Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 9, 2026, 2 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
226561 6.8 警告 w2b - phpGreetCards の index.php における任意の PHP コードを実行される脆弱性 CWE-94
コード・インジェクション 		CVE-2008-6849 2012-12-20 19:10 2009-07-7 Show GitHub Exploit DB Packet Storm
226562 4.3 警告 w2b - phpGreetCards の index.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-6848 2012-12-20 19:10 2009-07-7 Show GitHub Exploit DB Packet Storm
226563 4.3 警告 PreProject.com - Pre ASP Job Board の Employee/emp_login.asp におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-6847 2012-12-20 19:10 2009-07-2 Show GitHub Exploit DB Packet Storm
226564 6.8 警告 Pluck CMS - Pluck の data/modules/blog/module_pages_site.php におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2008-6842 2012-12-20 19:10 2009-07-2 Show GitHub Exploit DB Packet Storm
226565 4.3 警告 tgs-cms - TGS Content Management におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-6839 2012-12-20 19:10 2009-06-27 Show GitHub Exploit DB Packet Storm
226566 4.3 警告 Zoph - Zoph の search.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-6838 2012-12-20 19:10 2009-06-27 Show GitHub Exploit DB Packet Storm
226567 7.5 危険 Zoph - Zoph における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-6837 2012-12-20 19:10 2009-06-27 Show GitHub Exploit DB Packet Storm
226568 5 警告 vicftps - VicFTPS におけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認 		CVE-2008-6829 2012-12-20 19:10 2009-06-8 Show GitHub Exploit DB Packet Storm
226569 6.8 警告 trixbox - Fonality trixbox CE の user/index.php におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2008-6825 2012-12-20 19:10 2009-06-5 Show GitHub Exploit DB Packet Storm
226570 4.3 警告 XOOPS - XOOPS の pmlite.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-6885 2012-12-20 19:10 2008-12-7 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 9, 2026, 5:07 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
313121 - - - An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Data is transferred over a raw socket without any authentication mechanism. Thus, communication endpoints are not verifiable. - CVE-2024-45168 2024-08-22 23:35 2024-08-22 Show GitHub Exploit DB Packet Storm
313122 - - - An issue was discovered in UCI IDOL 2 (aka uciIDOL or IDOL2) through 2.12. Due to improper input validation, improper deserialization, and improper restriction of operations within the bounds of a me… - CVE-2024-45166 2024-08-22 23:35 2024-08-22 Show GitHub Exploit DB Packet Storm
313123 9.8 CRITICAL
Network 		arajajyothibabu school_management_system School Management System commit bae5aa was discovered to contain a SQL injection vulnerability via the medium parameter at dtmarks.php. CWE-89
SQL Injection 		CVE-2024-42573 2024-08-22 23:35 2024-08-20 Show GitHub Exploit DB Packet Storm
313124 7.8 HIGH
Local 		fortinet fortimanager
fortianalyzer 		A unverified password change in Fortinet FortiManager versions 7.0.0 through 7.0.10, versions 7.2.0 through 7.2.4, and versions 7.4.0 through 7.4.1, as well as Fortinet FortiAnalyzer versions 7.0.0 t… NVD-CWE-Other
CVE-2024-21757 2024-08-22 23:34 2024-08-14 Show GitHub Exploit DB Packet Storm
313125 9.0 CRITICAL
Network 		fortinet fortisoar An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSOAR 7.3.0 through 7.3.2 allows an authenticated, remote attacker to inject arbitrary web scri… CWE-79
Cross-site Scripting 		CVE-2023-26211 2024-08-22 23:33 2024-08-14 Show GitHub Exploit DB Packet Storm
313126 8.8 HIGH
Network 		fortinet fortios
fortipam
fortiswitchmanager
fortiproxy 		An insufficient session expiration vulnerability [CWE-613] vulnerability in FortiOS 7.2.5 and below, 7.0 all versions, 6.4 all versions; FortiProxy 7.2 all versions, 7.0 all versions; FortiPAM 1.3 al… CWE-613
 Insufficient Session Expiration 		CVE-2022-45862 2024-08-22 23:32 2024-08-14 Show GitHub Exploit DB Packet Storm
313127 7.8 HIGH
Local 		fortinet fortiddos-f
fortiddos 		A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiDDoS version 5.5.0 through 5.5.1, 5.4.2 through 5.4.0, 5.3.0 through 5.3.1, 5.2.0, 5.1.0,… CWE-78
OS Command  		CVE-2022-27486 2024-08-22 23:29 2024-08-14 Show GitHub Exploit DB Packet Storm
313128 7.1 HIGH
Network 		pepperl-fuchs icdm-rx\/tcp_socketserver_firmware
profinet_firmware
profinet\/modbus_firmware
modbus_router_firmware
modbus_server_firmware
modbus_tcp_firmware
ethernet\/ip_firmware
eip\/modbus… 		An unauthenticated remote attacker may use a reflected XSS vulnerability to obtain information from a user or reboot the affected device once. CWE-79
Cross-site Scripting 		CVE-2024-5849 2024-08-22 22:39 2024-08-13 Show GitHub Exploit DB Packet Storm
313129 7.1 HIGH
Network 		pepperl-fuchs icdm-rx\/tcp_socketserver_firmware
profinet_firmware
profinet\/modbus_firmware
modbus_router_firmware
modbus_server_firmware
modbus_tcp_firmware
ethernet\/ip_firmware
eip\/modbus… 		An unauthenticated remote attacker may use stored XSS vulnerability to obtain information from a user or reboot the affected device once. CWE-79
Cross-site Scripting 		CVE-2024-38502 2024-08-22 22:35 2024-08-13 Show GitHub Exploit DB Packet Storm
313130 6.1 MEDIUM
Network 		pepperl-fuchs icdm-rx\/tcp_socketserver_firmware
profinet_firmware
profinet\/modbus_firmware
modbus_router_firmware
modbus_server_firmware
modbus_tcp_firmware
ethernet\/ip_firmware
eip\/modbus… 		An unauthenticated remote attacker may use a HTML injection vulnerability with limited length to inject malicious HTML code and gain low-privileged access on the affected device. CWE-79
Cross-site Scripting 		CVE-2024-38501 2024-08-22 22:34 2024-08-13 Show GitHub Exploit DB Packet Storm