Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 6, 2026, 10 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
230701 7.5 危険 SoftbizScripts - Softbiz Jokes & Funny Pics Script の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-2874 2012-12-20 18:52 2008-06-26 Show GitHub Exploit DB Packet Storm
230702 7.5 危険 sharecms - ShareCMS における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-2870 2012-12-20 18:52 2008-06-26 Show GitHub Exploit DB Packet Storm
230703 6.8 警告 webchamado - WebChamado の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-2858 2012-12-20 18:52 2008-06-25 Show GitHub Exploit DB Packet Storm
230704 7.5 危険 softdivision - Maxtrade AIO の Trade モジュールにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-2847 2012-12-20 18:52 2008-06-25 Show GitHub Exploit DB Packet Storm
230705 4.3 警告 traindepot - Traindepot の search モジュールにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-2839 2012-12-20 18:52 2008-06-24 Show GitHub Exploit DB Packet Storm
230706 5 警告 traindepot - Traindepot の index.php におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2008-2838 2012-12-20 18:52 2008-06-24 Show GitHub Exploit DB Packet Storm
230707 7.5 危険 sidb - Scientific Image DataBase の projects.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-2834 2012-12-20 18:52 2008-06-24 Show GitHub Exploit DB Packet Storm
230708 10 危険 worldlevel - le.cms の admin/upload.php における管理者の認証を回避される脆弱性 CWE-287
不適切な認証 		CVE-2008-2833 2012-12-20 18:52 2008-06-24 Show GitHub Exploit DB Packet Storm
230709 10 危険 tmsnc - tmsnc におけるスタックベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2008-2828 2012-12-20 18:52 2008-06-23 Show GitHub Exploit DB Packet Storm
230710 4.3 警告 Xerox - Xerox WorkCentre M123 などの組込み Web Server におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-2825 2012-12-20 18:52 2008-06-12 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 6, 2026, 4:18 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
196541 9.8 CRITICAL
Network 		binaryops x-assign This affects all versions of package x-assign. The global proto object can be polluted using the __proto__ object. CWE-1321
 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') 		CVE-2021-23452 2024-11-21 14:51 2021-10-20 Show GitHub Exploit DB Packet Storm
196542 10.0 CRITICAL
Network 		vm2_project vm2 This affects the package vm2 before 3.9.4 via a Prototype Pollution attack vector, which can lead to execution of arbitrary code on the host machine. CWE-1321
 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') 		CVE-2021-23449 2024-11-21 14:51 2021-10-19 Show GitHub Exploit DB Packet Storm
196543 9.8 CRITICAL
Network 		glasswire glasswire A code injection vulnerability exists within the firewall software of GlassWire v2.1.167 that could lead to arbitrary code execution from a file in the user path on first execution. CWE-94
Code Injection 		CVE-2021-22961 2024-11-21 14:51 2021-10-18 Show GitHub Exploit DB Packet Storm
196544 6.1 MEDIUM
Network 		fastify fastify-static A redirect vulnerability in the fastify-static module version < 4.2.4 allows remote attackers to redirect users to arbitrary websites via a double slash // followed by a domain: http://localhost:3000… CWE-601
Open Redirect 		CVE-2021-22963 2024-11-21 14:51 2021-10-15 Show GitHub Exploit DB Packet Storm
196545 8.8 HIGH
Network 		fastify fastify-static A redirect vulnerability in the `fastify-static` module version >= 4.2.4 and < 4.4.1 allows remote attackers to redirect Mozilla Firefox users to arbitrary websites via a double slash `//` followed b… CWE-601
Open Redirect 		CVE-2021-22964 2024-11-21 14:51 2021-10-15 Show GitHub Exploit DB Packet Storm
196546 9.8 CRITICAL
Network 		config-handler_project config-handler All versions of package config-handler are vulnerable to Prototype Pollution when loading config files. CWE-1321
 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') 		CVE-2021-23448 2024-11-21 14:51 2021-10-12 Show GitHub Exploit DB Packet Storm
196547 6.1 MEDIUM
Network 		teddy_project teddy This affects the package teddy before 0.5.9. A type confusion vulnerability can be used to bypass input sanitization when the model content is an array (instead of a string). CWE-843
Type Confusion 		CVE-2021-23447 2024-11-21 14:51 2021-10-8 Show GitHub Exploit DB Packet Storm
196548 9.8 CRITICAL
Network 		concretecms concrete_cms A Server-Side Request Forgery vulnerability was found in concrete5 < 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction wit… CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2021-22958 2024-11-21 14:51 2021-10-7 Show GitHub Exploit DB Packet Storm
196549 6.1 MEDIUM
Network 		bosch rexroth_indramotion_mlc_l20_firmware
rexroth_indramotion_mlc_l40_firmware 		The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a client’s computer by sending the client a manipulated URL. CWE-79
Cross-site Scripting 		CVE-2021-23856 2024-11-21 14:51 2021-10-5 Show GitHub Exploit DB Packet Storm
196550 7.5 HIGH
Network 		bosch rexroth_indramotion_xlc_firmware
rexroth_indramotion_mlc_firmware 		The user and password data base is exposed by an unprotected web server resource. Passwords are hashed with a weak hashing algorithm and therefore allow an attacker to determine the password by using… CWE-326
Inadequate Encryption Strength 		CVE-2021-23855 2024-11-21 14:51 2021-10-5 Show GitHub Exploit DB Packet Storm