Vulnerability Search Top
Show Search Menu
|
You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database). |
JVN Vulnerability Information
Update Date":May 31, 2026, 6 p.m.
| No | CVSS | Level Attach Vector |
Vendor Name | Project Name | Title | CWE | CVE | Update Date | Publication Date | Impact Show |
Exploit PoC Search |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 228441 | 7.5 | 危険 | witchakorn kamolpornwijit | - | Joomla! 用の facebook コンポーネントにおける SQL インジェクションの脆弱性 |
CWE-89
SQLインジェクション |
CVE-2009-3438 | 2012-12-20 19:28 | 2009-09-28 | Show | GitHub Exploit DB Packet Storm |
| 228442 | 7.2 | 危険 | サン・マイクロシステムズ | - | Sun Solaris Cluster の configuration utility における権限を取得される脆弱性 |
CWE-noinfo
情報不足 |
CVE-2009-3433 | 2012-12-20 19:28 | 2009-09-22 | Show | GitHub Exploit DB Packet Storm |
| 228443 | 9.3 | 危険 | pirateradio | - | Pirate Radio Destiny Media Player におけるスタックベースのバッファオーバーフローの脆弱性 |
CWE-119
バッファエラー |
CVE-2009-3429 | 2012-12-20 19:28 | 2009-09-25 | Show | GitHub Exploit DB Packet Storm |
| 228444 | 6.8 | 警告 | zenas | - | Zenas PaoLink の login.php における認証を回避される脆弱性 |
CWE-287
不適切な認証 |
CVE-2009-3423 | 2012-12-20 19:28 | 2009-09-25 | Show | GitHub Exploit DB Packet Storm |
| 228445 | 6.8 | 警告 | zenas | - | Zenas PaoLiber の login.php における認証を回避される脆弱性 |
CWE-287
不適切な認証 |
CVE-2009-3422 | 2012-12-20 19:28 | 2009-09-25 | Show | GitHub Exploit DB Packet Storm |
| 228446 | 6.8 | 警告 | zenas | - | Zenas PaoBacheca Guestbook の login.php における認証を回避される脆弱性 |
CWE-264
認可・権限・アクセス制御 |
CVE-2009-3421 | 2012-12-20 19:28 | 2009-09-25 | Show | GitHub Exploit DB Packet Storm |
| 228447 | 6.5 | 警告 | Plume CMS | - | Plume CMS における SQL インジェクションの脆弱性 |
CWE-89
SQLインジェクション |
CVE-2009-3418 | 2012-12-20 19:28 | 2009-09-25 | Show | GitHub Exploit DB Packet Storm |
| 228448 | 4.3 | 警告 | Plohni | - | An image gallery におけるクロスサイトスクリプティングの脆弱性 |
CWE-79
クロスサイト・スクリプティング(XSS) |
CVE-2009-3367 | 2012-12-20 19:28 | 2009-09-24 | Show | GitHub Exploit DB Packet Storm |
| 228449 | 5 | 警告 | Plohni | - | An image gallery の navigation.php におけるディレクトリトラバーサルの脆弱性 |
CWE-22
パス・トラバーサル |
CVE-2009-3366 | 2012-12-20 19:28 | 2009-09-24 | Show | GitHub Exploit DB Packet Storm |
| 228450 | 7.5 | 危険 | traza | - | Aurora CMS の add-ons/modules/sysmanager/plugins/install.plugin.php における PHP リモートファイルインクルージョンの脆弱性 |
CWE-94
コード・インジェクション |
CVE-2009-3365 | 2012-12-20 19:28 | 2009-09-24 | Show | GitHub Exploit DB Packet Storm |
NVD Vulnerability Information
Update Date:May 31, 2026, 4:16 a.m.
| No | CVSS | Level Attach Vector |
Vendor Name | Project Name | Title | CWE | CVE | Update Date | Publication Date | Show Affected | Exploit PoC Search |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 194821 | 9.1 |
CRITICAL
Network |
apache netapp debian oracle |
xmlbeans snap_creator_framework snapmanager oncommand_unified_manager_core_package debian_linux peoplesoft_enterprise_peopletools middleware_common_libraries_and_tools |
The XML parsers used by XMLBeans up to version 2.6.0 did not set the properties needed to protect the user from malicious XML input. Vulnerabilities include possibilities for XML Entity Expansion att… |
CWE-776
XML Entity Expansion |
CVE-2021-23926 | 2024-11-21 14:52 | 2021-01-15 | Show | GitHub Exploit DB Packet Storm |
| 194822 | 5.9 |
MEDIUM
Network |
apache debian oracle |
tomcat debian_linux agile_plm |
When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to … |
CWE-706
Use of Incorrectly-Resolved Name or Reference |
CVE-2021-24122 | 2024-11-21 14:52 | 2021-01-15 | Show | GitHub Exploit DB Packet Storm |
| 194823 | 7.5 |
HIGH
Network |
owasp | json-sanitizer | OWASP json-sanitizer before 1.2.2 can output invalid JSON or throw an undeclared exception for crafted input. This may lead to denial of service if the application is not prepared to handle these sit… |
NVD-CWE-noinfo
|
CVE-2021-23900 | 2024-11-21 14:52 | 2021-01-14 | Show | GitHub Exploit DB Packet Storm |
| 194824 | 9.8 |
CRITICAL
Network |
owasp | json-sanitizer | OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents. |
CWE-611
XXE |
CVE-2021-23899 | 2024-11-21 14:52 | 2021-01-14 | Show | GitHub Exploit DB Packet Storm |
| 194825 | 6.1 |
MEDIUM
Network |
open-xchange | open-xchange_appsuite | OX App Suite through 7.10.4 allows XSS via the subject of a task. |
CWE-79
Cross-site Scripting |
CVE-2021-23936 | 2024-11-21 14:52 | 2021-01-13 | Show | GitHub Exploit DB Packet Storm |
| 194826 | 6.1 |
MEDIUM
Network |
open-xchange | open-xchange_appsuite | OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code. |
CWE-79
Cross-site Scripting |
CVE-2021-23935 | 2024-11-21 14:52 | 2021-01-13 | Show | GitHub Exploit DB Packet Storm |
| 194827 | 6.1 |
MEDIUM
Network |
open-xchange | open-xchange_appsuite | OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code. |
CWE-79
Cross-site Scripting |
CVE-2021-23934 | 2024-11-21 14:52 | 2021-01-13 | Show | GitHub Exploit DB Packet Storm |
| 194828 | 6.1 |
MEDIUM
Network |
open-xchange | open-xchange_appsuite | OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL. |
CWE-79
Cross-site Scripting |
CVE-2021-23933 | 2024-11-21 14:52 | 2021-01-13 | Show | GitHub Exploit DB Packet Storm |
| 194829 | 6.1 |
MEDIUM
Network |
open-xchange | open-xchange_appsuite | OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename. |
CWE-79
Cross-site Scripting |
CVE-2021-23932 | 2024-11-21 14:52 | 2021-01-13 | Show | GitHub Exploit DB Packet Storm |
| 194830 | 6.1 |
MEDIUM
Network |
open-xchange | open-xchange_appsuite | OX App Suite through 7.10.4 allows XSS via an inline binary file. |
CWE-79
Cross-site Scripting |
CVE-2021-23931 | 2024-11-21 14:52 | 2021-01-13 | Show | GitHub Exploit DB Packet Storm |