Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":July 1, 2026, 4:01 p.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show
Exploit
PoC
Search
259351 7.2 危険 マイクロソフト - Microsoft Windows XP の Trace Events 機能における権限昇格の脆弱性 CWE-119
バッファエラー
CVE-2011-0045 2011-03-7 14:49 2011-02-8 Show GitHub Exploit DB Packet Storm
259352 7.2 危険 マイクロソフト - 複数の Microsoft 製品の Local Security Authority Subsystem Service における権限昇格の脆弱性 CWE-287
不適切な認証
CVE-2011-0039 2011-03-7 14:47 2011-02-8 Show GitHub Exploit DB Packet Storm
259353 6.8 警告 OTRS プロジェクト - OTRS における OS コマンドインジェクションの脆弱性 CWE-78
OSコマンド・インジェクション
CVE-2011-0456 2011-03-7 12:02 2011-03-7 Show GitHub Exploit DB Packet Storm
259354 7.1 危険 マイクロソフト - 複数の Microsoft 製品の JScript および VBScript スクリプトエンジンにおける重要な情報を取得される脆弱性 CWE-200
情報漏えい
CVE-2011-0031 2011-03-4 15:12 2011-02-8 Show GitHub Exploit DB Packet Storm
259355 9.3 危険 マイクロソフト - Microsoft Visio の ELEMENTS.DLL における任意のコードを実行される脆弱性 CWE-94
コード・インジェクション
CVE-2011-0093 2011-03-4 15:09 2011-02-8 Show GitHub Exploit DB Packet Storm
259356 9.3 危険 マイクロソフト - Microsoft Visio の LZW ストリーム圧縮機能における任意のコードを実行される脆弱性 CWE-94
コード・インジェクション
CVE-2011-0092 2011-03-4 15:06 2011-02-8 Show GitHub Exploit DB Packet Storm
259357 5 警告 マイクロソフト - Windows Server 2003 上で稼働する Microsoft Active Directory におけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認
CVE-2011-0040 2011-03-4 15:02 2011-02-8 Show GitHub Exploit DB Packet Storm
259358 9.3 危険 マイクロソフト - 複数の Microsoft 製品の Windows OpenType Compact Font Format ドライバにおける任意のコードを実行される脆弱性 CWE-20
不適切な入力確認
CVE-2011-0033 2011-03-4 15:00 2011-02-8 Show GitHub Exploit DB Packet Storm
259359 9.3 危険 マイクロソフト - Microsoft Internet Explorer 8 における権限昇格の脆弱性 CWE-Other
その他
CVE-2011-0038 2011-03-4 14:53 2011-02-8 Show GitHub Exploit DB Packet Storm
259360 9.3 危険 マイクロソフト - Microsoft Internet Explorer における任意のコードを実行される脆弱性 CWE-94
コード・インジェクション
CVE-2011-0036 2011-03-4 14:50 2011-02-8 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:July 1, 2026, 4:27 a.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
246921 5.3 MEDIUM
Network
is-my-json-valid_project is-my-json-valid It was discovered that the is-my-json-valid JavaScript library used an inefficient regular expression to validate JSON fields defined to have email format. A specially crafted JSON file could cause i… - CVE-2018-1107 2024-11-21 12:59 2021-03-30 Show GitHub Exploit DB Packet Storm
246922 7.5 HIGH
Network
ibm security_guardium IBM Security Guardium 10.5, 10.6, and 11.0 could allow an unauthorized user to obtain sensitive information due to missing security controls. IBM X-Force ID: 141226. CWE-306
Missing Authentication for Critical Function
CVE-2018-1501 2024-11-21 12:59 2020-08-27 Show GitHub Exploit DB Packet Storm
246923 9.8 CRITICAL
Network
apache
fedoraproject
oracle
netapp
log4net
fedora
application_testing_suite
hospitality_simphony
hospitality_opera_5
snapcenter
manageability_software_development_kit
Apache log4net versions before 2.0.10 do not disable XML external entities when parsing log4net configuration files. This allows for XXE-based attacks in applications that accept attacker-controlled … CWE-611
XXE
CVE-2018-1285 2024-11-21 12:59 2020-05-12 Show GitHub Exploit DB Packet Storm
246924 8.1 HIGH
Network
apache
redhat
debian
oracle
fedoraproject
xerces-c\+\+
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_server_aus
enterprise_linux_server_tus
enterprise_linux_eus
debian_lin…
The Apache Xerces-C 3.0.0 to 3.2.3 XML parser contains a use-after-free error triggered during the scanning of external DTDs. This flaw has not been addressed in the maintained version of the library… CWE-416
 Use After Free
CVE-2018-1311 2024-11-21 12:59 2019-12-19 Show GitHub Exploit DB Packet Storm
246925 8.1 HIGH
Network
fortinet fortimanager A cleartext transmission of sensitive information vulnerability in Fortinet FortiManager 5.2.0 through 5.2.7, 5.4.0 and 5.4.1 may allow an unauthenticated attacker in a man in the middle position to … CWE-319
Cleartext Transmission of Sensitive Information
CVE-2018-1360 2024-11-21 12:59 2019-04-26 Show GitHub Exploit DB Packet Storm
246926 6.1 MEDIUM
Network
apache zeppelin Apache Zeppelin prior to 0.8.0 had a stored XSS issue via Note permissions. Issue reported by "Josna Joseph". CWE-79
Cross-site Scripting
CVE-2018-1328 2024-11-21 12:59 2019-04-24 Show GitHub Exploit DB Packet Storm
246927 8.8 HIGH
Network
apache zeppelin In Apache Zeppelin prior to 0.8.0 the cron scheduler was enabled by default and could allow users to run paragraphs as other users without authentication. CWE-287
Improper Authentication
CVE-2018-1317 2024-11-21 12:59 2019-04-24 Show GitHub Exploit DB Packet Storm
246928 6.1 MEDIUM
Network
fortinet fortisandbox A reflected Cross-Site-Scripting (XSS) vulnerability in Fortinet FortiSandbox before 3.0 may allow an attacker to execute unauthorized code or commands via the back_url parameter in the file scan com… CWE-79
Cross-site Scripting
CVE-2018-1356 2024-11-21 12:59 2019-04-10 Show GitHub Exploit DB Packet Storm
246929 9.8 CRITICAL
Network
fortinet fortios A format string vulnerability in Fortinet FortiOS 5.6.0 allows attacker to execute unauthorized code or commands via the SSH username variable. CWE-134
Use of Externally-Controlled Format String
CVE-2018-1352 2024-11-21 12:59 2019-02-9 Show GitHub Exploit DB Packet Storm
246930 7.5 HIGH
Network
apache guacamole Prior to 1.0.0, Apache Guacamole used a cookie for client-side storage of the user's session token. This cookie lacked the "secure" flag, which could allow an attacker eavesdropping on the network to… CWE-311
Missing Encryption of Sensitive Data
CVE-2018-1340 2024-11-21 12:59 2019-02-8 Show GitHub Exploit DB Packet Storm