Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 2, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
229491 7.5 危険 techno dreams - Techno Dreams Announcement の MainAnnounce2.asp における SQL インジェクションの脆弱性 - CVE-2006-5641 2012-12-20 18:02 2006-10-31 Show GitHub Exploit DB Packet Storm
229492 7.5 危険 techno dreams - Techno Dreams Guest Book の guestbookview.asp における SQL インジェクションの脆弱性 - CVE-2006-5640 2012-12-20 18:02 2006-10-31 Show GitHub Exploit DB Packet Storm
229493 7.5 危険 phpmyring - PHPMyRing の cherche.php における SQL インジェクションの脆弱性 - CVE-2006-5638 2012-12-20 18:02 2006-10-31 Show GitHub Exploit DB Packet Storm
229494 5.1 警告 sws - SWS の common.php における PHP リモートファイルインクルージョンの脆弱性 - CVE-2006-5636 2012-12-20 18:02 2006-10-31 Show GitHub Exploit DB Packet Storm
229495 7.5 危険 web wiz forums - Web Wiz Forums の forum/search.asp における SQL インジェクションの脆弱性 - CVE-2006-5635 2012-12-20 18:02 2006-10-31 Show GitHub Exploit DB Packet Storm
229496 6.8 警告 phpprofiles - phpProfiles における PHP リモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2006-5634 2012-12-20 18:02 2006-10-31 Show GitHub Exploit DB Packet Storm
229497 7.5 危険 unisor cms - UNISOR CMS の login.asp における SQL インジェクションの脆弱性 - CVE-2006-5628 2012-12-20 18:02 2006-10-31 Show GitHub Exploit DB Packet Storm
229498 7.5 危険 qnecms - QnECMS における PHP リモートファイルインクルージョンの脆弱性 - CVE-2006-5627 2012-12-20 18:02 2006-10-31 Show GitHub Exploit DB Packet Storm
229499 4.3 警告 phpfaber - phpFaber CMS の cms_images/js/htmlarea/htmlarea.php におけるクロスサイトスクリプティングの脆弱性 - CVE-2006-5626 2012-12-20 18:02 2006-10-31 Show GitHub Exploit DB Packet Storm
229500 7.5 危険 thepeak - Thepeak File Upload Manager の index.php におけるディレクトリトラバーサルの脆弱性 - CVE-2006-5617 2012-12-20 18:02 2006-10-30 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 2, 2026, 4:08 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
212711 9.8 CRITICAL
Network 		magento magento Insecure authentication and session management vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can append arbitrary session id tha… CWE-613
 Insufficient Session Expiration 		CVE-2019-8149 2024-11-21 13:49 2019-11-6 Show GitHub Exploit DB Packet Storm
212712 4.8 MEDIUM
Network 		magento magento A stored cross-site scripting (XSS) vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can inject arbitrary JavaScript code when creating a content page via p… CWE-79
Cross-site Scripting 		CVE-2019-8148 2024-11-21 13:49 2019-11-6 Show GitHub Exploit DB Packet Storm
212713 5.4 MEDIUM
Network 		magento magento A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via custome… CWE-79
Cross-site Scripting 		CVE-2019-8147 2024-11-21 13:49 2019-11-6 Show GitHub Exploit DB Packet Storm
212714 5.4 MEDIUM
Network 		magento magento A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code when adding… CWE-79
Cross-site Scripting 		CVE-2019-8146 2024-11-21 13:49 2019-11-6 Show GitHub Exploit DB Packet Storm
212715 9.8 CRITICAL
Network 		magento magento A remote code execution vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can insert a malicious payload through PageBuilder template methods. NVD-CWE-noinfo
CVE-2019-8144 2024-11-21 13:49 2019-11-6 Show GitHub Exploit DB Packet Storm
212716 6.5 MEDIUM
Network 		magento magento A SQL injection vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user with access to email templates can send malicious SQL queries and ob… CWE-89
SQL Injection 		CVE-2019-8143 2024-11-21 13:49 2019-11-6 Show GitHub Exploit DB Packet Storm
212717 5.4 MEDIUM
Network 		magento magento A stored cross-site scripting (XSS) vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary JavaScript code via title o… CWE-79
Cross-site Scripting 		CVE-2019-8142 2024-11-21 13:49 2019-11-6 Show GitHub Exploit DB Packet Storm
212718 7.2 HIGH
Network 		magento magento A remote code execution vulnerability exists in Magento 2.1 prior to 2.1.19, Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3. An authenticated user with administrative privileges (system leve… CWE-502
 Deserialization of Untrusted Data 		CVE-2019-8141 2024-11-21 13:49 2019-11-6 Show GitHub Exploit DB Packet Storm
212719 4.9 MEDIUM
Network 		magento magento An unrestricted file upload vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated admin user can manipulate the Synchronization feature in the … CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2019-8140 2024-11-21 13:49 2019-11-6 Show GitHub Exploit DB Packet Storm
212720 5.4 MEDIUM
Network 		magento magento A stored cross-site scripting (XSS) vulnerability exists in Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can inject arbitrary Javascript code into the dynamic block when invoking pag… CWE-79
Cross-site Scripting 		CVE-2019-8139 2024-11-21 13:49 2019-11-6 Show GitHub Exploit DB Packet Storm