Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 14, 2026, 10 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
254021 7.5 危険 DrBenHur - DBHcms の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2010-4869 2012-02-9 11:10 2011-10-5 Show GitHub Exploit DB Packet Storm
254022 4.3 警告 W-Agora - W-Agora の search.php3 におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2010-4868 2012-02-9 11:10 2011-10-5 Show GitHub Exploit DB Packet Storm
254023 7.5 危険 W-Agora - W-Agora の search.php3 におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2010-4867 2012-02-9 11:10 2011-10-5 Show GitHub Exploit DB Packet Storm
254024 7.5 危険 Chipmunk Scripts - Chipmunk Board の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2010-4866 2012-02-9 11:09 2011-10-5 Show GitHub Exploit DB Packet Storm
254025 7.5 危険 Jextensions - Joomla! 用 JE Guestbook (com_jeguestbook) コンポーネントにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2010-4865 2012-02-9 11:08 2011-10-5 Show GitHub Exploit DB Packet Storm
254026 7.5 危険 Daniel James Scott - Joomla! 用 Club Manager (com_clubmanager) コンポーネントにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2010-4864 2012-02-9 11:08 2011-10-5 Show GitHub Exploit DB Packet Storm
254027 4.3 警告 The GetSimple Team - GetSimple CMS の admin/changedata.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2010-4863 2012-02-9 11:07 2011-10-5 Show GitHub Exploit DB Packet Storm
254028 7.5 危険 Joomla!
Jextensions		 - Joomla! 用 JExtensions JE Director コンポーネントにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2010-4862 2012-02-9 11:07 2011-10-5 Show GitHub Exploit DB Packet Storm
254029 7.5 危険 webSPELL - webSPELL の asearch.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2010-4861 2012-02-9 11:06 2011-10-5 Show GitHub Exploit DB Packet Storm
254030 7.5 危険 Galaxyscriptz - MyPhpAuction の product_desc.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2010-4860 2012-02-9 11:05 2011-10-5 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 14, 2026, 4:12 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
194681 5.3 MEDIUM
Network 		btcpayserver btcpay_server BTCPay Server through 1.0.7.0 could allow a remote attacker to obtain sensitive information, caused by failure to set the HTTPOnly flag for a cookie. CWE-732
 Incorrect Permission Assignment for Critical Resource 		CVE-2021-29247 2024-11-21 15:00 2021-05-5 Show GitHub Exploit DB Packet Storm
194682 6.7 MEDIUM
Local 		btcpayserver btcpay_server BTCPay Server through 1.0.7.0 suffers from directory traversal, which allows an attacker with admin privileges to achieve code execution. The attacker must craft a malicious plugin file with special … CWE-22
Path Traversal 		CVE-2021-29246 2024-11-21 15:00 2021-05-5 Show GitHub Exploit DB Packet Storm
194683 5.3 MEDIUM
Network 		btcpayserver btcpay_server BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key. CWE-338
 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) 		CVE-2021-29245 2024-11-21 15:00 2021-05-5 Show GitHub Exploit DB Packet Storm
194684 7.8 HIGH
Local 		codesys development_system The Package Manager of CODESYS Development System 3 before 3.5.17.0 does not check the validity of packages before installation and may be used to install CODESYS packages with malicious content. NVD-CWE-noinfo
CVE-2021-29240 2024-11-21 15:00 2021-05-4 Show GitHub Exploit DB Packet Storm
194685 7.5 HIGH
Network 		codesys control_for_pfc100_sl
control_for_pfc200_sl
control_for_raspberry_pi_sl
control_for_linux_sl
control_for_iot2000_sl
control_for_empc-a\/imx6_sl
control_for_beaglebone_sl
edge_gat… 		CODESYS Gateway 3 before 3.5.16.70 has a NULL pointer dereference that may result in a denial of service (DoS). CWE-476
 NULL Pointer Dereference 		CVE-2021-29241 2024-11-21 15:00 2021-05-3 Show GitHub Exploit DB Packet Storm
194686 7.3 HIGH
Network 		codesys gateway
control_rte
control_win
embedded_target_visu_toolkit
remote_target_visu_toolkit
safety_sil
edge_gateway
hmi
simulation_runtime
plchandler
control_runtime_system_… 		CODESYS Control Runtime system before 3.5.17.0 has improper input validation. Attackers can send crafted communication packets to change the router's addressing scheme and may re-route, add, remove o… CWE-20
 Improper Input Validation  		CVE-2021-29242 2024-11-21 15:00 2021-05-3 Show GitHub Exploit DB Packet Storm
194687 7.8 HIGH
Local 		codesys development_system CODESYS Development System 3 before 3.5.17.0 displays or executes malicious documents or files embedded in libraries without first checking their validity. CWE-345
 Insufficient Verification of Data Authenticity 		CVE-2021-29239 2024-11-21 15:00 2021-05-3 Show GitHub Exploit DB Packet Storm
194688 8.8 HIGH
Network 		codesys automation_server CODESYS Automation Server before 1.16.0 allows cross-site request forgery (CSRF). CWE-352
 Origin Validation Error 		CVE-2021-29238 2024-11-21 15:00 2021-05-3 Show GitHub Exploit DB Packet Storm
194689 9.1 CRITICAL
Network 		adaltas mixme In Node.js mixme, prior to v0.5.1, an attacker can add or alter properties of an object via '__proto__' through the mutate() and merge() functions. The polluted attribute will be directly assigned to… CWE-1321
 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') 		CVE-2021-28860 2024-11-21 15:00 2021-05-3 Show GitHub Exploit DB Packet Storm
194690 9.8 CRITICAL
Network 		zohocorp manageengine_eventlog_analyzer Zoho ManageEngine Eventlog Analyzer through 12147 is vulnerable to unauthenticated directory traversal via an entry in a ZIP archive. This leads to remote code execution. CWE-22
Path Traversal 		CVE-2021-28959 2024-11-21 15:00 2021-04-30 Show GitHub Exploit DB Packet Storm