Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 30, 2026, 4 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
216301	7.5	危険	Shim	-	Shim における任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2014-3677	2014-11-27 17:44	2014-10-13	Show	GitHub Exploit DB Packet Storm

216302	7.5	危険	Shim	-	Shim におけるヒープベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2014-3676	2014-11-27 17:44	2014-10-13	Show	GitHub Exploit DB Packet Storm

216303	5	警告	Shim	-	Shim におけるサービス運用妨害 (DoS) の脆弱性	CWE-119 バッファエラー	CVE-2014-3675	2014-11-27 17:43	2014-10-13	Show	GitHub Exploit DB Packet Storm

216304	4	警告	OpenStack	-	OpenStack Cinder の GlusterFS および Linux Smbfs ドライバにおける Cinder-volume ホストからファイルデータを取得される脆弱性	CWE-200 情報漏えい	CVE-2014-3641	2014-11-27 17:41	2014-10-7	Show	GitHub Exploit DB Packet Storm

216305	4	警告	OpenStack	-	OpenStack Keystone のカタログの URL 置換における重要な設定オプションを読まれる脆弱性	CWE-200 情報漏えい	CVE-2014-3621	2014-11-27 17:40	2014-09-30	Show	GitHub Exploit DB Packet Storm

216306	4.3	警告	WhyDoWork.com	-	WordPress 用 WhyDoWork AdSense プラグインにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-9100	2014-11-27 15:57	2014-07-28	Show	GitHub Exploit DB Packet Storm

216307	6.8	警告	WhyDoWork.com	-	WordPress用 WhyDoWork AdSense プラグインにおけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2014-9099	2014-11-27 15:55	2014-07-28	Show	GitHub Exploit DB Packet Storm

216308	4	警告	Digium	-	Asterisk Open Source および Certified Asterisk におけるサービス運用妨害 (DoS) の脆弱性	CWE-Other その他	CVE-2014-6610	2014-11-27 15:47	2014-09-5	Show	GitHub Exploit DB Packet Storm

216309	4	警告	Digium	-	Asterisk Open Source の res_pjsip_pubsub モジュールにおけるサービス運用妨害 (DoS) の脆弱性	CWE-20 不適切な入力確認	CVE-2014-6609	2014-11-27 15:46	2014-07-30	Show	GitHub Exploit DB Packet Storm

216310	5	警告	シスコシステムズ	-	Cisco IOS XR におけるサービス運用妨害 (DoS) の脆弱性	CWE-399 リソース管理の問題	CVE-2014-8004	2014-11-27 15:20	2014-11-25	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 30, 2026, 4:16 a.m.

No	CVSS	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
296111	-	havalite	cms	Havalite CMS 1.1.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the configuration database via a direct requ…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2012-5892	2024-11-21 10:45	2012-11-18	Show	GitHub Exploit DB Packet Storm

296112	-	dalbum	dalbum	Multiple cross-site request forgery (CSRF) vulnerabilities in photo/pass.php in DAlbum 1.44 build 174 and earlier allow remote attackers to hijack the authentication of administrators for requests th…	CWE-352 Origin Validation Error	CVE-2012-5891	2024-11-21 10:45	2012-11-18	Show	GitHub Exploit DB Packet Storm

296113	-	stanislas_rolland	sr_feuser_register	The Front End User Registration (sr_feuser_register) extension before 2.6.2 for TYPO3 allows remote attackers to obtain user names and passwords via the (1) edit perspective or (2) autologin feature.	CWE-200 Information Exposure	CVE-2012-5890	2024-11-21 10:45	2012-11-18	Show	GitHub Exploit DB Packet Storm

296114	-	alex_kellner	powermail	Cross-site scripting (XSS) vulnerability in the powermail extension before 1.6.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 Cross-site Scripting	CVE-2012-5889	2024-11-21 10:45	2012-11-18	Show	GitHub Exploit DB Packet Storm

296115	-	benjamin_mack	seo_basics	Cross-site scripting (XSS) vulnerability in Basic SEO Features (seo_basics) extension before 0.8.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 Cross-site Scripting	CVE-2012-5888	2024-11-21 10:45	2012-11-18	Show	GitHub Exploit DB Packet Storm

296116	-	apache	tomcat	The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with …	CWE-287 Improper Authentication	CVE-2012-5887	2024-11-21 10:45	2012-11-18	Show	GitHub Exploit DB Packet Storm

296117	-	apache	tomcat	The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session …	CWE-287 Improper Authentication	CVE-2012-5886	2024-11-21 10:45	2012-11-18	Show	GitHub Exploit DB Packet Storm

296118	-	apache	tomcat	The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka clien…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2012-5885	2024-11-21 10:45	2012-11-18	Show	GitHub Exploit DB Packet Storm

296119	-	uk-cookie_project	uk-cookie	Cross-site scripting (XSS) vulnerability in the Uk Cookie (aka uk-cookie) plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 Cross-site Scripting	CVE-2012-5856	2024-11-21 10:45	2012-11-18	Show	GitHub Exploit DB Packet Storm

296120	-	mozilla	bugzilla	The User.get method in Bugzilla/WebService/User.pm in Bugzilla 4.3.2 allows remote attackers to obtain sensitive information about the saved searches of arbitrary users via an XMLRPC request or a JSO…	CWE-200 Information Exposure	CVE-2012-5884	2024-11-21 10:45	2012-11-16	Show	GitHub Exploit DB Packet Storm