Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 7, 2026, 2 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
230751 7.5 危険 y-blog - yBlog における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-2669 2012-12-20 18:52 2008-06-11 Show GitHub Exploit DB Packet Storm
230752 4.3 警告 y-blog - yBlog におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-2668 2012-12-20 18:52 2008-06-11 Show GitHub Exploit DB Packet Storm
230753 7.5 危険 smeweb - SMEWeb の catalog.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-2652 2012-12-20 18:52 2008-06-10 Show GitHub Exploit DB Packet Storm
230754 4.3 警告 smeweb - SMEWeb における任意の Web スクリプトまたは HTML を挿入される脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-2644 2012-12-20 18:52 2008-06-10 Show GitHub Exploit DB Packet Storm
230755 7.5 危険 theflashblog - FlashBlog の php/leer_comentarios.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-2572 2012-12-20 18:52 2008-06-6 Show GitHub Exploit DB Packet Storm
230756 4.3 警告 samtodo - SamTodo の dsp_main.php などにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-2563 2012-12-20 18:52 2008-06-6 Show GitHub Exploit DB Packet Storm
230757 6.5 警告 powerphlogger - PowerPhlogger の edCss.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-2562 2012-12-20 18:52 2008-06-6 Show GitHub Exploit DB Packet Storm
230758 4.3 警告 slashcode.com - Slash におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-2553 2012-12-20 18:52 2008-06-5 Show GitHub Exploit DB Packet Storm
230759 9.3 危険 Skype Technologies S.A. - Skype における警告ダイアログを回避される脆弱性 CWE-20
不適切な入力確認 		CVE-2008-2545 2012-12-20 18:52 2008-06-6 Show GitHub Exploit DB Packet Storm
230760 7.2 危険 サン・マイクロシステムズ - Sun Solaris 上の Sun Cluster における任意の削除されたファイルデータが読まれる脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2008-2539 2012-12-20 18:52 2008-03-30 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 7, 2026, 4:13 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
196541 9.8 CRITICAL
Network 		skratchdot object-path-set The package object-path-set before 1.0.2 are vulnerable to Prototype Pollution via the setPath method, as it allows an attacker to merge object prototypes into it. *Note:* This vulnerability derives … CWE-1321
 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') 		CVE-2021-23507 2024-11-21 14:51 2022-02-5 Show GitHub Exploit DB Packet Storm
196542 9.8 CRITICAL
Network 		set_project set This affects the package @strikeentco/set before 1.0.2. It allows an attacker to cause a denial of service and may lead to remote code execution. **Note:** This vulnerability derives from an incomple… CWE-1321
 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') 		CVE-2021-23497 2024-11-21 14:51 2022-02-5 Show GitHub Exploit DB Packet Storm
196543 9.8 CRITICAL
Network 		putil-merge_project putil-merge This affects the package putil-merge before 3.8.0. The merge() function does not check the values passed into the argument. An attacker can supply a malicious value by adjusting the value to include … CWE-1321
 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') 		CVE-2021-23470 2024-11-21 14:51 2022-02-5 Show GitHub Exploit DB Packet Storm
196544 7.8 HIGH
Local 		juce juce This affects the package juce-framework/JUCE before 6.1.5. This vulnerability is triggered when a malicious archive is crafted with an entry containing a symbolic link. When extracted, the symbolic l… CWE-59
Link Following 		CVE-2021-23521 2024-11-21 14:51 2022-01-31 Show GitHub Exploit DB Packet Storm
196545 9.8 CRITICAL
Network 		juce juce The package juce-framework/juce before 6.1.5 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) via the ZipFile::uncompressEntry function in juce_ZipFile.cpp. This vulnerability… CWE-22
Path Traversal 		CVE-2021-23520 2024-11-21 14:51 2022-01-31 Show GitHub Exploit DB Packet Storm
196546 9.8 CRITICAL
Network 		keyget_project keyget The package keyget from 0.0.0 are vulnerable to Prototype Pollution via the methods set, push, and at which could allow an attacker to cause a denial of service and may lead to remote code execution.… CWE-1321
 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') 		CVE-2021-23760 2024-11-21 14:51 2022-01-29 Show GitHub Exploit DB Packet Storm
196547 9.8 CRITICAL
Network 		bmoor_project bmoor The package bmoor before 0.10.1 are vulnerable to Prototype Pollution due to missing sanitization in set function. **Note:** This vulnerability derives from an incomplete fix in [CVE-2020-7736](https… CWE-1321
 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') 		CVE-2021-23558 2024-11-21 14:51 2022-01-29 Show GitHub Exploit DB Packet Storm
196548 9.8 CRITICAL
Network 		zip-local_project zip-local The package zip-local before 0.3.5 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) which can lead to an extraction of a crafted file outside the intended extraction directory. CWE-22
Path Traversal 		CVE-2021-23484 2024-11-21 14:51 2022-01-29 Show GitHub Exploit DB Packet Storm
196549 6.1 MEDIUM
Network 		bosch video_security HTML code injection vulnerability in Android Application, Bosch Video Security, version 3.2.3. or earlier, when successfully exploited allows an attacker to inject random HTML code into a component l… CWE-79
Cross-site Scripting 		CVE-2021-23863 2024-11-21 14:51 2022-01-29 Show GitHub Exploit DB Packet Storm
196550 4.8 MEDIUM
Network 		wpchill download_monitor Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_v… - CVE-2021-23174 2024-11-21 14:51 2022-01-29 Show GitHub Exploit DB Packet Storm