Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 7, 2026, 2:09 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
231391 3.5 注意 Nancy Wichmann - Drupal 用 Announcements モジュール におけるノードのアクセス制限を回避される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2012-4500 2012-11-2 15:06 2012-08-28 Show GitHub Exploit DB Packet Storm
231392 5 警告 Matthias Hutterer - Drupal 用 Email Field モジュールにおけるエンティティに格納されたアドレスに電子メールを送信される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2012-4499 2012-11-2 15:04 2012-08-29 Show GitHub Exploit DB Packet Storm
231393 2.1 注意 inclind - Drupal 用 Custom Publishing Options モジュールにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2012-4496 2012-11-2 15:04 2012-08-14 Show GitHub Exploit DB Packet Storm
231394 4 警告 Mime Mail Module Project - Drupal 用 Mime Mail モジュールにおける任意のファイルを添付ファイルとして送信される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2012-4495 2012-11-2 15:01 2012-08-8 Show GitHub Exploit DB Packet Storm
231395 4.3 警告 National Information Infrastructure Development Institute - Drupal 用 Shibboleth authentication モジュールにおけるアクセス制限を回避される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2012-4494 2012-11-2 14:55 2012-08-8 Show GitHub Exploit DB Packet Storm
231396 2.1 注意 Isaac Sukin - Drupal 用 Shorten URLs モジュールにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2012-4492 2012-11-2 14:54 2012-08-8 Show GitHub Exploit DB Packet Storm
231397 5.8 警告 Earl Dunovant - Drupal 用 Monthly Archive by Node Type モジュールにおける制限しているノードにアクセスされる脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2012-4491 2012-11-2 14:53 2012-08-1 Show GitHub Exploit DB Packet Storm
231398 4.3 警告 Ricky Morse - Drupal 用 Excluded Users モジュールにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2012-4490 2012-11-2 14:45 2012-08-1 Show GitHub Exploit DB Packet Storm
231399 5.8 警告 Mark Burdett - Drupal 用 Secure Login モジュールにおけるオープンリダイレクトの脆弱性 CWE-20
不適切な入力確認 		CVE-2012-4489 2012-11-2 14:43 2012-07-25 Show GitHub Exploit DB Packet Storm
231400 5 警告 Location module project - Drupal 用 Location モジュールにおけるノードまたはユーザの検索結果を読まれる脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2012-4488 2012-11-2 14:43 2012-07-25 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 7, 2026, 4:22 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
293201 - chaos_tool_suite_project ctools Cross-site scripting (XSS) vulnerability in the Chaos tool suite (aka CTools) module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the post comments permission to inject ar… CWE-79
Cross-site Scripting 		CVE-2012-2082 2024-11-21 10:38 2012-08-15 Show GitHub Exploit DB Packet Storm
293202 - moshe_weitzman organic_groups The Organic Groups (OG) module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access, which allows remote attackers to obtain sensitive information such as private group titles via a re… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2012-2081 2024-11-21 10:38 2012-08-15 Show GitHub Exploit DB Packet Storm
293203 - node_limit_number_project node_limitnumber Cross-site request forgery (CSRF) vulnerability in the Node Limit Number module before 6.x-1.2 for Drupal allows remote attackers to hijack the authentication of users with the administer node limitn… CWE-352
 Origin Validation Error 		CVE-2012-2080 2024-11-21 10:38 2012-08-15 Show GitHub Exploit DB Packet Storm
293204 - rob_loach sharethis Cross-site request forgery (CSRF) vulnerability in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to hijack the authentication of users with administer sharethis permi… CWE-352
 Origin Validation Error 		CVE-2012-2077 2024-11-21 10:38 2012-08-15 Show GitHub Exploit DB Packet Storm
293205 - rob_loach sharethis Cross-site scripting (XSS) vulnerability in the administration forms in the ShareThis module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with administer sharethis permissions … CWE-79
Cross-site Scripting 		CVE-2012-2076 2024-11-21 10:38 2012-08-15 Show GitHub Exploit DB Packet Storm
293206 - steindom contact_save Cross-site scripting (XSS) vulnerability in the Contact Save module 6.x-1.x before 6.x-1.5 for Drupal allows remote authenticated users with the access site-wide contact form permission to inject arb… CWE-79
Cross-site Scripting 		CVE-2012-2075 2024-11-21 10:38 2012-08-15 Show GitHub Exploit DB Packet Storm
293207 - ubercart_views_project uc_views Unspecified vulnerability in certain default views in the Ubercart Views module 6.x before 6.x-3.2 for Drupal allows remote attackers to obtain sensitive information via unknown attack vectors. NVD-CWE-noinfo
CVE-2012-2074 2024-11-21 10:38 2012-08-15 Show GitHub Exploit DB Packet Storm
293208 - kristof_de_jaeger bundle_copy The Bundle copy module 7.x-1.x before 7.x-1.1 for Drupal does not check for the "use PHP for settings" permission while importing settings, which allows remote authenticated users with certain permis… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2012-2073 2024-11-21 10:38 2012-08-15 Show GitHub Exploit DB Packet Storm
293209 - patrick_przybilla addtoany Cross-site scripting (XSS) vulnerability in the Share Buttons (AddToAny) module 6.x-3.x before 6.x-3.4 for Drupal allows remote authenticated users with the administer addtoany permission to inject a… CWE-79
Cross-site Scripting 		CVE-2012-2072 2024-11-21 10:38 2012-08-15 Show GitHub Exploit DB Packet Storm
293210 - geoff_davies contact_forms Cross-site scripting (XSS) vulnerability in the Contact Forms module 6.x-1.x before 6.x-1.13 for Drupal when the core contact form is enabled, allows remote authenticated users with the administer si… CWE-79
Cross-site Scripting 		CVE-2012-2071 2024-11-21 10:38 2012-08-15 Show GitHub Exploit DB Packet Storm