Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 19, 2026, noon

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
256011	6.8	警告	IBM	-	IBM Lotus Domino Web Access におけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2010-0921	2010-03-16 11:15	2010-03-3	Show	GitHub Exploit DB Packet Storm

256012	4.3	警告	IBM	-	IBM Lotus Domino Web Access におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-0920	2010-03-16 11:14	2010-03-3	Show	GitHub Exploit DB Packet Storm

256013	10	危険	IBM	-	IBM Lotus Domino Web Access の UltraLite 機能における脆弱性	CWE-noinfo 情報不足	CVE-2010-0918	2010-03-16 11:14	2010-03-3	Show	GitHub Exploit DB Packet Storm

256014	4.9	警告	サイバートラスト株式会社レッドハット SystemTap	-	SystemTap の _get_argv および _get_compat_argv 関数におけるサービス運用妨害 (DoS) の脆弱性	CWE-189 数値処理の問題	CVE-2010-0411	2010-03-16 11:14	2010-02-8	Show	GitHub Exploit DB Packet Storm

256015	10	危険	サイバートラスト株式会社レッドハット SystemTap	-	SystemTap の stap-server における任意のコマンドを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2009-4273	2010-03-16 11:14	2010-01-26	Show	GitHub Exploit DB Packet Storm

256016	6.5	警告	サイバートラスト株式会社 Linux レッドハット	-	KVM の x86 エミュレータにおける権限昇格の脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2010-0298	2010-03-16 11:13	2010-02-9	Show	GitHub Exploit DB Packet Storm

256017	4.4	警告	サイバートラスト株式会社 Fabrice Bellard レッドハット	-	QEMU の usb_host_handle_control 関数におけるバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2010-0297	2010-03-16 11:13	2010-02-9	Show	GitHub Exploit DB Packet Storm

256018	6.8	警告	サン・マイクロシステムズ freedesktop.org	-	Poppler における整数オーバーフローの脆弱性	CWE-189 数値処理の問題	CVE-2009-3605	2010-03-15 16:40	2009-11-2	Show	GitHub Exploit DB Packet Storm

256019	4.1	警告	Linux レッドハット	-	Linux kernel の smbfs に関する脆弱性	-	CVE-2006-5871	2010-03-15 16:40	2005-10-5	Show	GitHub Exploit DB Packet Storm

256020	7.8	危険	Linux レッドハット	-	Linux kernel の selinux_parse_skb_ipv6 関数におけるサービス運用妨害 (DoS) の脆弱性	CWE-189 数値処理の問題	CVE-2005-4886	2010-03-15 16:40	2005-10-5	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 19, 2026, 4:16 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
255501	7.8	HIGH Local	shadowsocks debian	shadowsocks-libev debian_linux	In manager.c in ss-manager in shadowsocks-libev 3.1.0, improper parsing allows command injection via shell metacharacters in a JSON configuration request received via 127.0.0.1 UDP traffic, related t…	CWE-78 OS Command	CVE-2017-15924	2024-11-21 12:15	2017-10-28	Show	GitHub Exploit DB Packet Storm

255502	5.5	MEDIUM Local	gnu	libextractor	In GNU Libextractor 1.4, there is an out-of-bounds read in the EXTRACTOR_dvi_extract_method function in plugins/dvi_extractor.c.	CWE-125 Out-of-bounds Read	CVE-2017-15922	2024-11-21 12:15	2017-10-27	Show	GitHub Exploit DB Packet Storm

255503	9.8	CRITICAL Network	accesspressthemes	ultimate-form-builder-lite	The ultimate-form-builder-lite plugin before 1.3.7 for WordPress has SQL Injection, with resultant PHP Object Injection, via wp-admin/admin-ajax.php.	CWE-89 SQL Injection	CVE-2017-15919	2024-11-21 12:15	2017-10-27	Show	GitHub Exploit DB Packet Storm

255504	6.5	MEDIUM Network	paessler	prtg_network_monitor	In Paessler PRTG Network Monitor 17.3.33.2830, it's possible to create a Map as a read-only user, by forging a request and sending it to the server.	CWE-269 Improper Privilege Management	CVE-2017-15917	2024-11-21 12:15	2017-10-27	Show	GitHub Exploit DB Packet Storm

255505	4.8	MEDIUM Network	igniterealtime	openfire	The Admin Console in Ignite Realtime Openfire Server before 4.1.7 allows arbitrary client-side JavaScript code execution on victims who click a crafted setup/setup-host-settings.jsp?domain= link, aka…	CWE-79 Cross-site Scripting	CVE-2017-15911	2024-11-21 12:15	2017-10-27	Show	GitHub Exploit DB Packet Storm

255506	7.5	HIGH Network	systemd_project canonical	systemd ubuntu_linux	In systemd 223 through 235, a remote DNS server can respond with a custom crafted DNS NSEC resource record to trigger an infinite loop in the dns_packet_read_type_window() function of the 'systemd-re…	CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')	CVE-2017-15908	2024-11-21 12:15	2017-10-26	Show	GitHub Exploit DB Packet Storm

255507	9.8	CRITICAL Network	phpcollab	phpcollab	SQL injection vulnerability in phpCollab 2.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to newsdesk/newsdesk.php.	CWE-89 SQL Injection	CVE-2017-15907	2024-11-21 12:15	2017-10-26	Show	GitHub Exploit DB Packet Storm

255508	7.5	HIGH Network	londontrustmedia	private_internet_access	The London Trust Media Private Internet Access (PIA) application before 1.3.3.1 for Android allows remote attackers to cause a denial of service (application crash) via a large VPN server-list file.	CWE-400 Uncontrolled Resource Consumption	CVE-2017-15882	2024-11-21 12:15	2017-10-26	Show	GitHub Exploit DB Packet Storm

255509	9.8	CRITICAL Network	dlink	dgs-1500_firmware	D-Link DGS-1500 Ax devices before 2.51B021 have a hardcoded password, which allows remote attackers to obtain shell access.	CWE-798 Use of Hard-coded Credentials	CVE-2017-15909	2024-11-21 12:15	2017-10-26	Show	GitHub Exploit DB Packet Storm

255510	5.3	MEDIUM Network	openbsd oracle debian netapp redhat	openssh sun_zfs_storage_appliance_kit debian_linux cloud_backup data_ontap_edge steelstore_cloud_integrated_storage clustered_data_ontap solidfire hci_management_node activ…	The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.	CWE-732 Incorrect Permission Assignment for Critical Resource	CVE-2017-15906	2024-11-21 12:15	2017-10-26	Show	GitHub Exploit DB Packet Storm