Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
210221	5.4	警告	dog whistle project	-	Android 用 Dog Whistle アプリケーションにおけるサーバになりすまされる脆弱性	CWE-310 暗号の問題	CVE-2014-5910	2014-12-17 09:57	2014-09-3	Show	GitHub Exploit DB Packet Storm

210222	5.4	警告	watcha	-	Android 用 watcha アプリケーションにおけるサーバになりすまされる脆弱性	CWE-310 暗号の問題	CVE-2014-5909	2014-12-17 09:57	2014-09-3	Show	GitHub Exploit DB Packet Storm

210223	5.4	警告	kmart	-	Android 用 Kmart アプリケーションにおけるサーバになりすまされる脆弱性	CWE-310 暗号の問題	CVE-2014-5908	2014-12-17 09:57	2014-09-3	Show	GitHub Exploit DB Packet Storm

210224	5.4	警告	libiitech	-	Android 用 Pet Salon アプリケーションにおけるサーバになりすまされる脆弱性	CWE-310 暗号の問題	CVE-2014-5907	2014-12-17 09:57	2014-09-3	Show	GitHub Exploit DB Packet Storm

210225	5.4	警告	youngmoney	-	Android 用 Lil Wayne Slots: FREE SLOTS アプリケーションにおけるサーバになりすまされる脆弱性	CWE-310 暗号の問題	CVE-2014-5906	2014-12-17 09:57	2014-09-3	Show	GitHub Exploit DB Packet Storm

210226	5.4	警告	meucarrinho	-	Android 用 Grocery List - Tomatoes アプリケーションにおけるサーバになりすまされる脆弱性	CWE-310 暗号の問題	CVE-2014-5905	2014-12-17 09:57	2014-09-3	Show	GitHub Exploit DB Packet Storm

210227	5.4	警告	miniinthebox	-	Android 用 MiniInTheBox Online Shopping アプリケーションにおけるサーバになりすまされる脆弱性	CWE-310 暗号の問題	CVE-2014-5904	2014-12-17 09:57	2014-09-3	Show	GitHub Exploit DB Packet Storm

210228	5.4	警告	mobileiron	-	Android 用 Mobile@Work アプリケーションにおけるサーバになりすまされる脆弱性	CWE-310 暗号の問題	CVE-2014-5903	2014-12-17 09:57	2014-09-3	Show	GitHub Exploit DB Packet Storm

210229	5.4	警告	uacinemas	-	Android 用 UA Cinemas - Mobile ticketing アプリケーションにおけるサーバになりすまされる脆弱性	CWE-310 暗号の問題	CVE-2014-5902	2014-12-17 09:57	2014-09-3	Show	GitHub Exploit DB Packet Storm

210230	5.4	警告	webelinx	-	Android 用 Beauty Bible - App for Girls アプリケーションにおけるサーバになりすまされる脆弱性	CWE-310 暗号の問題	CVE-2014-5901	2014-12-17 09:57	2014-09-3	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:April 20, 2026, 4:09 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
221	9.8	CRITICAL Network	victoralagwu	cmssite	CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat_id parameter. Attackers can send GET req… Update	CWE-89 SQL Injection	CVE-2019-25697	2026-04-18 01:41	2026-04-12	Show	GitHub Exploit DB Packet Storm

222	7.1	HIGH Network	montala	resourcespace	ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collection… Update	CWE-352 CWE-89 Origin Validation Error SQL Injection	CVE-2019-25693	2026-04-18 01:37	2026-04-12	Show	GitHub Exploit DB Packet Storm

223	7.8	HIGH Local	socusoft	html5_video_player	HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Attackers can craft a malicious payl… Update	CWE-787 Out-of-bounds Write	CVE-2019-25689	2026-04-18 01:19	2026-04-12	Show	GitHub Exploit DB Packet Storm

224	6.1	MEDIUM Network	dynalon	mdwiki	MDwiki contains a cross-site scripting vulnerability that allows remote attackers to execute arbitrary JavaScript by injecting malicious code through the location hash parameter. Attackers can craft … Update	CWE-79 Cross-site Scripting	CVE-2017-20239	2026-04-18 01:19	2026-04-12	Show	GitHub Exploit DB Packet Storm

225	6.1	MEDIUM Network	lollms	lollms	A Cross-site Scripting (XSS) vulnerability was identified in the `from_dict` method of the `AppLollmsMessage` class in parisneo/lollms prior to version 2.2.0. The vulnerability arises from the lack o… Update	CWE-79 Cross-site Scripting	CVE-2026-1116	2026-04-18 01:18	2026-04-12	Show	GitHub Exploit DB Packet Storm

226	6.3	MEDIUM Network	-	-	A vulnerability was determined in prasathmani TinyFileManager up to 2.6. Affected by this vulnerability is an unknown functionality of the file /filemanager.php?p= ajax=true&type=upload of the compon… New	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2026-6497	2026-04-18 01:17	2026-04-18	Show	GitHub Exploit DB Packet Storm

227	9.1	CRITICAL Network	-	-	An attacker with network access to the PLC is able to brute force discover passwords to gain unauthorized access to systems and services. The limited password complexity and no password input limiter… New	CWE-521 Weak Password Requirements	CVE-2026-6284	2026-04-18 01:17	2026-04-18	Show	GitHub Exploit DB Packet Storm

228	9.8	CRITICAL Network	-	-	A SQL injection vulnerability in CodeAstro Simple Attendance Management System v1.0 allows remote unauthenticated attackers to bypass authentication via the username parameter in index.php. New	CWE-89 SQL Injection	CVE-2026-37749	2026-04-18 01:17	2026-04-18	Show	GitHub Exploit DB Packet Storm

229	-		-	-	A vulnerability allowing a local attacker with administrator privileges to bypass Windows Driver Signature Enforcement. New	CWE-77 Command Injection	CVE-2026-21709	2026-04-18 01:16	2026-04-18	Show	GitHub Exploit DB Packet Storm

230	6.5	MEDIUM Network	phoca	maps	Various stored XSS vulnerabilities in the maps- and icon rendering logic in Phoca Maps component 5.0.0-6.0.2 have been discovered. Update	CWE-79 Cross-site Scripting	CVE-2026-23900	2026-04-18 01:15	2026-04-11	Show	GitHub Exploit DB Packet Storm