Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 14, 2026, 6:01 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
253421 6.8 警告 The PHP Group
サイバートラスト株式会社
レッドハット		 - PHP の xml_utf8_decode 関数における整数オーバーフローの脆弱性 CWE-189
数値処理の問題 		CVE-2009-5016 2011-02-18 15:03 2010-11-12 Show GitHub Exploit DB Packet Storm
253422 6.8 警告 The PHP Group - PHP の set_magic_quotes_runtime 関数における SQL インジェクション攻撃を誘導される脆弱性 CWE-89
SQLインジェクション 		CVE-2010-4700 2011-02-18 14:42 2010-07-1 Show GitHub Exploit DB Packet Storm
253423 7.5 危険 The PHP Group - PHP の iconv_mime_decode_headers 関数におけるスパムの検出を回避される脆弱性 CWE-189
数値処理の問題 		CVE-2010-4699 2011-02-18 14:40 2010-09-28 Show GitHub Exploit DB Packet Storm
253424 5 警告 The PHP Group - PHP の GD 拡張モジュールにおけるバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2010-4698 2011-02-18 14:38 2010-12-7 Show GitHub Exploit DB Packet Storm
253425 6.8 警告 The PHP Group - PHP の Zend Engine におけるサービス運用妨害 (DoS) の脆弱性 CWE-399
リソース管理の問題 		CVE-2010-4697 2011-02-18 14:35 2010-09-18 Show GitHub Exploit DB Packet Storm
253426 1 注意 サン・マイクロシステムズ - Oracle Sun Java System Portal Server のプロキシにおける脆弱性 CWE-noinfo
情報不足 		CVE-2010-4431 2011-02-18 14:30 2011-01-18 Show GitHub Exploit DB Packet Storm
253427 3.6 注意 オラクル - Oracle Solaris 9 の XScreenSaver における脆弱性 CWE-noinfo
情報不足 		CVE-2010-3586 2011-02-18 14:28 2011-01-18 Show GitHub Exploit DB Packet Storm
253428 3.6 注意 オラクル - Oracle Solaris 10 の Fault Manager Daemon における脆弱性 CWE-noinfo
情報不足 		CVE-2010-4460 2011-02-18 14:11 2011-01-18 Show GitHub Exploit DB Packet Storm
253429 4.1 警告 オラクル - Oracle Solaris 11 Express の ZFS における脆弱性 CWE-noinfo
情報不足 		CVE-2010-4458 2011-02-18 14:08 2011-01-18 Show GitHub Exploit DB Packet Storm
253430 4.1 警告 オラクル - Oracle Solaris の libc における脆弱性 CWE-noinfo
情報不足 		CVE-2010-4415 2011-02-18 14:06 2011-01-18 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 15, 2026, 4:28 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
224751 5.5 MEDIUM
Local 		wtfutil wtf WTF before 0.19.0 does not set the permissions of config.yml, which might make it easier for local attackers to read passwords or API keys if the permissions were misconfigured or were based on unsaf… CWE-276
Incorrect Default Permissions  		CVE-2019-15716 2024-11-21 13:29 2019-08-29 Show GitHub Exploit DB Packet Storm
224752 5.3 MEDIUM
Network 		entropic_project entropic cli/lib/main.js in Entropic before 2019-06-13 does not reject / and \ in command names, which might allow a directory traversal attack in unusual situations. CWE-22
Path Traversal 		CVE-2019-15714 2024-11-21 13:29 2019-08-28 Show GitHub Exploit DB Packet Storm
224753 6.1 MEDIUM
Network 		my_calendar_project my_calendar The my-calendar plugin before 3.1.10 for WordPress has XSS. CWE-79
Cross-site Scripting 		CVE-2019-15713 2024-11-21 13:29 2019-08-28 Show GitHub Exploit DB Packet Storm
224754 7.5 HIGH
Network 		riot-os riot In the TCP implementation (gnrc_tcp) in RIOT through 2019.07, the parser for TCP options does not terminate on all inputs, allowing a denial-of-service, because sys/net/gnrc/transport_layer/tcp/gnrc_… CWE-835
 Loop with Unreachable Exit Condition ('Infinite Loop') 		CVE-2019-15702 2024-11-21 13:29 2019-08-28 Show GitHub Exploit DB Packet Storm
224755 8.8 HIGH
Network 		bloodhound_project bloodhound components/Modals/HelpModal.jsx in BloodHound 2.2.0 allows remote attackers to execute arbitrary OS commands (by spawning a child process as the current user on the victim's machine) when the search … CWE-78
OS Command  		CVE-2019-15701 2024-11-21 13:29 2019-08-28 Show GitHub Exploit DB Packet Storm
224756 6.1 MEDIUM
Network 		frappe frappe public/js/frappe/form/footer/timeline.js in Frappe Framework 12 through 12.0.8 does not escape HTML in the timeline and thus is affected by crafted "changed value of" text. CWE-79
Cross-site Scripting 		CVE-2019-15700 2024-11-21 13:29 2019-08-28 Show GitHub Exploit DB Packet Storm
224757 4.3 MEDIUM
Network 		octopus octopus_server In Octopus Deploy 2019.7.3 through 2019.7.9, in certain circumstances, an authenticated user with VariableView permissions could view sensitive values. This is fixed in 2019.7.10. NVD-CWE-noinfo
CVE-2019-15698 2024-11-21 13:29 2019-08-28 Show GitHub Exploit DB Packet Storm
224758 8.8 HIGH
Network 		butlerblog wp-members The wp-members plugin before 3.2.8 for WordPress has CSRF. CWE-352
 Origin Validation Error 		CVE-2019-15660 2024-11-21 13:29 2019-08-27 Show GitHub Exploit DB Packet Storm
224759 4.3 MEDIUM
Network 		easyupdatesmanager easy_updates_manager The stops-core-theme-and-plugin-updates plugin before 8.0.5 for WordPress has insufficient restrictions on option changes (such as disabling unattended theme updates) because of a nonce check error. NVD-CWE-noinfo
CVE-2019-15650 2024-11-21 13:29 2019-08-27 Show GitHub Exploit DB Packet Storm
224760 9.8 CRITICAL
Network 		genetechsolutions pie_register The pie-register plugin before 3.1.2 for WordPress has SQL injection, a different issue than CVE-2018-10969. CWE-89
SQL Injection 		CVE-2019-15659 2024-11-21 13:29 2019-08-27 Show GitHub Exploit DB Packet Storm