Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 3, 2026, 2:01 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
229781	4.3	警告	wikidsystems	-	WiKID wClient-PHP の sample.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-4763	2012-12-20 18:52	2008-10-27	Show	GitHub Exploit DB Packet Storm

229782	5	警告	php-daily	-	PHP-Daily の download_file.php におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2008-4758	2012-12-20 18:52	2008-10-27	Show	GitHub Exploit DB Packet Storm

229783	7.5	危険	php-daily	-	PHP-Daily における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-4757	2012-12-20 18:52	2008-10-27	Show	GitHub Exploit DB Packet Storm

229784	4.3	警告	php-daily	-	PHP-Daily の add_prest_date.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-4756	2012-12-20 18:52	2008-10-27	Show	GitHub Exploit DB Packet Storm

229785	7.5	危険	pozscripts	-	PozScripts Classified Auctions Script の gotourl.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-4755	2012-12-20 18:52	2008-10-27	Show	GitHub Exploit DB Packet Storm

229786	5.8	警告	scripts-for-sites	-	SFS Ez Forum の forum.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-4754	2012-12-20 18:52	2008-10-27	Show	GitHub Exploit DB Packet Storm

229787	7.5	危険	tech logic	-	TlNews における認証を回避される脆弱性	CWE-287 不適切な認証	CVE-2008-4752	2012-12-20 18:52	2008-10-27	Show	GitHub Exploit DB Packet Storm

229788	7.5	危険	uniwin	-	Uniwin eCart Professional における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-4746	2012-12-20 18:52	2008-10-27	Show	GitHub Exploit DB Packet Storm

229789	4.3	警告	uniwin	-	Uniwin eCart Professional の emailFriend.asp におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-4745	2012-12-20 18:52	2008-10-27	Show	GitHub Exploit DB Packet Storm

229790	7.5	危険	quidascript	-	QuidaScript FAQ Management Script の index.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-4743	2012-12-20 18:52	2008-10-27	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 3, 2026, 4:18 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
224981	4.3	MEDIUM Network	atlassian	jira jira_software_data_center jira_server jira_data_center	Comment properties in Atlassian Jira Server and Data Center before version 7.13.12, from 8.0.0 before version 8.5.4, and 8.6.0 before version 8.6.1 allows remote attackers to make comments on a ticke…	CWE-276 Incorrect Default Permissions	CVE-2019-20106	2024-11-21 13:38	2020-02-6	Show	GitHub Exploit DB Packet Storm

224982	7.5	HIGH Network	atlassian	crowd	The OpenID client application in Atlassian Crowd before version 3.6.2, and from version 3.7.0 before 3.7.1 allows remote attackers to perform a Denial of Service attack via an XML Entity Expansion vu…	CWE-776 XML Entity Expansion	CVE-2019-20104	2024-11-21 13:38	2020-02-6	Show	GitHub Exploit DB Packet Storm

224983	9.8	CRITICAL Network	jobberbase	jobberbase	Jobberbase 2.0 has SQL injection via the PATH_INFO to the jobs-in endpoint.	CWE-89 SQL Injection	CVE-2019-20447	2024-11-21 13:38	2020-02-6	Show	GitHub Exploit DB Packet Storm

224984	6.1	MEDIUM Network	auth0	login_by_auth0	The Auth0 wp-auth0 plugin 3.11.x before 3.11.3 for WordPress allows XSS via a wle parameter associated with wp-login.php.	CWE-79 Cross-site Scripting	CVE-2019-20173	2024-11-21 13:38	2020-02-6	Show	GitHub Exploit DB Packet Storm

224985	6.1	MEDIUM Network	auth0	lock	Auth0 Lock before 11.21.0 allows XSS when additionalSignUpFields is used with an untrusted placeholder.	CWE-79 Cross-site Scripting	CVE-2019-20174	2024-11-21 13:38	2020-02-4	Show	GitHub Exploit DB Packet Storm

224986	6.5	MEDIUM Network	gnome opensuse fedoraproject debian canonical netapp	librsvg leap fedora debian_linux ubuntu_linux active_iq_unified_manager	In xml.rs in GNOME librsvg before 2.46.2, a crafted SVG file with nested patterns can cause denial of service when passed to the library for processing. The attacker constructs pattern elements so th…	CWE-400 Uncontrolled Resource Consumption	CVE-2019-20446	2024-11-21 13:38	2020-02-2	Show	GitHub Exploit DB Packet Storm

224987	7.8	HIGH Local	trendmicro	anti-threat_toolkit	Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary …	CWE-427 CWE-426 CWE-732 Uncontrolled Search Path Element Untrusted Search Path Incorrect Permission Assignment for Critical Resource	CVE-2019-20358	2024-11-21 13:38	2020-01-31	Show	GitHub Exploit DB Packet Storm

224988	9.1	CRITICAL Network	netty debian fedoraproject canonical redhat apache	netty debian_linux fedora ubuntu_linux jboss_amq_clients jboss_enterprise_application_platform spark	HttpObjectDecoder.java in Netty before 4.1.44 allows a Content-Length header to be accompanied by a second Content-Length header, or by a Transfer-Encoding header.	CWE-444 HTTP Request Smuggling	CVE-2019-20445	2024-11-21 13:38	2020-01-30	Show	GitHub Exploit DB Packet Storm

224989	9.1	CRITICAL Network	netty debian fedoraproject canonical redhat	netty debian_linux fedora ubuntu_linux jboss_amq_clients jboss_enterprise_application_platform	HttpObjectDecoder.java in Netty before 4.1.44 allows an HTTP header that lacks a colon, which might be interpreted as a separate header with an incorrect syntax, or might be interpreted as an "invali…	CWE-444 HTTP Request Smuggling	CVE-2019-20444	2024-11-21 13:38	2020-01-30	Show	GitHub Exploit DB Packet Storm

224990	9.8	CRITICAL Network	dlink	dir-859_firmware	D-Link DIR-859 1.05 and 1.06B01 Beta01 devices allow remote attackers to execute arbitrary OS commands via the urn: to the M-SEARCH method in ssdpcgi() in /htdocs/cgibin, because SERVER_ID is mishand…	CWE-78 OS Command	CVE-2019-20217	2024-11-21 13:38	2020-01-29	Show	GitHub Exploit DB Packet Storm