Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 24, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
230181 4.3 警告 simon elvery
WordPress.org		 - WordPress 用の Simon Elvery WP-Footnotes プラグイにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-0691 2012-12-20 18:34 2008-02-11 Show GitHub Exploit DB Packet Storm
230182 4.3 警告 smartscript - Smartscript Domain Trader の catalog.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-0688 2012-12-20 18:34 2008-02-11 Show GitHub Exploit DB Packet Storm
230183 7.5 危険 youtube - Youtube Clone Script の siteadmin/editor_files/includes/load_message.php におけるクロスサイトスクリプティングの脆弱性 CWE-94
コード・インジェクション 		CVE-2008-0687 2012-12-20 18:34 2008-02-11 Show GitHub Exploit DB Packet Storm
230184 7.5 危険 WordPress.org - WordPress 用の st_newsletter プラグインにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-0683 2012-12-20 18:34 2008-02-11 Show GitHub Exploit DB Packet Storm
230185 7.5 危険 WordPress.org - WordPress 用の Wordspew プラグインにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-0682 2012-12-20 18:34 2008-02-11 Show GitHub Exploit DB Packet Storm
230186 6.8 警告 phpshop - PHPShop の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-0681 2012-12-20 18:34 2008-02-11 Show GitHub Exploit DB Packet Storm
230187 7.5 危険 the everything development company - The Everything Development System の The Everything Development Engine における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-0675 2012-12-20 18:34 2008-02-11 Show GitHub Exploit DB Packet Storm
230188 7.5 危険 tintin - TinTin++ および WinTin++ におけるホームディレクトリの一番上のレベルにある任意のファイルを切り捨てられる脆弱性 CWE-DesignError
CVE-2008-0673 2012-12-20 18:34 2008-02-11 Show GitHub Exploit DB Packet Storm
230189 5 警告 tintin - TinTin++ および WinTin++ の process_chat_input 関数におけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認 		CVE-2008-0672 2012-12-20 18:34 2008-02-11 Show GitHub Exploit DB Packet Storm
230190 10 危険 tintin - TinTin++ および WinTin++ の add_line_buffer 関数におけるスタックベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2008-0671 2012-12-20 18:34 2008-02-11 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 24, 2026, 4:05 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
223381 8.8 HIGH
Network 		xerox altalink_c8035_firmware Xerox AltaLink C8035 printers allow CSRF. A request to add users is made in the Device User Database form field to the xerox.set URI. (The frmUserName value must have a unique name.) CWE-352
 Origin Validation Error 		CVE-2019-19832 2024-11-21 13:35 2019-12-19 Show GitHub Exploit DB Packet Storm
223382 5.4 MEDIUM
Network 		solarwinds serv-u_ftp_server A cross-site scripting (XSS) vulnerability exists in SolarWinds Serv-U FTP Server 15.1.7 in the email parameter, a different vulnerability than CVE-2018-19934 and CVE-2019-13182. CWE-79
Cross-site Scripting 		CVE-2019-19829 2024-11-21 13:35 2019-12-19 Show GitHub Exploit DB Packet Storm
223383 7.8 HIGH
Local 		shadow_project shadow shadow 4.8, in certain circumstances affecting at least Gentoo, Arch Linux, and Void Linux, allows local users to obtain root access because setuid programs are misconfigured. Specifically, this affe… CWE-732
 Incorrect Permission Assignment for Critical Resource 		CVE-2019-19882 2024-11-21 13:35 2019-12-19 Show GitHub Exploit DB Packet Storm
223384 4.8 MEDIUM
Network 		dlink dir-615_firmware On D-Link DIR-615 devices, the User Account Configuration page is vulnerable to blind XSS via the name field. CWE-79
Cross-site Scripting 		CVE-2019-19742 2024-11-21 13:35 2019-12-18 Show GitHub Exploit DB Packet Storm
223385 7.5 HIGH
Network 		sqlite
netapp
debian
suse
redhat
opensuse
oracle
siemens 		sqlite
cloud_backup
debian_linux
package_hub
enterprise_linux_desktop
enterprise_linux_server
enterprise_linux_workstation
leap
backports_sle
mysql_workbench
sinec_infra… 		exprListAppendList in window.c in SQLite 3.30.1 allows attackers to trigger an invalid pointer dereference because constant integer values in ORDER BY clauses of window definitions are mishandled. CWE-476
 NULL Pointer Dereference 		CVE-2019-19880 2024-11-21 13:35 2019-12-18 Show GitHub Exploit DB Packet Storm
223386 9.8 CRITICAL
Network 		joomla joomla\! In Joomla! before 3.9.14, the lack of validation of configuration parameters used in SQL queries caused various SQL injection vectors. CWE-89
SQL Injection 		CVE-2019-19846 2024-11-21 13:35 2019-12-18 Show GitHub Exploit DB Packet Storm
223387 5.3 MEDIUM
Network 		joomla joomla\! In Joomla! before 3.9.14, a missing access check in framework files could lead to a path disclosure. CWE-22
Path Traversal 		CVE-2019-19845 2024-11-21 13:35 2019-12-18 Show GitHub Exploit DB Packet Storm
223388 6.1 MEDIUM
Network 		zulip zulip_server The image thumbnailing handler in Zulip Server versions 1.9.0 to before 2.0.8 allowed an open redirect that was visible to logged-in users. CWE-601
Open Redirect 		CVE-2019-19775 2024-11-21 13:35 2019-12-18 Show GitHub Exploit DB Packet Storm
223389 9.8 CRITICAL
Network 		verot_project
getk2 		verot
k2 		class.upload.php in verot.net class.upload through 1.0.3 and 2.x through 2.0.4, as used in the K2 extension for Joomla! and other products, omits .pht from the set of dangerous file extensions, a sim… CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2019-19634 2024-11-21 13:35 2019-12-18 Show GitHub Exploit DB Packet Storm
223390 7.2 HIGH
Network 		typo3 typo3 An issue was discovered in TYPO3 before 8.7.30, 9.x before 9.5.12, and 10.x before 10.2.2. Because escaping of user-submitted content is mishandled, the class QueryGenerator is vulnerable to SQL inje… CWE-89
SQL Injection 		CVE-2019-19850 2024-11-21 13:35 2019-12-18 Show GitHub Exploit DB Packet Storm