Vulnerability Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 28, 2026, 10 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
232791	8.8	危険	versalsoft	-	Versalsoft HTTP Image Uploader ActiveX コントロールにおける任意のファイルを削除される脆弱性	CWE-16 環境設定	CVE-2008-6638	2012-12-20 19:10	2009-04-7	Show	GitHub Exploit DB Packet Storm

232792	7.8	危険	TYPO3 Association	-	TYPO3 用の wt_gallery エクステンションにおけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2008-6630	2012-12-20 19:10	2009-04-7	Show	GitHub Exploit DB Packet Storm

232793	4.3	警告	webbdomain	-	WEBBDOMAIN Multi Languages WebShop Online の detail.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-6629	2012-12-20 19:10	2009-04-6	Show	GitHub Exploit DB Packet Storm

232794	7.5	危険	webbdomain	-	WEBBDOMAIN WebShop の getin.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-6627	2012-12-20 19:10	2009-04-6	Show	GitHub Exploit DB Packet Storm

232795	7.5	危険	webbdomain	-	WEBBDOMAIN Quiz の getin.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-6626	2012-12-20 19:10	2009-04-6	Show	GitHub Exploit DB Packet Storm

232796	7.5	危険	webbdomain	-	WEBBDOMAIN Polls の getin.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-6625	2012-12-20 19:10	2009-04-6	Show	GitHub Exploit DB Packet Storm

232797	7.5	危険	webbdomain	-	WEBBDOMAIN Petition の getin.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-6624	2012-12-20 19:10	2009-04-6	Show	GitHub Exploit DB Packet Storm

232798	7.5	危険	webbdomain	-	WEBBDOMAIN Post Card の getin.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-6623	2012-12-20 19:10	2009-04-6	Show	GitHub Exploit DB Packet Storm

232799	7.5	危険	webbdomian	-	WEBBDOMAIN Post Card の choosecard.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-6622	2012-12-20 19:10	2009-04-6	Show	GitHub Exploit DB Packet Storm

232800	6.8	警告	sitexs cms	-	SiteXS CMS の adm/visual/upload.php における任意のコードを実行される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2008-6617	2012-12-20 19:10	2009-04-6	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 28, 2026, 4:01 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
199321	6.1	MEDIUM Network	livinglogic	xist4c	LivingLogic XIST4C before 0.107.8 allows XSS via feedback.htm or feedback.wihtm.	CWE-79 Cross-site Scripting	CVE-2021-26122	2024-11-21 14:55	2021-05-7	Show	GitHub Exploit DB Packet Storm

199322	8.8	HIGH Network	libreoffice	libreoffice	In the LibreOffice 7-1 series in versions prior to 7.1.2, and in the 7-0 series in versions prior to 7.0.5, the denylist can be circumvented by manipulating the link so it doesn't match the denylist …	NVD-CWE-Other	CVE-2021-25631	2024-11-21 14:55	2021-05-3	Show	GitHub Exploit DB Packet Storm

199323	9.8	CRITICAL Network	chinamobile	an_lianbao_wf-1_firmware	Command injection vulnerability in China Mobile An Lianbao WF-1 1.01 via the 'ip' parameter with a POST request to /api/ZRQos/set_online_client.	CWE-77 Command Injection	CVE-2021-25812	2024-11-21 14:55	2021-04-30	Show	GitHub Exploit DB Packet Storm

199324	7.5	HIGH Network	mercusys	mercury_x18g_firmware	MERCUSYS Mercury X18G 1.0.5 devices allow Denial of service via a crafted value to the POST listen_http_lan parameter. Upon subsequent device restarts after this vulnerability is exploted the device …	NVD-CWE-noinfo	CVE-2021-25811	2024-11-21 14:55	2021-04-30	Show	GitHub Exploit DB Packet Storm

199325	6.1	MEDIUM Network	mercusys	mercury_x18g_firmware	Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0.5 devices, via crafted values to the 'src_dport_start', 'src_dport_end', and 'dest_port' parameters.	CWE-79 Cross-site Scripting	CVE-2021-25810	2024-11-21 14:55	2021-04-30	Show	GitHub Exploit DB Packet Storm

199326	9.8	CRITICAL Network	minthcm	minthcm	A weak password requirement vulnerability exists in the Create New User function of MintHCM RELEASE 3.0.8, which could lead an attacker to easier password brute-forcing.	CWE-521 Weak Password Requirements	CVE-2021-25839	2024-11-21 14:55	2021-04-26	Show	GitHub Exploit DB Packet Storm

199327	6.1	MEDIUM Network	minthcm	minthcm	The Import function in MintHCM RELEASE 3.0.8 allows an attacker to execute a cross-site scripting (XSS) payload in file-upload.	CWE-79 Cross-site Scripting	CVE-2021-25838	2024-11-21 14:55	2021-04-26	Show	GitHub Exploit DB Packet Storm

199328	9.8	CRITICAL Network	manta	safe-obj	Prototype pollution vulnerability in 'safe-obj' versions 1.0.0 through 1.0.2 allows an attacker to cause a denial of service and may lead to remote code execution.	CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	CVE-2021-25928	2024-11-21 14:55	2021-04-26	Show	GitHub Exploit DB Packet Storm

199329	9.8	CRITICAL Network	safe-flat_project	safe-flat	Prototype pollution vulnerability in 'safe-flat' versions 2.0.0 through 2.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.	CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	CVE-2021-25927	2024-11-21 14:55	2021-04-26	Show	GitHub Exploit DB Packet Storm

199330	7.5	HIGH Network	void	aurall_rec_monitor	An issue was discovered in svc-login.php in Void Aural Rec Monitor 9.0.0.1. An unauthenticated attacker can send a crafted HTTP request to perform a blind time-based SQL Injection. The vulnerable par…	CWE-89 SQL Injection	CVE-2021-25899	2024-11-21 14:55	2021-04-24	Show	GitHub Exploit DB Packet Storm

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed