Vulnerability Search Top
Show Search Menu
|
You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database). |
JVN Vulnerability Information
Update Date":June 10, 2026, 6 p.m.
| No | CVSS | Level Attach Vector |
Vendor Name | Project Name | Title | CWE | CVE | Update Date | Publication Date | Impact Show |
Exploit PoC Search |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 249231 | 7.5 | 危険 | azucar cms | - | Azucar CMS の admin/index_sitios.php における PHP リモートファイルインクルージョンの脆弱性 |
CWE-94
コード・インジェクション |
CVE-2006-6720 | 2012-06-26 15:38 | 2006-12-23 | Show | GitHub Exploit DB Packet Storm |
| 249232 | 5 | 警告 | GNU Project | - | FSF GNU wget の ftp-basic.c の ftp_syst 関数におけるサービス運用妨害 (DoS) の脆弱性 | - | CVE-2006-6719 | 2012-06-26 15:38 | 2006-12-23 | Show | GitHub Exploit DB Packet Storm |
| 249233 | 7.5 | 危険 | アライドテレシス | - | Allied Telesis AT-9000/24 Ethernet スイッチにおける不正のアクションを実行される脆弱性 | - | CVE-2006-6718 | 2012-06-26 15:38 | 2006-12-23 | Show | GitHub Exploit DB Packet Storm |
| 249234 | 7.5 | 危険 | アライドテレシス | - | Allied Telesis AT-9000/24 Ethernet スイッチにおける想定外のロケーションから攻撃を実行される脆弱性 | - | CVE-2006-6717 | 2012-06-26 15:38 | 2006-12-23 | Show | GitHub Exploit DB Packet Storm |
| 249235 | 7.5 | 危険 | eric guillaume | - | Eric GUILLAUME uploader&downloader における SQL インジェクションの脆弱性 | - | CVE-2006-6716 | 2012-06-26 15:38 | 2006-12-23 | Show | GitHub Exploit DB Packet Storm |
| 249236 | 6.8 | 警告 | atmail pty ltd | - | @Mail の Webadmin におけるクロスサイトスクリプティングの脆弱性 | - | CVE-2006-6704 | 2012-06-26 15:38 | 2006-12-22 | Show | GitHub Exploit DB Packet Storm |
| 249237 | 6.8 | 警告 | atmail pty ltd | - | Atmail の Global.pm におけるクロスサイトスクリプティングの脆弱性 | - | CVE-2006-6702 | 2012-06-26 15:38 | 2006-12-22 | Show | GitHub Exploit DB Packet Storm |
| 249238 | 7.5 | 危険 | atmail pty ltd | - | Atmail WebMail の util.pl におけるクロスサイトリクエストフォージェリの脆弱性 |
CWE-352
同一生成元ポリシー違反 |
CVE-2006-6701 | 2012-06-26 15:38 | 2006-12-22 | Show | GitHub Exploit DB Packet Storm |
| 249239 | 6.8 | 警告 | calacode | - | @Mail WebMail におけるクロスサイトスクリプティングの脆弱性 | - | CVE-2006-6700 | 2012-06-26 15:38 | 2006-12-22 | Show | GitHub Exploit DB Packet Storm |
| 249240 | 6.8 | 警告 | carsen klock | - | Carsen Klock TextSend の index.php におけるクロスサイトスクリプティングの脆弱性 | - | CVE-2006-6695 | 2012-06-26 15:38 | 2006-12-21 | Show | GitHub Exploit DB Packet Storm |
NVD Vulnerability Information
Update Date:June 10, 2026, 5 a.m.
| No | CVSS | Level Attach Vector |
Vendor Name | Project Name | Title | CWE | CVE | Update Date | Publication Date | Show Affected | Exploit PoC Search |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 209551 | 9.8 |
CRITICAL
Network |
js-ini_project | js-ini | This affects the package js-ini before 1.3.0. If an attacker submits a malicious INI file to an application that parses it with parse , they will pollute the prototype on the application. This can be… |
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') |
CVE-2020-28461 | 2024-11-21 14:22 | 2022-07-25 | Show | GitHub Exploit DB Packet Storm |
| 209552 | 6.1 |
MEDIUM
Network |
markdown-it-decorate_project | markdown-it-decorate | This affects all versions of package markdown-it-decorate. An attacker can add an event handler or use javascript:xxx for the link. |
CWE-79
Cross-site Scripting |
CVE-2020-28459 | 2024-11-21 14:22 | 2022-07-25 | Show | GitHub Exploit DB Packet Storm |
| 209553 | 6.1 |
MEDIUM
Network |
markdown-it-toc_project | markdown-it-toc | This affects all versions of package markdown-it-toc. The title of the generated toc and the contents of the header are not escaped. |
CWE-79
Cross-site Scripting |
CVE-2020-28455 | 2024-11-21 14:22 | 2022-07-25 | Show | GitHub Exploit DB Packet Storm |
| 209554 | 9.8 |
CRITICAL
Network |
xopen_project | xopen | This affects all versions of package xopen. The injection point is located in line 14 in index.js in the exported function xopen(filepath) |
CWE-77
Command Injection |
CVE-2020-28447 | 2024-11-21 14:22 | 2022-07-25 | Show | GitHub Exploit DB Packet Storm |
| 209555 | 9.8 |
CRITICAL
Network |
ntesseract_project | ntesseract | The package ntesseract before 0.2.9 are vulnerable to Command Injection via lib/tesseract.js. |
CWE-77
Command Injection |
CVE-2020-28446 | 2024-11-21 14:22 | 2022-07-25 | Show | GitHub Exploit DB Packet Storm |
| 209556 | 9.8 |
CRITICAL
Network |
npm-help_project | npm-help | This affects all versions of package npm-help. The injection point is located in line 13 in index.js file in export.latestVersion() function. |
CWE-77
Command Injection |
CVE-2020-28445 | 2024-11-21 14:22 | 2022-07-25 | Show | GitHub Exploit DB Packet Storm |
| 209557 | 9.8 |
CRITICAL
Network |
sonar-wrapper_project | sonar-wrapper | This affects all versions of package sonar-wrapper. The injection point is located in lib/sonarRunner.js. |
CWE-77
Command Injection |
CVE-2020-28443 | 2024-11-21 14:22 | 2022-07-25 | Show | GitHub Exploit DB Packet Storm |
| 209558 | 9.8 |
CRITICAL
Network |
conf-cfg-ini_project | conf-cfg-ini | This affects the package conf-cfg-ini before 1.2.2. If an attacker submits a malicious INI file to an application that parses it with decode, they will pollute the prototype on the application. This … |
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') |
CVE-2020-28441 | 2024-11-21 14:22 | 2022-07-25 | Show | GitHub Exploit DB Packet Storm |
| 209559 | 9.8 |
CRITICAL
Network |
deferred-exec_project | deferred-exec | This affects all versions of package deferred-exec. The injection point is located in line 42 in lib/deferred-exec.js |
CWE-77
Command Injection |
CVE-2020-28438 | 2024-11-21 14:22 | 2022-07-25 | Show | GitHub Exploit DB Packet Storm |
| 209560 | 9.8 |
CRITICAL
Network |
google-cloudstorage-commands_project | google-cloudstorage-commands | This affects all versions of package google-cloudstorage-commands. |
CWE-77
Command Injection |
CVE-2020-28436 | 2024-11-21 14:22 | 2022-07-25 | Show | GitHub Exploit DB Packet Storm |