Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 31, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
228881	4.3	警告	platinumprofitzone	-	Turnkey Ebook Store の index.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-1225	2012-12-20 19:10	2009-04-2	Show	GitHub Exploit DB Packet Storm

228882	7.5	危険	scivox	-	vsp stats プロセッサの vsp-core/pub/themes/bismarck/gamestat.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-1224	2012-12-20 19:10	2009-04-2	Show	GitHub Exploit DB Packet Storm

228883	5.1	警告	webEdition e.V.	-	webEdition の index.php におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2009-1222	2012-12-20 19:10	2009-04-2	Show	GitHub Exploit DB Packet Storm

228884	7.8	危険	precisionid	-	DMATRIXLib.Datamatrix の PRECIS~2.DLL における任意のファイルを上書きされる脆弱性	CWE-Other その他	CVE-2009-1212	2012-12-20 19:10	2009-04-1	Show	GitHub Exploit DB Packet Storm

228885	9.3	危険	w3	-	W3C Amaya Web Browser におけるスタックベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2009-1209	2012-12-20 19:10	2009-04-1	Show	GitHub Exploit DB Packet Storm

228886	4.3	警告	Tiki Software Community Association	-	Tiki CMS/Groupware におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-1204	2012-12-20 19:10	2009-03-18	Show	GitHub Exploit DB Packet Storm

228887	5	警告	サン・マイクロシステムズ	-	Sun JDK の java.util.regex.Pattern.compile メソッドにおけるサービス運用妨害 (DoS) の脆弱性	CWE-399 リソース管理の問題	CVE-2009-1190	2012-12-20 19:10	2009-04-27	Show	GitHub Exploit DB Packet Storm

228888	10	危険	UMN	-	MapServer の mapserv におけるスタックベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2009-1177	2012-12-20 19:10	2009-03-31	Show	GitHub Exploit DB Packet Storm

228889	10	危険	UMN	-	MapServer の mapserv におけるバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2009-1176	2012-12-20 19:10	2009-03-31	Show	GitHub Exploit DB Packet Storm

228890	7.3	危険	シーメンス	-	Siemens Gigaset SE461 WiMAX ルータにおけるサービス運用妨害 (DoS) の脆弱性	CWE-noinfo 情報不足	CVE-2009-1152	2012-12-20 19:10	2009-03-26	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 31, 2026, 4:16 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
194981	6.5	MEDIUM Network	llhttp oracle debian	llhttp graalvm debian_linux	The parser in accepts requests with a space (SP) right after the header name before the colon. This can lead to HTTP Request Smuggling (HRS) in llhttp < v2.1.4 and < v6.0.6.	CWE-444 HTTP Request Smuggling	CVE-2021-22959	2024-11-21 14:51	2021-11-16	Show	GitHub Exploit DB Packet Storm

194982	6.5	MEDIUM Network	llhttp oracle debian	llhttp graalvm debian_linux	The parse function in llhttp < 2.1.4 and < 6.0.6. ignores chunk extensions when parsing the body of chunked requests. This leads to HTTP Request Smuggling (HRS) under certain conditions.	CWE-444 HTTP Request Smuggling	CVE-2021-22960	2024-11-21 14:51	2021-11-4	Show	GitHub Exploit DB Packet Storm

194983	6.1	MEDIUM Network	tempura_project	tempura	This affects the package tempura before 0.4.0. If the input to the esc function is of type object (i.e an array) it is returned without being escaped/sanitized, leading to a potential Cross-Site Scri…	CWE-79 Cross-site Scripting	CVE-2021-23784	2024-11-21 14:51	2021-11-4	Show	GitHub Exploit DB Packet Storm

194984	9.8	CRITICAL Network	dotty_project	dotty	This affects the package dotty before 0.1.2. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the path parameter are arrays.	CWE-843 Type Confusion	CVE-2021-23624	2024-11-21 14:51	2021-11-4	Show	GitHub Exploit DB Packet Storm

194985	9.8	CRITICAL Network	json-ptr_project	json-ptr	This affects the package json-ptr before 3.0.0. A type confusion vulnerability can lead to a bypass of CVE-2020-7766 when the user-provided keys used in the pointer parameter are arrays.	CWE-843 Type Confusion	CVE-2021-23509	2024-11-21 14:51	2021-11-4	Show	GitHub Exploit DB Packet Storm

194986	6.1	MEDIUM Network	bootstrap-table	bootstrap_table	This affects versions before 1.19.1 of package bootstrap-table. A type confusion vulnerability can lead to a bypass of input sanitization when the input provided to the escapeHTML function is an arra…	CWE-843 Type Confusion	CVE-2021-23472	2024-11-21 14:51	2021-11-4	Show	GitHub Exploit DB Packet Storm

194987	9.8	CRITICAL Network	jsonpointer_project	jsonpointer	This affects all versions of package json-pointer. A type confusion vulnerability can lead to a bypass of CVE-2020-7709 when the pointer components are arrays.	CWE-843 Type Confusion	CVE-2021-23820	2024-11-21 14:51	2021-11-4	Show	GitHub Exploit DB Packet Storm

194988	7.8	HIGH Local	mcafee	total_protection	Privilege escalation vulnerability in the Windows trial installer of McAfee Total Protection (MTP) prior to 16.0.34_x may allow a local user to run arbitrary code as the admin user by replacing a spe…	CWE-269 Improper Privilege Management	CVE-2021-23877	2024-11-21 14:51	2021-10-27	Show	GitHub Exploit DB Packet Storm

194989	7.5	HIGH Network	trendmicro	apex_one worry-free_business_security worry-free_business_security_services	A null pointer vulnerability in Trend Micro Apex One and Worry-Free Business Security 10.0 SP1 could allow an attacker to crash the CGI program on affected installations.	CWE-476 NULL Pointer Dereference	CVE-2021-23139	2024-11-21 14:51	2021-10-21	Show	GitHub Exploit DB Packet Storm

194990	9.8	CRITICAL Network	binaryops	x-assign	This affects all versions of package x-assign. The global proto object can be polluted using the __proto__ object.	CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	CVE-2021-23452	2024-11-21 14:51	2021-10-20	Show	GitHub Exploit DB Packet Storm