Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 8, 2026, noon

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
227001 7.5 危険 review-script - Five Star Review Script の recommend.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-3780 2012-12-20 18:52 2008-08-26 Show GitHub Exploit DB Packet Storm
227002 4.3 警告 review-script - Five Star Review Script の search/index.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-3779 2012-12-20 18:52 2008-08-26 Show GitHub Exploit DB Packet Storm
227003 7.5 危険 simasy - Simasy CMS の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-3774 2012-12-20 18:52 2008-08-22 Show GitHub Exploit DB Packet Storm
227004 4.3 警告 vBulletin Solutions, Inc. - vBulletin におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-3773 2012-12-20 18:52 2008-08-18 Show GitHub Exploit DB Packet Storm
227005 7.5 危険 turnkey web tools - Turnkey Web Tools SunShop Shopping Cart の class.ajax.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-3768 2012-12-20 18:52 2008-08-22 Show GitHub Exploit DB Packet Storm
227006 7.5 危険 smartisoft - phpBazar の classified.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-3767 2012-12-20 18:52 2008-08-22 Show GitHub Exploit DB Packet Storm
227007 5 警告 realtime internet band rehearsal - Realtime Internet llcon におけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認 		CVE-2008-3766 2012-12-20 18:52 2008-08-22 Show GitHub Exploit DB Packet Storm
227008 7.5 危険 turnkey web tools - Turnkey PHP Live Helper の globalsoff.php における任意の PHP コードを実行される脆弱性 CWE-94
コード・インジェクション 		CVE-2008-3764 2012-12-20 18:52 2008-08-21 Show GitHub Exploit DB Packet Storm
227009 6.8 警告 turnkey web tools - Turnkey PHP Live Helper の libsecure.php における db config ファイルに関連する任意の変数を上書きされる脆弱性 CWE-20
不適切な入力確認 		CVE-2008-3763 2012-12-20 18:52 2008-08-21 Show GitHub Exploit DB Packet Storm
227010 7.5 危険 turnkey web tools - Turnkey PHP Live Helper の onlinestatus_html.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-3762 2012-12-20 18:52 2008-08-21 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 8, 2026, 4:54 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
223241 6.1 MEDIUM
Network 		openfind mail2000 An Open Redirect vulnerability for all browsers in MAIL2000 through version 6.0 and 7.0, which will redirect to a malicious site without authentication. This vulnerability affects many mail system of… CWE-601
Open Redirect 		CVE-2019-15073 2024-11-21 13:27 2019-11-20 Show GitHub Exploit DB Packet Storm
223242 6.1 MEDIUM
Network 		openfind mail2000 The login feature in "/cgi-bin/portal" in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via any parameter. This vulnerabili… CWE-79
Cross-site Scripting 		CVE-2019-15072 2024-11-21 13:27 2019-11-20 Show GitHub Exploit DB Packet Storm
223243 6.1 MEDIUM
Network 		openfind mail2000 The "/cgi-bin/go" page in MAIL2000 through version 6.0 and 7.0 has a cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code via ACTION parameter without authentication. The co… CWE-79
Cross-site Scripting 		CVE-2019-15071 2024-11-21 13:27 2019-11-20 Show GitHub Exploit DB Packet Storm
223244 6.1 MEDIUM
Network 		getmailbird mailbird Multiple cross-site scripting (XSS) vulnerabilities in Mailbird before 2.7.5.0 r allow remote attackers to execute arbitrary JavaScript in a privileged context via a crafted HTML mail message. This v… CWE-79
Cross-site Scripting 		CVE-2019-15054 2024-11-21 13:27 2019-11-19 Show GitHub Exploit DB Packet Storm
223245 8.8 HIGH
Network 		artifex
fedoraproject
opensuse 		ghostscript
fedora
leap 		A flaw was found in all versions of ghostscript 9.x before 9.50, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restricti… CWE-732
 Incorrect Permission Assignment for Critical Resource 		CVE-2019-14869 2024-11-21 13:27 2019-11-15 Show GitHub Exploit DB Packet Storm
223246 10.0 CRITICAL
Network 		sas xml_mapper
base_sas 		SAS XML Mapper 9.45 has an XML External Entity (XXE) vulnerability that can be leveraged by malicious attackers in multiple ways. Examples are Local File Reading, Out Of Band File Exfiltration, Serve… CWE-611
XXE 		CVE-2019-14678 2024-11-21 13:27 2019-11-15 Show GitHub Exploit DB Packet Storm
223247 7.5 HIGH
Network 		dpdk
redhat
fedoraproject 		data_plane_development_kit
enterprise_linux_fast_datapath
openstack
virtualization_eus
fedora 		A flaw was found in all dpdk version 17.x.x before 17.11.8, 16.x.x before 16.11.10, 18.x.x before 18.11.4 and 19.x.x before 19.08.1 where a malicious master, or a container with access to vhost_user … CWE-401
 Missing Release of Memory after Effective Lifetime 		CVE-2019-14818 2024-11-21 13:27 2019-11-15 Show GitHub Exploit DB Packet Storm
223248 7.8 HIGH
Local 		intel nuvoton_consumer_infrared Improper permissions in the installer for the Nuvoton* CIR Driver versions 1.02.1002 and before may allow an authenticated user to potentially enable escalation of privilege via local access. CWE-276
Incorrect Default Permissions  		CVE-2019-14602 2024-11-21 13:27 2019-11-15 Show GitHub Exploit DB Packet Storm
223249 6.5 MEDIUM
Network 		redhat syndesis
fuse 		It was found that the Syndesis configuration for Cross-Origin Resource Sharing was set to allow all origins. An attacker could use this lack of protection to conduct phishing attacks and further acce… NVD-CWE-Other
CVE-2019-14860 2024-11-21 13:27 2019-11-9 Show GitHub Exploit DB Packet Storm
223250 6.5 MEDIUM
Network 		fedoraproject
redhat
debian 		389_directory_server
enterprise_linux
debian_linux 		A flaw was found in the 'deref' plugin of 389-ds-base where it could use the 'search' permission to display attribute values. In some configurations, this could allow an authenticated attacker to vie… CWE-732
 Incorrect Permission Assignment for Critical Resource 		CVE-2019-14824 2024-11-21 13:27 2019-11-9 Show GitHub Exploit DB Packet Storm