Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 7, 2026, 12:09 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
217161	7.5	危険	SAP	-	SAP Print and Output Management におけるアクセス権を取得される脆弱性	CWE-255 証明書・パスワード管理	CVE-2014-2751	2014-04-14 17:22	2014-03-9	Show	GitHub Exploit DB Packet Storm

217162	5	警告	SAP	-	SAP HANA の HANA ICM プロセスにおける重要な情報を取得される脆弱性	CWE-200 情報漏えい	CVE-2014-2749	2014-04-14 17:22	2014-01-7	Show	GitHub Exploit DB Packet Storm

217163	7.5	危険	SAP	-	SAP ERP 用 SAP エンハンスメントパッケージのセキュリティ監査ログ機能における任意のログクラスを変更される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2014-2748	2014-04-14 17:21	2014-03-9	Show	GitHub Exploit DB Packet Storm

217164	4.3	警告	フォーティネット	-	Fortinet FortiADC にクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-0331	2014-04-14 15:53	2014-04-11	Show	GitHub Exploit DB Packet Storm

217165	9.3	危険	マイクロソフト	-	Microsoft Word および Office 互換機能パックにおける任意のコードを実行される脆弱性	CWE-119 バッファエラー	CVE-2014-1757	2014-04-11 15:54	2014-04-8	Show	GitHub Exploit DB Packet Storm

217166	4.3	警告	マイクロソフトアドビシステムズ Google	-	Adobe Flash Player および Adobe AIR におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-0509	2014-04-11 15:46	2014-04-8	Show	GitHub Exploit DB Packet Storm

217167	5	警告	マイクロソフトアドビシステムズ Google	-	Adobe Flash Player および Adobe AIR におけるアクセス制限を回避される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2014-0508	2014-04-11 15:45	2014-04-8	Show	GitHub Exploit DB Packet Storm

217168	9.3	危険	マイクロソフトアドビシステムズ Google	-	Adobe Flash Player および Adobe AIR におけるバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2014-0507	2014-04-11 15:44	2014-04-8	Show	GitHub Exploit DB Packet Storm

217169	10	危険	マイクロソフトアドビシステムズ Google	-	Windows 上で稼働する Adobe Flash Player における任意のコードを実行される脆弱性	CWE-399 リソース管理の問題	CVE-2014-0506	2014-04-11 15:44	2014-03-13	Show	GitHub Exploit DB Packet Storm

217170	6.4	警告	WordPress.org	-	WordPress の wp-includes/pluggable.php 内の wp_validate_auth_cookie 関数におけるアクセス権を取得される脆弱性	CWE-287 不適切な認証	CVE-2014-0166	2014-04-11 15:33	2014-04-6	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 7, 2026, 4:22 a.m.

No	CVSS	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
292461	-	rubyonrails	ruby_on_rails rails	Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 a…	CWE-79 Cross-site Scripting	CVE-2012-3465	2024-11-21 10:40	2012-08-10	Show	GitHub Exploit DB Packet Storm

292462	-	rubyonrails	ruby_on_rails rails	Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow re…	CWE-79 Cross-site Scripting	CVE-2012-3464	2024-11-21 10:40	2012-08-10	Show	GitHub Exploit DB Packet Storm

292463	-	rubyonrails	ruby_on_rails rails	Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_tag_helper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attacker…	CWE-79 Cross-site Scripting	CVE-2012-3463	2024-11-21 10:40	2012-08-10	Show	GitHub Exploit DB Packet Storm

292464	-	todd_miller redhat	sudo enterprise_linux	A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file.	CWE-59 Link Following	CVE-2012-3440	2024-11-21 10:40	2012-08-8	Show	GitHub Exploit DB Packet Storm

292465	-	rubyonrails	ruby_on_rails rails	The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentic…	CWE-287 Improper Authentication	CVE-2012-3424	2024-11-21 10:40	2012-08-8	Show	GitHub Exploit DB Packet Storm

292466	-	hp	arcsight_connector_appliance_firmware arcsight_connector_appliance arcsight_logger_appliance_firmware arcsight_logger_appliance	Cross-site scripting (XSS) vulnerability in the import functionality in HP ArcSight Connector appliance 6.2.0.6244.0 and ArcSight Logger appliance 5.2.0.6288.0 allows remote attackers to inject arbit…	CWE-79 Cross-site Scripting	CVE-2012-2960	2024-11-21 10:40	2012-08-8	Show	GitHub Exploit DB Packet Storm

292467	-	redhat	libvirt	The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of servi…	CWE-399 Resource Management Errors	CVE-2012-3445	2024-11-21 10:40	2012-08-8	Show	GitHub Exploit DB Packet Storm

292468	-	graphicsmagick	graphicsmagick	The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2012-3438	2024-11-21 10:40	2012-08-8	Show	GitHub Exploit DB Packet Storm

292469	-	imagemagick	imagemagick	The Magick_png_malloc function in coders/png.c in ImageMagick 6.7.8 and earlier does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of …	NVD-CWE-Other	CVE-2012-3437	2024-11-21 10:40	2012-08-8	Show	GitHub Exploit DB Packet Storm

292470	-	martin_nagy	bind-dyndb-ldap	The dns_to_ldap_dn_escape function in src/ldap_convert.c in bind-dyndb-ldap 1.1.0rc1 and earlier does not properly escape distinguished names (DN) for LDAP queries, which allows remote DNS servers to…	CWE-20 Improper Input Validation	CVE-2012-3429	2024-11-21 10:40	2012-08-8	Show	GitHub Exploit DB Packet Storm