Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 18, 2026, 12:09 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
219481	4.3	警告	Dokeos	-	Dokeos におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2014-1877	2014-03-14 16:54	2014-02-5	Show	GitHub Exploit DB Packet Storm

219482	6.8	警告	KASSELER CMS	-	Kasseler CMS におけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2013-3729	2014-03-14 16:19	2013-06-28	Show	GitHub Exploit DB Packet Storm

219483	3.5	注意	KASSELER CMS	-	Kasseler CMS におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-3728	2014-03-14 16:17	2013-06-28	Show	GitHub Exploit DB Packet Storm

219484	7.5	危険	KASSELER CMS	-	Kasseler CMS における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2013-3727	2014-03-14 16:15	2013-06-28	Show	GitHub Exploit DB Packet Storm

219485	7.5	危険	ZLDNN.COM	-	DotNetNuke 用 ZLDNN DNNArticle モジュールの RSS ページにおける SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2013-5117	2014-03-14 15:06	2013-09-12	Show	GitHub Exploit DB Packet Storm

219486	4.3	警告	DNN	-	DotNetNuke におけるオープンリダイレクトの脆弱性	CWE-20 不適切な入力確認	CVE-2013-7335	2014-03-14 15:05	2013-08-13	Show	GitHub Exploit DB Packet Storm

219487	4.3	警告	DNN	-	DotNetNuke におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-4649	2014-03-14 15:05	2013-08-13	Show	GitHub Exploit DB Packet Storm

219488	3.5	注意	DNN	-	DotNetNuke におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-3943	2014-03-14 14:39	2013-08-13	Show	GitHub Exploit DB Packet Storm

219489	7.5	危険	FreeType Project	-	FreeType の cff/cf2hints.c 内の cf2_hintmap_build 関数におけるスタックベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2014-2240	2014-03-14 14:19	2014-03-7	Show	GitHub Exploit DB Packet Storm

219490	4.3	警告	CiviCRM Caseproof Joobi	-	複数ベンダの製品で使用される Open Flash Chart の open-flash-chart.swf におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2013-1636	2014-03-14 13:48	2013-06-10	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 18, 2026, 4:12 a.m.

No	CVSS	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
293511	-	feeds_project	feeds	The Feeds module 7.x-2.x before 7.x-2.0-alpha6 for Drupal, when a field is mapped to the node's author, does not properly check permissions, which allows remote attackers to create arbitrary nodes vi…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2012-5543	2024-11-21 10:44	2012-12-4	Show	GitHub Exploit DB Packet Storm

293512	-	pedro_cambra	commerce_extra_panes	Cross-site request forgery (CSRF) vulnerability in the Commerce Extra Panes module 7.x-1.x before 7.x-1.1 in Drupal allows remote attackers to hijack the authentication of administrators for requests…	CWE-352 Origin Validation Error	CVE-2012-5542	2024-11-21 10:44	2012-12-4	Show	GitHub Exploit DB Packet Storm

293513	-	twitter_pull_project	twitter_pull	Cross-site scripting (XSS) vulnerability in the Twitter Pull module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.0-rc3 for Drupal allows remote attackers to inject arbitrary web script or HTML via…	CWE-79 Cross-site Scripting	CVE-2012-5541	2024-11-21 10:44	2012-12-4	Show	GitHub Exploit DB Packet Storm

293514	-	tekritisoftware	hostip	Multiple cross-site scripting (XSS) vulnerabilities in the Hostip module 6.x-2.x before 6.x-2.2 and 7.x-2.x before 7.x-2.2 for Drupal allow remote attackers with control of hostip.info to inject arbi…	CWE-79 Cross-site Scripting	CVE-2012-5540	2024-11-21 10:44	2012-12-4	Show	GitHub Exploit DB Packet Storm

293515	-	organic_groups_project	organic_groups	The Organic Groups (OG) module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2012-5539	2024-11-21 10:44	2012-12-4	Show	GitHub Exploit DB Packet Storm

293516	-	nathan_haug	filefield_sources	Cross-site scripting (XSS) vulnerability in the FileField Sources module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.6 for Drupal, when the field has "Reference existing" source enabled, allows r…	CWE-79 Cross-site Scripting	CVE-2012-5538	2024-11-21 10:44	2012-12-4	Show	GitHub Exploit DB Packet Storm

293517	-	simplenews_scheduler_project	simplenews_scheduler	The Simplenews Scheduler module 6.x-2.x before 6.x-2.4 for Drupal allows remote authenticated users with the "send scheduled newsletters" permission to inject arbitrary PHP code into the scheduling f…	CWE-94 Code Injection	CVE-2012-5537	2024-11-21 10:44	2012-12-4	Show	GitHub Exploit DB Packet Storm

293518	-	flashtux	weechat	The hook_process function in the plugin API for WeeChat 0.3.0 through 0.3.9.1 allows remote attackers to execute arbitrary commands via shell metacharacters in a command from a plugin, related to "sh…	CWE-20 Improper Input Validation	CVE-2012-5534	2024-11-21 10:44	2012-12-4	Show	GitHub Exploit DB Packet Storm

293519	-	cmsmadesimple	cms_made_simple	Cross-site request forgery (CSRF) vulnerability in lib/filemanager/imagemanager/images.php in CMS Made Simple (CMSMS) 1.11.2 and earlier allows remote attackers to hijack the authentication of admini…	CWE-352 Origin Validation Error	CVE-2012-5450	2024-11-21 10:44	2012-12-4	Show	GitHub Exploit DB Packet Storm

293520	-	orangehrm	orangehrm	Multiple SQL injection vulnerabilities in OrangeHRM 2.7.1 RC 1 allow remote authenticated administrators to execute arbitrary SQL commands via the sortField parameter to (1) viewCustomers, (2) viewPa…	CWE-89 SQL Injection	CVE-2012-5367	2024-11-21 10:44	2012-12-4	Show	GitHub Exploit DB Packet Storm