Vulnerability Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 31, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
253921	4.3	警告	リアルネットワークス	-	RealNetworks RealPlayer の ActiveX コントロールにおけるクロスゾーンスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-2947	2011-09-8 13:36	2011-08-16	Show	GitHub Exploit DB Packet Storm

253922	10	危険	リアルネットワークス	-	RealNetworks RealPlayer および RealPlayer Enterprise の ActiveX コントロールにおける任意のコードを実行される脆弱性	CWE-noinfo 情報不足	CVE-2011-2946	2011-09-8 13:35	2011-08-16	Show	GitHub Exploit DB Packet Storm

253923	9.3	危険	リアルネットワークス	-	RealNetworks RealPlayer におけるヒープベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2011-2945	2011-09-8 13:34	2011-08-16	Show	GitHub Exploit DB Packet Storm

253924	10	危険	Mozilla Foundation レッドハット	-	複数の Mozilla 製品における任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2011-0084	2011-09-8 13:33	2011-08-16	Show	GitHub Exploit DB Packet Storm

253925	4.3	警告	Mozilla Foundation レッドハット	-	複数の Mozilla 製品における同一生成元ポリシーを回避される脆弱性	CWE-200 情報漏えい	CVE-2011-2983	2011-09-8 13:32	2011-08-16	Show	GitHub Exploit DB Packet Storm

253926	10	危険	Mozilla Foundation レッドハット	-	複数の Mozilla 製品におけるクローム特権で任意の JavaScript を実行される脆弱性	CWE-94 コード・インジェクション	CVE-2011-2984	2011-09-7 11:35	2011-08-16	Show	GitHub Exploit DB Packet Storm

253927	7.2	危険	Mozilla Foundation	-	Mozilla Firefox における権限昇格の脆弱性	CWE-Other その他	CVE-2011-2980	2011-09-7 11:34	2011-08-16	Show	GitHub Exploit DB Packet Storm

253928	10	危険	Mozilla Foundation レッドハット	-	複数の Mozilla 製品の appendChild 関数における任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2011-2378	2011-09-7 11:33	2011-08-16	Show	GitHub Exploit DB Packet Storm

253929	9.3	危険	Mozilla Foundation レッドハット	-	複数の Mozilla 製品のイベント管理実装における同一生成元ポリシーを回避される脆弱性	CWE-16 環境設定	CVE-2011-2981	2011-09-7 11:32	2011-08-16	Show	GitHub Exploit DB Packet Storm

253930	10	危険	Mozilla Foundation レッドハット	-	複数の Mozilla 製品のブラウザエンジンにおけるサービス運用妨害 (DoS) の脆弱性	CWE-noinfo 情報不足	CVE-2011-2982	2011-09-7 11:31	2011-08-16	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 31, 2026, 4:16 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
195071	6.1	MEDIUM Network	videojs fedoraproject	video.js fedora	This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code.	CWE-79 Cross-site Scripting	CVE-2021-23414	2024-11-21 14:51	2021-07-28	Show	GitHub Exploit DB Packet Storm

195072	5.3	MEDIUM Network	jszip_project	jszip	This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values (e.g __proto__, toString, etc) results in a returned object with a modified prototyp…	NVD-CWE-noinfo	CVE-2021-23413	2024-11-21 14:51	2021-07-25	Show	GitHub Exploit DB Packet Storm

195073	9.8	CRITICAL Network	gitlogplus_project	gitlogplus	All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization.	CWE-78 OS Command	CVE-2021-23412	2024-11-21 14:51	2021-07-24	Show	GitHub Exploit DB Packet Storm

195074	4.3	MEDIUM Network	graphhopper	graphhopper	This affects the package com.graphhopper:graphhopper-web-bundle before 3.2, from 4.0-pre1 and before 4.0. The URL parser could be tricked into adding or modifying properties of Object.prototype using…	CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	CVE-2021-23408	2024-11-21 14:51	2021-07-22	Show	GitHub Exploit DB Packet Storm

195075	6.1	MEDIUM Network	anchorme_project	anchorme	Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the main functionality. It accepts input that can result in the output (an anchor a tag) containing undesirable Java…	CWE-79 Cross-site Scripting	CVE-2021-23411	2024-11-21 14:51	2021-07-22	Show	GitHub Exploit DB Packet Storm

195076	7.5	HIGH Network	go-proxyproto_project	go-proxyproto	The package github.com/pires/go-proxyproto before 0.6.0 are vulnerable to Denial of Service (DoS) via creating connections without the proxy protocol header.	NVD-CWE-noinfo	CVE-2021-23409	2024-11-21 14:51	2021-07-21	Show	GitHub Exploit DB Packet Storm

195077	7.5	HIGH Network	elfinder.net.core_project	elfinder.net.core	This affects the package elFinder.Net.Core from 0 and before 1.2.4. The user-controlled file name is not properly sanitized before it is used to create a file system path.	CWE-22 Path Traversal	CVE-2021-23407	2024-11-21 14:51	2021-07-15	Show	GitHub Exploit DB Packet Storm

195078	9.8	CRITICAL Network	totaljs	total4	The package total4 before 0.0.43 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.	CWE-94 Code Injection	CVE-2021-23390	2024-11-21 14:51	2021-07-13	Show	GitHub Exploit DB Packet Storm

195079	9.8	CRITICAL Network	totaljs	total.js	The package total.js before 3.4.9 are vulnerable to Arbitrary Code Execution via the U.set() and U.get() functions.	CWE-94 Code Injection	CVE-2021-23389	2024-11-21 14:51	2021-07-13	Show	GitHub Exploit DB Packet Storm

195080	8.8	HIGH Network	pimcore	pimcore	This affects the package pimcore/pimcore before 10.0.7. This issue exists due to the absence of check on the storeId parameter in the method collectionsActionGet and groupsActionGet method within the…	CWE-89 SQL Injection	CVE-2021-23405	2024-11-21 14:51	2021-07-9	Show	GitHub Exploit DB Packet Storm

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed