Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":July 1, 2026, 6 p.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show
Exploit
PoC
Search
257161 7.5 危険 esoftpro - esoftpro Online Photo Pro の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2010-4999 2011-12-9 14:21 2011-11-1 Show GitHub Exploit DB Packet Storm
257162 7.5 危険 esoftpro - esoftpro Online Contact Manager の view.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2010-5001 2011-12-9 14:21 2011-11-1 Show GitHub Exploit DB Packet Storm
257163 4.3 警告 Exponent CMS project - Exponent CMS におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-5002 2011-12-9 14:20 2011-11-1 Show GitHub Exploit DB Packet Storm
257164 7.5 危険 Autartica - Joomla! 用 の AutarTimonial コンポーネントにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2010-5003 2011-12-9 14:20 2011-11-1 Show GitHub Exploit DB Packet Storm
257165 4.3 警告 VideoWhisper.com - VideoWhisper PHP 2 Way Video Chat コンポーネントにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-4971 2011-12-9 14:19 2011-11-2 Show GitHub Exploit DB Packet Storm
257166 7.5 危険 OlyKit - OlyKit Swoopo Clone 2010 の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2010-4997 2011-12-9 14:18 2011-11-2 Show GitHub Exploit DB Packet Storm
257167 7.5 危険 Maulana Al Matien - ardeaCore PHP Framework におけるリモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション
CVE-2010-4998 2011-12-9 14:18 2011-11-2 Show GitHub Exploit DB Packet Storm
257168 7.5 危険 Joe Pieruccini - MCLogin System の login/login_index.php におけるSQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2010-5000 2011-12-9 14:17 2011-11-2 Show GitHub Exploit DB Packet Storm
257169 7.5 危険 2daybiz - 2daybiz Polls Script の searchvote.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2010-5004 2011-12-9 14:16 2011-11-2 Show GitHub Exploit DB Packet Storm
257170 4.3 警告 Rayzz - Rayzz Photoz の members/profileCommentsResponse.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-5005 2011-12-9 14:15 2011-11-2 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:July 1, 2026, 4:27 a.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
254731 5.3 MEDIUM
Network
cmsmadesimple cms_made_simple CMS Made Simple (CMSMS) through 2.2.7 allows physical path leakage via an invalid /index.php?page= value, a crafted URI starting with /index.php?mact=Search, or a direct request to /admin/header.php,… CWE-200
Information Exposure
CVE-2018-10082 2024-11-21 12:40 2018-04-13 Show GitHub Exploit DB Packet Storm
254732 9.8 CRITICAL
Network
cmsmadesimple cms_made_simple CMS Made Simple (CMSMS) through 2.2.6 contains an admin password reset vulnerability because data values are improperly compared, as demonstrated by a hash beginning with the "0e" substring. CWE-640
 Weak Password Recovery Mechanism for Forgotten Password
CVE-2018-10081 2024-11-21 12:40 2018-04-13 Show GitHub Exploit DB Packet Storm
254733 8.6 HIGH
Network
secutech_project ris-11_firmware
ris-22_firmware
ris-33_firmware
Secutech RiS-11, RiS-22, and RiS-33 devices with firmware V5.07.52_es_FRI01 allow DNS settings changes via a goform/AdvSetDns?GO=wan_dns.asp request in conjunction with a crafted admin cookie. CWE-345
 Insufficient Verification of Data Authenticity
CVE-2018-10080 2024-11-21 12:40 2018-04-13 Show GitHub Exploit DB Packet Storm
254734 7.8 HIGH
Local
convert_forms_project convert_forms The Convert Forms extension before 2.0.4 for Joomla! is vulnerable to Remote Command Execution using CSV Injection that is mishandled when exporting a Leads file. NVD-CWE-noinfo
CVE-2018-10063 2024-11-21 12:40 2018-04-13 Show GitHub Exploit DB Packet Storm
254735 5.5 MEDIUM
Local
linux linux_kernel The hi3660_stub_clk_probe function in drivers/clk/hisilicon/clk-hi3660-stub.c in the Linux kernel before 4.16 allows local users to cause a denial of service (NULL pointer dereference) by triggering … CWE-476
 NULL Pointer Dereference
CVE-2018-10074 2024-11-21 12:40 2018-04-13 Show GitHub Exploit DB Packet Storm
254736 4.8 MEDIUM
Network
joyplus-cms_project joyplus-cms joyplus-cms 1.6.0 has XSS in manager/admin_vod.php via the keyword parameter. CWE-79
Cross-site Scripting
CVE-2018-10073 2024-11-21 12:40 2018-04-13 Show GitHub Exploit DB Packet Storm
254737 5.5 MEDIUM
Local
jungo windriver windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a 0x953827bf DeviceIoControl call. CWE-20
 Improper Input Validation 
CVE-2018-10072 2024-11-21 12:40 2018-04-13 Show GitHub Exploit DB Packet Storm
254738 5.5 MEDIUM
Local
jungo windriver windrvr1260.sys in Jungo DriverWizard WinDriver 12.6.0 allows attackers to cause a denial of service (BSOD) via a 0x953826DB DeviceIoControl call. CWE-20
 Improper Input Validation 
CVE-2018-10071 2024-11-21 12:40 2018-04-13 Show GitHub Exploit DB Packet Storm
254739 6.1 MEDIUM
Network
jdownloads jdownloads The jDownloads extension before 3.2.59 for Joomla! has XSS. CWE-79
Cross-site Scripting
CVE-2018-10068 2024-11-21 12:40 2018-04-13 Show GitHub Exploit DB Packet Storm
254740 5.4 MEDIUM
Network
cacti
debian
cacti
debian_linux
Cacti before 1.1.37 has XSS because it makes certain htmlspecialchars calls without the ENT_QUOTES flag (these calls occur when the html_escape function in lib/html.php is not used). CWE-79
Cross-site Scripting
CVE-2018-10061 2024-11-21 12:40 2018-04-13 Show GitHub Exploit DB Packet Storm