Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 21, 2026, 12:08 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
209031 4.3 警告 Video Consultation project - Drupal 用 Video Consultation モジュールにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-5492 2015-08-25 18:15 2015-05-6 Show GitHub Exploit DB Packet Storm
209032 3.5 注意 Dynamic display block project - Drupal 用 Dynamic display block モジュールにおけるアクセス制限を回避される脆弱性 CWE-200
情報漏えい 		CVE-2015-5491 2015-08-25 18:15 2015-06-12 Show GitHub Exploit DB Packet Storm
209033 5 警告 Views Project - Drupal 用 Views モジュールの includes/cache.inc の _views_fetch_data メソッドにおける意図したフィルターを回避される脆弱性 CWE-200
情報漏えい 		CVE-2015-5490 2015-08-25 18:15 2015-04-29 Show GitHub Exploit DB Packet Storm
209034 3.5 注意 Smart Trim project - Drupal 用 Smart Trim モジュールにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-5489 2015-08-25 18:15 2015-04-29 Show GitHub Exploit DB Packet Storm
209035 2.1 注意 ThinkShout - Drupal 用 MailChimp モジュールの MailChimp Signup サブモジュールにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-5488 2015-08-25 18:15 2015-04-29 Show GitHub Exploit DB Packet Storm
209036 4.3 警告 テックスミス株式会社 - Drupal 用 Camtasia Relay モジュールにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-5487 2015-08-25 18:15 2015-04-29 Show GitHub Exploit DB Packet Storm
209037 3.5 注意 OpenStack - OpenStack Image Service のインポートタスクアクションにおける任意のファイルを読まれる脆弱性 CWE-200
情報漏えい 		CVE-2015-5163 2015-08-25 11:57 2015-08-6 Show GitHub Exploit DB Packet Storm
209038 4.3 警告 シスコシステムズ - Cisco Unified Web and E-mail Interaction Manager におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2015-6255 2015-08-25 11:48 2015-08-18 Show GitHub Exploit DB Packet Storm
209039 6.1 警告 シスコシステムズ - 複数の Cisco Nexus デバイス上で稼動する Cisco NX-OS におけるバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2015-4324 2015-08-25 11:48 2015-08-17 Show GitHub Exploit DB Packet Storm
209040 6.1 警告 シスコシステムズ - 複数の Cisco Nexus デバイス上で稼動する Cisco NX-OS および MDS SAN-OS におけるサービス運用妨害 (DoS) の脆弱性 CWE-119
バッファエラー 		CVE-2015-4323 2015-08-25 11:48 2015-08-14 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 21, 2026, 4:10 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
2151 - - - Craft CMS is a content management system (CMS). From 5.0.0-RC1 to before 5.9.18, AssetsController::actionShowInFolder() fetches an asset by ID and returns its filename and complete folder hierarchy (… CWE-862
 Missing Authorization 		CVE-2026-44012 2026-05-13 23:54 2026-05-13 Show GitHub Exploit DB Packet Storm
2152 9.9 CRITICAL
Network 		openedx openedx Open edX Platform enables the authoring and delivery of online learning at any scale. The sync_provider_data endpoint in SAMLProviderDataViewSet allows authenticated Enterprise Admin users to supply … CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-42858 2026-05-13 23:53 2026-05-12 Show GitHub Exploit DB Packet Storm
2153 8.5 HIGH
Network 		openedx edx-enterprise The Open edx Enterprise Service app provides enterprise features to the Open edX platform. From 7.0.2 to 7.0.4, the sync_provider_data endpoint in SAMLProviderDataViewSet fetches SAML metadata from a… CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2026-42860 2026-05-13 23:50 2026-05-12 Show GitHub Exploit DB Packet Storm
2154 - - - Improper enforcement of the LFENCE serialization property may allow an attacker to bypass speculation barriers and potentially disclose sensitive information, potentially resulting in loss of confide… CWE-693
 Protection Mechanism Failure 		CVE-2024-36315 2026-05-13 23:49 2026-05-13 Show GitHub Exploit DB Packet Storm
2155 - - - Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to modify MMIO routing configurations, potentially resulting in loss of SEV-SNP guest integrity. CWE-1233
 Security-Sensitive Hardware Controls with Missing Lock Bit Protection 		CVE-2025-61971 2026-05-13 23:49 2026-05-13 Show GitHub Exploit DB Packet Storm
2156 - - - Missing lock bit protection for NBIO registers could allow a local admin-privileged attacker to gain arbitrary System Management Network (SMN) access, potentially resulting in arbitrary code executio… CWE-1233
 Security-Sensitive Hardware Controls with Missing Lock Bit Protection 		CVE-2025-61972 2026-05-13 23:49 2026-05-13 Show GitHub Exploit DB Packet Storm
2157 - - - A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2025-62623 2026-05-13 23:49 2026-05-13 Show GitHub Exploit DB Packet Storm
2158 - - - A heap-based buffer overflow in the ionic cloud driver for VMware ESXi could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. CWE-122
Heap-based Buffer Overflow 		CVE-2025-62624 2026-05-13 23:49 2026-05-13 Show GitHub Exploit DB Packet Storm
2159 - - - An untrusted pointer dereference in the ionic cloud driver for VMWare ESXi could allow an attacker with an unprivileged VM to read kernel memory or co-located guest VM memory, potentially resulting i… CWE-822
 Untrusted Pointer Dereference 		CVE-2025-62627 2026-05-13 23:49 2026-05-13 Show GitHub Exploit DB Packet Storm
2160 6.3 MEDIUM
Network 		- - A vulnerability has been found in CodeAstro Online Catering Ordering System 1.0. This affects an unknown function of the file /deleteorder.php. The manipulation of the argument ID leads to sql inject… CWE-74
CWE-89
Injection
SQL Injection 		CVE-2026-8231 2026-05-13 23:48 2026-05-10 Show GitHub Exploit DB Packet Storm