
252275 3.6 注意 Artsoft Entertainment - Artsoft Entertainment の Rocks'n'Diamonds における任意のファイルを上書きされる脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2011-4606 2011-12-19 15:05 2011-12-15 Show GitHub Exploit DB Packet Storm
252276 4.3 警告 Digium - Asterisk の channels/chan_sip.c におけるサービス運用妨害 (DoS) の脆弱性 CWE-200
情報漏えい 		CVE-2011-4598 2011-12-19 15:03 2011-11-2 Show GitHub Exploit DB Packet Storm
252277 5 警告 Digium - Asterisk の UDP 実装での SIP におけるユーザ名を列挙される脆弱性 CWE-200
情報漏えい 		CVE-2011-4597 2011-12-19 15:01 2011-07-18 Show GitHub Exploit DB Packet Storm
252278 7.5 危険 Caupo.Net - CaupoShop Pro および CaupoShop Classic におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2011-4832 2011-12-19 13:44 2011-12-15 Show GitHub Exploit DB Packet Storm
252279 4 警告 David Azoulay - Web File Browser の webFileBrowser.php におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2011-4831 2011-12-19 13:43 2011-12-15 Show GitHub Exploit DB Packet Storm
252280 7.5 危険 e4j Extensions for Joomla - Joomla! 用 Vik Real Estate コンポーネントにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2011-4823 2011-12-19 11:52 2011-12-15 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 23, 2026, 4:08 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
224851 7.8 HIGH
Local 		k7computing k7_ultimate_security In K7 Ultimate Security 16.0.0117, the module K7BKCExt.dll (aka the backup module) improperly validates the administrative privileges of the user, allowing an arbitrary file write via a symbolic link… CWE-59
Link Following 		CVE-2019-16896 2024-11-21 13:31 2019-12-28 Show GitHub Exploit DB Packet Storm
224852 5.4 MEDIUM
Network 		wordpress
debian 		wordpress
debian_linux 		In WordPress before 5.3.1, authenticated users with lower privileges (like contributors) can inject JavaScript code in the block editor, which is executed within the dashboard. It can lead to an admi… CWE-79
Cross-site Scripting 		CVE-2019-16781 2024-11-21 13:31 2019-12-27 Show GitHub Exploit DB Packet Storm
224853 8.2 HIGH
Network 		agendaless
oracle
debian
fedoraproject
redhat 		waitress
communications_cloud_native_core_network_function_cloud_native_environment
debian_linux
fedora
openstack 		In Waitress through version 1.4.0, if a proxy server is used in front of waitress, an invalid request may be sent by an attacker that bypasses the front-end and is parsed differently by waitress lead… CWE-444
HTTP Request Smuggling 		CVE-2019-16789 2024-11-21 13:31 2019-12-27 Show GitHub Exploit DB Packet Storm
224854 5.4 MEDIUM
Network 		wordpress
debian 		wordpress
debian_linux 		WordPress users with lower privileges (like contributors) can inject JavaScript code in the block editor using a specific payload, which is executed within the dashboard. This can lead to XSS if an a… CWE-79
Cross-site Scripting 		CVE-2019-16780 2024-11-21 13:31 2019-12-27 Show GitHub Exploit DB Packet Storm
224855 7.5 HIGH
Network 		agendaless
oracle
debian
fedoraproject
redhat 		waitress
communications_cloud_native_core_network_function_cloud_native_environment
debian_linux
fedora
openstack 		Waitress through version 1.3.1 would parse the Transfer-Encoding header and only look for a single string value, if that value was not chunked it would fall through and use the Content-Length header … CWE-444
HTTP Request Smuggling 		CVE-2019-16786 2024-11-21 13:31 2019-12-21 Show GitHub Exploit DB Packet Storm
224856 7.5 HIGH
Network 		agendaless
oracle
debian
fedoraproject
redhat 		waitress
communications_cloud_native_core_network_function_cloud_native_environment
debian_linux
fedora
openstack 		Waitress through version 1.3.1 implemented a "MAY" part of the RFC7230 which states: "Although the line terminator for the start-line and header fields is the sequence CRLF, a recipient MAY recognize… CWE-444
HTTP Request Smuggling 		CVE-2019-16785 2024-11-21 13:31 2019-12-21 Show GitHub Exploit DB Packet Storm
224857 9.8 CRITICAL
Network 		beckhoff twincat Beckhoff Embedded Windows PLCs through 3.1.4024.0, and Beckhoff Twincat on Windows Engineering stations, allow an attacker to achieve Remote Code Execution (as SYSTEM) via the Beckhoff ADS protocol. CWE-290
 Authentication Bypass by Spoofing 		CVE-2019-16871 2024-11-21 13:31 2019-12-20 Show GitHub Exploit DB Packet Storm
224858 5.9 MEDIUM
Network 		rack_project
fedoraproject
opensuse 		rack
fedora
leap 		There's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack session… CWE-203
 Information Exposure Through Discrepancy 		CVE-2019-16782 2024-11-21 13:31 2019-12-19 Show GitHub Exploit DB Packet Storm
224859 9.8 CRITICAL
Network 		google tensorflow In TensorFlow before 1.15, a heap buffer overflow in UnsortedSegmentSum can be produced when the Index template argument is int32. In this case data_size and num_segments fields are truncated from in… CWE-681
 Incorrect Conversion between Numeric Types 		CVE-2019-16778 2024-11-21 13:31 2019-12-17 Show GitHub Exploit DB Packet Storm
224860 5.9 MEDIUM
Network 		excon_project
opensuse
debian 		excon
leap
backports_sle
debian_linux 		In RubyGem excon before 0.71.0, there was a race condition around persistent connections, where a connection which is interrupted (such as by a timeout) would leave data on the socket. Subsequent req… CWE-362
Race Condition 		CVE-2019-16779 2024-11-21 13:31 2019-12-17 Show GitHub Exploit DB Packet Storm