Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 26, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
228381	4	警告	Iconify.it	-	SkyBlueCanvas の admin.php におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2009-2116	2012-12-20 19:10	2009-06-18	Show	GitHub Exploit DB Packet Storm

228382	6.8	警告	Iconify.it	-	SkyBlueCanvas の admin.php における重要な情報を取得される脆弱性	CWE-200 情報漏えい	CVE-2009-2115	2012-12-20 19:10	2009-06-18	Show	GitHub Exploit DB Packet Storm

228383	4.3	警告	Iconify.it	-	SkyBlueCanvas の admin.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-2114	2012-12-20 19:10	2009-06-18	Show	GitHub Exploit DB Packet Storm

228384	4.3	警告	webmedia explorer	-	webmex の index.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-2107	2012-12-20 19:10	2009-06-17	Show	GitHub Exploit DB Packet Storm

228385	7.5	危険	projektseminar proservice wwu	-	TYPO3 用の Virtual civserv エクステンションにおける SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-2106	2012-12-20 19:10	2009-06-17	Show	GitHub Exploit DB Packet Storm

228386	4.3	警告	udo von eynern	-	TYPO3 用の Modern Guestbook / Commenting System エクステンションにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-2104	2012-12-20 19:10	2009-06-17	Show	GitHub Exploit DB Packet Storm

228387	7.5	危険	steve grundell	-	TYPO3 用の fe_mp3player エクステンションにおける SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-2103	2012-12-20 19:10	2009-06-17	Show	GitHub Exploit DB Packet Storm

228388	7.5	危険	zokisoft	-	Zoki Soft Zoki Catalog の system/application/controllers/catalog.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-2097	2012-12-20 19:10	2009-06-17	Show	GitHub Exploit DB Packet Storm

228389	4.3	警告	phpwebthings	-	phpWebThings の help.php におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2009-2081	2012-12-20 19:10	2009-06-16	Show	GitHub Exploit DB Packet Storm

228390	6	警告	ricardo alexandre de oliveira staudt	-	Yogurt の writemessage.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-2034	2012-12-20 19:10	2009-06-12	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 26, 2026, 4:05 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
208261	6.1	MEDIUM Network	codoforum	codoforum	Codoforum 4.8.3 allows HTML Injection in the 'admin dashboard Manage users Section.'	CWE-79 Cross-site Scripting	CVE-2020-21845	2024-11-21 14:12	2020-09-15	Show	GitHub Exploit DB Packet Storm

208262	6.1	MEDIUM Network	sagemcom	f\@st_3686_firmware	Sagemcom F@ST3686 v1.0 HUN 3.97.0 has XSS via RgDiagnostics.asp, RgDdns.asp, RgFirewallEL.asp, RgVpnL2tpPptp.asp.	CWE-79 Cross-site Scripting	CVE-2020-21733	2024-11-21 14:12	2020-09-14	Show	GitHub Exploit DB Packet Storm

208263	6.1	MEDIUM Network	rukovoditel	rukovoditel	Rukovoditel Project Management app 2.6 is affected by: Cross Site Scripting (XSS). An attacker can add JavaScript code to the filename.	CWE-79 Cross-site Scripting	CVE-2020-21732	2024-11-21 14:12	2020-09-14	Show	GitHub Exploit DB Packet Storm

208264	6.1	MEDIUM Network	gazie_project	gazie	Gazie 7.29 is affected by: Cross Site Scripting (XSS) via http://192.168.100.7/gazie/modules/config/admin_utente.php?user_name=amministratore&Update. An attacker can inject JavaScript code, and the w…	CWE-79 Cross-site Scripting	CVE-2020-21731	2024-11-21 14:12	2020-09-14	Show	GitHub Exploit DB Packet Storm

208265	6.1	MEDIUM Network	appsaloon	wp-gdpr	controller/controller-comments.php in WP GDPR plugin through 2.1.1 has unauthenticated stored XSS.	CWE-79 Cross-site Scripting	CVE-2020-20628	2024-11-21 14:12	2020-09-1	Show	GitHub Exploit DB Packet Storm

208266	5.3	MEDIUM Network	givewp	givewp	The includes/gateways/stripe/includes/admin/admin-actions.php in GiveWP plugin through 2.5.9 for WordPress allows unauthenticated settings change.	CWE-306 Missing Authentication for Critical Function	CVE-2020-20627	2024-11-21 14:12	2020-09-1	Show	GitHub Exploit DB Packet Storm

208267	5.4	MEDIUM Network	lara\'s_google_analytics_project	lara\'s_google_analytics	lara-google-analytics.php in Lara Google Analytics plugin through 2.0.4 for WordPress allows authenticated stored XSS.	CWE-79 Cross-site Scripting	CVE-2020-20626	2024-11-21 14:12	2020-09-1	Show	GitHub Exploit DB Packet Storm

208268	7.5	HIGH Network	slicedinvoices	sliced_invoices	Sliced Invoices plugin for WordPress 3.8.2 and earlier allows unauthenticated information disclosure and authenticated SQL injection via core/class-sliced.php.	CWE-89 SQL Injection	CVE-2020-20625	2024-11-21 14:12	2020-09-1	Show	GitHub Exploit DB Packet Storm

208269	5.4	MEDIUM Network	cookielawinfo	gdpr_cookie_consent	ajax_policy_generator in admin/modules/cli-policy-generator/classes/class-policy-generator-ajax.php in GDPR Cookie Consent (cookie-law-info) 1.8.2 and below plugin for WordPress, allows authenticated…	CWE-79 Cross-site Scripting	CVE-2020-20633	2024-11-21 14:12	2020-08-22	Show	GitHub Exploit DB Packet Storm

208270	6.5	MEDIUM Network	elementor	website_builder	Elementor 2.9.5 and below WordPress plugin allows authenticated users to activate its safe mode feature. This can be exploited to disable all security plugins on the blog.	NVD-CWE-noinfo	CVE-2020-20634	2024-11-21 14:12	2020-08-22	Show	GitHub Exploit DB Packet Storm