Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 27, 2026, 10 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
203091 5 警告 ヒューレット・パッカード
日本電気
Apache Software Foundation		 - Apache Tomcat の DigestAuthenticator.java における暗号保護機構を回避される脆弱性 CWE-310
暗号の問題 		CVE-2011-5064 2016-08-2 17:34 2012-01-14 Show GitHub Exploit DB Packet Storm
203092 6.9 警告 アップル
日本電気
Apache Software Foundation		 - Apache HTTP Server の envvars における権限を取得される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2012-0883 2016-08-2 17:34 2012-03-2 Show GitHub Exploit DB Packet Storm
203093 2.6 注意 日本電気
Apache Software Foundation
アップル
富士通
オラクル
日立		 - Apache HTTP Server の mod_negotiation モジュールにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2012-2687 2016-08-2 17:34 2012-06-13 Show GitHub Exploit DB Packet Storm
203094 5 警告 日本電気
日立
Apache Software Foundation
オラクル		 - Apache Tomcat におけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認 		CVE-2012-3544 2016-08-2 17:34 2012-09-6 Show GitHub Exploit DB Packet Storm
203095 5.1 警告 アップル
日本電気
富士通
Apache Software Foundation
オラクル		 - Apache HTTP Server の mod_rewrite モジュールにおける任意のコマンドを実行される脆弱性 CWE-310
暗号の問題 		CVE-2013-1862 2016-08-2 17:34 2013-04-18 Show GitHub Exploit DB Packet Storm
203096 7.5 危険 富士通
日本電気
IBM
Apache Software Foundation
オラクル		 - Apache Struts の CookieInterceptor における ClassLoader を操作される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2014-0113 2016-08-2 17:34 2014-04-28 Show GitHub Exploit DB Packet Storm
203097 5.8 警告 富士通
日本電気
IBM
Apache Software Foundation
オラクル		 - Apache Struts の CookieInterceptor における ClassLoader を操作される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2014-0116 2016-08-2 17:34 2014-05-5 Show GitHub Exploit DB Packet Storm
203098 4.3 警告 アップル
日本電気
Apache Software Foundation		 - Apache HTTP Server の mod_proxy_balancer モジュールにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2012-4558 2016-08-2 16:45 2013-02-18 Show GitHub Exploit DB Packet Storm
203099 4.3 警告 日本電気
Apache Software Foundation
アップル
富士通
オラクル
日立		 - Apache HTTP Server におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2012-3499 2016-08-2 16:45 2013-02-18 Show GitHub Exploit DB Packet Storm
203100 9.8 緊急
Network 		ベリタス
日立		 - Veritas NetBackup および NetBackup アプライアンスの bpcd における任意のコマンドを実行される脆弱性 CWE-Other
その他 		CVE-2015-6550 2016-08-2 16:25 2015-08-21 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 27, 2026, 4:52 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
2071 6.4 MEDIUM
Network 		- - The The7 theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'dt_default_button' shortcode in all versions up to, and including, 14.3.2. This is due to insufficient input sanitiz… CWE-79
Cross-site Scripting 		CVE-2026-6646 2026-05-15 23:09 2026-05-15 Show GitHub Exploit DB Packet Storm
2072 6.5 MEDIUM
Network 		- - The Smartcat Translator for WPML plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'routeData' REST endpoint in all versions up to, and … CWE-862
 Missing Authorization 		CVE-2026-4683 2026-05-15 23:09 2026-05-15 Show GitHub Exploit DB Packet Storm
2073 8.1 HIGH
Network 		- - The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to unauthorized data loss due to a missing capability check on the 'admin_head' function in all versions up… CWE-862
 Missing Authorization 		CVE-2026-4094 2026-05-15 23:09 2026-05-15 Show GitHub Exploit DB Packet Storm
2074 9.8 CRITICAL
Network 		- - The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.1.10. This is due to the plugin trusting user-controlled cookie data to determine which W… CWE-287
Improper Authentication 		CVE-2026-5229 2026-05-15 23:09 2026-05-15 Show GitHub Exploit DB Packet Storm
2075 8.8 HIGH
Network 		- - The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36. This is due to insufficient authorization checks in the role field… CWE-269
 Improper Privilege Management 		CVE-2026-6228 2026-05-15 23:09 2026-05-15 Show GitHub Exploit DB Packet Storm
2076 7.5 HIGH
Network 		- - The Quick Playground plugin for WordPress is vulnerable to Path Traversal in versions up to and including 1.3.3. This is due to insufficient path validation in the qckply_zip_theme() function, which … CWE-22
Path Traversal 		CVE-2026-6403 2026-05-15 23:09 2026-05-15 Show GitHub Exploit DB Packet Storm
2077 6.4 MEDIUM
Network 		- - The Advanced Custom Fields: Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.0.2. This is due to insufficient input validation of JSON … CWE-79
Cross-site Scripting 		CVE-2026-6415 2026-05-15 23:09 2026-05-15 Show GitHub Exploit DB Packet Storm
2078 4.9 MEDIUM
Network 		- - The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'table' parameter in all versions up to, and including, 9.1.12 due to … CWE-89
SQL Injection 		CVE-2026-7046 2026-05-15 23:09 2026-05-15 Show GitHub Exploit DB Packet Storm
2079 4.3 MEDIUM
Network 		- - The Classified Listing – AI-Powered Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 5.3.10. This is due to t… CWE-862
 Missing Authorization 		CVE-2026-7563 2026-05-15 23:09 2026-05-15 Show GitHub Exploit DB Packet Storm
2080 4.3 MEDIUM
Network 		- - The Notify Odoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the _updateSettin… CWE-352
 Origin Validation Error 		CVE-2026-8425 2026-05-15 23:08 2026-05-15 Show GitHub Exploit DB Packet Storm