Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 14, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
258681	4.3	警告	オラクル	-	Oracle Fusion Middleware の Portal コンポーネントにおける脆弱性	CWE-noinfo 情報不足	CVE-2010-0855	2010-05-12 15:19	2010-04-13	Show	GitHub Exploit DB Packet Storm

258682	4.3	警告	オラクル	-	Oracle Fusion Middleware の Portal コンポーネントにおける脆弱性	CWE-noinfo 情報不足	CVE-2010-0086	2010-05-12 15:18	2010-04-13	Show	GitHub Exploit DB Packet Storm

258683	5	警告	オラクル	-	Oracle Fusion Middleware の Portal コンポーネントにおける脆弱性	CWE-noinfo 情報不足	CVE-2010-0856	2010-05-12 15:18	2010-04-13	Show	GitHub Exploit DB Packet Storm

258684	5	警告	オラクル	-	Oracle Fusion Middleware の Oracle Internet Directory コンポーネントにおける脆弱性	CWE-noinfo 情報不足	CVE-2010-0872	2010-05-12 15:18	2010-04-13	Show	GitHub Exploit DB Packet Storm

258685	2.1	注意	オラクル	-	Oracle Database の Audit コンポーネントにおける脆弱性	CWE-noinfo 情報不足	CVE-2010-0854	2010-05-12 15:18	2010-04-13	Show	GitHub Exploit DB Packet Storm

258686	3.6	注意	オラクル	-	Oracle Database の Change Data Capture コンポーネントにおける脆弱性	CWE-noinfo 情報不足	CVE-2010-0870	2010-05-12 15:18	2010-04-13	Show	GitHub Exploit DB Packet Storm

258687	4	警告	オラクル	-	Oracle Database の XML DB コンポーネントにおける脆弱性	CWE-noinfo 情報不足	CVE-2010-0851	2010-05-12 15:17	2010-04-13	Show	GitHub Exploit DB Packet Storm

258688	4	警告	オラクル	-	Oracle Database の JavaVM コンポーネントにおける脆弱性	CWE-noinfo 情報不足	CVE-2010-0867	2010-05-12 15:17	2010-04-13	Show	GitHub Exploit DB Packet Storm

258689	5.5	警告	オラクル	-	Oracle Database の XML DB コンポーネントにおける脆弱性	CWE-noinfo 情報不足	CVE-2010-0852	2010-05-12 15:17	2010-04-13	Show	GitHub Exploit DB Packet Storm

258690	6.5	警告	オラクル	-	Oracle Database の JavaVM コンポーネントにおける脆弱性	CWE-noinfo 情報不足	CVE-2010-0866	2010-05-12 15:17	2010-04-13	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 14, 2026, 4:12 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
246351	8.8	HIGH Network	ultimatefosters	ultimatepos	UltimatePOS 2.5 allows users to upload arbitrary files, which leads to remote command execution by posting to a /products URI with PHP code in a .php file with the image/jpeg content type.	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2018-17139	2024-11-21 12:53	2018-09-17	Show	GitHub Exploit DB Packet Storm

246352	5.4	MEDIUM Network	nickelpro	jibu_pro	The Jibu Pro plugin through 1.7 for WordPress is prone to Stored XSS via the wp-content/plugins/jibu-pro/quiz_action.php name (aka Quiz Name) field.	CWE-79 Cross-site Scripting	CVE-2018-17138	2024-11-21 12:53	2018-09-17	Show	GitHub Exploit DB Packet Storm

246353	9.8	CRITICAL Network	prezi	next	Prezi Next 1.3.101.11 has a documented purpose of creating HTML5 presentations but has SE_DEBUG_PRIVILEGE on Windows, which might allow attackers to bypass intended access restrictions.	NVD-CWE-noinfo	CVE-2018-17137	2024-11-21 12:53	2018-09-17	Show	GitHub Exploit DB Packet Storm

246354	9.8	CRITICAL Network	zzcms	zzcms	zzcms 8.3 contains a SQL Injection vulnerability in /user/check.php via a Client-Ip HTTP header.	CWE-89 SQL Injection	CVE-2018-17136	2024-11-21 12:53	2018-09-17	Show	GitHub Exploit DB Packet Storm

246355	7.2	HIGH Network	phpmywind	phpmywind	admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the cfg_author field in conjunction with a crafted cfg_webpath field.	CWE-94 Code Injection	CVE-2018-17134	2024-11-21 12:53	2018-09-17	Show	GitHub Exploit DB Packet Storm

246356	7.2	HIGH Network	phpmywind	phpmywind	admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the rewrite url setting.	CWE-94 Code Injection	CVE-2018-17133	2024-11-21 12:53	2018-09-17	Show	GitHub Exploit DB Packet Storm

246357	7.2	HIGH Network	phpmywind	phpmywind	admin/goods_update.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the attrvalue[] array parameter.	CWE-94 Code Injection	CVE-2018-17132	2024-11-21 12:53	2018-09-17	Show	GitHub Exploit DB Packet Storm

246358	7.2	HIGH Network	phpmywind	phpmywind	admin/web_config.php in PHPMyWind 5.5 allows Admin users to execute arbitrary code via the varvalue field.	CWE-94 Code Injection	CVE-2018-17131	2024-11-21 12:53	2018-09-17	Show	GitHub Exploit DB Packet Storm

246359	5.4	MEDIUM Network	phpmywind	phpmywind	PHPMyWind 5.5 has XSS in member.php via an HTTP Referer header,	CWE-79 Cross-site Scripting	CVE-2018-17130	2024-11-21 12:53	2018-09-17	Show	GitHub Exploit DB Packet Storm

246360	4.9	MEDIUM Network	metinfo	metinfo	MetInfo 6.1.0 has SQL injection in doexport() in app/system/feedback/admin/feedback_admin.class.php via the class1 field.	CWE-89 SQL Injection	CVE-2018-17129	2024-11-21 12:53	2018-09-17	Show	GitHub Exploit DB Packet Storm