Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 4, 2026, 4 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
229911 9.3 危険 ウェブルート株式会社 - Prevx Prevx における HTML 文書内のマルウェアの検知を回避される脆弱性 CWE-20
不適切な入力確認 		CVE-2008-5538 2012-12-20 18:52 2008-12-12 Show GitHub Exploit DB Packet Storm
229912 9.3 危険 クイックヒール・テクノロジーズ・ジャパン株式会社 - CAT-QuickHeal におけるマルウェアの検知を回避される脆弱性 CWE-20
不適切な入力確認 		CVE-2008-5524 2012-12-20 18:52 2008-12-12 Show GitHub Exploit DB Packet Storm
229913 7.5 危険 pozscripts - PozScripts Business Directory Script の showcategory.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-5496 2012-12-20 18:52 2008-12-12 Show GitHub Exploit DB Packet Storm
229914 7.5 危険 phpstore - PHPStore Wholesales の track.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-5493 2012-12-20 18:52 2008-12-12 Show GitHub Exploit DB Packet Storm
229915 9.3 危険 verypdf - VeryDOC PDF Viewer OCX Control の pdfview.ocx におけるヒープベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2008-5492 2012-12-20 18:52 2008-12-12 Show GitHub Exploit DB Packet Storm
229916 7.5 危険 slimcms - SlimCMS の edit.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-5491 2012-12-20 18:52 2008-12-12 Show GitHub Exploit DB Packet Storm
229917 7.5 危険 phpstore - PHPStore Yahoo Answers の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-5490 2012-12-20 18:52 2008-12-12 Show GitHub Exploit DB Packet Storm
229918 4.3 警告 turnkeyforms - TurnkeyForms Text Link Sales の admin.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-5487 2012-12-20 18:52 2008-12-12 Show GitHub Exploit DB Packet Storm
229919 7.5 危険 turnkeyforms - TurnkeyForms Text Link Sales の admin.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-5486 2012-12-20 18:52 2008-12-12 Show GitHub Exploit DB Packet Storm
229920 4.3 警告 PunBB - PunBB の moderate.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-5435 2012-12-20 18:52 2008-12-11 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 4, 2026, 4:17 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
195731 7.5 HIGH
Network 		craftercms crafter_cms Unauthenticated remote attackers can read textual content via FreeMarker including files /scripts/*, /templates/* and some of the files in /.git/* (non-binary). CWE-668
 Exposure of Resource to Wrong Sphere 		CVE-2021-23263 2024-11-21 14:51 2021-12-3 Show GitHub Exploit DB Packet Storm
195732 7.2 HIGH
Network 		craftercms crafter_cms Authenticated administrators may modify the main YAML configuration file and load a Java class resulting in RCE. CWE-913
 Improper Control of Dynamically-Managed Code Resources 		CVE-2021-23262 2024-11-21 14:51 2021-12-3 Show GitHub Exploit DB Packet Storm
195733 4.9 MEDIUM
Network 		craftercms crafter_cms Authenticated administrators may override the system configuration file and cause a denial of service. NVD-CWE-Other
CVE-2021-23261 2024-11-21 14:51 2021-12-3 Show GitHub Exploit DB Packet Storm
195734 5.4 MEDIUM
Network 		craftercms crafter_cms Authenticated users with Site roles may inject XSS scripts via file names that will execute in the browser for this and other users of the same site. CWE-79
Cross-site Scripting 		CVE-2021-23260 2024-11-21 14:51 2021-12-3 Show GitHub Exploit DB Packet Storm
195735 7.2 HIGH
Network 		craftercms crafter_cms Authenticated users with Administrator or Developer roles may execute OS commands by Groovy Script which uses Groovy lib to render a webpage. The groovy script does not have security restrictions, wh… CWE-913
 Improper Control of Dynamically-Managed Code Resources 		CVE-2021-23259 2024-11-21 14:51 2021-12-3 Show GitHub Exploit DB Packet Storm
195736 7.2 HIGH
Network 		craftercms crafter_cms Authenticated users with Administrator or Developer roles may execute OS commands by SPEL Expression in Spring beans. SPEL Expression does not have security restrictions, which will cause attackers t… CWE-913
 Improper Control of Dynamically-Managed Code Resources 		CVE-2021-23258 2024-11-21 14:51 2021-12-3 Show GitHub Exploit DB Packet Storm
195737 9.8 CRITICAL
Network 		html-to-csv_project html-to-csv This affects all versions of package html-to-csv. When there is a formula embedded in a HTML page, it gets accepted without any validation and the same would be pushed while converting it into a CSV … CWE-1236
 Improper Neutralization of Formula Elements in a CSV File 		CVE-2021-23654 2024-11-21 14:51 2021-11-27 Show GitHub Exploit DB Packet Storm
195738 8.8 HIGH
Network 		ui unifi_protect A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Protect application Version 1.19.2 and earlier allows a malicious actor who has convinced a privileged user to access a URL with ma… NVD-CWE-noinfo
CVE-2021-22957 2024-11-21 14:51 2021-11-25 Show GitHub Exploit DB Packet Storm
195739 9.0 CRITICAL
Network 		quobject docker-cli-js This affects all versions of package docker-cli-js. If the command parameter of the Docker.command method can at least be partially controlled by a user, they will be in a position to execute any arb… CWE-78
OS Command  		CVE-2021-23732 2024-11-21 14:51 2021-11-23 Show GitHub Exploit DB Packet Storm
195740 7.5 HIGH
Network 		ssrf-agent_project ssrf-agent The package ssrf-agent before 1.0.5 are vulnerable to Server-side Request Forgery (SSRF) via the defaultIpChecker function. It fails to properly validate if the IP requested is private. CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2021-23718 2024-11-21 14:51 2021-11-23 Show GitHub Exploit DB Packet Storm