Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 26, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
256981 7.2 危険 IBM - IBM DB2 の Install コンポーネントにおける脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2009-4331 2010-02-4 11:19 2009-12-16 Show GitHub Exploit DB Packet Storm
256982 7.5 危険 IBM - IBM DB2 の Relational Data Services コンポーネントにおけるパスワードの引数を取得される脆弱性 CWE-200
情報漏えい 		CVE-2009-4333 2010-02-4 11:19 2009-12-16 Show GitHub Exploit DB Packet Storm
256983 7.2 危険 IBM - IBM DB2 の Engine Utilities コンポーネントの db2licm における脆弱性 CWE-noinfo
情報不足 		CVE-2009-4330 2010-02-4 11:18 2009-12-16 Show GitHub Exploit DB Packet Storm
256984 4 警告 IBM - IBM DB2 の Engine Utilities コンポーネントにおけるサービス運用妨害 (DoS) の脆弱性 CWE-noinfo
情報不足 		CVE-2009-4329 2010-02-4 11:18 2009-12-16 Show GitHub Exploit DB Packet Storm
256985 7.2 危険 サイバートラスト株式会社
Linux		 - Linux kernel の kvm_dev_ioctl_get_supported_cpuid 関数における整数オーバーフローの脆弱性 CWE-189
数値処理の問題 		CVE-2009-3638 2010-02-3 14:35 2009-10-29 Show GitHub Exploit DB Packet Storm
256986 5 警告 Linear LLC
S2 Security		 - Linear eMerge のマネージメントコンポーネントにおけるサービス運用妨害 (DoS) CWE-noinfo
情報不足 		CVE-2009-3734 2010-02-3 14:35 2010-01-5 Show GitHub Exploit DB Packet Storm
256987 7.5 危険 The PHP Group
LibGD project
サイバートラスト株式会社
レッドハット		 - PHP および GD Graphics Library の _gdGetColors 関数におけるバッファオーバーフローの脆弱性 CWE-Other
その他 		CVE-2009-3546 2010-02-3 14:34 2009-10-19 Show GitHub Exploit DB Packet Storm
256988 6.8 警告 GNU Project
XEmacs
サイバートラスト株式会社		 - Emacs および XEmacs における .flc ファイルの処理に関する任意のコードを実行される脆弱性 CWE-DesignError
CVE-2008-2142 2010-02-2 11:43 2008-05-12 Show GitHub Exploit DB Packet Storm
256989 3.5 注意 Drupal
サイバートラスト株式会社		 - Drupal の Menu モジュールにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2009-4370 2010-02-2 11:43 2009-12-16 Show GitHub Exploit DB Packet Storm
256990 3.5 注意 Drupal
サイバートラスト株式会社		 - Drupal の Contact モジュールにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2009-4369 2010-02-2 11:42 2009-12-16 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 27, 2026, 4:52 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
220331 7.8 HIGH
Local 		filezilla-project
debian
fedoraproject 		filezilla_client
debian_linux
fedora 		Untrusted search path in FileZilla before 3.41.0-rc1 allows an attacker to gain privileges via a malicious 'fzsftp' binary in the user's home directory. CWE-426
 Untrusted Search Path 		CVE-2019-5429 2024-11-21 13:44 2019-04-30 Show GitHub Exploit DB Packet Storm
220332 7.5 HIGH
Network 		mchange
fedoraproject
oracle 		c3p0
fedora
retail_xstore_point_of_service
flexcube_private_banking
webcenter_sites
communications_ip_service_activator
hyperion_infrastructure_technology
enterprise_manager_ops_… 		c3p0 version < 0.9.5.4 may be exploited by a billion laughs attack when loading XML configuration due to missing protections against recursive entity expansion when loading configuration. CWE-776
XML Entity Expansion 		CVE-2019-5427 2024-11-21 13:44 2019-04-23 Show GitHub Exploit DB Packet Storm
220333 7.5 HIGH
Network 		qemu qemu hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver. CWE-476
 NULL Pointer Dereference 		CVE-2019-5008 2024-11-21 13:44 2019-04-20 Show GitHub Exploit DB Packet Storm
220334 7.6 HIGH
Physics 		capsuletech smartlinx_neuron_2_firmware A restricted environment escape vulnerability exists in the “kiosk mode” function of Capsule Technologies SmartLinx Neuron 2 medical information collection devices running versions 9.0.3 or lower. A … NVD-CWE-noinfo
CVE-2019-5024 2024-11-21 13:44 2019-04-12 Show GitHub Exploit DB Packet Storm
220335 4.8 MEDIUM
Network 		ui edgeswitch_x In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an unauthenticated user can use the "local port forwarding" and "dynamic port forwarding" (SOCKS proxy) functionalities. Remote attackers without c… CWE-287
Improper Authentication 		CVE-2019-5426 2024-11-21 13:44 2019-04-11 Show GitHub Exploit DB Packet Storm
220336 8.8 HIGH
Network 		ui edgeswitch_x In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, an authenticated user can execute arbitrary shell commands over the SSH interface bypassing the CLI interface, which allow them to escalate privile… CWE-78
OS Command  		CVE-2019-5425 2024-11-21 13:44 2019-04-11 Show GitHub Exploit DB Packet Storm
220337 8.8 HIGH
Network 		ui edgeswitch_x In Ubiquiti Networks EdgeSwitch X v1.1.0 and prior, a privileged user can execute arbitrary shell commands over the SSH CLI interface. This allows to execute shell commands under the root user. CWE-78
OS Command  		CVE-2019-5424 2024-11-21 13:44 2019-04-11 Show GitHub Exploit DB Packet Storm
220338 7.5 HIGH
Network 		http-live-simulator_project http-live-simulator Path traversal vulnerability in http-live-simulator npm package version 1.0.5 allows arbitrary path to be accessed on the file system by a remote attacker. CWE-22
Path Traversal 		CVE-2019-5423 2024-11-21 13:44 2019-04-4 Show GitHub Exploit DB Packet Storm
220339 6.1 MEDIUM
Network 		buttle_project buttle XSS in buttle npm package version 0.2.0 causes execution of attacker-provided code in the victim's browser when an attacker creates an arbitrary file on the server. CWE-79
Cross-site Scripting 		CVE-2019-5422 2024-11-21 13:44 2019-04-4 Show GitHub Exploit DB Packet Storm
220340 9.8 CRITICAL
Network 		plataformatec devise Plataformatec Devise version 4.5.0 and earlier, using the lockable module contains a CWE-367 vulnerability in The `Devise::Models::Lockable` class, more specifically at the `#increment_failed_attempt… CWE-307
mproper Restriction of Excessive Authentication Attempts 		CVE-2019-5421 2024-11-21 13:44 2019-04-4 Show GitHub Exploit DB Packet Storm