Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 23, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
218331 4.3 警告 SnapApp - WordPress 用 SnapApp プラグインの js/button-snapapp.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2014-4596 2014-07-7 18:26 2014-04-25 Show GitHub Exploit DB Packet Storm
218332 4.3 警告 WP GuestMap project - WordPress 用 WP GuestMap プラグインにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2014-4587 2014-07-7 18:26 2014-06-12 Show GitHub Exploit DB Packet Storm
218333 4.3 警告 WP Consultant project - WordPress 用 WP Consultant プラグインの admin/admin_show_dialogs.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2014-4582 2014-07-7 18:26 2014-06-12 Show GitHub Exploit DB Packet Storm
218334 4.3 警告 Zen-Dreams - WordPress 用 ZdStatistics プラグインの cal/test.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2014-4605 2014-07-7 18:26 2014-05-28 Show GitHub Exploit DB Packet Storm
218335 4.3 警告 WP RESTful project - WordPress 用 WP RESTful プラグインにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2014-4595 2014-07-7 18:26 2014-06-12 Show GitHub Exploit DB Packet Storm
218336 4.3 警告 Jordesign - WordPress 用 WordPress Responsive Preview プラグインの index.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2014-4594 2014-07-7 18:26 2014-06-12 Show GitHub Exploit DB Packet Storm
218337 4.3 警告 WP BlipBot project - WordPress 用 WP BlipBot プラグインの blipbot.ajax.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2014-4580 2014-07-7 18:26 2014-06-12 Show GitHub Exploit DB Packet Storm
218338 4.3 警告 Your Text Manager project - WordPress 用 Your Text Manager プラグインの settings/pwsettings.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2014-4604 2014-07-7 18:26 2014-05-28 Show GitHub Exploit DB Packet Storm
218339 4.3 警告 WP Plugin Manager project - WordPress 用 WP Plugin Manager プラグインの wp-plugins-net/index.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2014-4593 2014-07-7 18:26 2014-04-25 Show GitHub Exploit DB Packet Storm
218340 4.3 警告 beamnote.com - WordPress 用 WP Microblogs プラグインの get.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2014-4590 2014-07-7 18:26 2014-06-12 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 23, 2026, 4:08 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
296981 - sympa sympa The archive management (arc_manage) page in wwsympa/wwsympa.fcgi.in in Sympa before 6.1.11 does not check permissions, which allows remote attackers to list, read, and delete arbitrary list archives … CWE-264
Permissions, Privileges, and Access Controls 		CVE-2012-2352 2024-11-21 10:38 2012-06-1 Show GitHub Exploit DB Packet Storm
296982 - puppet
fedoraproject
debian
canonical 		puppet
puppet_enterprise
fedora
debian_linux
ubuntu_linux 		Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-crea… CWE-78
OS Command  		CVE-2012-1988 2024-11-21 10:38 2012-05-30 Show GitHub Exploit DB Packet Storm
296983 - puppet
puppetlabs 		puppet
puppet_enterprise
puppet_enterprise_users 		Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with an authorized SSL key and ce… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2012-1986 2024-11-21 10:38 2012-05-30 Show GitHub Exploit DB Packet Storm
296984 - puppet
puppetlabs 		puppet
puppet_enterprise
puppet_enterprise_users 		Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from … CWE-264
Permissions, Privileges, and Access Controls 		CVE-2012-1906 2024-11-21 10:38 2012-05-30 Show GitHub Exploit DB Packet Storm
296985 - puppet
puppetlabs 		puppet
puppet_enterprise
puppet_enterprise_users 		Unspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with… NVD-CWE-noinfo
CVE-2012-1987 2024-11-21 10:38 2012-05-30 Show GitHub Exploit DB Packet Storm
296986 - sitracker support_incident_tracker Cross-site scripting (XSS) vulnerability in Support Incident Tracker (SiT!) 3.65 and earlier allows remote attackers to inject arbitrary web script or HTML via the id parameter to index.php, which is… CWE-79
Cross-site Scripting 		CVE-2012-2235 2024-11-21 10:38 2012-05-28 Show GitHub Exploit DB Packet Storm
296987 - ibm lotus_quickr Multiple stack-based buffer overflows in a certain ActiveX control in qp2.cab in IBM Lotus Quickr 8.2 before 8.2.0.27-002a for Domino allow remote attackers to execute arbitrary code via a long argum… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2012-2176 2024-11-21 10:38 2012-05-26 Show GitHub Exploit DB Packet Storm
296988 - adobe illustrator
illustrator_cs5.5 		Adobe Illustrator before CS6 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-0780, CVE-201… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2012-2042 2024-11-21 10:38 2012-05-25 Show GitHub Exploit DB Packet Storm
296989 - tornadoweb tornado CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting… CWE-20
 Improper Input Validation  		CVE-2012-2374 2024-11-21 10:38 2012-05-24 Show GitHub Exploit DB Packet Storm
296990 - cypherpunks pidgin-otr Format string vulnerability in the log_message_cb function in otr-plugin.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 3.2.1 for Pidgin might allow remote attackers to execute arbi… CWE-134
Use of Externally-Controlled Format String 		CVE-2012-2369 2024-11-21 10:38 2012-05-24 Show GitHub Exploit DB Packet Storm