Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 3, 2026, noon

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
228581 4.3 警告 phpscriptsnow - PHP Scripts Now World's Tallest Buildings の bios.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2009-2884 2012-12-20 19:10 2009-08-20 Show GitHub Exploit DB Packet Storm
228582 3.5 注意 サン・マイクロシステムズ - Sun VDI における VDI 設定データを平文で読まれる脆弱性 CWE-200
情報漏えい 		CVE-2009-2856 2012-12-20 19:10 2009-08-14 Show GitHub Exploit DB Packet Storm
228583 6.4 警告 WordPress.org - Wordpress における許可されていない編集などをされる脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2009-2854 2012-12-20 19:10 2009-08-3 Show GitHub Exploit DB Packet Storm
228584 10 危険 WordPress.org - Wordpress における権限を取得される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2009-2853 2012-12-20 19:10 2009-08-3 Show GitHub Exploit DB Packet Storm
228585 6.8 警告 ryan.mcgeary - Wordpress 用の WP-Syntax プラグインにおける任意の PHP コードを実行される脆弱性 CWE-20
不適切な入力確認 		CVE-2009-2852 2012-12-20 19:10 2009-08-18 Show GitHub Exploit DB Packet Storm
228586 4.3 警告 WordPress.org - WordPress の管理者インターフェースにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2009-2851 2012-12-20 19:10 2009-07-20 Show GitHub Exploit DB Packet Storm
228587 7.5 危険 webdynamite - WebDynamite ProjectButler の pda_projects.php における PHP リモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2009-2791 2012-12-20 19:10 2009-08-17 Show GitHub Exploit DB Packet Storm
228588 7.5 危険 softbiz - SoftBiz Dating Script の cat_products.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2009-2790 2012-12-20 19:10 2009-08-17 Show GitHub Exploit DB Packet Storm
228589 6.8 警告 reputation - PunBB 用の Reputation プラグインにおけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2009-2787 2012-12-20 19:10 2009-08-17 Show GitHub Exploit DB Packet Storm
228590 7.5 危険 reputation - PunBB 用の Reputation プラグインにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2009-2786 2012-12-20 19:10 2009-08-17 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 3, 2026, 4:18 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
226021 8.1 HIGH
Network 		combodo itop A post-authentication privilege escalation in the web application of Combodo iTop allows regular authenticated users to access information and modify information with administrative privileges by not… CWE-79
Cross-site Scripting 		CVE-2019-19821 2024-11-21 13:35 2020-03-17 Show GitHub Exploit DB Packet Storm
226022 7.5 HIGH
Network 		swisscom centro_grande_firmware
centro_business 		Missing output sanitation in Swisscom Centro Grande Centro Grande before 6.16.12, Centro Business 1.0 (ADB) before 7.10.18, and Centro Business 2.0 before 8.02.04 allows a remote attacker to perform … CWE-20
 Improper Input Validation  		CVE-2019-19942 2024-11-21 13:35 2020-03-17 Show GitHub Exploit DB Packet Storm
226023 5.4 MEDIUM
Network 		swisscom centro_grande_firmware Missing hostname validation in Swisscom Centro Grande before 6.16.12 allows a remote attacker to inject its local IP address as a domain entry in the DNS service of the router via crafted hostnames i… CWE-79
Cross-site Scripting 		CVE-2019-19941 2024-11-21 13:35 2020-03-17 Show GitHub Exploit DB Packet Storm
226024 7.2 HIGH
Network 		swisscom centro_grande_firmware Incorrect input sanitation in text-oriented user interfaces (telnet, ssh) in Swisscom Centro Grande before 6.16.12 allows remote authenticated users to execute arbitrary commands via command injectio… CWE-78
OS Command  		CVE-2019-19940 2024-11-21 13:35 2020-03-17 Show GitHub Exploit DB Packet Storm
226025 4.8 MEDIUM
Network 		sangoma freepbx An XSS Injection vulnerability exists in Sangoma FreePBX and PBXact 13, 14, and 15 within the Debug/Test page of the Superfecta module at the admin/config.php?display=superfecta URI. This affects Sup… CWE-79
Cross-site Scripting 		CVE-2019-19851 2024-11-21 13:35 2020-03-17 Show GitHub Exploit DB Packet Storm
226026 7.5 HIGH
Network 		halvotec raquest An issue was discovered in Halvotec RaQuest 10.23.10801.0. One of the exposed web services allows an anonymous user to access the list of connected users as well as the session cookie for each user. … NVD-CWE-noinfo
CVE-2019-19611 2024-11-21 13:35 2020-03-14 Show GitHub Exploit DB Packet Storm
226027 5.3 MEDIUM
Network 		zohocorp manageengine_applications_manager Zoho ManageEngine Applications Manager before 14600 allows a remote unauthenticated attacker to disclose license related information via WieldFeedServlet servlet. CWE-306
Missing Authentication for Critical Function 		CVE-2019-19799 2024-11-21 13:35 2020-03-14 Show GitHub Exploit DB Packet Storm
226028 6.0 MEDIUM
Local 		lenovo xclarity_administrator An internal product security audit of Lenovo XClarity Administrator (LXCA) discovered Windows OS credentials, used to perform driver updates of managed systems, being written to a log file in clear t… CWE-532
 Inclusion of Sensitive Information in Log Files 		CVE-2019-19756 2024-11-21 13:35 2020-03-14 Show GitHub Exploit DB Packet Storm
226029 7.5 HIGH
Network 		halvotec raquest An issue was discovered in Halvotec RAQuest 10.23.10801.0. The login page is vulnerable to wildcard injection, allowing an attacker to enumerate the list of users sharing an identical password. Fixed… CWE-74
Injection 		CVE-2019-19614 2024-11-21 13:35 2020-03-10 Show GitHub Exploit DB Packet Storm
226030 5.4 MEDIUM
Network 		lexmark cs31x_firmware
cs41x_firmware
cs51x_firmware
cx310_firmware
cx410_firmware
xc2130_firmware
cx510_firmware
xc2132_firmware
ms310_firmware
ms312_firmware
ms317_firmware 		Various Lexmark products have stored XSS in the embedded web server used in older generation Lexmark devices. Affected products are available in http://support.lexmark.com/index?page=content&id=TE935… CWE-79
Cross-site Scripting 		CVE-2019-19773 2024-11-21 13:35 2020-03-7 Show GitHub Exploit DB Packet Storm