Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 30, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
257131 8.5 危険 シスコシステムズ - Cisco Unified Communications Manager における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2011-1609 2011-12-1 10:40 2011-04-27 Show GitHub Exploit DB Packet Storm
257132 6.5 警告 シスコシステムズ - Cisco Unified Communications Manager におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2011-1607 2011-12-1 10:40 2011-04-27 Show GitHub Exploit DB Packet Storm
257133 7.8 危険 シスコシステムズ - Cisco Unified Communications Manager におけるサービス運用妨害 (プロセス障害) の脆弱性 CWE-noinfo
情報不足 		CVE-2011-1606 2011-12-1 10:38 2011-04-27 Show GitHub Exploit DB Packet Storm
257134 7.8 危険 シスコシステムズ - Cisco Unified Communications Manager におけるサービス運用妨害 (プロセス障害) の脆弱性 CWE-noinfo
情報不足 		CVE-2011-1605 2011-12-1 10:36 2011-04-27 Show GitHub Exploit DB Packet Storm
257135 7.1 危険 シスコシステムズ - Cisco Unified Communications Manager におけるメモリリークの脆弱性 CWE-399
リソース管理の問題 		CVE-2011-1604 2011-12-1 10:35 2011-04-27 Show GitHub Exploit DB Packet Storm
257136 4.3 警告 John Godley - WordPress 用 Redirection プラグインにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2011-4562 2011-11-30 16:50 2011-11-28 Show GitHub Exploit DB Packet Storm
257137 4.3 警告 codefuture - CF Image Hosting Script におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2011-4572 2011-11-30 16:38 2011-11-29 Show GitHub Exploit DB Packet Storm
257138 7.5 危険 EA Improved - Estate Agent コンポーネントにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2011-4571 2011-11-30 16:37 2011-11-29 Show GitHub Exploit DB Packet Storm
257139 7.5 危険 Takeaweb - Time Returns コンポーネントにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2011-4570 2011-11-30 16:37 2011-11-29 Show GitHub Exploit DB Packet Storm
257140 7.5 危険 tommykent1210 - MyBB Forum 用 Userbar プラグインにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2011-4569 2011-11-30 16:36 2011-11-29 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 30, 2026, 4:22 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
246241 7.5 HIGH
Network 		qemu
canonical
fedoraproject 		qemu
ubuntu_linux
fedora 		hw/rdma/vmw/pvrdma_main.c in QEMU does not implement a read operation (such as uar_read by analogy to uar_write), which allows attackers to cause a denial of service (NULL pointer dereference). CWE-476
 NULL Pointer Dereference 		CVE-2018-20191 2024-11-21 13:01 2018-12-21 Show GitHub Exploit DB Packet Storm
246242 7.5 HIGH
Network 		qemu
canonical 		qemu
ubuntu_linux 		QEMU can have an infinite loop in hw/rdma/vmw/pvrdma_dev_ring.c because return values are not checked (and -1 is mishandled). CWE-252
CWE-835
 Unchecked Return Value
 Loop with Unreachable Exit Condition ('Infinite Loop') 		CVE-2018-20216 2024-11-21 13:01 2018-12-21 Show GitHub Exploit DB Packet Storm
246243 4.3 MEDIUM
Network 		pulsesecure virtual_traffic_manager Pulse Secure Virtual Traffic Manager 9.9 versions prior to 9.9r2 and 10.4r1 allow a remote authenticated user to obtain sensitive historical activity information by leveraging incorrect permission va… CWE-200
Information Exposure 		CVE-2018-20307 2024-11-21 13:01 2018-12-20 Show GitHub Exploit DB Packet Storm
246244 5.4 MEDIUM
Network 		pulsesecure virtual_traffic_manager A stored cross-site scripting (XSS) vulnerability in the web administration user interface of Pulse Secure Virtual Traffic Manager may allow a remote authenticated attacker to inject web script or HT… CWE-79
Cross-site Scripting 		CVE-2018-20306 2024-11-21 13:01 2018-12-20 Show GitHub Exploit DB Packet Storm
246245 6.5 MEDIUM
Network 		coherence_project coherence An issue was discovered in Steve Pallen Coherence before 0.5.2 that is similar to a Mass Assignment vulnerability. In particular, "registration" endpoints (e.g., creating, editing, updating) allow us… CWE-20
 Improper Input Validation  		CVE-2018-20301 2024-11-21 13:01 2018-12-20 Show GitHub Exploit DB Packet Storm
246246 9.8 CRITICAL
Network 		d-link dir-816_a2_firmware D-Link DIR-816 A2 1.10 B05 devices allow arbitrary remote code execution without authentication via the newpass parameter. In the /goform/form2userconfig.cgi handler function, a long password may lea… CWE-787
 Out-of-bounds Write 		CVE-2018-20305 2024-11-21 13:01 2018-12-20 Show GitHub Exploit DB Packet Storm
246247 6.5 MEDIUM
Network 		libexcel_project libexcel wbook_addworksheet in workbook.c in libexcel.a in libexcel 0.01 allows attackers to cause a denial of service (SEGV) via a long second argument. NOTE: this is not a Microsoft product. CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2018-20304 2024-11-21 13:01 2018-12-20 Show GitHub Exploit DB Packet Storm
246248 7.5 HIGH
Network 		gogs gogs In pkg/tool/path.go in Gogs before 0.11.82.1218, a directory traversal in the file-upload functionality can allow an attacker to create a file under data/sessions on the server, a similar issue to CV… CWE-22
Path Traversal 		CVE-2018-20303 2024-11-21 13:01 2018-12-20 Show GitHub Exploit DB Packet Storm
246249 6.1 MEDIUM
Network 		emetrotel xain An XSS issue was discovered in Steve Pallen Xain before 0.6.2 via the order parameter. CWE-79
Cross-site Scripting 		CVE-2018-20302 2024-11-21 13:01 2018-12-20 Show GitHub Exploit DB Packet Storm
246250 9.8 CRITICAL
Network 		phome empirecms Empire CMS 7.5 allows remote attackers to execute arbitrary PHP code via the ftemp parameter in an enews=EditMemberForm action because this code is injected into a memberform.$fid.php file. CWE-94
Code Injection 		CVE-2018-20300 2024-11-21 13:01 2018-12-20 Show GitHub Exploit DB Packet Storm