Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 19, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
241391	5	警告	ジョンソンコントロールズ	-	Johnson Controls Pegasys P2000 サーバにおける不正なアラートを生成される脆弱性	CWE-20 不適切な入力確認	CVE-2012-4026	2012-07-18 16:45	2012-07-16	Show	GitHub Exploit DB Packet Storm

241392	7.5	危険	ジョンソンコントロールズ	-	Johnson Controls CK721-A コントローラのファームウェアにおける任意のコマンドを実行される脆弱性	CWE-78 OSコマンド・インジェクション	CVE-2012-2607	2012-07-18 16:37	2012-07-16	Show	GitHub Exploit DB Packet Storm

241393	5	警告	Tridium	-	Tridium Niagara AX Framework におけるディレクトリトラバーサルの脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2012-4027	2012-07-18 11:49	2012-07-13	Show	GitHub Exploit DB Packet Storm

241394	4.3	警告	ヒューレット・パッカード	-	HP AssetManager におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-2021	2012-07-18 11:39	2012-07-12	Show	GitHub Exploit DB Packet Storm

241395	5	警告	RSAセキュリティ	-	EMC RSA Authentication Manager および RSA SecurID Appliance における任意の Web スクリプトを挿入される脆弱性	CWE-Other その他	CVE-2012-2280	2012-07-18 10:58	2012-07-13	Show	GitHub Exploit DB Packet Storm

241396	6.4	警告	RSAセキュリティ	-	EMC RSA Authentication Manager および RSA SecurID Appliance におけるオープンリダイレクトの脆弱性	CWE-20 不適切な入力確認	CVE-2012-2279	2012-07-18 10:57	2012-07-13	Show	GitHub Exploit DB Packet Storm

241397	4.3	警告	RSAセキュリティ	-	EMC RSA Authentication Manager および RSA SecurID Appliance におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-2278	2012-07-18 10:56	2012-07-13	Show	GitHub Exploit DB Packet Storm

241398	4.3	警告	CKEditor Team	-	FCKeditor におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-4000	2012-07-17 16:44	2012-07-12	Show	GitHub Exploit DB Packet Storm

241399	4.3	警告	Sayak Banerjee	-	Sticky Notes の admin/login.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-3999	2012-07-17 16:43	2012-07-12	Show	GitHub Exploit DB Packet Storm

241400	7.5	危険	Sayak Banerjee	-	Sticky Notes における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2012-3998	2012-07-17 16:43	2012-07-12	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 19, 2026, 4:16 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
266551	3.8	LOW Local	xen fedoraproject oracle	xen fedora vm_server	The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive …	CWE-200 CWE-284 Information Exposure Improper Access Control	CVE-2016-3158	2024-11-21 11:49	2016-04-14	Show	GitHub Exploit DB Packet Storm

266552	8.8	HIGH Network	mercurial debian suse opensuse fedoraproject redhat	mercurial debian_linux linux_enterprise_software_development_kit linux_enterprise_debuginfo opensuse leap fedora enterprise_linux_desktop enterprise_linux_server_aus enterp…	Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.	CWE-20 Improper Input Validation	CVE-2016-3069	2024-11-21 11:49	2016-04-14	Show	GitHub Exploit DB Packet Storm

266553	8.8	HIGH Network	debian mercurial fedoraproject redhat suse opensuse	debian_linux mercurial fedora enterprise_linux_desktop enterprise_linux_server_aus enterprise_linux_workstation enterprise_linux_server enterprise_linux_hpc_node enterprise_li…	Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.	CWE-20 Improper Input Validation	CVE-2016-3068	2024-11-21 11:49	2016-04-14	Show	GitHub Exploit DB Packet Storm

266554	8.8	HIGH Network	cacti	cacti	SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parent_id parameter in an item_edit action.	CWE-89 SQL Injection	CVE-2016-3172	2024-11-21 11:49	2016-04-13	Show	GitHub Exploit DB Packet Storm

266555	7.8	HIGH Local	xen canonical	xen ubuntu_linux	The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context-switch IOPL on 64-bit PV Xen guests, which allows local guest OS users to gain privileges, cause…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2016-3157	2024-11-21 11:49	2016-04-13	Show	GitHub Exploit DB Packet Storm

266556	8.1	HIGH Network	drupal debian	drupal debian_linux	Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data trunc…	CWE-19 Data Processing Errors	CVE-2016-3171	2024-11-21 11:49	2016-04-13	Show	GitHub Exploit DB Packet Storm

266557	5.3	MEDIUM Network	debian drupal	debian_linux drupal	The "have you forgotten your password" links in the User module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allow remote attackers to obtain sensitive username information by leveraging a configur…	CWE-200 Information Exposure	CVE-2016-3170	2024-11-21 11:49	2016-04-13	Show	GitHub Exploit DB Packet Storm

266558	8.1	HIGH Network	debian drupal	debian_linux drupal	The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit ca…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2016-3169	2024-11-21 11:49	2016-04-13	Show	GitHub Exploit DB Packet Storm

266559	6.4	MEDIUM Network	drupal debian	drupal debian_linux	The System module in Drupal 6.x before 6.38 and 7.x before 7.43 might allow remote attackers to hijack the authentication of site administrators for requests that download and run files with arbitrar…	CWE-254 7PK - Security Features	CVE-2016-3168	2024-11-21 11:49	2016-04-13	Show	GitHub Exploit DB Packet Storm

266560	7.4	HIGH Network	drupal debian	drupal debian_linux	Open redirect vulnerability in the drupal_goto function in Drupal 6.x before 6.38, when used with PHP before 5.4.7, allows remote attackers to redirect users to arbitrary web sites and conduct phishi…	NVD-CWE-Other	CVE-2016-3167	2024-11-21 11:49	2016-04-13	Show	GitHub Exploit DB Packet Storm