Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 30, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
229291	7.5	危険	wh-com	-	Joomla! および Mambo 用の webhosting.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-6653	2012-12-20 19:10	2009-04-7	Show	GitHub Exploit DB Packet Storm

229292	8.8	危険	versalsoft	-	Versalsoft HTTP Image Uploader ActiveX コントロールにおける任意のファイルを削除される脆弱性	CWE-16 環境設定	CVE-2008-6638	2012-12-20 19:10	2009-04-7	Show	GitHub Exploit DB Packet Storm

229293	7.8	危険	TYPO3 Association	-	TYPO3 用の wt_gallery エクステンションにおけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2008-6630	2012-12-20 19:10	2009-04-7	Show	GitHub Exploit DB Packet Storm

229294	4.3	警告	webbdomain	-	WEBBDOMAIN Multi Languages WebShop Online の detail.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-6629	2012-12-20 19:10	2009-04-6	Show	GitHub Exploit DB Packet Storm

229295	7.5	危険	webbdomain	-	WEBBDOMAIN WebShop の getin.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-6627	2012-12-20 19:10	2009-04-6	Show	GitHub Exploit DB Packet Storm

229296	7.5	危険	webbdomain	-	WEBBDOMAIN Quiz の getin.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-6626	2012-12-20 19:10	2009-04-6	Show	GitHub Exploit DB Packet Storm

229297	7.5	危険	webbdomain	-	WEBBDOMAIN Polls の getin.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-6625	2012-12-20 19:10	2009-04-6	Show	GitHub Exploit DB Packet Storm

229298	7.5	危険	webbdomain	-	WEBBDOMAIN Petition の getin.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-6624	2012-12-20 19:10	2009-04-6	Show	GitHub Exploit DB Packet Storm

229299	7.5	危険	webbdomain	-	WEBBDOMAIN Post Card の getin.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-6623	2012-12-20 19:10	2009-04-6	Show	GitHub Exploit DB Packet Storm

229300	7.5	危険	webbdomian	-	WEBBDOMAIN Post Card の choosecard.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-6622	2012-12-20 19:10	2009-04-6	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 30, 2026, 4:16 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
208531	9.8	CRITICAL Network	microfocus	identity_manager	NetIQ Identity Manager 4.8 prior to version 4.8 SP2 HF1 are affected by an injection vulnerability. This vulnerability is fixed in NetIQ IdM 4.8 SP2 HF1.	CWE-89 SQL Injection	CVE-2020-25839	2024-11-21 14:18	2020-11-21	Show	GitHub Exploit DB Packet Storm

208532	5.3	MEDIUM Network	moodle fedoraproject	moodle fedora	The participants table download in Moodle always included user emails, but should have only done so when users' emails are not hidden. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5 and 3.7 to 3.7.8. …	CWE-200 Information Exposure	CVE-2020-25703	2024-11-21 14:18	2020-11-20	Show	GitHub Exploit DB Packet Storm

208533	6.1	MEDIUM Network	moodle fedoraproject	moodle fedora	In Moodle, it was possible to include JavaScript when re-naming content bank items. Versions affected: 3.9 to 3.9.2. This is fixed in moodle 3.9.3 and 3.10.	CWE-79 Cross-site Scripting	CVE-2020-25702	2024-11-21 14:18	2020-11-20	Show	GitHub Exploit DB Packet Storm

208534	5.3	MEDIUM Network	moodle fedoraproject	moodle fedora	If the upload course tool in Moodle was used to delete an enrollment method which did not exist or was not already enabled, the tool would erroneously enable that enrollment method. This could lead t…	CWE-863 Incorrect Authorization	CVE-2020-25701	2024-11-21 14:18	2020-11-20	Show	GitHub Exploit DB Packet Storm

208535	6.5	MEDIUM Network	moodle fedoraproject	moodle fedora	In moodle, some database module web services allowed students to add entries within groups they did not belong to. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earli…	CWE-89 SQL Injection	CVE-2020-25700	2024-11-21 14:18	2020-11-20	Show	GitHub Exploit DB Packet Storm

208536	7.5	HIGH Network	moodle fedoraproject	moodle fedora	In moodle, insufficient capability checks could lead to users with the ability to course restore adding additional capabilities to roles within that course. Versions affected: 3.9 to 3.9.2, 3.8 to 3.…	CWE-863 Incorrect Authorization	CVE-2020-25699	2024-11-21 14:18	2020-11-20	Show	GitHub Exploit DB Packet Storm

208537	7.5	HIGH Network	moodle fedoraproject	moodle fedora	Users' enrollment capabilities were not being sufficiently checked in Moodle when they are restored into an existing course. This could lead to them unenrolling users without having permission to do …	NVD-CWE-noinfo	CVE-2020-25698	2024-11-21 14:18	2020-11-20	Show	GitHub Exploit DB Packet Storm

208538	6.1	MEDIUM Network	kyocera	ecosys_m2640idw_firmware	The web application of Kyocera printer (ECOSYS M2640IDW) is affected by Stored XSS vulnerability, discovered in the addition a new contact in "Machine Address Book". Successful exploitation of this v…	CWE-79 Cross-site Scripting	CVE-2020-25890	2024-11-21 14:18	2020-11-18	Show	GitHub Exploit DB Packet Storm

208539	5.4	MEDIUM Network	limesurvey	limesurvey	A stored cross-site scripting (XSS) vulnerability in LimeSurvey before and including 3.21.1 allows authenticated users with correct permissions to inject arbitrary web script or HTML via parameter Pa…	CWE-79 Cross-site Scripting	CVE-2020-25798	2024-11-21 14:18	2020-11-18	Show	GitHub Exploit DB Packet Storm

208540	4.6	MEDIUM Physics	resourcexpress	qubi3_firmware	QED ResourceXpress Qubi3 devices before 1.40.9 could allow a local attacker (with physical access to the device) to obtain sensitive information via the debug interface (keystrokes over a USB cable),…	CWE-200 Information Exposure	CVE-2020-25746	2024-11-21 14:18	2020-11-17	Show	GitHub Exploit DB Packet Storm