Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 21, 2026, 6:01 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
219291	4.9	警告	Gizra	-	Drupal 用 Organic Groups モジュールにおけるノード上のグループの制限を回避される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2013-7068	2014-05-1 18:07	2013-11-20	Show	GitHub Exploit DB Packet Storm

219292	5.8	警告	Gizra	-	Drupal 用 Organic Groups モジュールにおけるアクセス制限を回避される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2013-7065	2014-05-1 18:07	2013-11-20	Show	GitHub Exploit DB Packet Storm

219293	2.1	注意	Marcin Pajdzik	-	Drupal 用 EU Cookie Compliance モジュールにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-7064	2014-05-1 18:06	2013-11-20	Show	GitHub Exploit DB Packet Storm

219294	5	警告	PlusFront	-	Drupal 用 Invitation モジュールにおける重要な情報を取得される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2013-7063	2014-05-1 18:05	2013-11-20	Show	GitHub Exploit DB Packet Storm

219295	4.3	警告	Joachim Noreiko	-	Drupal 用 Flag モジュールの管理者ページにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-4336	2014-05-1 18:04	2013-08-28	Show	GitHub Exploit DB Packet Storm

219296	5	警告	PaperCut Software International Pty	-	PaperCut MF および NG におけるサービス運用妨害 (DoS) の脆弱性	CWE-noinfo 情報不足	CVE-2014-2658	2014-05-1 17:34	2014-04-10	Show	GitHub Exploit DB Packet Storm

219297	7.5	危険	PaperCut Software International Pty	-	PaperCut MF の印刷解除機能における脆弱性	CWE-noinfo 情報不足	CVE-2014-2657	2014-05-1 17:33	2014-04-10	Show	GitHub Exploit DB Packet Storm

219298	7.5	危険	Livetecs	-	Livetecs Timelive の Manage Project 機能における任意のコードを実行される脆弱性	CWE-Other その他	CVE-2014-2042	2014-05-1 17:15	2014-04-23	Show	GitHub Exploit DB Packet Storm

219299	7.5	危険	Livetecs	-	Livetecs Timelive における設定を変更される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2014-1217	2014-05-1 17:14	2014-02-20	Show	GitHub Exploit DB Packet Storm

219300	5	警告	South River Technologies	-	Titan FTP Server の Web インターフェースにおけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2014-1843	2014-05-1 16:50	2014-02-10	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 21, 2026, 4:10 a.m.

No	CVSS	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
293971	-	thinkshout	mandrill	The Mandrill module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users to obtain password reset links by reading the logs in the Mandrill dashboard.	CWE-200 Information Exposure	CVE-2012-5544	2024-11-21 10:44	2012-12-4	Show	GitHub Exploit DB Packet Storm

293972	-	feeds_project	feeds	The Feeds module 7.x-2.x before 7.x-2.0-alpha6 for Drupal, when a field is mapped to the node's author, does not properly check permissions, which allows remote attackers to create arbitrary nodes vi…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2012-5543	2024-11-21 10:44	2012-12-4	Show	GitHub Exploit DB Packet Storm

293973	-	pedro_cambra	commerce_extra_panes	Cross-site request forgery (CSRF) vulnerability in the Commerce Extra Panes module 7.x-1.x before 7.x-1.1 in Drupal allows remote attackers to hijack the authentication of administrators for requests…	CWE-352 Origin Validation Error	CVE-2012-5542	2024-11-21 10:44	2012-12-4	Show	GitHub Exploit DB Packet Storm

293974	-	twitter_pull_project	twitter_pull	Cross-site scripting (XSS) vulnerability in the Twitter Pull module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.0-rc3 for Drupal allows remote attackers to inject arbitrary web script or HTML via…	CWE-79 Cross-site Scripting	CVE-2012-5541	2024-11-21 10:44	2012-12-4	Show	GitHub Exploit DB Packet Storm

293975	-	tekritisoftware	hostip	Multiple cross-site scripting (XSS) vulnerabilities in the Hostip module 6.x-2.x before 6.x-2.2 and 7.x-2.x before 7.x-2.2 for Drupal allow remote attackers with control of hostip.info to inject arbi…	CWE-79 Cross-site Scripting	CVE-2012-5540	2024-11-21 10:44	2012-12-4	Show	GitHub Exploit DB Packet Storm

293976	-	organic_groups_project	organic_groups	The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2012-5539	2024-11-21 10:44	2012-12-4	Show	GitHub Exploit DB Packet Storm

293977	-	nathan_haug	filefield_sources	Cross-site scripting (XSS) vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.6 for Drupal, when the field has "Reference existing" source enabled, allows r…	CWE-79 Cross-site Scripting	CVE-2012-5538	2024-11-21 10:44	2012-12-4	Show	GitHub Exploit DB Packet Storm

293978	-	simplenews_scheduler_project	simplenews_scheduler	The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling f…	CWE-94 Code Injection	CVE-2012-5537	2024-11-21 10:44	2012-12-4	Show	GitHub Exploit DB Packet Storm

293979	-	flashtux	weechat	The hook_process function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to "sh…	CWE-20 Improper Input Validation	CVE-2012-5534	2024-11-21 10:44	2012-12-4	Show	GitHub Exploit DB Packet Storm

293980	-	cmsmadesimple	cms_made_simple	Cross-site request forgery (CSRF) vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) 1.11.2 and earlier allows remote attackers to hijack the authentication of admini…	CWE-352 Origin Validation Error	CVE-2012-5450	2024-11-21 10:44	2012-12-4	Show	GitHub Exploit DB Packet Storm