Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 9, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
226881 5 警告 webcamxp - webcamXP におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2008-5862 2012-12-20 19:10 2009-01-6 Show GitHub Exploit DB Packet Storm
226882 4 警告 シックス・アパート株式会社 - Six Apart MT におけるアクセス制限を回避される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2008-5846 2012-12-20 19:10 2009-01-5 Show GitHub Exploit DB Packet Storm
226883 7.5 危険 phpicalendar - PHP iCalendar における認証を回避される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2008-5840 2012-12-20 19:10 2009-01-5 Show GitHub Exploit DB Packet Storm
226884 6.8 警告 web scribble solutions - Web Scribble Solutions webClassifieds の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-5817 2012-12-20 19:10 2009-01-2 Show GitHub Exploit DB Packet Storm
226885 7.5 危険 phpalumni - phpAlumni の Acomment.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-5815 2012-12-20 19:10 2009-01-2 Show GitHub Exploit DB Packet Storm
226886 7.5 危険 SPIP - SPIP の inc/rubriques.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-5813 2012-12-20 19:10 2008-12-24 Show GitHub Exploit DB Packet Storm
226887 10 危険 SPIP - SPIP における脆弱性 CWE-noinfo
情報不足 		CVE-2008-5812 2012-12-20 19:10 2008-12-24 Show GitHub Exploit DB Packet Storm
226888 4.3 警告 TestLink Development Team - TestLink におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-5807 2012-12-20 19:10 2008-12-31 Show GitHub Exploit DB Packet Storm
226889 10 危険 TYPO3 Association - TYPO3 用の Dictionary エクステンションにおける任意のコードを実行される脆弱性 CWE-94
コード・インジェクション 		CVE-2008-5801 2012-12-20 19:10 2008-12-31 Show GitHub Exploit DB Packet Storm
226890 7.5 危険 TYPO3 Association - TYPO3 用の fsmi_people エクステンションにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-5800 2012-12-20 19:10 2008-12-31 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 9, 2026, 5:07 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
200541 7.5 HIGH
Network 		opensmtpd
fedoraproject 		opensmtpd
fedora 		smtpd/table.c in OpenSMTPD before 6.8.0p1 lacks a certain regfree, which might allow attackers to trigger a "very significant" memory leak via messages to an instance that performs many regex lookups. CWE-401
 Missing Release of Memory after Effective Lifetime 		CVE-2020-35679 2024-11-21 14:27 2020-12-25 Show GitHub Exploit DB Packet Storm
200542 6.1 MEDIUM
Network 		pi-hole pi-hole The DNS query log in Pi-hole before 5.2.2 is vulnerable to stored XSS. An attacker with the ability to directly or indirectly query DNS with a malicious hostname can cause arbitrary JavaScript to exe… CWE-79
Cross-site Scripting 		CVE-2020-35659 2024-11-21 14:27 2020-12-25 Show GitHub Exploit DB Packet Storm
200543 6.1 MEDIUM
Network 		dart http An issue was discovered in the http package through 0.12.2 for Dart. If the attacker controls the HTTP method and the app is using Request directly, it's possible to achieve CRLF injection in an HTTP… CWE-74
Injection 		CVE-2020-35669 2024-11-21 14:27 2020-12-24 Show GitHub Exploit DB Packet Storm
200544 4.8 MEDIUM
Network 		bigprof online_invoicing_system BigProf Online Invoicing System before 4.0 fails to adequately sanitize fields for HTML characters upon an administrator using admin/pageEditGroup.php to create a new group, resulting in Stored XSS. … CWE-352
CWE-79
 Origin Validation Error
Cross-site Scripting 		CVE-2020-35677 2024-11-21 14:27 2020-12-24 Show GitHub Exploit DB Packet Storm
200545 6.1 MEDIUM
Network 		bigprof online_invoicing_system BigProf Online Invoicing System before 3.1 fails to correctly sanitize an XSS payload when a user registers using the self-registration functionality. As such, an attacker can input a crafted payload… CWE-79
Cross-site Scripting 		CVE-2020-35676 2024-11-21 14:27 2020-12-24 Show GitHub Exploit DB Packet Storm
200546 7.5 HIGH
Network 		redislabs redisgraph RedisGraph 2.x through 2.2.11 has a NULL Pointer Dereference that leads to a server crash because it mishandles an unquoted string, such as an alias that has not yet been introduced. CWE-476
 NULL Pointer Dereference 		CVE-2020-35668 2024-11-21 14:27 2020-12-24 Show GitHub Exploit DB Packet Storm
200547 8.8 HIGH
Network 		steedos steedos Steedos Platform through 1.21.24 allows NoSQL injection because the /api/collection/findone implementation in server/packages/steedos_base.js mishandles req.body validation, as demonstrated by MongoD… CWE-89
SQL Injection 		CVE-2020-35666 2024-11-21 14:27 2020-12-24 Show GitHub Exploit DB Packet Storm
200548 9.8 CRITICAL
Network 		terra-master terramaster_operating_system An unauthenticated command-execution vulnerability exists in TerraMaster TOS through 4.2.06 via shell metacharacters in the Event parameter in include/makecvs.php during CSV creation. CWE-78
OS Command  		CVE-2020-35665 2024-11-21 14:27 2020-12-24 Show GitHub Exploit DB Packet Storm
200549 7.5 HIGH
Network 		advanced_comment_system_project advanced_comment_system ACS Advanced Comment System 1.0 is affected by Directory Traversal via an advanced_component_system/index.php?ACS_path=..%2f URI. NOTE: this might be the same as CVE-2009-4623 CWE-22
Path Traversal 		CVE-2020-35598 2024-11-21 14:27 2020-12-24 Show GitHub Exploit DB Packet Storm
200550 8.8 HIGH
Network 		raysync raysync A RCE vulnerability exists in Raysync below 3.3.3.8. An unauthenticated unauthorized attacker sending a specifically crafted request to override the specific file in server with malicious content can… CWE-22
Path Traversal 		CVE-2020-35370 2024-11-21 14:27 2020-12-24 Show GitHub Exploit DB Packet Storm