Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 27, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
216001	5	警告	Digium	-	Asterisk Open Source および Certified Asterisk における ACL 制限を回避される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2014-8412	2014-11-26 15:57	2014-11-20	Show	GitHub Exploit DB Packet Storm

216002	4.3	警告	jQuery	-	jQuery UI の Tooltip ウィジェットの jquery.ui.tooltip.js のデフォルトコンテンツオプションにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-6662	2014-11-26 15:50	2012-11-27	Show	GitHub Exploit DB Packet Storm

216003	3.5	注意	Liferay	-	Liferay Portal Enterprise Edition におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-8349	2014-11-26 15:27	2014-11-14	Show	GitHub Exploit DB Packet Storm

216004	7.1	危険	Xen プロジェクト	-	Xen の arch/x86/mm.c 内の do_mmu_update 関数におけるサービス運用妨害 (DoS) の脆弱性	CWE-20 不適切な入力確認	CVE-2014-9030	2014-11-26 15:20	2014-11-20	Show	GitHub Exploit DB Packet Storm

216005	4	警告	MantisBT Group	-	MantisBT における $g_download_attachments_threshold および $g_view_attachments_threshold の制限を回避される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2014-8988	2014-11-26 13:46	2014-11-16	Show	GitHub Exploit DB Packet Storm

216006	3.5	注意	MantisBT Group	-	MantisBT の Configuration Report ページのフィルタのセレクションリストにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-8986	2014-11-26 13:45	2014-06-1	Show	GitHub Exploit DB Packet Storm

216007	5	警告	ARM Ltd. (旧 Offspark)	-	PolarSSL におけるダウングレード攻撃を実行される脆弱性	CWE-310 暗号の問題	CVE-2014-8627	2014-11-26 11:57	2014-10-22	Show	GitHub Exploit DB Packet Storm

216008	6.4	警告	Canonical	-	Ubuntu の apparmor パッケージの apparmor_parser における AppArmor ポリシーを回避される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2014-1424	2014-11-25 20:32	2014-11-20	Show	GitHub Exploit DB Packet Storm

216009	5	警告	Moodle	-	Moodle の LTI モジュールにおける任意のメッセージの生成を誘発される脆弱性	CWE-20 不適切な入力確認	CVE-2014-9060	2014-11-25 18:39	2014-11-17	Show	GitHub Exploit DB Packet Storm

216010	4.3	警告	Moodle	-	Moodle の lib/setup.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-9059	2014-11-25 18:38	2014-11-17	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 27, 2026, 4:52 a.m.

No	CVSS	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
295971	-	cisco	vc240_network_bullet_camera video_surveillance_vc220_network_dome_camera	The Cisco VC220 and VC240 cameras allow remote attackers to cause a denial of service (WebUI outage) via crafted packets, aka Bug IDs CSCtf73188, CSCtf88059, CSCtf87951, CSCtf87908, and CSCtf88019.	NVD-CWE-noinfo	CVE-2012-3913	2024-11-21 10:41	2013-08-1	Show	GitHub Exploit DB Packet Storm

295972	-	apache	tomcat	Apache Tomcat 6.x before 6.0.37 and 7.x before 7.0.30 does not properly handle chunk extensions in chunked transfer coding, which allows remote attackers to cause a denial of service by streaming dat…	CWE-20 Improper Input Validation	CVE-2012-3544	2024-11-21 10:41	2013-06-1	Show	GitHub Exploit DB Packet Storm

295973	-	redhat	jboss_enterprise_portal_platform	Cross-site request forgery (CSRF) vulnerability in the GateIn Portal component in JBoss Enterprise Portal Platform 5.2.2 and earlier allows remote attackers to hijack the authentication of unspecifie…	CWE-352 Origin Validation Error	CVE-2012-3532	2024-11-21 10:41	2013-04-13	Show	GitHub Exploit DB Packet Storm

295974	-	apache	http_server	Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors …	CWE-79 Cross-site Scripting	CVE-2012-3499	2024-11-21 10:41	2013-02-27	Show	GitHub Exploit DB Packet Storm

295975	-	redhat	cloudforms	Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by reading production.log.	CWE-255 Credentials Management	CVE-2012-3538	2024-11-21 10:41	2013-01-5	Show	GitHub Exploit DB Packet Storm

295976	-	openconstructor_project	openconstructor	Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) data/gallery/edit.php, (2) data/guestb…	CWE-89 SQL Injection	CVE-2012-3873	2024-11-21 10:41	2012-12-28	Show	GitHub Exploit DB Packet Storm

295977	-	openconstructor_project	openconstructor	Multiple cross-site scripting (XSS) vulnerabilities in Open Constructor 3.12.0 allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to data/file/edit.php, (2) th…	CWE-79 Cross-site Scripting	CVE-2012-3872	2024-11-21 10:41	2012-12-28	Show	GitHub Exploit DB Packet Storm

295978	-	openconstructor_project	openconstructor	Cross-site scripting (XSS) vulnerability in data/hybrid/i_hybrid.php in Open Constructor 3.12.0 allows remote authenticated users to inject arbitrary web script or HTML via the header parameter.	CWE-79 Cross-site Scripting	CVE-2012-3871	2024-11-21 10:41	2012-12-28	Show	GitHub Exploit DB Packet Storm

295979	-	openconstructor_project	openconstructor	Multiple cross-site scripting (XSS) vulnerabilities in objects/createobject.php in Open Constructor 3.12.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) name or …	CWE-79 Cross-site Scripting	CVE-2012-3870	2024-11-21 10:41	2012-12-28	Show	GitHub Exploit DB Packet Storm

295980	-	apache	tomcat	org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by le…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2012-3546	2024-11-21 10:41	2012-12-19	Show	GitHub Exploit DB Packet Storm