Vulnerability Search Top
Show Search Menu
|
You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database). |
JVN Vulnerability Information
Update Date":June 1, 2026, 6 p.m.
| No | CVSS | Level Attach Vector |
Vendor Name | Project Name | Title | CWE | CVE | Update Date | Publication Date | Impact Show |
Exploit PoC Search |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 257341 | 9.3 | 危険 | KDE project Glyph & Cog, LLC GNOME Project サイバートラスト株式会社 レッドハット |
- | Xpdf、gpdf および kpdf の FoFiType1::parse 関数における任意のコードを実行される脆弱性 |
CWE-94
コード・インジェクション |
CVE-2009-4035 | 2010-01-29 09:54 | 2009-12-16 | Show | GitHub Exploit DB Packet Storm |
| 257342 | 7.8 | 危険 | Mozilla Foundation | - | Mozilla Firefox/SeaMonkey の GeckoActiveXObject 関数における重要な情報を取得される脆弱性 |
CWE-200
情報漏えい |
CVE-2009-3987 | 2010-01-29 09:54 | 2009-12-15 | Show | GitHub Exploit DB Packet Storm |
| 257343 | 7.6 | 危険 | サイバートラスト株式会社 Mozilla Foundation レッドハット |
- | Mozilla Firefox/SeaMonkey における任意の JavaScript を実行される脆弱性 |
CWE-94
コード・インジェクション |
CVE-2009-3986 | 2010-01-29 09:54 | 2009-12-15 | Show | GitHub Exploit DB Packet Storm |
| 257344 | 6.8 | 警告 | サイバートラスト株式会社 Mozilla Foundation レッドハット |
- | Mozilla Firefox/SeaMonkey におけるコンテンツを偽装される脆弱性 |
CWE-Other
その他 |
CVE-2009-3985 | 2010-01-29 09:53 | 2009-12-15 | Show | GitHub Exploit DB Packet Storm |
| 257345 | 6.8 | 警告 | サイバートラスト株式会社 Mozilla Foundation レッドハット |
- | Mozilla Firefox/SeaMonkey における http URL または file URL の SSL インジケータを偽装される脆弱性 |
CWE-Other
その他 |
CVE-2009-3984 | 2010-01-29 09:53 | 2009-12-15 | Show | GitHub Exploit DB Packet Storm |
| 257346 | 6.8 | 警告 | サイバートラスト株式会社 Mozilla Foundation レッドハット |
- | Mozilla Firefox/SeaMonkey における認証されたリクエストを任意のアプリケーションに送信される脆弱性 |
CWE-Other
その他 |
CVE-2009-3983 | 2010-01-29 09:53 | 2009-12-15 | Show | GitHub Exploit DB Packet Storm |
| 257347 | 9.3 | 危険 | Mozilla Foundation | - | 複数の Mozilla 製品の libtheora における任意のコードを実行される脆弱性 |
CWE-189
数値処理の問題 |
CVE-2009-3389 | 2010-01-28 12:16 | 2009-12-15 | Show | GitHub Exploit DB Packet Storm |
| 257348 | 9.3 | 危険 | Mozilla Foundation | - | 複数の Mozilla 製品の liboggplay における任意のコードを実行される脆弱性 |
CWE-399
リソース管理の問題 |
CVE-2009-3388 | 2010-01-28 12:16 | 2009-12-15 | Show | GitHub Exploit DB Packet Storm |
| 257349 | 9.3 | 危険 | Mozilla Foundation | - | 複数の Mozilla 製品の JavaScript エンジンにおける任意のコードを実行される脆弱性 |
CWE-noinfo
情報不足 |
CVE-2009-3982 | 2010-01-28 12:16 | 2009-12-15 | Show | GitHub Exploit DB Packet Storm |
| 257350 | 9.3 | 危険 | サイバートラスト株式会社 Mozilla Foundation レッドハット |
- | 複数の Mozilla 製品のブラウザエンジンにおける任意のコードを実行される脆弱性 |
CWE-noinfo
情報不足 |
CVE-2009-3981 | 2010-01-28 12:16 | 2009-12-15 | Show | GitHub Exploit DB Packet Storm |
NVD Vulnerability Information
Update Date:June 1, 2026, 4:12 a.m.
| No | CVSS | Level Attach Vector |
Vendor Name | Project Name | Title | CWE | CVE | Update Date | Publication Date | Show Affected | Exploit PoC Search |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 195311 | 7.5 |
HIGH
Network |
cassianetworks | access_controller | An attacker may be able to use minify route with a relative path to view any file on the Cassia Networks Access Controller prior to 2.0.1. |
CWE-22
Path Traversal |
CVE-2021-22685 | 2024-11-21 14:50 | 2022-10-15 | Show | GitHub Exploit DB Packet Storm |
| 195312 | 9.8 |
CRITICAL
Network |
ovarro |
twinsoft tbox_lt2-530_firmware tbox_lt2-532_firmware tbox_lt2-540_firmware tbox_ms-cpu32_firmware tbox_ms-cpu32-s2_firmware tbox_rm2_firmware tbox_tg2_firmware |
An attacker may use TWinSoft and a malicious source project file (TPG) to extract files on machine executing Ovarro TWinSoft, which could lead to code execution. |
CWE-22
Path Traversal |
CVE-2021-22650 | 2024-11-21 14:50 | 2022-07-29 | Show | GitHub Exploit DB Packet Storm |
| 195313 | 9.8 |
CRITICAL
Network |
ovarro |
twinsoft tbox_lt2-530_firmware tbox_lt2-532_firmware tbox_lt2-540_firmware tbox_ms-cpu32_firmware tbox_ms-cpu32-s2_firmware tbox_rm2_firmware tbox_tg2_firmware |
Ovarro TBox proprietary Modbus file access functions allow attackers to read, alter, or delete the configuration file. |
CWE-732
Incorrect Permission Assignment for Critical Resource |
CVE-2021-22648 | 2024-11-21 14:50 | 2022-07-29 | Show | GitHub Exploit DB Packet Storm |
| 195314 | 9.8 |
CRITICAL
Network |
ovarro |
twinsoft tbox_lt2-530_firmware tbox_lt2-532_firmware tbox_lt2-540_firmware tbox_ms-cpu32_firmware tbox_ms-cpu32-s2_firmware tbox_rm2_firmware tbox_tg2_firmware |
The “ipk” package containing the configuration created by TWinSoft can be uploaded, extracted, and executed in Ovarro TBox, allowing malicious code execution. |
NVD-CWE-noinfo
|
CVE-2021-22646 | 2024-11-21 14:50 | 2022-07-29 | Show | GitHub Exploit DB Packet Storm |
| 195315 | 9.8 |
CRITICAL
Network |
ovarro |
twinsoft tbox_lt2-530_firmware tbox_lt2-532_firmware tbox_lt2-540_firmware tbox_ms-cpu32_firmware tbox_ms-cpu32-s2_firmware tbox_rm2_firmware tbox_tg2_firmware |
Ovarro TBox TWinSoft uses the custom hardcoded user “TWinSoft” with a hardcoded key. |
CWE-798
Use of Hard-coded Credentials |
CVE-2021-22644 | 2024-11-21 14:50 | 2022-07-29 | Show | GitHub Exploit DB Packet Storm |
| 195316 | 7.5 |
HIGH
Network |
ovarro |
twinsoft tbox_lt2-530_firmware tbox_lt2-532_firmware tbox_lt2-540_firmware tbox_ms-cpu32_firmware tbox_ms-cpu32-s2_firmware tbox_rm2_firmware tbox_tg2_firmware |
An attacker could use specially crafted invalid Modbus frames to crash the Ovarro TBox system. |
CWE-400
Uncontrolled Resource Consumption |
CVE-2021-22642 | 2024-11-21 14:50 | 2022-07-29 | Show | GitHub Exploit DB Packet Storm |
| 195317 | 9.8 |
CRITICAL
Network |
ovarro |
twinsoft tbox_lt2-530_firmware tbox_lt2-532_firmware tbox_lt2-540_firmware tbox_ms-cpu32_firmware tbox_ms-cpu32-s2_firmware tbox_rm2_firmware tbox_tg2_firmware |
An attacker can decrypt the Ovarro TBox login password by communication capture and brute force attacks. |
CWE-294 CWE-307 Authentication Bypass by Capture-replay mproper Restriction of Excessive Authentication Attempts |
CVE-2021-22640 | 2024-11-21 14:50 | 2022-07-29 | Show | GitHub Exploit DB Packet Storm |
| 195318 | 6.1 |
MEDIUM
Network |
microfocus | access_manager | A bug exist in the input parameter of Access Manager that allows supply of invalid character to trigger cross-site scripting vulnerability. This affects NetIQ Access Manager 4.5 and 5.0 |
CWE-79
Cross-site Scripting |
CVE-2021-22531 | 2024-11-21 14:50 | 2022-05-13 | Show | GitHub Exploit DB Packet Storm |
| 195319 | 9.8 |
CRITICAL
Network |
nxp | mqx | NXP MQX Versions 5.1 and prior are vulnerable to integer overflow in mem_alloc, _lwmem_alloc and _partition functions. This unverified memory assignment can lead to arbitrary memory allocation, resul… | - | CVE-2021-22680 | 2024-11-21 14:50 | 2022-05-4 | Show | GitHub Exploit DB Packet Storm |
| 195320 | 7.3 |
HIGH
Network |
oauth_client_library_for_java | The vulnerability is that IDToken verifier does not verify if token is properly signed. Signature verification makes sure that the token's payload comes from valid provider, not from someone else. An… |
CWE-347
Improper Verification of Cryptographic Signature |
CVE-2021-22573 | 2024-11-21 14:50 | 2022-05-4 | Show | GitHub Exploit DB Packet Storm |