Vulnerability Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 8, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
229471	7.5	危険	webdynamite	-	WebDynamite ProjectButler の pda_projects.php における PHP リモートファイルインクルージョンの脆弱性	CWE-94 コード・インジェクション	CVE-2009-2791	2012-12-20 19:10	2009-08-17	Show	GitHub Exploit DB Packet Storm

229472	7.5	危険	softbiz	-	SoftBiz Dating Script の cat_products.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-2790	2012-12-20 19:10	2009-08-17	Show	GitHub Exploit DB Packet Storm

229473	6.8	警告	reputation	-	PunBB 用の Reputation プラグインにおけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2009-2787	2012-12-20 19:10	2009-08-17	Show	GitHub Exploit DB Packet Storm

229474	7.5	危険	reputation	-	PunBB 用の Reputation プラグインにおける SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-2786	2012-12-20 19:10	2009-08-17	Show	GitHub Exploit DB Packet Storm

229475	4.3	警告	XOOPS	-	XOOPS におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-2783	2012-12-20 19:10	2009-08-17	Show	GitHub Exploit DB Packet Storm

229476	7.5	危険	sellatsite.com	-	Smart ASP Survey の showresult.asp における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-2776	2012-12-20 19:10	2009-08-14	Show	GitHub Exploit DB Packet Storm

229477	7.5	危険	phparcadescript	-	PHP Arcade Script の linkout.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-2775	2012-12-20 19:10	2009-08-14	Show	GitHub Exploit DB Packet Storm

229478	7.5	危険	php-paid4mail	-	PHP Paid 4 Mail Script の paidbanner.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-2774	2012-12-20 19:10	2009-08-14	Show	GitHub Exploit DB Packet Storm

229479	7.5	危険	shop-020	-	PHP Paid 4 Mail Script の home.php における PHP リモートファイルインクルージョンの脆弱性	CWE-94 コード・インジェクション	CVE-2009-2773	2012-12-20 19:10	2009-08-14	Show	GitHub Exploit DB Packet Storm

229480	4.3	警告	realtysoft	-	PG Roommate Finder Solution におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-2772	2012-12-20 19:10	2009-08-14	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 8, 2026, 4:09 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
220981	6.5	MEDIUM Network	wordpress	wordpress	WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two …	CWE-22 Path Traversal	CVE-2019-8943	2024-11-21 13:50	2019-02-20	Show	GitHub Exploit DB Packet Storm

220982	8.8	HIGH Network	wordpress debian	wordpress debian_linux	WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code execution because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php su…	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2019-8942	2024-11-21 13:50	2019-02-20	Show	GitHub Exploit DB Packet Storm

220983	6.1	MEDIUM Network	tautulli	tautulli	data/interfaces/default/history.html in Tautulli 2.1.26 has XSS via a crafted Plex username that is mishandled when constructing the History page.	CWE-79 Cross-site Scripting	CVE-2019-8939	2024-11-21 13:50	2019-02-20	Show	GitHub Exploit DB Packet Storm

220984	5.4	MEDIUM Network	o-dyn	collabtive	Collabtive 3.1 allows XSS via the manageuser.php?action=profile id parameter.	CWE-79 Cross-site Scripting	CVE-2019-8935	2024-11-21 13:50	2019-02-20	Show	GitHub Exploit DB Packet Storm

220985	8.8	HIGH Network	dedecms	dedecms	In DedeCMS 5.7SP2, attackers can upload a .php file to the uploads/ directory (without being blocked by the Web Application Firewall), and then execute this file, via this sequence of steps: visiting…	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2019-8933	2024-11-21 13:50	2019-02-19	Show	GitHub Exploit DB Packet Storm

220986	7.5	HIGH Network	seafile	seadroid	The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making …	CWE-330 Use of Insufficiently Random Values	CVE-2019-8919	2024-11-21 13:50	2019-02-19	Show	GitHub Exploit DB Packet Storm

220987	9.8	CRITICAL Network	solarwinds	orion_network_performance_monitor	SolarWinds Orion NPM before 12.4 suffers from a SYSTEM remote code execution vulnerability in the OrionModuleEngine service. This service establishes a NetTcpBinding endpoint that allows remote, unau…	NVD-CWE-noinfo	CVE-2019-8917	2024-11-21 13:50	2019-02-19	Show	GitHub Exploit DB Packet Storm

220988	7.8	HIGH Local	linux redhat canonical opensuse	linux_kernel enterprise_linux ubuntu_linux leap	In the Linux kernel through 4.20.11, af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr.	CWE-416 Use After Free	CVE-2019-8912	2024-11-21 13:50	2019-02-19	Show	GitHub Exploit DB Packet Storm

220989	6.1	MEDIUM Network	wtcms_project	wtcms	An issue was discovered in WTCMS 1.0. It has stored XSS via the third text box (for the website statistics code).	CWE-79 Cross-site Scripting	CVE-2019-8911	2024-11-21 13:50	2019-02-19	Show	GitHub Exploit DB Packet Storm

220990	8.8	HIGH Network	wtcms_project	wtcms	An issue was discovered in WTCMS 1.0. It allows index.php?g=admin&m=setting&a=site_post CSRF.	CWE-352 Origin Validation Error	CVE-2019-8910	2024-11-21 13:50	2019-02-19	Show	GitHub Exploit DB Packet Storm

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed