Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 9, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
226921 6.5 警告 phparanoid - PHParanoid における脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2008-5673 2012-12-20 19:10 2008-12-18 Show GitHub Exploit DB Packet Storm
226922 6.8 警告 phparanoid - PHParanoid におけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2008-5672 2012-12-20 19:10 2008-12-18 Show GitHub Exploit DB Packet Storm
226923 6.8 警告 Textpattern - Textpattern におけるセッションのハイジャック後パスワードを変更される脆弱性 CWE-255
証明書・パスワード管理 		CVE-2008-5670 2012-12-20 19:10 2008-12-18 Show GitHub Exploit DB Packet Storm
226924 5 警告 Textpattern - Textpattern のコメントプレビューセクションにおけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認 		CVE-2008-5669 2012-12-20 19:10 2008-12-18 Show GitHub Exploit DB Packet Storm
226925 4.3 警告 Textpattern - Textpattern におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-5668 2012-12-20 19:10 2008-12-18 Show GitHub Exploit DB Packet Storm
226926 5 警告 VirusBlokAda Ltd. - VirusBlokAda VBA32 Personal Antivirus のスキャンエンジンにおけるサービス運用妨害 (DoS) の脆弱性 CWE-399
リソース管理の問題 		CVE-2008-5667 2012-12-20 19:10 2008-12-18 Show GitHub Exploit DB Packet Storm
226927 3.5 注意 WING FTP software - WinFTP FTP Server におけるサービス運用妨害 (DoS) の脆弱性 CWE-399
リソース管理の問題 		CVE-2008-5666 2012-12-20 18:52 2008-12-18 Show GitHub Exploit DB Packet Storm
226928 7.5 危険 XOOPS - XOOPS の xhresim モジュールにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-5665 2012-12-20 18:52 2008-12-18 Show GitHub Exploit DB Packet Storm
226929 9.3 危険 Realtek Semiconductor Corp - Realtek Media Player におけるスタックベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2008-5664 2012-12-20 18:52 2008-12-18 Show GitHub Exploit DB Packet Storm
226930 7.5 危険 Quassel IRC - Quassel Core における CRLF インジェクションの脆弱性 CWE-20
不適切な入力確認 		CVE-2008-5657 2012-12-20 18:52 2008-10-27 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 9, 2026, 5:07 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
223421 5.5 MEDIUM
Local 		jc21 nginx_proxy_manager jc21 Nginx Proxy Manager before 2.0.13 allows %2e%2e%2f directory traversal. CWE-22
Path Traversal 		CVE-2019-15517 2024-11-21 13:28 2019-08-24 Show GitHub Exploit DB Packet Storm
223422 7.5 HIGH
Network 		cuberite cuberite Cuberite before 2019-06-11 allows webadmin directory traversal via ....// because the protection mechanism simply removes one ../ substring. CWE-22
Path Traversal 		CVE-2019-15516 2024-11-21 13:28 2019-08-24 Show GitHub Exploit DB Packet Storm
223423 5.3 MEDIUM
Network 		telegram telegram The Privacy > Phone Number feature in the Telegram app 5.10 for Android and iOS provides an incorrect indication that the access level is Nobody, because attackers can find these numbers via the Grou… NVD-CWE-noinfo
CVE-2019-15514 2024-11-21 13:28 2019-08-23 Show GitHub Exploit DB Packet Storm
223424 9.8 CRITICAL
Network 		it-novum openitcockpit openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21. CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2019-15494 2024-11-21 13:28 2019-08-23 Show GitHub Exploit DB Packet Storm
223425 7.5 HIGH
Network 		it-novum openitcockpit openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21. NVD-CWE-noinfo
CVE-2019-15493 2024-11-21 13:28 2019-08-23 Show GitHub Exploit DB Packet Storm
223426 6.1 MEDIUM
Network 		it-novum openitcockpit openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21. CWE-79
Cross-site Scripting 		CVE-2019-15492 2024-11-21 13:28 2019-08-23 Show GitHub Exploit DB Packet Storm
223427 8.8 HIGH
Network 		it-novum openitcockpit openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21. CWE-352
 Origin Validation Error 		CVE-2019-15491 2024-11-21 13:28 2019-08-23 Show GitHub Exploit DB Packet Storm
223428 9.8 CRITICAL
Network 		it-novum openitcockpit openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21. CWE-78
OS Command  		CVE-2019-15490 2024-11-21 13:28 2019-08-23 Show GitHub Exploit DB Packet Storm
223429 6.1 MEDIUM
Network 		igniterealtime openfire Ignite Realtime Openfire before 4.4.1 has reflected XSS via an LDAP setup test. CWE-79
Cross-site Scripting 		CVE-2019-15488 2024-11-21 13:28 2019-08-23 Show GitHub Exploit DB Packet Storm
223430 6.1 MEDIUM
Network 		schoolexperience department_for_education_school_experience DfE School Experience before v16333-GA has XSS via a teacher training URL. CWE-79
Cross-site Scripting 		CVE-2019-15487 2024-11-21 13:28 2019-08-23 Show GitHub Exploit DB Packet Storm