Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 12, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
227991 7.5 危険 v-webmail - V-webmail の login.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-3063 2012-12-20 18:52 2008-10-7 Show GitHub Exploit DB Packet Storm
227992 7.5 危険 TYPO3 Association - TYPO3 用の DAM Frontend エクステンションにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-3039 2012-12-20 18:52 2008-07-7 Show GitHub Exploit DB Packet Storm
227993 7.5 危険 TYPO3 Association - TYPO3 用の Address Directory エクステンションにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-3038 2012-12-20 18:52 2008-07-7 Show GitHub Exploit DB Packet Storm
227994 4.3 警告 TYPO3 Association - TYPO3 用の Address Directory エクステンションにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-3037 2012-12-20 18:52 2008-07-7 Show GitHub Exploit DB Packet Storm
227995 6.5 警告 xchangeboard - XchangeBoard の newThread.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-3035 2012-12-20 18:52 2008-07-7 Show GitHub Exploit DB Packet Storm
227996 7.5 危険 rss aggregator - RSS-aggregator における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-3034 2012-12-20 18:52 2008-07-7 Show GitHub Exploit DB Packet Storm
227997 9.3 危険 rss aggregator - RSS-aggregator における admin 関数へアクセスされ脆弱性 CWE-287
不適切な認証 		CVE-2008-3033 2012-12-20 18:52 2008-07-7 Show GitHub Exploit DB Packet Storm
227998 4.3 警告 The phpMyAdmin Project - TYPO3 用の phpMyAdmin エクステンションにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-3032 2012-12-20 18:52 2008-07-7 Show GitHub Exploit DB Packet Storm
227999 7.5 危険 Thomas Abeel - Simple PHP Agenda の index.php におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2008-3031 2012-12-20 18:52 2008-07-7 Show GitHub Exploit DB Packet Storm
228000 4.3 警告 Web-Empowered Church Team - TYPO3 用の WEC Discussion Forum エクステンションにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-3029 2012-12-20 18:52 2008-07-7 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 13, 2026, 5:05 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
209371 8.1 HIGH
Network 		nodebb blog_comments In nodebb-plugin-blog-comments before version 0.7.0, a logged in user is vulnerable to an XSS attack which could allow a third party to post on their behalf on the forum. This is due to lack of CSRF … - CVE-2020-15156 2024-11-21 14:04 2020-08-27 Show GitHub Exploit DB Packet Storm
209372 9.8 CRITICAL
Network 		mz-automation libiec61850 In libIEC61850 before version 1.4.3, when a message with COTP message length field with value < 4 is received an integer underflow will happen leading to heap buffer overflow. This can cause an appli… CWE-191
 Integer Underflow (Wrap or Wraparound) 		CVE-2020-15158 2024-11-21 14:04 2020-08-27 Show GitHub Exploit DB Packet Storm
209373 8.5 HIGH
Network 		cogboard red_discord_bot Red Discord Bot before versions 3.3.12 and 3.4 has a Remote Code Execution vulnerability in the Streams module. This exploit allows Discord users with specifically crafted "going live" messages to in… CWE-74
Injection 		CVE-2020-15147 2024-11-21 14:04 2020-08-22 Show GitHub Exploit DB Packet Storm
209374 9.6 CRITICAL
Network 		cogboard red_discord_bot In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia … CWE-74
Injection 		CVE-2020-15140 2024-11-21 14:04 2020-08-22 Show GitHub Exploit DB Packet Storm
209375 8.8 HIGH
Network 		zulip zulip_server Zulip Server 2.x before 2.1.7 allows eval injection if a privileged attacker were able to write directly to the postgres database, and chose to write a crafted custom profile field value. CWE-94
Code Injection 		CVE-2020-15070 2024-11-21 14:04 2020-08-21 Show GitHub Exploit DB Packet Storm
209376 8.0 HIGH
Network 		openmage
magento 		openmage_long_term_support
magento 		OpenMage LTS before versions 19.4.6 and 20.0.2 allows attackers to circumvent the `fromkey protection` in the Admin Interface and increases the attack surface for Cross Site Request Forgery attacks. … CWE-352
 Origin Validation Error 		CVE-2020-15151 2024-11-21 14:04 2020-08-20 Show GitHub Exploit DB Packet Storm
209377 8.8 HIGH
Network 		sylius syliusresourcebundle In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, request parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized prop… CWE-917
 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') 		CVE-2020-15146 2024-11-21 14:04 2020-08-20 Show GitHub Exploit DB Packet Storm
209378 8.8 HIGH
Network 		sylius syliusresourcebundle In SyliusResourceBundle before versions 1.3.14, 1.4.7, 1.5.2 and 1.6.4, rrequest parameters injected inside an expression evaluated by `symfony/expression-language` package haven't been sanitized pro… CWE-917
 Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') 		CVE-2020-15143 2024-11-21 14:04 2020-08-20 Show GitHub Exploit DB Packet Storm
209379 5.4 MEDIUM
Network 		auth0 lock In auth0-lock versions before and including 11.25.1, dangerouslySetInnerHTML is used to update the DOM. When dangerouslySetInnerHTML is used, the application and its users might be exposed to cross-s… CWE-79
Cross-site Scripting 		CVE-2020-15119 2024-11-21 14:04 2020-08-20 Show GitHub Exploit DB Packet Storm
209380 9.9 CRITICAL
Network 		nodebb nodebb NodeBB before version 1.14.3 has a bug introduced in version 1.12.2 in the validation logic that makes it possible to change the password of any user on a running NodeBB forum by sending a specially … CWE-287
Improper Authentication 		CVE-2020-15149 2024-11-21 14:04 2020-08-20 Show GitHub Exploit DB Packet Storm