Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 27, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
229951 4.3 警告 samtodo - SamTodo の dsp_main.php などにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-2563 2012-12-20 18:52 2008-06-6 Show GitHub Exploit DB Packet Storm
229952 6.5 警告 powerphlogger - PowerPhlogger の edCss.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-2562 2012-12-20 18:52 2008-06-6 Show GitHub Exploit DB Packet Storm
229953 4.3 警告 slashcode.com - Slash におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-2553 2012-12-20 18:52 2008-06-5 Show GitHub Exploit DB Packet Storm
229954 9.3 危険 Skype Technologies S.A. - Skype における警告ダイアログを回避される脆弱性 CWE-20
不適切な入力確認 		CVE-2008-2545 2012-12-20 18:52 2008-06-6 Show GitHub Exploit DB Packet Storm
229955 7.2 危険 サン・マイクロシステムズ - Sun Solaris 上の Sun Cluster における任意の削除されたファイルデータが読まれる脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2008-2539 2012-12-20 18:52 2008-03-30 Show GitHub Exploit DB Packet Storm
229956 7.5 危険 YABSoft - YABSoft AIH Script の out.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-2536 2012-12-20 18:52 2008-06-3 Show GitHub Exploit DB Packet Storm
229957 7.5 危険 quickupcms - Concepts & Solutions QuickUpCMS における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-2530 2012-12-20 18:52 2008-06-3 Show GitHub Exploit DB Packet Storm
229958 4.3 警告 TYPO3 Association - TYPO3 用の WT Gallery エクステンションにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-2526 2012-12-20 18:52 2008-06-3 Show GitHub Exploit DB Packet Storm
229959 4.3 警告 TYPO3 Association - TYPO3 用の Event Database エクステンションにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-2525 2012-12-20 18:52 2008-06-3 Show GitHub Exploit DB Packet Storm
229960 7.5 危険 raknet - RakNet の Autopatcher サーバプラグインにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-2523 2012-12-20 18:52 2008-06-3 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 27, 2026, 4:52 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
224041 8.8 HIGH
Network 		nopcommerce nopcommerce RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to CSRF because GET requests can be used for renames and deletions. CWE-352
 Origin Validation Error 		CVE-2019-19685 2024-11-21 13:35 2019-12-10 Show GitHub Exploit DB Packet Storm
224042 8.8 HIGH
Network 		nopcommerce nopcommerce nopCommerce v4.2.0 allows privilege escalation via file upload in Presentation/Nop.Web/Admin/Areas/Controllers/PluginController.cs via Admin/FacebookAuthentication/Configure because it is possible to… CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2019-19684 2024-11-21 13:35 2019-12-10 Show GitHub Exploit DB Packet Storm
224043 9.1 CRITICAL
Network 		nopcommerce nopcommerce RoxyFileman, as shipped with nopCommerce v4.2.0, is vulnerable to ../ path traversal via d or f to Admin/RoxyFileman/ProcessRequest because of Libraries/Nop.Services/Media/RoxyFileman/FileRoxyFileman… CWE-22
Path Traversal 		CVE-2019-19683 2024-11-21 13:35 2019-12-10 Show GitHub Exploit DB Packet Storm
224044 4.8 MEDIUM
Network 		nopcommerce nopcommerce nopCommerce through 4.20 allows XSS in the SaveStoreMappings of the components \Presentation\Nop.Web\Areas\Admin\Controllers\NewsController.cs and \Presentation\Nop.Web\Areas\Admin\Controllers\BlogCo… CWE-79
Cross-site Scripting 		CVE-2019-19682 2024-11-21 13:35 2019-12-10 Show GitHub Exploit DB Packet Storm
224045 5.4 MEDIUM
Network 		xpand-it xray_test_mangaement In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the Pre-Condition Summary entry point via the summary field of a Create Pre-Condition action… CWE-79
Cross-site Scripting 		CVE-2019-19679 2024-11-21 13:35 2019-12-10 Show GitHub Exploit DB Packet Storm
224046 5.4 MEDIUM
Network 		xpand-it xray_test_mangaement In "Xray Test Management for Jira" prior to version 3.5.5, remote authenticated attackers can cause XSS in the generic field entry point via the Generic Test Definition field of a new Generic Test is… CWE-79
Cross-site Scripting 		CVE-2019-19678 2024-11-21 13:35 2019-12-10 Show GitHub Exploit DB Packet Storm
224047 5.5 MEDIUM
Local 		sqlite
netapp
oracle
tenable
siemens 		sqlite
cloud_backup
ontap_select_deploy_administration_utility
mysql_workbench
tenable.sc
sinec_infrastructure_network_services 		alter.c in SQLite through 3.30.1 allows attackers to trigger infinite recursion via certain types of self-referential views in conjunction with ALTER TABLE statements. CWE-674
 Uncontrolled Recursion 		CVE-2019-19645 2024-11-21 13:35 2019-12-10 Show GitHub Exploit DB Packet Storm
224048 7.8 HIGH
Local 		virustotal
fedoraproject 		yara
fedora 		In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, re… CWE-125
Out-of-bounds Read 		CVE-2019-19648 2024-11-21 13:35 2019-12-9 Show GitHub Exploit DB Packet Storm
224049 7.8 HIGH
Local 		radare
fedoraproject 		radare2
fedora 		radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a… CWE-476
 NULL Pointer Dereference 		CVE-2019-19647 2024-11-21 13:35 2019-12-9 Show GitHub Exploit DB Packet Storm
224050 8.8 HIGH
Network 		supermicro x8sti-f_bios
x8sti-f_firmware 		On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP a… CWE-78
OS Command  		CVE-2019-19642 2024-11-21 13:35 2019-12-8 Show GitHub Exploit DB Packet Storm