Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 27, 2026, 4 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
250721 6.8 警告 CMS Made Simple - CMS Made Simple における管理者パスワードのリセット要求の管理者認証をハイジャックされる脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2010-3884 2012-03-27 18:42 2010-10-8 Show GitHub Exploit DB Packet Storm
250722 6.8 警告 CMS Made Simple - CMS Made Simple の Change Group Permissions モジュールにおけるクロスサイトリクエストフォージェリ脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2010-3883 2012-03-27 18:42 2010-10-8 Show GitHub Exploit DB Packet Storm
250723 4.3 警告 CMS Made Simple - CMS Made Simple におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2010-3882 2012-03-27 18:42 2010-10-8 Show GitHub Exploit DB Packet Storm
250724 4.3 警告 レッドハット - Red Hat JBoss Enterprise Application Platform の JMX Console におけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2010-3878 2012-03-27 18:42 2010-12-1 Show GitHub Exploit DB Packet Storm
250725 4.3 警告 Mahara - Mahara の blocktype/groupviews/theme/raw/groupviews.tpl におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2010-3871 2012-03-27 18:42 2010-11-9 Show GitHub Exploit DB Packet Storm
250726 4 警告 レッドハット - RHCS および Dogtag Certificate System における任意の認証番号を生成される脆弱性 CWE-310
暗号の問題 		CVE-2010-3869 2012-03-27 18:42 2010-11-8 Show GitHub Exploit DB Packet Storm
250727 5.8 警告 レッドハット - RHCS および Dogtag Certificate System における PIN を取得される脆弱性 CWE-287
不適切な認証 		CVE-2010-3868 2012-03-27 18:42 2010-11-8 Show GitHub Exploit DB Packet Storm
250728 2.6 注意 レッドハット - Red Hat JBoss Enterprise Application Platform および JBoss Enterprise Web Platform の Boss Remoting におけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認 		CVE-2010-3862 2012-03-27 18:42 2010-12-8 Show GitHub Exploit DB Packet Storm
250729 6.4 警告 レッドハット - Red Hat Conga の Luciにおける repoze.who 認証をバイパスすることが容易になる脆弱性 CWE-287
不適切な認証 		CVE-2010-3852 2012-03-27 18:42 2010-11-2 Show GitHub Exploit DB Packet Storm
250730 4.9 警告 Linux - Linux kernel の ec_dev_ioctl 関数におけるアクセス制限を回避される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2010-3850 2012-03-27 18:42 2010-12-30 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 27, 2026, 4:52 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
285891 - cybozu garoon The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to bypass intended access restrictions via unspecified vectors. CWE-264
Permissions, Privileges, and Access Controls 		CVE-2014-1993 2024-11-21 11:05 2014-07-20 Show GitHub Exploit DB Packet Storm
285892 - cybozu garoon Cross-site scripting (XSS) vulnerability in the Messages functionality in Cybozu Garoon 3.1.x, 3.5.x, and 3.7.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML… CWE-79
Cross-site Scripting 		CVE-2014-1992 2024-11-21 11:05 2014-07-20 Show GitHub Exploit DB Packet Storm
285893 - cybozu garoon The CGI component in Cybozu Garoon 3.1.0 through 3.7 SP3 allows remote attackers to execute arbitrary commands via unspecified vectors. CWE-78
OS Command  		CVE-2014-1987 2024-11-21 11:05 2014-07-20 Show GitHub Exploit DB Packet Storm
285894 - nextapp file_explorer Directory traversal vulnerability in the NextApp File Explorer application before 2.1.0.3 for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename. CWE-22
Path Traversal 		CVE-2014-1973 2024-11-21 11:05 2014-07-20 Show GitHub Exploit DB Packet Storm
285895 - microsoft windows_server_2008
windows_server_2012
windows_rt
windows_7
windows_8.1
windows_rt_8.1
windows_vista
windows_8 		Windows Journal in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote a… CWE-94
Code Injection 		CVE-2014-1824 2024-11-21 11:05 2014-07-9 Show GitHub Exploit DB Packet Storm
285896 - cisco unified_communications_domain_manager
unified_cdm_platform_software 		Cisco Unified Communications Domain Manager (CDM) in Unified CDM Platform Software before 4.4.2 has a hardcoded SSH private key, which makes it easier for remote attackers to obtain access to the sup… CWE-255
Credentials Management 		CVE-2014-2198 2024-11-21 11:05 2014-07-7 Show GitHub Exploit DB Packet Storm
285897 - cisco unified_communications_domain_manager
unified_cdm_application_software 		The Administration GUI in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 8.1.4 does not properly implement access control, which all… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2014-2197 2024-11-21 11:05 2014-07-7 Show GitHub Exploit DB Packet Storm
285898 - intercom web_kyukincho Cross-site scripting (XSS) vulnerability in Intercom Web Kyukincho 3.x before 3.0.030 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. CWE-79
Cross-site Scripting 		CVE-2014-2006 2024-11-21 11:05 2014-06-28 Show GitHub Exploit DB Packet Storm
285899 6.8 MEDIUM
Physics 		sophos enterprise_console Sophos Disk Encryption (SDE) 5.x in Sophos Enterprise Console (SEC) 5.x before 5.2.2 does not enforce intended authentication requirements for a resume action from sleep mode, which allows physically… CWE-287
Improper Authentication 		CVE-2014-2005 2024-11-21 11:05 2014-06-25 Show GitHub Exploit DB Packet Storm
285900 - jreast jr_east_japan The East Japan Railway Company JR East Japan application before 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to obtain sensitive inf… CWE-310
Cryptographic Issues 		CVE-2014-2001 2024-11-21 11:05 2014-06-19 Show GitHub Exploit DB Packet Storm