Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
201271 4.3 警告 オラクル - Oracle iLearning の Oracle iLearning における Learner Administration に関する脆弱性 CWE-noinfo
情報不足 		CVE-2016-0508 2016-01-22 14:24 2016-01-19 Show GitHub Exploit DB Packet Storm
201272 6 警告 オラクル - Oracle JD Edwards Products の JD Edwards EnterpriseOne Tools における Monitoring and Diagnostics に関する脆弱性 CWE-noinfo
情報不足 		CVE-2016-0425 2016-01-22 14:24 2016-01-19 Show GitHub Exploit DB Packet Storm
201273 7.1 危険 オラクル - Oracle JD Edwards Products の JD Edwards EnterpriseOne Tools における Enterprise Infrastructure SEC に関する脆弱性 CWE-noinfo
情報不足 		CVE-2016-0424 2016-01-22 14:24 2016-01-19 Show GitHub Exploit DB Packet Storm
201274 7.3 危険 オラクル - Oracle JD Edwards Products の JD Edwards EnterpriseOne Tools における Enterprise Infrastructure SEC に関する脆弱性 CWE-noinfo
情報不足 		CVE-2016-0423 2016-01-22 14:24 2016-01-19 Show GitHub Exploit DB Packet Storm
201275 7.1 危険 オラクル - Oracle JD Edwards Products の JD Edwards EnterpriseOne Tools における Enterprise Infrastructure SEC に関する脆弱性 CWE-noinfo
情報不足 		CVE-2016-0422 2016-01-22 14:24 2016-01-19 Show GitHub Exploit DB Packet Storm
201276 5 警告 オラクル - Oracle JD Edwards Products の JD Edwards EnterpriseOne Tools における Monitoring and Diagnostics SEC に関する脆弱性 CWE-noinfo
情報不足 		CVE-2016-0421 2016-01-22 14:24 2016-01-19 Show GitHub Exploit DB Packet Storm
201277 7.8 危険 オラクル - Oracle JD Edwards Products の JD Edwards EnterpriseOne Tools における Monitoring and Diagnostics に関する脆弱性 CWE-noinfo
情報不足 		CVE-2016-0420 2016-01-22 14:24 2016-01-19 Show GitHub Exploit DB Packet Storm
201278 6.8 警告 オラクル - Oracle JD Edwards Products の JD Edwards EnterpriseOne Tools における Monitoring and Diagnostics SEC に関する脆弱性 CWE-noinfo
情報不足 		CVE-2015-4919 2016-01-22 14:24 2016-01-19 Show GitHub Exploit DB Packet Storm
201279 7.5 危険 オラクル - Oracle Retail Applications の Oracle Retail Open Commerce Platform Cloud Service における Framework に関する脆弱性 CWE-noinfo
情報不足 		CVE-2016-0522 2016-01-22 14:22 2016-01-19 Show GitHub Exploit DB Packet Storm
201280 4.3 警告 オラクル - Oracle Retail Applications の Oracle Retail Order Management System Cloud Service における Order Entry に関する脆弱性 CWE-noinfo
情報不足 		CVE-2016-0506 2016-01-22 14:22 2016-01-19 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 25, 2026, 4:08 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
297561 - refbase refbase Cross-site scripting (XSS) vulnerability in refbase before 0.9.5 allows remote attackers to inject arbitrary web script or HTML via the headerMsg parameter to (1) show.php and (2) search.php. NOTE: … CWE-79
Cross-site Scripting 		CVE-2008-6400 2017-08-17 10:29 2009-03-6 Show GitHub Exploit DB Packet Storm
297562 - extrosoft thyme Cross-site scripting (XSS) vulnerability in add_calendars.php in eXtrovert Software Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the callback parameter. CWE-79
Cross-site Scripting 		CVE-2008-6404 2017-08-17 10:29 2009-03-6 Show GitHub Exploit DB Packet Storm
297563 - vignette vignette_content_management Unspecified vulnerability in Vignette Content Management 7.3.0.5, 7.3.1, 7.3.1.1, 7.4, and 7.5 allows "low privileged" users to gain administrator privileges via unknown attack vectors. NVD-CWE-noinfo
CVE-2008-6412 2017-08-17 10:29 2009-03-6 Show GitHub Exploit DB Packet Storm
297564 - ticklespace answers_module Cross-site scripting (XSS) vulnerability in the Answers module 5.x-1.x-dev and possibly other 5.x versions, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a S… CWE-79
Cross-site Scripting 		CVE-2008-6413 2017-08-17 10:29 2009-03-6 Show GitHub Exploit DB Packet Storm
297565 - youngzsoft ccproxy Buffer overflow in YoungZSoft CCProxy 6.5 might allow remote attackers to execute arbitrary code via a CONNECTION request with a long hostname. CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2008-6415 2017-08-17 10:29 2009-03-6 Show GitHub Exploit DB Packet Storm
297566 - greensql greensql-console Multiple cross-site scripting (XSS) vulnerabilities in GreenSQL-Console before 0.3.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "internal pages." CWE-79
Cross-site Scripting 		CVE-2008-6416 2017-08-17 10:29 2009-03-7 Show GitHub Exploit DB Packet Storm
297567 - greensql greensql-console Unspecified vulnerability in GreenSQL-Console before 0.3.5 allows attackers to obtain the "installation directory" via unknown vectors. NVD-CWE-noinfo
CVE-2008-6417 2017-08-17 10:29 2009-03-7 Show GitHub Exploit DB Packet Storm
297568 - jun_sota ffftp Directory traversal vulnerability in FFFTP 1.96b allows remote FTP servers to create or overwrite arbitrary files via a response to an FTP LIST command with a filename that contains a .. (dot dot). CWE-22
Path Traversal 		CVE-2008-6424 2017-08-17 10:29 2009-03-7 Show GitHub Exploit DB Packet Storm
297569 - kayalang kaya The CGI framework in Kaya 0.4.0 allows remote attackers to inject arbitrary HTTP headers and conduct cross-site scripting (XSS) attacks via unspecified vectors. CWE-79
Cross-site Scripting 		CVE-2008-6428 2017-08-17 10:29 2009-03-7 Show GitHub Exploit DB Packet Storm
297570 - blueriver sava_cms Cross-site scripting (XSS) vulnerability in index.cfm in Blue River Interactive Group Sava CMS before 5.0.122 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter… CWE-79
Cross-site Scripting 		CVE-2008-6433 2017-08-17 10:29 2009-03-7 Show GitHub Exploit DB Packet Storm