Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":July 1, 2026, 4:01 p.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show
Exploit
PoC
Search
231971 7.5 危険 thefactory - Joomla! 用の Deluxe blogfactory コンポーネントにおけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル
CVE-2010-1955 2012-12-20 19:29 2010-05-19 Show GitHub Exploit DB Packet Storm
231972 10 危険 Standards Based Linux Instrumentation (SBLIM) - SBLIM SFCB の httpAdapter におけるヒープベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー
CVE-2010-1937 2012-12-20 19:29 2010-05-14 Show GitHub Exploit DB Packet Storm
231973 9.3 危険 XnSoft - XnView におけるヒープベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー
CVE-2010-1932 2012-12-20 19:29 2010-06-16 Show GitHub Exploit DB Packet Storm
231974 7.5 危険 rifat kurban - tekno.Portal の makale.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2010-1925 2012-12-20 19:29 2010-05-12 Show GitHub Exploit DB Packet Storm
231975 7.5 危険 phpscripte24 - Hi Web Wiesbaden Live Shopping Multi Portal System の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2010-1924 2012-12-20 19:29 2010-05-12 Show GitHub Exploit DB Packet Storm
231976 7.5 危険 phpscripte24 - Hi Web Wiesbaden Web Social Network Freunde Community System の user.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2010-1923 2012-12-20 19:29 2010-05-12 Show GitHub Exploit DB Packet Storm
231977 7.5 危険 xinha
s9y
- Serendipity で使用されている Xinha WYSIWYG エディタにおけるアクセス制限を回避される脆弱性 CWE-264
認可・権限・アクセス制御
CVE-2010-1916 2012-12-20 19:29 2010-05-12 Show GitHub Exploit DB Packet Storm
231978 4.3 警告 tufat - FlashCard の cPlayer.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-1872 2012-12-20 19:29 2010-05-12 Show GitHub Exploit DB Packet Storm
231979 6.8 警告 レッドハット - Red Hat Linux 用の JBoss Enterprise Application Platform で使用されている jboss-seam2 における任意のコードを実行される脆弱性 CWE-20
不適切な入力確認
CVE-2010-1871 2012-12-20 19:29 2010-07-27 Show GitHub Exploit DB Packet Storm
231980 6.8 警告 realitymedias - RepairShop2 の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2010-1857 2012-12-20 19:29 2010-05-7 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:July 1, 2026, 4:27 a.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1571 9.3 CRITICAL
Network
- - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YMC Filter allows SQL Injection. This issue affects YMC Filter: from n/a through 3.11.5. CWE-89
SQL Injection
CVE-2026-54836 2026-06-26 09:16 2026-06-25 Show GitHub Exploit DB Packet Storm
1572 7.4 HIGH
Network
- - Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.3.1 versions. CWE-201
 Insertion of Sensitive Information Into Sent Data
CVE-2026-54821 2026-06-26 09:16 2026-06-25 Show GitHub Exploit DB Packet Storm
1573 9.9 CRITICAL
Network
- - SiYuan is an open-source personal knowledge management system. Prior to 3.7.0, the attribute-view (database) cell renderer genAVValueHTML interpolates cell content raw in four of its branches: text, … CWE-79
CWE-1188
Cross-site Scripting
 Insecure Default Initialization of Resource
CVE-2026-54158 2026-06-26 09:16 2026-06-25 Show GitHub Exploit DB Packet Storm
1574 6.1 MEDIUM
Local
- - Chrome DevTools for agents (chrome-devtools-mcp) lets your coding agent control and inspect a live Chrome browser. From 0.24.0 until 1.1.0, McpContext.validatePath() enforces workspace roots by check… CWE-22
CWE-59
Path Traversal
Link Following
CVE-2026-53766 2026-06-26 09:16 2026-06-25 Show GitHub Exploit DB Packet Storm
1575 - - - Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git LFS storage is content-addressed by OID alone (<LFS-root>/<oid[0]>/<oid[1]>/<oid>) but per-repo authorization lives in the lfs_obj… CWE-345
CWE-639
CWE-862
 Insufficient Verification of Data Authenticity
 Authorization Bypass Through User-Controlled Key
 Missing Authorization
CVE-2026-52812 2026-06-26 09:16 2026-06-25 Show GitHub Exploit DB Packet Storm
1576 9.8 CRITICAL
Network
cacti cacti Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Command Injection due to lack of sanitization in the escape_command() function. The esc… CWE-78
CWE-88
OS Command 
Argument Injection
CVE-2026-40079 2026-06-26 09:16 2026-06-25 Show GitHub Exploit DB Packet Storm
1577 5.3 MEDIUM
Network
cacti cacti Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior are vulnerable to Path Traversal via filename parameter in package_import.php. This issue has been fixed … CWE-22
Path Traversal
CVE-2026-39899 2026-06-26 09:16 2026-06-25 Show GitHub Exploit DB Packet Storm
1578 7.3 HIGH
Local
- - A flaw was found in KubeVirt's safepath package used by virt-handler. The OpenAtNoFollow function uses O_PATH|O_NOFOLLOW to obtain a file descriptor to a path leaf, but downstream operations resolve … CWE-61
 UNIX Symbolic Link (Symlink) Following
CVE-2026-13201 2026-06-26 09:16 2026-06-25 Show GitHub Exploit DB Packet Storm
1579 6.5 MEDIUM
Network
- - The Dokan Pro plugin for WordPress is vulnerable to time-based SQL Injection via the ’orderby’ parameter in all versions up to, and including, 5.0.4 due to insufficient escaping on the user supplied … CWE-89
SQL Injection
CVE-2026-12079 2026-06-26 09:16 2026-06-25 Show GitHub Exploit DB Packet Storm
1580 6.5 MEDIUM
Network
- - A flaw was found in the community.general Ansible collection's nexmo module. The module constructs HTTP requests to the Vonage/Nexmo SMS API by encoding API credentials (api_key and api_secret) into … CWE-532
 Inclusion of Sensitive Information in Log Files
CVE-2026-11820 2026-06-26 09:16 2026-06-24 Show GitHub Exploit DB Packet Storm