Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 8, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
231001 5 警告 winsoftmagic - WinSoftMagic WRPC Lite におけるサービス運用妨害 (DoS) の脆弱性 CWE-399
リソース管理の問題 		CVE-2008-3269 2012-12-20 18:52 2008-07-24 Show GitHub Exploit DB Packet Storm
231002 7.5 危険 softacid - SoftAcid HRS Multi の picture_pic_bv.asp における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-3266 2012-12-20 18:52 2008-07-24 Show GitHub Exploit DB Packet Storm
231003 7.5 危険 Zoph - Zoph における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-3258 2012-12-20 18:52 2008-07-22 Show GitHub Exploit DB Packet Storm
231004 7.5 危険 siteframe - Siteframe CMS の folder.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-3256 2012-12-20 18:52 2008-07-22 Show GitHub Exploit DB Packet Storm
231005 6.8 警告 precoc - preCMS の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-3254 2012-12-20 18:52 2008-07-22 Show GitHub Exploit DB Packet Storm
231006 7.5 危険 tpl design - tplSoccerSite における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-3251 2012-12-20 18:52 2008-07-21 Show GitHub Exploit DB Packet Storm
231007 10 危険 ppmate - PPMate の PPMedia Class ActiveX コントロールにおけるヒープベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2008-3242 2012-12-20 18:52 2008-07-21 Show GitHub Exploit DB Packet Storm
231008 7.5 危険 ultrastats - UltraStats の players-detail.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-3241 2012-12-20 18:52 2008-07-21 Show GitHub Exploit DB Packet Storm
231009 9.3 危険 phpizabi - PHPizabi の system/v_cron_proc.php における任意のコードをアップロードされる脆弱性 CWE-20
不適切な入力確認 		CVE-2008-3239 2012-12-20 18:52 2008-07-21 Show GitHub Exploit DB Packet Storm
231010 4.3 警告 WordPress.org - WordPress におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-3233 2012-12-20 18:52 2008-07-18 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 8, 2026, 4:09 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
196711 6.1 MEDIUM
Network 		johndatserakis file-upload-with-preview This affects the package file-upload-with-preview before 4.2.0. A file containing malicious JavaScript code in the name can be uploaded (a user needs to be tricked into uploading such a file). CWE-79
Cross-site Scripting 		CVE-2021-23439 2024-11-21 14:51 2021-09-5 Show GitHub Exploit DB Packet Storm
196712 7.5 HIGH
Network 		python
fedoraproject 		pillow
fedora 		The package pillow 5.2.0 and before 8.3.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the getrgb function. CWE-125
Out-of-bounds Read 		CVE-2021-23437 2024-11-21 14:51 2021-09-4 Show GitHub Exploit DB Packet Storm
196713 9.8 CRITICAL
Network 		mpath_project mpath This affects the package mpath before 0.8.4. A type confusion vulnerability can lead to a bypass of CVE-2018-16490. In particular, the condition ignoreProperties.indexOf(parts[i]) !== -1 returns -1 i… CWE-843
Type Confusion 		CVE-2021-23438 2024-11-21 14:51 2021-09-2 Show GitHub Exploit DB Packet Storm
196714 9.8 CRITICAL
Network 		immer_project immer This affects the package immer before 9.0.6. A type confusion vulnerability can lead to a bypass of CVE-2020-28477 when the user-provided keys used in the path parameter are arrays. In particular, th… CWE-843
Type Confusion 		CVE-2021-23436 2024-11-21 14:51 2021-09-2 Show GitHub Exploit DB Packet Storm
196715 9.8 CRITICAL
Network 		elfinder.netcore_project elfinder.netcore This affects all versions of package elFinder.NetCore. The Path.Combine(...) method is used to create an absolute file path. Due to missing sanitation of the user input and a missing check of the gen… CWE-22
Path Traversal 		CVE-2021-23428 2024-11-21 14:51 2021-09-2 Show GitHub Exploit DB Packet Storm
196716 9.8 CRITICAL
Network 		elfinder.netcore_project elfinder.netcore This affects all versions of package elFinder.NetCore. The ExtractAsync function within the FileSystem is vulnerable to arbitrary extraction due to insufficient validation. CWE-22
Path Traversal 		CVE-2021-23427 2024-11-21 14:51 2021-09-2 Show GitHub Exploit DB Packet Storm
196717 7.5 HIGH
Network 		proto_project proto This affects all versions of package Proto. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function. NVD-CWE-Other
CVE-2021-23426 2024-11-21 14:51 2021-09-2 Show GitHub Exploit DB Packet Storm
196718 8.6 HIGH
Network 		object-path_project
debian 		object-path
debian_linux 		This affects the package object-path before 0.11.6. A type confusion vulnerability can lead to a bypass of CVE-2020-15256 when the path components used in the path parameter are arrays. In particular… CWE-843
Type Confusion 		CVE-2021-23434 2024-11-21 14:51 2021-08-28 Show GitHub Exploit DB Packet Storm
196719 9.8 CRITICAL
Network 		mootools_project mootools This affects all versions of package mootools. This is due to the ability to pass untrusted input to Object.merge() NVD-CWE-noinfo
CVE-2021-23432 2024-11-21 14:51 2021-08-24 Show GitHub Exploit DB Packet Storm
196720 8.8 HIGH
Network 		joplinapp joplin The package joplin before 2.3.2 are vulnerable to Cross-site Request Forgery (CSRF) due to missing CSRF checks in various forms. CWE-352
 Origin Validation Error 		CVE-2021-23431 2024-11-21 14:51 2021-08-24 Show GitHub Exploit DB Packet Storm