Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 3, 2026, 10 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
229401 7.8 危険 rakhisoftware - RakhiSoftware Price Comparison Script における重要な情報を取得される脆弱性 CWE-200
情報漏えい 		CVE-2008-6279 2012-12-20 19:10 2009-02-25 Show GitHub Exploit DB Packet Storm
229402 4.3 警告 rakhisoftware - RakhiSoftware Price Comparison Script の product.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-6278 2012-12-20 19:10 2009-02-25 Show GitHub Exploit DB Packet Storm
229403 7.5 危険 rakhisoftware - RakhiSoftware Price Comparison Script の product.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-6277 2012-12-20 19:10 2009-02-25 Show GitHub Exploit DB Packet Storm
229404 6.8 警告 tbmnet - TBmnetCMS の index.php におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2008-6271 2012-12-20 19:10 2009-02-25 Show GitHub Exploit DB Packet Storm
229405 7.5 危険 sadi samami - WEBBDOMAIN Multi Languages WebShop Online の detail.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-6268 2012-12-20 19:10 2009-02-25 Show GitHub Exploit DB Packet Storm
229406 7.5 危険 ultrastats - Ultrastats の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-6260 2012-12-20 19:10 2009-02-24 Show GitHub Exploit DB Packet Storm
229407 4.3 警告 quadcomm - QuadComm Q-Shop の search.asp におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-6259 2012-12-20 19:10 2009-02-24 Show GitHub Exploit DB Packet Storm
229408 7.5 危険 quadcomm - QuadComm Q-Shop の users.asp における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-6258 2012-12-20 19:10 2009-02-24 Show GitHub Exploit DB Packet Storm
229409 6.5 警告 vBulletin Solutions, Inc. - vBulletin の admincp/admincalendar.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-6256 2012-12-20 19:10 2009-02-24 Show GitHub Exploit DB Packet Storm
229410 6.5 警告 vBulletin Solutions, Inc. - vBulletin における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-6255 2012-12-20 19:10 2009-02-24 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 3, 2026, 4:18 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
195461 9.8 CRITICAL
Network 		appwrite
litespeed.js_project 		appwrite
litespeed.js 		This affects the package litespeed.js before 0.3.12; the package appwrite/server-ce from 0.12.0 and before 0.12.2, before 0.11.1. When parsing the query string in the getJsonFromUrl function, the key… CWE-1321
 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') 		CVE-2021-23682 2024-11-21 14:51 2022-02-17 Show GitHub Exploit DB Packet Storm
195462 9.8 CRITICAL
Network 		vm2_project vm2 The package vm2 before 3.9.6 are vulnerable to Sandbox Bypass via direct access to host error objects generated by node internals during generation of a stacktraces, which can lead to execution of ar… NVD-CWE-noinfo
CVE-2021-23555 2024-11-21 14:51 2022-02-12 Show GitHub Exploit DB Packet Storm
195463 7.5 HIGH
Network 		fastify fastify-multipart This affects the package fastify-multipart before 5.3.1. By providing a name=constructor property it is still possible to crash the application. **Note:** This is a bypass of CVE-2020-8136 (https://s… CWE-1321
 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') 		CVE-2021-23597 2024-11-21 14:51 2022-02-12 Show GitHub Exploit DB Packet Storm
195464 7.8 HIGH
Local 		intel advisor Improper access control in the Intel(R) Advisor software before version 2021.2 may allow an authenticated user to potentially enable escalation of privilege via local access. NVD-CWE-Other
CVE-2021-23152 2024-11-21 14:51 2022-02-10 Show GitHub Exploit DB Packet Storm
195465 8.8 HIGH
Network 		concretecms concrete_cms A cross-site request forgery vulnerability exists in Concrete CMS <v9 that could allow an attacker to make requests on behalf of other users. CWE-352
 Origin Validation Error 		CVE-2021-22954 2024-11-21 14:51 2022-02-10 Show GitHub Exploit DB Packet Storm
195466 9.8 CRITICAL
Network 		skratchdot object-path-set The package object-path-set before 1.0.2 are vulnerable to Prototype Pollution via the setPath method, as it allows an attacker to merge object prototypes into it. *Note:* This vulnerability derives … CWE-1321
 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') 		CVE-2021-23507 2024-11-21 14:51 2022-02-5 Show GitHub Exploit DB Packet Storm
195467 9.8 CRITICAL
Network 		set_project set This affects the package @strikeentco/set before 1.0.2. It allows an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomple… CWE-1321
 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') 		CVE-2021-23497 2024-11-21 14:51 2022-02-5 Show GitHub Exploit DB Packet Storm
195468 9.8 CRITICAL
Network 		putil-merge_project putil-merge This affects the package putil-merge before 3.8.0. The merge() function does not check the values passed into the argument. An attacker can supply a malicious value by adjusting the value to include … CWE-1321
 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') 		CVE-2021-23470 2024-11-21 14:51 2022-02-5 Show GitHub Exploit DB Packet Storm
195469 7.8 HIGH
Local 		juce juce This affects the package juce-framework/JUCE before 6.1.5. This vulnerability is triggered when a malicious archive is crafted with an entry containing a symbolic link. When extracted, the symbolic l… CWE-59
Link Following 		CVE-2021-23521 2024-11-21 14:51 2022-01-31 Show GitHub Exploit DB Packet Storm
195470 9.8 CRITICAL
Network 		juce juce The package juce-framework/juce before 6.1.5 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) via the ZipFile::uncompressEntry function in juce_ZipFile.cpp. This vulnerability… CWE-22
Path Traversal 		CVE-2021-23520 2024-11-21 14:51 2022-01-31 Show GitHub Exploit DB Packet Storm