Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 21, 2026, 2 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
229921 7.5 危険 ZyXEL - ZyXEL ZyWALL における権限を取得される脆弱性 CWE-DesignError
CVE-2008-1160 2012-12-20 18:34 2008-03-24 Show GitHub Exploit DB Packet Storm
229922 5.1 警告 The phpMyAdmin Project - phpMyAdmin における SQL インジェクションおよびクロスサイトリクエストフォージェリ攻撃を実行される脆弱性 CWE-352
CWE-89
CVE-2008-1149 2012-12-20 18:34 2008-03-3 Show GitHub Exploit DB Packet Storm
229923 9.3 危険 synce - SynCE-dccm の vdccm の src/utils.cpp における任意のコマンドを実行される脆弱性 CWE-20
CWE-94
CVE-2008-1136 2012-12-20 18:34 2008-03-4 Show GitHub Exploit DB Packet Storm
229924 4.3 警告 xrms crm - XRMS CRM の admin/users/self.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-1129 2012-12-20 18:34 2008-03-3 Show GitHub Exploit DB Packet Storm
229925 6.8 警告 phpmytourney - phpMyTourney の tourney/index.php における PHP リモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2008-1128 2012-12-20 18:34 2008-03-3 Show GitHub Exploit DB Packet Storm
229926 5 警告 podcast generator - Podcast Generator におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2008-1125 2012-12-20 18:34 2008-03-3 Show GitHub Exploit DB Packet Storm
229927 6.8 警告 podcast generator - Podcast Generator における PHP リモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2008-1124 2012-12-20 18:34 2008-03-3 Show GitHub Exploit DB Packet Storm
229928 6.8 警告 sitebuilder - SiteBuilder Elite における PHP リモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2008-1123 2012-12-20 18:34 2008-03-3 Show GitHub Exploit DB Packet Storm
229929 9.3 危険 rising antivirus international - Rising Antivirus Online Scanner の Web Scan Object ActiveX コントロール における任意のコードを強制的にダウンロードされる脆弱性 CWE-DesignError
CVE-2008-1116 2012-12-20 18:34 2008-03-3 Show GitHub Exploit DB Packet Storm
229930 7.8 危険 Vocera - Cisco Unified Wireless IP Phone 7921 におけるハッシュされたパスワードを盗まれる脆弱性 CWE-200
情報漏えい 		CVE-2008-1113 2012-12-20 18:34 2008-03-3 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 21, 2026, 4:10 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
2471 9.1 CRITICAL
Network 		- - Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authenticated user with administrative privileges can achieve Remote Code Execution (RCE) by uploading a specially crafted ZIP file throug… CWE-94
Code Injection 		CVE-2026-42607 2026-05-12 23:51 2026-05-12 Show GitHub Exploit DB Packet Storm
2472 9.4 CRITICAL
Network 		- - Grav is a file-based Web platform. Prior to 2.0.0-beta.2, the Login::register() method in the Login plugin accepts attacker-controlled groups and access fields from the registration POST data without… CWE-20
CWE-862
 Improper Input Validation 
 Missing Authorization 		CVE-2026-42613 2026-05-12 23:51 2026-05-12 Show GitHub Exploit DB Packet Storm
2473 - - - The form plugin for Grav adds the ability to create and use forms. Prior to 9.1.0 , there is an unauthenticated page-content overwrite via file upload (GHSA-w4rc-p66m-x6qq). Public form uploads now s… CWE-73
 External Control of File Name or Path 		CVE-2026-42845 2026-05-12 23:51 2026-05-12 Show GitHub Exploit DB Packet Storm
2474 4.3 MEDIUM
Network 		- - Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the GET /api/collections and GET /api/collections/:id endpoints return collections from all libraries without checking w… CWE-863
 Incorrect Authorization 		CVE-2026-42884 2026-05-12 23:50 2026-05-12 Show GitHub Exploit DB Packet Storm
2475 4.9 MEDIUM
Network 		- - Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.32.2, the POST /api/backups/upload endpoint decompresses the details entry from an uploaded .audiobookshelf ZIP file entirely … CWE-409
 Improper Handling of Highly Compressed Data (Data Amplification) 		CVE-2026-42886 2026-05-12 23:50 2026-05-12 Show GitHub Exploit DB Packet Storm
2476 4.5 MEDIUM
Network 		- - Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.33.0, a stored cross-site scripting (XSS) vulnerability exists in the Login Page due to improper sanitization of the authLogin… CWE-79
Cross-site Scripting 		CVE-2026-42887 2026-05-12 23:50 2026-05-12 Show GitHub Exploit DB Packet Storm
2477 6.1 MEDIUM
Network 		- - WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/Meet/iframe.php echoes the attacker-controlled user and pass query parameters unescaped into a JavaScript do… CWE-79
Cross-site Scripting 		CVE-2026-43878 2026-05-12 23:50 2026-05-12 Show GitHub Exploit DB Packet Storm
2478 7.2 HIGH
Network 		- - WWBN AVideo is an open source video platform. In versions up to and including 29.0, the server-side mitigation for the YPTSocket autoEvalCodeOnHTML eval sink (from CVE-2026-40911) only strips the pay… CWE-94
Code Injection 		CVE-2026-43874 2026-05-12 23:50 2026-05-12 Show GitHub Exploit DB Packet Storm
2479 7.5 HIGH
Network 		- - WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/CloneSite/cloneClient.json.php echoes the local CloneSite shared secret ($objClone->myKey, a constant md5($g… CWE-209
Information Exposure Through an Error Message 		CVE-2026-43873 2026-05-12 23:50 2026-05-12 Show GitHub Exploit DB Packet Storm
2480 6.8 MEDIUM
Network 		- - WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/MobileManager/oauth2.php completes an OAuth login by sending an HTTP 302 Location: oauth2Success.php?user=<e… CWE-598
Information Exposure Through Query Strings in GET Request  		CVE-2026-43875 2026-05-12 23:50 2026-05-12 Show GitHub Exploit DB Packet Storm