Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 25, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
252151 2.6 注意 MODX - MODx Revolution の manager/index.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2010-4883 2012-01-19 11:06 2011-10-7 Show GitHub Exploit DB Packet Storm
252152 4.3 警告 Ventics - Auto CMS の autocms.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2010-4882 2012-01-19 11:06 2011-10-7 Show GitHub Exploit DB Packet Storm
252153 6.8 警告 ApPHP - ApPHP Calendar の calendar.class.php におけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2010-4881 2012-01-19 10:33 2011-10-7 Show GitHub Exploit DB Packet Storm
252154 4.3 警告 ApPHP - ApPHP Calendar の calendar.class.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2010-4880 2012-01-19 10:33 2011-10-7 Show GitHub Exploit DB Packet Storm
252155 7.5 危険 Hinnendahl - Kontakt Formular の formmailer.php における任意の PHP コードを実行される脆弱性 CWE-94
コード・インジェクション 		CVE-2010-4878 2012-01-19 10:32 2011-10-7 Show GitHub Exploit DB Packet Storm
252156 4.3 警告 InsaneVisions - OneCMS の index.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2010-4877 2012-01-19 10:31 2011-10-7 Show GitHub Exploit DB Packet Storm
252157 7.5 危険 got milk - mBlogger の viewpost.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2010-4876 2012-01-19 10:30 2011-10-7 Show GitHub Exploit DB Packet Storm
252158 4.3 警告 Xondie - WordPress 用 Vodpod Video Gallery プラグインにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2010-4875 2012-01-19 10:30 2011-10-7 Show GitHub Exploit DB Packet Storm
252159 4.3 警告 NinkoBB - NinkoBB の users.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2010-4874 2012-01-19 10:28 2011-10-7 Show GitHub Exploit DB Packet Storm
252160 4.3 警告 WeBid Support - WeBid におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2010-4873 2012-01-19 10:27 2011-10-7 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 25, 2026, 4:01 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
265451 8.8 HIGH
Network 		mozilla firefox Use-after-free vulnerability in the js::PreliminaryObjectArray::sweep function in Mozilla Firefox before 48.0 allows remote attackers to execute arbitrary code via crafted JavaScript that is mishandl… CWE-416
 Use After Free 		CVE-2016-5255 2024-11-21 11:53 2016-08-5 Show GitHub Exploit DB Packet Storm
265452 9.8 CRITICAL
Network 		mozilla
oracle 		firefox
linux 		Use-after-free vulnerability in the nsXULPopupManager::KeyDown function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows attackers to execute arbitrary code or cause a denial of… CWE-416
 Use After Free 		CVE-2016-5254 2024-11-21 11:53 2016-08-5 Show GitHub Exploit DB Packet Storm
265453 4.7 MEDIUM
Local 		mozilla firefox The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files via vectors involving the callback application-path parameter and a hard link. CWE-264
Permissions, Privileges, and Access Controls 		CVE-2016-5253 2024-11-21 11:53 2016-08-5 Show GitHub Exploit DB Packet Storm
265454 8.8 HIGH
Network 		oracle
mozilla 		linux
firefox 		Stack-based buffer underflow in the mozilla::gfx::BasePoint4d function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 allows remote attackers to execute arbitrary code via crafted tw… CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2016-5252 2024-11-21 11:53 2016-08-5 Show GitHub Exploit DB Packet Storm
265455 4.3 MEDIUM
Network 		mozilla firefox Mozilla Firefox before 48.0 allows remote attackers to spoof the location bar via crafted characters in the media type of a data: URL. CWE-20
 Improper Input Validation  		CVE-2016-5251 2024-11-21 11:53 2016-08-5 Show GitHub Exploit DB Packet Storm
265456 4.3 MEDIUM
Network 		mozilla firefox Mozilla Firefox before 48.0, Firefox ESR < 45.4 and Thunderbird < 45.4 allow remote attackers to obtain sensitive information about the previously retrieved page via Resource Timing API calls. CWE-200
Information Exposure 		CVE-2016-5250 2024-11-21 11:53 2016-08-5 Show GitHub Exploit DB Packet Storm
265457 6.1 MEDIUM
Network 		nofollow_links_project nofollow_links Cross-site scripting (XSS) vulnerability in the Nofollow Links plugin before 1.0.11 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. CWE-79
Cross-site Scripting 		CVE-2016-4833 2024-11-21 11:53 2016-08-3 Show GitHub Exploit DB Packet Storm
265458 9.8 CRITICAL
Network 		atlassian bamboo Atlassian Bamboo before 5.11.4.1 and 5.12.x before 5.12.3.1 does not properly restrict permitted deserialized classes, which allows remote attackers to execute arbitrary code via vectors related to X… CWE-284
Improper Access Control 		CVE-2016-5229 2024-11-21 11:53 2016-08-3 Show GitHub Exploit DB Packet Storm
265459 8.8 HIGH
Network 		google chrome Integer overflow in the kbasep_vinstr_attach_client function in midgard/mali_kbase_vinstr.c in Google Chrome before 52.0.2743.85 allows remote attackers to cause a denial of service (heap-based buffe… CWE-190
 Integer Overflow or Wraparound 		CVE-2016-5138 2024-11-21 11:53 2016-08-1 Show GitHub Exploit DB Packet Storm
265460 9.8 CRITICAL
Network 		ec-cube discount_coupon SQL injection vulnerability in the Seed Coupon plugin before 1.6 for EC-CUBE allows remote attackers to execute arbitrary SQL commands via unspecified vectors. CWE-89
SQL Injection 		CVE-2016-4837 2024-11-21 11:53 2016-08-1 Show GitHub Exploit DB Packet Storm