Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 5, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
227271 6.4 警告 statcountex - StatCounteX における重要な情報を取得される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2008-0843 2012-12-20 18:34 2008-02-20 Show GitHub Exploit DB Packet Storm
227272 4.4 警告 publicwarehouse - Public Warehouse LightBlog の view_member.php におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2008-0840 2012-12-20 18:34 2008-02-20 Show GitHub Exploit DB Packet Storm
227273 4.3 警告 ソフォス - Sophos ES1000 および ES4000 Email Security Appliance の Web の管理インターフェースにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-0838 2012-12-20 18:34 2008-02-20 Show GitHub Exploit DB Packet Storm
227274 7.5 危険 simple cms - Simple CMS の indexen.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-0835 2012-12-20 18:34 2008-02-20 Show GitHub Exploit DB Packet Storm
227275 7.5 危険 PHPNUKE - PHP-Nuke の Books モジュールにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-0827 2012-12-20 18:34 2008-02-19 Show GitHub Exploit DB Packet Storm
227276 3.6 注意 scribe - Scribe の index.php におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2008-0822 2012-12-20 18:34 2008-02-19 Show GitHub Exploit DB Packet Storm
227277 3.6 注意 plutostatus - PlutoStatus Locator の index.php におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2008-0819 2012-12-20 18:34 2008-02-19 Show GitHub Exploit DB Packet Storm
227278 6.4 警告 truc - TRUC の download.php におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2008-0814 2012-12-20 18:34 2008-02-18 Show GitHub Exploit DB Packet Storm
227279 5 警告 xpweb - XPWeb の Download.php におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2008-0813 2012-12-20 18:34 2008-02-18 Show GitHub Exploit DB Packet Storm
227280 9.3 危険 reality - PHPizabi の image.php における任意のコードを実行される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2008-0805 2012-12-20 18:34 2008-02-18 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 5, 2026, 4:51 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
223301 8.8 HIGH
Network 		rangerstudio directus_7_api In Directus 7 API through 2.3.0, uploading of PHP files is blocked only when the Apache HTTP Server is used, leading to uploads/_/originals remote code execution with nginx. CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2019-13980 2024-11-21 13:25 2019-07-20 Show GitHub Exploit DB Packet Storm
223302 8.8 HIGH
Network 		rangerstudio directus_7_api In Directus 7 API before 2.2.1, uploading of PHP files is not blocked, leading to uploads/_/originals remote code execution. CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2019-13979 2024-11-21 13:25 2019-07-20 Show GitHub Exploit DB Packet Storm
223303 5.5 MEDIUM
Local 		linux linux_kernel In the Linux kernel through 5.2.1 on the powerpc platform, when hardware transactional memory is disabled, a local user can cause a denial of service (TM Bad Thing exception and system crash) via a s… CWE-399
 Resource Management Errors 		CVE-2019-13648 2024-11-21 13:25 2019-07-19 Show GitHub Exploit DB Packet Storm
223304 8.8 HIGH
Network 		ovidentia ovidentia Ovidentia 8.4.3 has SQL Injection via the id parameter in an index.php?tg=delegat&idx=mem request. CWE-89
SQL Injection 		CVE-2019-13978 2024-11-21 13:25 2019-07-19 Show GitHub Exploit DB Packet Storm
223305 5.4 MEDIUM
Network 		ovidentia ovidentia index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create, tg=admfaqs&idx… CWE-79
Cross-site Scripting 		CVE-2019-13977 2024-11-21 13:25 2019-07-19 Show GitHub Exploit DB Packet Storm
223306 8.8 HIGH
Network 		layerbb layerbb LayerBB 1.1.3 allows conversations.php/cmd/new CSRF. CWE-352
 Origin Validation Error 		CVE-2019-13974 2024-11-21 13:25 2019-07-19 Show GitHub Exploit DB Packet Storm
223307 9.8 CRITICAL
Network 		layerbb layerbb LayerBB 1.1.3 allows admin/general.php arbitrary file upload because the custom_logo filename suffix is not restricted, and .php may be used. CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2019-13973 2024-11-21 13:25 2019-07-19 Show GitHub Exploit DB Packet Storm
223308 6.1 MEDIUM
Network 		layerbb layerbb LayerBB 1.1.3 allows XSS via the application/commands/new.php pm_title variable, a related issue to CVE-2019-17997. CWE-79
Cross-site Scripting 		CVE-2019-13972 2024-11-21 13:25 2019-07-19 Show GitHub Exploit DB Packet Storm
223309 6.1 MEDIUM
Network 		otcms otcms OTCMS 3.81 allows XSS via the mode parameter in an apiRun.php?mudi=autoRun request. CWE-79
Cross-site Scripting 		CVE-2019-13971 2024-11-21 13:25 2019-07-19 Show GitHub Exploit DB Packet Storm
223310 6.1 MEDIUM
Network 		antsword_project antsword In antSword before 2.1.0, self-XSS in the database configuration leads to code execution via modules/database/asp/index.js, modules/database/custom/index.js, modules/database/index.js, or modules/dat… CWE-79
Cross-site Scripting 		CVE-2019-13970 2024-11-21 13:25 2019-07-19 Show GitHub Exploit DB Packet Storm