Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 12, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
196911	9.8	緊急 Network	DNN	-	DotNetNuke のインストールウィザードにおけるアプリケーションを再インストールされる脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2015-2794	2017-02-23 11:39	2015-05-26	Show	GitHub Exploit DB Packet Storm

196912	6.1	警告 Network	ZoneMinder	-	ZoneMinder における反射型クロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-5367	2017-02-23 11:12	2017-02-5	Show	GitHub Exploit DB Packet Storm

196913	6.1	警告 Network	dotCMS	-	dotCMS におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-5877	2017-02-23 10:55	2017-02-6	Show	GitHub Exploit DB Packet Storm

196914	5.4	警告 Network	dotCMS	-	dotCMS におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-5875	2017-02-23 10:55	2017-02-6	Show	GitHub Exploit DB Packet Storm

196915	5.5	警告 Local	LibTIFF	-	LibTIFF の gif2tiff ツールの gif2tiff.c の readgifimage 関数におけるバッファオーバーフローの脆弱性	CWE-20 不適切な入力確認	CVE-2016-5102	2017-02-23 10:49	2016-09-5	Show	GitHub Exploit DB Packet Storm

196916	6.2	警告 Local	TalariaX Pte Ltd	-	SendQuick Entera および Avera デバイスにおける認証されていない SMS ログを要求される脆弱性	CWE-532 ログファイルからの情報漏えい	CVE-2017-5137	2017-02-22 18:12	2017-02-5	Show	GitHub Exploit DB Packet Storm

196917	9.8	緊急 Network	TalariaX Pte Ltd	-	SendQuick Entera および Avera デバイスにおける複数のコマンドを挿入される脆弱性	CWE-77 コマンドインジェクション	CVE-2016-10098	2017-02-22 18:12	2017-01-2	Show	GitHub Exploit DB Packet Storm

196918	5.8	警告 Network	シスコシステムズ	-	Cisco Firepower System Software における特定の Web コンテンツのブロック機能を回避される脆弱性	CWE-20 不適切な入力確認	CVE-2017-3814	2017-02-22 17:27	2017-02-1	Show	GitHub Exploit DB Packet Storm

196919	5.8	警告 Network	シスコシステムズ	-	Cisco Firepower Management Center の Policy デプロイメントモジュールにおけるデプロイメントを制限される脆弱性	CWE-20 不適切な入力確認	CVE-2017-3809	2017-02-22 17:27	2017-02-1	Show	GitHub Exploit DB Packet Storm

196920	4.3	警告 Network	Google	-	Google Chrome の Blink におけるコンテンツセキュリティポリシーを回避される脆弱性	CWE-284 不適切なアクセス制御	CVE-2017-5027	2017-02-22 16:59	2017-01-25	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 13, 2026, 5:05 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
591	6.4	MEDIUM Network	-	-	Advanced Guestbook 2.4.4 contains a persistent cross-site scripting vulnerability in the smilies administration interface that allows authenticated attackers to inject malicious scripts by manipulati… New	CWE-79 Cross-site Scripting	CVE-2021-47950	2026-05-12 23:24	2026-05-10	Show	GitHub Exploit DB Packet Storm

592	6.4	MEDIUM Network	-	-	WordPress Picture Gallery 1.4.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the Edit Content URL field in the Access C… New	CWE-79 Cross-site Scripting	CVE-2021-47951	2026-05-12 23:24	2026-05-10	Show	GitHub Exploit DB Packet Storm

593	4.3	MEDIUM Network	-	-	OpenCart 3.0.3.7 contains a cross-site request forgery vulnerability that allows attackers to change user passwords by sending crafted requests to the account/password endpoint. Attackers can trick a… New	CWE-352 Origin Validation Error	CVE-2021-47953	2026-05-12 23:24	2026-05-10	Show	GitHub Exploit DB Packet Storm

594	8.8	HIGH Network	-	-	Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by uploading malicious files through the image parameter. Attackers can up… New	CWE-94 Code Injection	CVE-2022-50944	2026-05-12 23:24	2026-05-10	Show	GitHub Exploit DB Packet Storm

595	6.4	MEDIUM Network	-	-	WordPress 3dady real-time web stats plugin 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by exploiting unsanitized input … New	CWE-79 Cross-site Scripting	CVE-2022-50945	2026-05-12 23:24	2026-05-10	Show	GitHub Exploit DB Packet Storm

596	6.4	MEDIUM Network	-	-	WordPress Plugin Netroics Blog Posts Grid 1.0 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the post_title … New	CWE-79 Cross-site Scripting	CVE-2022-50946	2026-05-12 23:24	2026-05-10	Show	GitHub Exploit DB Packet Storm

597	6.4	MEDIUM Network	-	-	WordPress Plugin Testimonial Slider and Showcase 2.2.6 contains a stored cross-site scripting vulnerability that allows authenticated editors to inject malicious scripts by failing to sanitize the po… New	CWE-79 Cross-site Scripting	CVE-2022-50947	2026-05-12 23:24	2026-05-10	Show	GitHub Exploit DB Packet Storm

598	6.4	MEDIUM Network	-	-	Motopress Hotel Booking Lite 4.2.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting payloads in accommodation type fi… New	CWE-79 Cross-site Scripting	CVE-2022-50948	2026-05-12 23:24	2026-05-10	Show	GitHub Exploit DB Packet Storm

599	6.4	MEDIUM Network	-	-	WordPress Plugin Videos sync PDF 1.7.4 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting unsanitized mov, pdf, mp4, we… New	CWE-79 Cross-site Scripting	CVE-2022-50949	2026-05-12 23:24	2026-05-10	Show	GitHub Exploit DB Packet Storm

600	6.2	MEDIUM Local	-	-	WordPress Plugin cab-fare-calculator 1.0.3 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the controller parameter in tbli… New	CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')	CVE-2022-50954	2026-05-12 23:24	2026-05-10	Show	GitHub Exploit DB Packet Storm