Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 15, 2026, 12:08 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
252571 7.5 危険 phpyun - PHPYun における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2010-4796 2012-03-27 18:42 2011-04-26 Show GitHub Exploit DB Packet Storm
252572 7.5 危険 joomlaseller
Joomla!		 - Joomla! の com_jscalendar コンポーネントにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2010-4795 2012-03-27 18:42 2011-04-26 Show GitHub Exploit DB Packet Storm
252573 4.3 警告 joomlaseller
Joomla!		 - Joomla! の com_jscalendar コンポーネントにおけるクロスサイトスクリプティング脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2010-4794 2012-03-27 18:42 2011-04-26 Show GitHub Exploit DB Packet Storm
252574 7.5 危険 site2nite - Site2Nite Auto e-Manager の detail.asp における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2010-4793 2012-03-27 18:42 2011-04-26 Show GitHub Exploit DB Packet Storm
252575 4.3 警告 openit - OPEN IT OverLook の title.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2010-4792 2012-03-27 18:42 2011-04-26 Show GitHub Exploit DB Packet Storm
252576 4 警告 IBM - IBM WCM のオーサリングツールにおけるドラフト生成のアクセス制限を回避する脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2010-4806 2012-03-27 18:42 2010-11-16 Show GitHub Exploit DB Packet Storm
252577 7.5 危険 marcusg - PHP-Fusion の MG User-Fotoalbum モジュールにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2010-4791 2012-03-27 18:42 2011-04-26 Show GitHub Exploit DB Packet Storm
252578 5.8 警告 in-mediakg - FilterFTP におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2010-4790 2012-03-27 18:42 2011-04-26 Show GitHub Exploit DB Packet Storm
252579 6.8 警告 PHP Web Scripts - PHP Web Scripts Easy Banner Free の member.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2010-4784 2012-03-27 18:42 2011-04-7 Show GitHub Exploit DB Packet Storm
252580 2.6 注意 PHP Web Scripts - PHP Web Scripts Easy Banner Free の index.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2010-4783 2012-03-27 18:42 2011-04-7 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 15, 2026, 4:10 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
246361 7.5 HIGH
Network 		golang
fedoraproject 		net
fedora 		The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call. CWE-476
 NULL Pointer Dereference 		CVE-2018-17142 2024-11-21 12:53 2018-09-17 Show GitHub Exploit DB Packet Storm
246362 5.4 MEDIUM
Network 		vms-studio quizlord The Quizlord plugin through 2.0 for WordPress is prone to Stored XSS via the title parameter in a ql_insert action to wp-admin/admin.php. CWE-79
Cross-site Scripting 		CVE-2018-17140 2024-11-21 12:53 2018-09-17 Show GitHub Exploit DB Packet Storm
246363 8.8 HIGH
Network 		ultimatefosters ultimatepos UltimatePOS 2.5 allows users to upload arbitrary files, which leads to remote command execution by posting to a /products URI with PHP code in a .php file with the image/jpeg content type. CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2018-17139 2024-11-21 12:53 2018-09-17 Show GitHub Exploit DB Packet Storm
246364 5.4 MEDIUM
Network 		nickelpro jibu_pro The Jibu Pro plugin through 1.7 for WordPress is prone to Stored XSS via the wp-content/plugins/jibu-pro/quiz_action.php name (aka Quiz Name) field. CWE-79
Cross-site Scripting 		CVE-2018-17138 2024-11-21 12:53 2018-09-17 Show GitHub Exploit DB Packet Storm
246365 9.8 CRITICAL
Network 		prezi next Prezi Next 1.3.101.11 has a documented purpose of creating HTML5 presentations but has SE_DEBUG_PRIVILEGE on Windows, which might allow attackers to bypass intended access restrictions. NVD-CWE-noinfo
CVE-2018-17137 2024-11-21 12:53 2018-09-17 Show GitHub Exploit DB Packet Storm
246366 9.8 CRITICAL
Network 		zzcms zzcms zzcms 8.3 contains a SQL Injection vulnerability in /user/check.php via a Client-Ip HTTP header. CWE-89
SQL Injection 		CVE-2018-17136 2024-11-21 12:53 2018-09-17 Show GitHub Exploit DB Packet Storm
246367 7.2 HIGH
Network 		phpmywind phpmywind admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfg_author field in conjunction with a crafted cfg_webpath field. CWE-94
Code Injection 		CVE-2018-17134 2024-11-21 12:53 2018-09-17 Show GitHub Exploit DB Packet Storm
246368 7.2 HIGH
Network 		phpmywind phpmywind admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting. CWE-94
Code Injection 		CVE-2018-17133 2024-11-21 12:53 2018-09-17 Show GitHub Exploit DB Packet Storm
246369 7.2 HIGH
Network 		phpmywind phpmywind admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue[] array parameter. CWE-94
Code Injection 		CVE-2018-17132 2024-11-21 12:53 2018-09-17 Show GitHub Exploit DB Packet Storm
246370 7.2 HIGH
Network 		phpmywind phpmywind admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the varvalue field. CWE-94
Code Injection 		CVE-2018-17131 2024-11-21 12:53 2018-09-17 Show GitHub Exploit DB Packet Storm