Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 8, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
229431	3.5	注意	シマンテック	-	SecurityExpressions Audit および Compliance Server のコンソールにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-3029	2012-12-20 19:28	2009-10-6	Show	GitHub Exploit DB Packet Storm

229432	4.3	警告	Pidgin	-	Pidgin におけるサービス運用妨害 (DoS) の脆弱性	CWE-noinfo 情報不足	CVE-2009-3025	2012-12-20 19:28	2009-08-31	Show	GitHub Exploit DB Packet Storm

229433	4.3	警告	QtWeb.NET	-	QtWeb におけるクロスサイトスクリプティング (XSS) 攻撃を実行される脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-3015	2012-12-20 19:28	2009-08-31	Show	GitHub Exploit DB Packet Storm

229434	4.3	警告	RADVISION	-	Radvision Scopia の entry/index.jsp におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-2965	2012-12-20 19:28	2009-08-25	Show	GitHub Exploit DB Packet Storm

229435	4.3	警告	xapian	-	Xapian Omega におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-2947	2012-12-20 19:28	2009-09-14	Show	GitHub Exploit DB Packet Storm

229436	4.3	警告	stanford	-	Stanford University WebAuth の weblogin/login.fcgi におけるパスワードを特定される脆弱性	CWE-255 証明書・パスワード管理	CVE-2009-2945	2012-12-20 19:28	2009-08-31	Show	GitHub Exploit DB Packet Storm

229437	7.5	危険	pygresql	-	Python 用の pygresql モジュールにおけるマルチバイト文字のエンコーディングに関する問題を利用される脆弱性	CWE-Other その他	CVE-2009-2940	2012-12-20 19:28	2009-10-14	Show	GitHub Exploit DB Packet Storm

229438	6.9	警告	Postfix Project	-	Debian GNU/Linux などの製品で使用される postfix パッケージにおけるシンボリックリンク攻撃を実行される脆弱性	CWE-59 リンク解釈の問題	CVE-2009-2939	2012-12-20 19:28	2009-09-21	Show	GitHub Exploit DB Packet Storm

229439	9.3	危険	programmedintegration	-	Programmed Integration PIPL の xaudio.dll におけるスタックベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2009-2934	2012-12-20 19:28	2009-08-21	Show	GitHub Exploit DB Packet Storm

229440	7.5	危険	Piwigo	-	Piwigo の comments.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-2933	2012-12-20 19:28	2009-08-21	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 8, 2026, 4:09 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
220981	6.5	MEDIUM Network	wordpress	wordpress	WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two …	CWE-22 Path Traversal	CVE-2019-8943	2024-11-21 13:50	2019-02-20	Show	GitHub Exploit DB Packet Storm

220982	8.8	HIGH Network	wordpress debian	wordpress debian_linux	WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php su…	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2019-8942	2024-11-21 13:50	2019-02-20	Show	GitHub Exploit DB Packet Storm

220983	6.1	MEDIUM Network	tautulli	tautulli	data/interfaces/default/history.html in Tautulli 2.1.26 has XSS via a crafted Plex username that is mishandled when constructing the History page.	CWE-79 Cross-site Scripting	CVE-2019-8939	2024-11-21 13:50	2019-02-20	Show	GitHub Exploit DB Packet Storm

220984	5.4	MEDIUM Network	o-dyn	collabtive	Collabtive 3.1 allows XSS via the manageuser.php?action=profile id parameter.	CWE-79 Cross-site Scripting	CVE-2019-8935	2024-11-21 13:50	2019-02-20	Show	GitHub Exploit DB Packet Storm

220985	8.8	HIGH Network	dedecms	dedecms	In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being blocked by the Web Application Firewall), and then execute this file, via this sequence of steps: visiting…	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2019-8933	2024-11-21 13:50	2019-02-19	Show	GitHub Exploit DB Packet Storm

220986	7.5	HIGH Network	seafile	seadroid	The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making …	CWE-330 Use of Insufficiently Random Values	CVE-2019-8919	2024-11-21 13:50	2019-02-19	Show	GitHub Exploit DB Packet Storm

220987	9.8	CRITICAL Network	solarwinds	orion_network_performance_monitor	SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unau…	NVD-CWE-noinfo	CVE-2019-8917	2024-11-21 13:50	2019-02-19	Show	GitHub Exploit DB Packet Storm

220988	7.8	HIGH Local	linux redhat canonical opensuse	linux_kernel enterprise_linux ubuntu_linux leap	In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.	CWE-416 Use After Free	CVE-2019-8912	2024-11-21 13:50	2019-02-19	Show	GitHub Exploit DB Packet Storm

220989	6.1	MEDIUM Network	wtcms_project	wtcms	An issue was discovered in WTCMS 1.0. It has stored XSS via the third text box (for the website statistics code).	CWE-79 Cross-site Scripting	CVE-2019-8911	2024-11-21 13:50	2019-02-19	Show	GitHub Exploit DB Packet Storm

220990	8.8	HIGH Network	wtcms_project	wtcms	An issue was discovered in WTCMS 1.0. It allows index.php?g=admin&m=setting&a=site_post CSRF.	CWE-352 Origin Validation Error	CVE-2019-8910	2024-11-21 13:50	2019-02-19	Show	GitHub Exploit DB Packet Storm