Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 11, 2026, 6:01 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
228081 9.3 危険 VideoLAN - Windows 上で稼動する VLC Media Player の modules/demux/wav.c における整数オーバーフローの脆弱性 CWE-189
数値処理の問題 		CVE-2008-2430 2012-12-20 18:52 2008-07-7 Show GitHub Exploit DB Packet Storm
228082 6.8 警告 torrenttrader - TorrentTrader Classic における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-2428 2012-12-20 18:52 2008-06-18 Show GitHub Exploit DB Packet Storm
228083 7.5 危険 webslider - Web Slider の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-2422 2012-12-20 18:52 2008-05-23 Show GitHub Exploit DB Packet Storm
228084 4.3 警告 SAP - SAP WAS などの Web GUI におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-2421 2012-12-20 18:52 2008-05-23 Show GitHub Exploit DB Packet Storm
228085 6.8 警告 stunnel - stunnel の OCSP 関数におけるアクセス制限を回避される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2008-2420 2012-12-20 18:52 2008-05-23 Show GitHub Exploit DB Packet Storm
228086 6.8 警告 sazcart - SazCart の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-2411 2012-12-20 18:52 2008-05-22 Show GitHub Exploit DB Packet Storm
228087 7.5 危険 サン・マイクロシステムズ - Sun Java ASP Server の管理アプリケーションサーバにおける認証を回避される脆弱性 CWE-287
不適切な認証 		CVE-2008-2406 2012-12-20 18:52 2008-06-3 Show GitHub Exploit DB Packet Storm
228088 7.5 危険 サン・マイクロシステムズ - Sun Java ASP Server における任意のコマンドを実行される脆弱性 CWE-20
不適切な入力確認 		CVE-2008-2405 2012-12-20 18:52 2008-06-3 Show GitHub Exploit DB Packet Storm
228089 10 危険 サン・マイクロシステムズ - Sun Java ASP Server のリクエスト処理実装におけるスタックベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2008-2404 2012-12-20 18:52 2008-06-3 Show GitHub Exploit DB Packet Storm
228090 5 警告 サン・マイクロシステムズ - Sun Java ASP Server の Admin Server におけるパスワードハッシュを読まれる脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2008-2402 2012-12-20 18:52 2008-06-3 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 11, 2026, 4:09 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
196001 7.2 HIGH
Network 		artica pandora_fms In Artica Pandora FMS 7.42, Web Admin users can execute arbitrary code by uploading a .php file via the Updater or Extension component. NOTE: The vendor reports that this is intended functionality CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2020-8500 2024-11-21 14:38 2020-03-3 Show GitHub Exploit DB Packet Storm
196002 9.8 CRITICAL
Network 		pdf-image_project pdf-image Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input. CWE-20
 Improper Input Validation  		CVE-2020-8132 2024-11-21 14:38 2020-02-29 Show GitHub Exploit DB Packet Storm
196003 6.1 MEDIUM
Network 		revealjs reveal.js Insufficient validation in cross-origin communication (postMessage) in reveal.js version 3.9.1 and earlier allow attackers to perform cross-site scripting attacks. CWE-79
Cross-site Scripting 		CVE-2020-8127 2024-11-21 14:38 2020-02-29 Show GitHub Exploit DB Packet Storm
196004 7.5 HIGH
Network 		yarnpkg yarn Arbitrary filesystem write vulnerability in Yarn before 1.22.0 allows attackers to write to any path on the filesystem and potentially lead to arbitrary code execution by forcing the user to install … CWE-22
Path Traversal 		CVE-2020-8131 2024-11-21 14:38 2020-02-25 Show GitHub Exploit DB Packet Storm
196005 6.4 MEDIUM
Local 		ruby-lang
debian
canonical
fedoraproject
opensuse 		rake
debian_linux
ubuntu_linux
fedora
leap 		There is an OS command injection vulnerability in Ruby Rake < 12.3.3 in Rake::FileList when supplying a filename that begins with the pipe character `|`. CWE-78
OS Command  		CVE-2020-8130 2024-11-21 14:38 2020-02-25 Show GitHub Exploit DB Packet Storm
196006 6.5 MEDIUM
Network 		puppet puppet_agent
puppet 		Previously, Puppet operated on a model that a node with a valid certificate was entitled to all information in the system and that a compromised certificate allowed access to everything in the infras… CWE-295
Improper Certificate Validation  		CVE-2020-7942 2024-11-21 14:38 2020-02-20 Show GitHub Exploit DB Packet Storm
196007 9.8 CRITICAL
Network 		jyaml_project jyaml JYaml through 1.3 allows remote code execution during deserialization of a malicious payload through the load() function. NOTE: this is a discontinued product. CWE-502
 Deserialization of Untrusted Data 		CVE-2020-8441 2024-11-21 14:38 2020-02-20 Show GitHub Exploit DB Packet Storm
196008 9.8 CRITICAL
Network 		broadcom unified_infrastructure_management CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a buffer overflow vulnerability in the robot (controller) component. A remote attacker can execute arbitra… CWE-120
Classic Buffer Overflow 		CVE-2020-8012 2024-11-21 14:38 2020-02-18 Show GitHub Exploit DB Packet Storm
196009 7.5 HIGH
Network 		broadcom unified_infrastructure_management CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains a null pointer dereference vulnerability in the robot (controller) component. A remote attacker can crash … CWE-476
 NULL Pointer Dereference 		CVE-2020-8011 2024-11-21 14:38 2020-02-18 Show GitHub Exploit DB Packet Storm
196010 9.8 CRITICAL
Network 		broadcom unified_infrastructure_management CA Unified Infrastructure Management (Nimsoft/UIM) 20.1, 20.3.x, and 9.20 and below contains an improper ACL handling vulnerability in the robot (controller) component. A remote attacker can execute … NVD-CWE-Other
CVE-2020-8010 2024-11-21 14:38 2020-02-18 Show GitHub Exploit DB Packet Storm