Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 25, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
241241	6.4	警告	Wikka Development Team	-	WikkaWiki の handlers/files.xml/files.xml.php におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2011-4450	2012-09-7 15:12	2011-12-6	Show	GitHub Exploit DB Packet Storm

241242	6.8	警告	Wikka Development Team	-	WikkaWiki の actions/files/files.php における任意の PHP コードを実行される脆弱性	CWE-noinfo 情報不足	CVE-2011-4449	2012-09-7 15:09	2011-12-3	Show	GitHub Exploit DB Packet Storm

241243	7.5	危険	Wikka Development Team	-	WikkaWiki の actions/usersettings/usersettings.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2011-4448	2012-09-7 14:56	2011-12-3	Show	GitHub Exploit DB Packet Storm

241244	5	警告	Apache Software Foundation	-	Apache Struts におけるサービス運用妨害 (CPU 資源の消費) の脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2012-4387	2012-09-7 14:54	2012-08-3	Show	GitHub Exploit DB Packet Storm

241245	6.8	警告	Apache Software Foundation	-	Apache Struts のトークンチェックメカニズムにおけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2012-4386	2012-09-7 14:52	2012-08-3	Show	GitHub Exploit DB Packet Storm

241246	5	警告	Thomas Eibner	-	Apache HTTP Server 用 mod_rpaf モジュールにおけるサービス運用妨害 (DoS) の脆弱性	CWE-noinfo 情報不足	CVE-2012-3526	2012-09-7 14:49	2012-09-5	Show	GitHub Exploit DB Packet Storm

241247	2.1	注意	Tigerfish	-	Drupal 用 Fancy Slide モジュールにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-2068	2012-09-6 14:05	2012-03-14	Show	GitHub Exploit DB Packet Storm

241248	6.8	警告	CKEditor Team	-	Drupal 用 FCKeditor および CKEditor モジュールにおける任意の PHP コードを実行される脆弱性	CWE-noinfo 情報不足	CVE-2012-2067	2012-09-6 14:03	2012-03-14	Show	GitHub Exploit DB Packet Storm

241249	4.3	警告	CKEditor Team	-	Drupal 用 FCKeditor および CKEditor モジュールにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-2066	2012-09-6 14:02	2012-03-14	Show	GitHub Exploit DB Packet Storm

241250	3.5	注意	Freso	-	Drupal 用 Language Icons モジュールにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-2065	2012-09-6 14:00	2012-03-14	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 25, 2026, 4:01 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
268991	6.1	MEDIUM Network	cybozu	office	Cross-site scripting (XSS) vulnerability in Cybozu Office 9.0.0 through 10.3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than C…	CWE-79 Cross-site Scripting	CVE-2016-1149	2024-11-21 11:45	2016-02-17	Show	GitHub Exploit DB Packet Storm

268992	7.5	HIGH Network	nec	expresscluster_x	Directory traversal vulnerability in WebManager in NEC EXPRESSCLUSTER X through 3.3 11.31 on Windows and through 3.3 3.3.1-1 on Linux and Solaris allows remote attackers to read arbitrary files via u…	CWE-22 Path Traversal	CVE-2016-1145	2024-11-21 11:45	2016-01-31	Show	GitHub Exploit DB Packet Storm

268993	5.4	MEDIUM Network	websquare	job-cube	Cross-site scripting (XSS) vulnerability in JOB-CUBE -JOB WEB SYSTEM before 1.2.2 and -JOB WEB SYSTEM High Income 1.0.6 and earlier allows remote authenticated users to inject arbitrary web script or…	CWE-79 Cross-site Scripting	CVE-2016-1144	2024-11-21 11:45	2016-01-31	Show	GitHub Exploit DB Packet Storm

268994	6.1	MEDIUM Network	vine_mv_project	vine_mv	Cross-site scripting (XSS) vulnerability in main.rb in Vine MV before 2015-11-08 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 Cross-site Scripting	CVE-2016-1143	2024-11-21 11:45	2016-01-31	Show	GitHub Exploit DB Packet Storm

268995	4.7	MEDIUM Network	kddi	home_spot_cube_firmware	KDDI HOME SPOT CUBE devices before 2 allow remote authenticated users to execute arbitrary OS commands via unspecified vectors.	CWE-78 OS Command	CVE-2016-1141	2024-11-21 11:45	2016-01-31	Show	GitHub Exploit DB Packet Storm

268996	6.1	MEDIUM Network	kddi	home_spot_cube_firmware	KDDI HOME SPOT CUBE devices before 2 allow remote attackers to conduct clickjacking attacks via unspecified vectors.	CWE-254 7PK - Security Features	CVE-2016-1140	2024-11-21 11:45	2016-01-31	Show	GitHub Exploit DB Packet Storm

268997	7.5	HIGH Network	kddi	home_spot_cube_firmware	Cross-site request forgery (CSRF) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.	CWE-352 Origin Validation Error	CVE-2016-1139	2024-11-21 11:45	2016-01-31	Show	GitHub Exploit DB Packet Storm

268998	4.7	MEDIUM Network	kddi	home_spot_cube_firmware	CRLF injection vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to inject arbitrary HTTP headers via unspecified vectors.	NVD-CWE-Other	CVE-2016-1138	2024-11-21 11:45	2016-01-31	Show	GitHub Exploit DB Packet Storm

268999	7.4	HIGH Network	kddi	home_spot_cube_firmware	Open redirect vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.	NVD-CWE-Other	CVE-2016-1137	2024-11-21 11:45	2016-01-31	Show	GitHub Exploit DB Packet Storm

269000	5.4	MEDIUM Network	kddi	home_spot_cube_firmware	Cross-site scripting (XSS) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 Cross-site Scripting	CVE-2016-1136	2024-11-21 11:45	2016-01-31	Show	GitHub Exploit DB Packet Storm