Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 13, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
254781	9.3	危険	日立	-	XMAP3 における任意のコードが実行される脆弱性	CWE-noinfo 情報不足	-	2010-05-13 15:14	2010-04-12	Show	GitHub Exploit DB Packet Storm

254782	4.3	警告	オラクル	-	Oracle Industry Product Suite の Retail - Oracle Retail Plan In-Season コンポーネントにおける脆弱性	CWE-noinfo 情報不足	CVE-2010-0863	2010-05-13 15:13	2010-04-13	Show	GitHub Exploit DB Packet Storm

254783	4.3	警告	オラクル	-	Oracle Industry Product Suite の Retail - Oracle Retail Place In-Season コンポーネントにおける脆弱性	CWE-noinfo 情報不足	CVE-2010-0864	2010-05-13 15:13	2010-04-13	Show	GitHub Exploit DB Packet Storm

254784	4.3	警告	オラクル	-	Oracle Industry Product Suite の Retail - Oracle Retail Markdown Optimization コンポーネントにおける脆弱性	CWE-noinfo 情報不足	CVE-2010-0862	2010-05-13 15:13	2010-04-13	Show	GitHub Exploit DB Packet Storm

254785	4.3	警告	オラクル	-	Oracle Industry Product Suite の Life Sciences - Oracle Thesaurus Management System コンポーネントにおける脆弱性	CWE-noinfo 情報不足	CVE-2010-0875	2010-05-13 15:12	2010-04-13	Show	GitHub Exploit DB Packet Storm

254786	4.3	警告	オラクル	-	Oracle Industry Product Suite の Life Sciences - Oracle Clinical Remote Data Capture Option コンポーネントにおける脆弱性	CWE-noinfo 情報不足	CVE-2010-0876	2010-05-13 15:12	2010-04-13	Show	GitHub Exploit DB Packet Storm

254787	4.3	警告	オラクル	-	Oracle Industry Product Suite の Communications - Oracle Communications Unified Inventory Management コンポーネントにおける脆弱性	CWE-noinfo 情報不足	CVE-2010-0874	2010-05-13 15:12	2010-04-13	Show	GitHub Exploit DB Packet Storm

254788	4	警告	オラクル	-	複数の Oracle 製品の PeopleTools コンポーネントにおける脆弱性	CWE-noinfo 情報不足	CVE-2010-0879	2010-05-13 15:12	2010-04-13	Show	GitHub Exploit DB Packet Storm

254789	4	警告	オラクル	-	複数の Oracle 製品の PeopleTools コンポーネントにおける脆弱性	CWE-noinfo 情報不足	CVE-2010-0878	2010-05-13 15:11	2010-04-13	Show	GitHub Exploit DB Packet Storm

254790	5	警告	オラクル	-	複数の Oracle 製品の PeopleTools コンポーネントにおける脆弱性	CWE-noinfo 情報不足	CVE-2010-0877	2010-05-13 15:11	2010-04-13	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 13, 2026, 5:05 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
224441	9.8	CRITICAL Network	wpmadeasy	shortcode_factory	The shortcode-factory plugin before 2.8 for WordPress has Local File Inclusion.	NVD-CWE-noinfo	CVE-2019-15322	2024-11-21 13:28	2019-08-22	Show	GitHub Exploit DB Packet Storm

224442	9.8	CRITICAL Network	optiontree_project	optiontree	The option-tree plugin before 2.7.3 for WordPress has Object Injection because serialized classes are mishandled.	CWE-502 Deserialization of Untrusted Data	CVE-2019-15321	2024-11-21 13:28	2019-08-22	Show	GitHub Exploit DB Packet Storm

224443	9.8	CRITICAL Network	optiontree_project	optiontree	The option-tree plugin before 2.7.3 for WordPress has Object Injection because the + character is mishandled.	CWE-502 Deserialization of Untrusted Data	CVE-2019-15320	2024-11-21 13:28	2019-08-22	Show	GitHub Exploit DB Packet Storm

224444	9.8	CRITICAL Network	optiontree_project	optiontree	The option-tree plugin before 2.7.0 for WordPress has Object Injection by leveraging a valid nonce.	CWE-502 Deserialization of Untrusted Data	CVE-2019-15319	2024-11-21 13:28	2019-08-22	Show	GitHub Exploit DB Packet Storm

224445	9.8	CRITICAL Network	yikesinc	easy_forms_for_mailchimp	The yikes-inc-easy-mailchimp-extender plugin before 6.5.3 for WordPress has code injection via the admin input field.	CWE-94 Code Injection	CVE-2019-15318	2024-11-21 13:28	2019-08-22	Show	GitHub Exploit DB Packet Storm

224446	5.4	MEDIUM Network	givewp	givewp	The give plugin before 2.4.7 for WordPress has XSS via a donor name.	CWE-79 Cross-site Scripting	CVE-2019-15317	2024-11-21 13:28	2019-08-22	Show	GitHub Exploit DB Packet Storm

224447	5.4	MEDIUM Network	tiki	tikiwiki_cms\/groupware	tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI.	CWE-79 Cross-site Scripting	CVE-2019-15314	2024-11-21 13:28	2019-08-22	Show	GitHub Exploit DB Packet Storm

224448	7.0	HIGH Local	valvesoftware	steam_client	Valve Steam Client for Windows through 2019-08-20 has weak folder permissions, leading to privilege escalation (to NT AUTHORITY\SYSTEM) via crafted use of CreateMountPoint.exe and SetOpLock.exe to le…	CWE-367 CWE-732 Time-of-check Time-of-use (TOCTOU) Race Condition Incorrect Permission Assignment for Critical Resource	CVE-2019-15316	2024-11-21 13:28	2019-08-22	Show	GitHub Exploit DB Packet Storm

224449	7.8	HIGH Local	valvesoftware	steam_client	Valve Steam Client for Windows through 2019-08-16 allows privilege escalation (to NT AUTHORITY\SYSTEM) because local users can replace the current versions of SteamService.exe and SteamService.dll wi…	CWE-732 Incorrect Permission Assignment for Critical Resource	CVE-2019-15315	2024-11-21 13:28	2019-08-22	Show	GitHub Exploit DB Packet Storm

224450	5.4	MEDIUM Network	vanderbilt	redcap	REDCap before 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file.	CWE-79 Cross-site Scripting	CVE-2019-15127	2024-11-21 13:28	2019-08-22	Show	GitHub Exploit DB Packet Storm