Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 28, 2026, 4:09 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
241481 2.1 注意 Tigerfish - Drupal 用 Fancy Slide モジュールにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2012-2068 2012-09-6 14:05 2012-03-14 Show GitHub Exploit DB Packet Storm
241482 6.8 警告 CKEditor Team - Drupal 用 FCKeditor および CKEditor モジュールにおける任意の PHP コードを実行される脆弱性 CWE-noinfo
情報不足 		CVE-2012-2067 2012-09-6 14:03 2012-03-14 Show GitHub Exploit DB Packet Storm
241483 4.3 警告 CKEditor Team - Drupal 用 FCKeditor および CKEditor モジュールにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2012-2066 2012-09-6 14:02 2012-03-14 Show GitHub Exploit DB Packet Storm
241484 3.5 注意 Freso - Drupal 用 Language Icons モジュールにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2012-2065 2012-09-6 14:00 2012-03-14 Show GitHub Exploit DB Packet Storm
241485 4.3 警告 Views Language Switcher - Drupal 用 Views Language Switcher モジュールにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2012-2064 2012-09-6 13:56 2012-03-14 Show GitHub Exploit DB Packet Storm
241486 5 警告 Brian Altenhofel - Drupal 用 Slidebox モジュールにおける重要な情報を取得される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2012-2063 2012-09-6 13:54 2012-03-14 Show GitHub Exploit DB Packet Storm
241487 4.3 警告 ImageMagick - ImageMagick におけるサービス運用妨害 (無限ループおよびハング) の脆弱性 CWE-119
バッファエラー 		CVE-2012-0248 2012-09-6 13:49 2012-02-3 Show GitHub Exploit DB Packet Storm
241488 5 警告 Pidgin - Pidgin の MSN プロトコルプラグインにおけるサービス運用妨害 (アプリケーションクラッシュ) の脆弱性 CWE-20
不適切な入力確認 		CVE-2012-2318 2012-09-6 13:41 2012-05-7 Show GitHub Exploit DB Packet Storm
241489 3.5 注意 Pidgin - Pidgin の libpurple におけるサービス運用妨害 (アプリケーションクラッシュ) の脆弱性 CWE-399
リソース管理の問題 		CVE-2012-2214 2012-09-6 13:40 2012-05-7 Show GitHub Exploit DB Packet Storm
241490 7.5 危険 BuddyPress.org - WordPress 用 BuddyPress プラグインの wp-load.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2012-2109 2012-09-6 11:31 2012-09-4 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 28, 2026, 4:16 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
285631 9.8 CRITICAL
Network 		sugarcrm sugarcrm XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in … CWE-611
XXE 		CVE-2014-3244 2024-11-21 11:07 2018-02-2 Show GitHub Exploit DB Packet Storm
285632 9.8 CRITICAL
Network 		zabbix
fedoraproject 		zabbix
fedora 		XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or pote… CWE-611
XXE 		CVE-2014-3005 2024-11-21 11:07 2018-02-2 Show GitHub Exploit DB Packet Storm
285633 6.5 MEDIUM
Network 		puppet
redhat 		puppet
linux 		The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certi… CWE-295
Improper Certificate Validation  		CVE-2014-3250 2024-11-21 11:07 2017-12-12 Show GitHub Exploit DB Packet Storm
285634 8.8 HIGH
Network 		orange livebox_1.1_firmware Livebox 1.1 allows remote authenticated users to upload arbitrary configuration files, download the configuration file, or obtain sensitive information via crafted Javascript. CWE-254
 7PK - Security Features 		CVE-2014-3150 2024-11-21 11:07 2017-11-16 Show GitHub Exploit DB Packet Storm
285635 5.9 MEDIUM
Network 		cyberduck cyberduck Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof FTP-SSL servers via a certificate issued by an arbitrary root … CWE-295
Improper Certificate Validation  		CVE-2014-2845 2024-11-21 11:07 2017-11-16 Show GitHub Exploit DB Packet Storm
285636 7.5 HIGH
Network 		google android cmds/servicemanager/service_manager.c in Android before commit 7d42a3c31ba78a418f9bdde0e0ab951469f321b5 allows attackers to cause a denial of service (NULL pointer dereference, or out-of-bounds write… CWE-476
 NULL Pointer Dereference 		CVE-2014-3164 2024-11-21 11:07 2017-10-18 Show GitHub Exploit DB Packet Storm
285637 5.9 MEDIUM
Network 		wolfssl wolfssl CyaSSL does not check the key usage extension in leaf certificates, which allows remote attackers to spoof servers via a crafted server certificate not authorized for use in an SSL/TLS handshake. CWE-310
Cryptographic Issues 		CVE-2014-2903 2024-11-21 11:07 2017-10-7 Show GitHub Exploit DB Packet Storm
285638 7.5 HIGH
Network 		visioncritical vision_critical Vision Critical before 2014-05-30 allows attackers to read arbitrary files via unspecified vectors, as demonstrated by image files and configuration files. CWE-200
Information Exposure 		CVE-2014-2960 2024-11-21 11:07 2017-04-10 Show GitHub Exploit DB Packet Storm
285639 7.5 HIGH
Network 		huawei s9300_firmware
s3300_firmware
s2300_firmware
s5300_firmware
s6300_firmware 		Huawei S9300 with software before V100R006SPH013 and S2300,S3300,S5300,S6300 with software before V100R006SPH010 support Y.1731 and therefore have the Y.1731 vulnerability in processing special packe… CWE-19
 Data Processing Errors 		CVE-2014-3223 2024-11-21 11:07 2017-04-3 Show GitHub Exploit DB Packet Storm
285640 7.0 HIGH
Local 		huawei espace_meeting In Huawei eSpace Meeting with software V100R001C03SPC201 and the earlier versions, attackers that obtain the permissions assigned to common users can elevate privileges to access and set specific key… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2014-3222 2024-11-21 11:07 2017-04-3 Show GitHub Exploit DB Packet Storm