Vulnerability Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 10, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
258171	7.5	危険	Carnegie Mellon University (Project Cyrus) アップルサイバートラスト株式会社サン・マイクロシステムズオラクルレッドハット	-	Cyrus SASL ライブラリにおけるバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2009-0688	2010-05-14 18:37	2009-05-15	Show	GitHub Exploit DB Packet Storm

258172	7.5	危険	サン・マイクロシステムズ GNOME Project レッドハット	-	Evolution Data Server (別名 evolution-data-server) における複数の整数オーバーフローの脆弱性	CWE-189 数値処理の問題	CVE-2009-0587	2010-05-14 18:37	2009-03-14	Show	GitHub Exploit DB Packet Storm

258173	5.8	警告	サン・マイクロシステムズ GNOME Project レッドハット	-	Evolution Data Server (別名 evolution-data-server) の ntlm_challenge 関数におけるプロセスメモリ情報の漏洩またはサービス運用妨害 (DoS) の脆弱性	CWE-20 不適切な入力確認	CVE-2009-0582	2010-05-14 18:37	2009-03-14	Show	GitHub Exploit DB Packet Storm

258174	1.2	注意	日本電気サイバートラスト株式会社サン・マイクロシステムズターボリナックス OpenSSL Project レッドハット	-	RSA key reconstruction vulnerability	-	CVE-2007-3108	2010-05-14 18:37	2007-08-16	Show	GitHub Exploit DB Packet Storm

258175	5	警告	ヒューレット・パッカードサイバートラスト株式会社 OpenSSL Project ターボリナックスレッドハット	-	OpenSSL の zlib_stateful_finish 関数におけるサービス運用妨害 (DoS) の脆弱性	CWE-399 リソース管理の問題	CVE-2009-4355	2010-05-13 17:21	2010-01-13	Show	GitHub Exploit DB Packet Storm

258176	9.3	危険	日立	-	XMAP3 における任意のコードが実行される脆弱性	CWE-noinfo 情報不足	-	2010-05-13 15:14	2010-04-12	Show	GitHub Exploit DB Packet Storm

258177	4.3	警告	オラクル	-	Oracle Industry Product Suite の Retail - Oracle Retail Plan In-Season コンポーネントにおける脆弱性	CWE-noinfo 情報不足	CVE-2010-0863	2010-05-13 15:13	2010-04-13	Show	GitHub Exploit DB Packet Storm

258178	4.3	警告	オラクル	-	Oracle Industry Product Suite の Retail - Oracle Retail Place In-Season コンポーネントにおける脆弱性	CWE-noinfo 情報不足	CVE-2010-0864	2010-05-13 15:13	2010-04-13	Show	GitHub Exploit DB Packet Storm

258179	4.3	警告	オラクル	-	Oracle Industry Product Suite の Retail - Oracle Retail Markdown Optimization コンポーネントにおける脆弱性	CWE-noinfo 情報不足	CVE-2010-0862	2010-05-13 15:13	2010-04-13	Show	GitHub Exploit DB Packet Storm

258180	4.3	警告	オラクル	-	Oracle Industry Product Suite の Life Sciences - Oracle Thesaurus Management System コンポーネントにおける脆弱性	CWE-noinfo 情報不足	CVE-2010-0875	2010-05-13 15:12	2010-04-13	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 10, 2026, 5 a.m.

No	CVSS	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
287451	-	novell	edirectory	Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote attackers to inject arbitrary web script or HTML via the rdn paramete…	CWE-79 Cross-site Scripting	CVE-2014-5212	2024-11-21 11:11	2014-12-20	Show	GitHub Exploit DB Packet Storm

287452	-	mit	kerberos kerberos_5	plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NU…	NVD-CWE-Other	CVE-2014-5354	2024-11-21 11:11	2014-12-17	Show	GitHub Exploit DB Packet Storm

287453	-	mit redhat fedoraproject debian canonical oracle opensuse	kerberos_5 enterprise_linux_server enterprise_linux_server_aus enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_eus enterprise_linux_server_tus fedora de…	The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated us…	CWE-476 NULL Pointer Dereference	CVE-2014-5353	2024-11-21 11:11	2014-12-17	Show	GitHub Exploit DB Packet Storm

287454	-	safenet-inc	safenet_authentication_service_outlook_web_access_agent	Directory traversal vulnerability in SafeNet Authentication Service (SAS) Outlook Web Access Agent (formerly CRYPTOCard) before 1.03.30109 allows remote attackers to read arbitrary files via a .. (do…	CWE-22 Path Traversal	CVE-2014-5359	2024-11-21 11:11	2014-12-17	Show	GitHub Exploit DB Packet Storm

287455	-	malwarebytes	malwarebytes_anti-exploit malwarebytes_anti-malware	The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE) consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute …	CWE-345 Insufficient Verification of Data Authenticity	CVE-2014-4936	2024-11-21 11:11	2014-12-17	Show	GitHub Exploit DB Packet Storm

287456	-	hikvision	dvr_ds-7204_firmware	Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote attackers to execute arbitrary code via an RTSP PLAY request with a long Authorizat…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2014-4880	2024-11-21 11:11	2014-12-8	Show	GitHub Exploit DB Packet Storm

287457	-	ossec	ossec	host-deny.sh in OSSEC before 2.8.1 writes to temporary files with predictable filenames without verifying ownership, which allows local users to modify access restrictions in hosts.deny and gain root…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2014-5284	2024-11-21 11:11	2014-12-2	Show	GitHub Exploit DB Packet Storm

287458	-	fasttoggle_project	fasttoggle	The Fasttoggle module 7.x-1.3 and 7.x-1.4 for Drupal allows remote attackers to block or unblock an account via a crafted user status link.	CWE-264 Permissions, Privileges, and Access Controls	CVE-2014-5268	2024-11-21 11:11	2014-12-2	Show	GitHub Exploit DB Packet Storm

287459	-	open-xchange	app_suite	Server-side request forgery (SSRF) vulnerability in the documentconverter component in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger re…	NVD-CWE-Other	CVE-2014-5237	2024-11-21 11:11	2014-12-2	Show	GitHub Exploit DB Packet Storm

287460	-	lwip_project	lwip	resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for…	CWE-345 Insufficient Verification of Data Authenticity	CVE-2014-4883	2024-11-21 11:11	2014-11-28	Show	GitHub Exploit DB Packet Storm

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed