Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 31, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
257091 5 警告 VMware - VMware Studio の Web インターフェースにおけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2009-2968 2010-03-24 12:22 2009-08-31 Show GitHub Exploit DB Packet Storm
257092 4 警告 VMware - 複数の VMware 製品の Descheduled Time Accounting ドライバにおけるサービス運用妨害 (DoS) の脆弱性 CWE-noinfo
情報不足 		CVE-2009-1805 2010-03-24 12:22 2009-05-28 Show GitHub Exploit DB Packet Storm
257093 6.8 警告 VMware - 複数の VMware 製品の仮想マシン表示機能における任意のコードを実行される脆弱性 CWE-noinfo
情報不足 		CVE-2009-1244 2010-03-24 12:21 2009-04-10 Show GitHub Exploit DB Packet Storm
257094 7.2 危険 VMware - 複数の VMware 製品の仮想マシン通信インターフェイスにおける権限昇格の脆弱性 CWE-noinfo
情報不足 		CVE-2009-1147 2010-03-24 12:21 2009-04-3 Show GitHub Exploit DB Packet Storm
257095 4.9 警告 VMware - 複数の VMware 製品の ioctl におけるサービス運用妨害 (DoS) の脆弱性 CWE-noinfo
情報不足 		CVE-2009-1146 2010-03-23 14:11 2010-04-3 Show GitHub Exploit DB Packet Storm
257096 6.8 警告 VMware - 複数の VMware 製品の VNnc コーデックにおけるヒープベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2009-0910 2010-03-23 14:11 2010-04-3 Show GitHub Exploit DB Packet Storm
257097 9.3 危険 VMware - 複数の VMware 製品の VNnc コーデックにおけるヒープベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2009-0909 2010-03-23 14:10 2010-04-3 Show GitHub Exploit DB Packet Storm
257098 6.4 警告 VMware - VMware ACE の ACE 共有フォルダ実装における無効にされた共有フォルダを有効にされる脆弱性 CWE-noinfo
情報不足 		CVE-2009-0908 2010-03-23 14:10 2010-04-3 Show GitHub Exploit DB Packet Storm
257099 2.1 注意 VMware - 複数の VMware 製品の VI Client におけるパスワードを取得される脆弱性 CWE-200
情報漏えい 		CVE-2009-0518 2010-03-23 14:10 2010-04-3 Show GitHub Exploit DB Packet Storm
257100 4.4 警告 KVM
レッドハット		 - KVM の x86 エミュレータにおける権限昇格の脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2010-0419 2010-03-23 14:09 2010-03-1 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 1, 2026, 4:12 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
195041 9.8 CRITICAL
Network 		config-handler_project config-handler All versions of package config-handler are vulnerable to Prototype Pollution when loading config files. CWE-1321
 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') 		CVE-2021-23448 2024-11-21 14:51 2021-10-12 Show GitHub Exploit DB Packet Storm
195042 6.1 MEDIUM
Network 		teddy_project teddy This affects the package teddy before 0.5.9. A type confusion vulnerability can be used to bypass input sanitization when the model content is an array (instead of a string). CWE-843
Type Confusion 		CVE-2021-23447 2024-11-21 14:51 2021-10-8 Show GitHub Exploit DB Packet Storm
195043 9.8 CRITICAL
Network 		concretecms concrete_cms A Server-Side Request Forgery vulnerability was found in concrete5 < 8.5.5 that allowed a decimal notation encoded IP address to bypass the limitations in place for localhost allowing interaction wit… CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2021-22958 2024-11-21 14:51 2021-10-7 Show GitHub Exploit DB Packet Storm
195044 6.1 MEDIUM
Network 		bosch rexroth_indramotion_mlc_l20_firmware
rexroth_indramotion_mlc_l40_firmware 		The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a client’s computer by sending the client a manipulated URL. CWE-79
Cross-site Scripting 		CVE-2021-23856 2024-11-21 14:51 2021-10-5 Show GitHub Exploit DB Packet Storm
195045 7.5 HIGH
Network 		bosch rexroth_indramotion_xlc_firmware
rexroth_indramotion_mlc_firmware 		The user and password data base is exposed by an unprotected web server resource. Passwords are hashed with a weak hashing algorithm and therefore allow an attacker to determine the password by using… CWE-326
Inadequate Encryption Strength 		CVE-2021-23855 2024-11-21 14:51 2021-10-5 Show GitHub Exploit DB Packet Storm
195046 7.5 HIGH
Network 		bosch rexroth_indramotion_mlc_l20_firmware
rexroth_indramotion_mlc_l40_firmware
rexroth_indramotion_mlc_l25_firmware
rexroth_indramotion_mlc_l45_firmware
rexroth_indramotion_mlc_l65_firmware 		Information disclosure: The main configuration, including users and their hashed passwords, is exposed by an unprotected web server resource and can be accessed without authentication. Additionally, … CWE-306
Missing Authentication for Critical Function 		CVE-2021-23858 2024-11-21 14:51 2021-10-5 Show GitHub Exploit DB Packet Storm
195047 9.8 CRITICAL
Network 		bosch rexroth_indramotion_mlc_l20_firmware
rexroth_indramotion_mlc_l40_firmware
rexroth_indramotion_mlc_l25_firmware
rexroth_indramotion_mlc_l45_firmware
rexroth_indramotion_mlc_l65_firmware 		Login with hash: The login routine allows the client to log in to the system not by using the password, but by using the hash of the password. Combined with CVE-2021-23858, this allows an attacker to… CWE-287
Improper Authentication 		CVE-2021-23857 2024-11-21 14:51 2021-10-5 Show GitHub Exploit DB Packet Storm
195048 7.5 HIGH
Network 		handsontable handsontable The package handsontable before 10.0.0; the package handsontable from 0 and before 10.0.0 are vulnerable to Regular Expression Denial of Service (ReDoS) in Handsontable.helper.isNumeric function. CWE-1333
 Inefficient Regular Expression Complexity 		CVE-2021-23446 2024-11-21 14:51 2021-09-30 Show GitHub Exploit DB Packet Storm
195049 6.1 MEDIUM
Network 		datatables datatables.net This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped. CWE-79
Cross-site Scripting 		CVE-2021-23445 2024-11-21 14:51 2021-09-28 Show GitHub Exploit DB Packet Storm
195050 7.8 HIGH
Local 		google android In Oppo's battery application, the third-party SDK provides the function of loading a third-party Provider, which can be used. NVD-CWE-noinfo
CVE-2021-23243 2024-11-21 14:51 2021-09-27 Show GitHub Exploit DB Packet Storm