Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
223941 7.5 危険 socialengine - SocialEngine の profile_comments.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-6120 2012-12-20 19:10 2009-02-11 Show GitHub Exploit DB Packet Storm
223942 7.5 危険 pilotgroup - PG Job Site Pro の homepage.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-6117 2012-12-20 19:10 2009-02-11 Show GitHub Exploit DB Packet Storm
223943 7.5 危険 prozilla - Prozilla Hosting Index の directory.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-6115 2012-12-20 19:10 2009-02-11 Show GitHub Exploit DB Packet Storm
223944 4.3 警告 SemanticScuttle - SemanticScuttle におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-6113 2012-12-20 19:10 2009-02-11 Show GitHub Exploit DB Packet Storm
223945 5 警告 Scriptsez.net - Ez Ringtone Manager におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2008-6112 2012-12-20 19:10 2009-02-11 Show GitHub Exploit DB Packet Storm
223946 10 危険 SemanticScuttle - SemanticScuttle における脆弱性 CWE-noinfo
情報不足 		CVE-2008-6110 2012-12-20 19:10 2009-02-10 Show GitHub Exploit DB Packet Storm
223947 4.6 警告 shelter manager - Robin Rawson-Tetley ASM におけるアクセス制限を回避される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2008-6109 2012-12-20 19:10 2009-02-10 Show GitHub Exploit DB Packet Storm
223948 7.5 危険 rportal - RPortal の index.php における PHP リモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2008-6099 2012-12-20 19:10 2009-02-10 Show GitHub Exploit DB Packet Storm
223949 4.3 警告 wikyblog - WikyBlog におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-6097 2012-12-20 19:10 2009-02-9 Show GitHub Exploit DB Packet Storm
223950 7.5 危険 phpscripts - phpscripts Ranking Script における認証を回避される脆弱性 CWE-287
不適切な認証 		CVE-2008-6092 2012-12-20 19:10 2009-02-9 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 19, 2026, 4:09 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1331 7.5 HIGH
Network 		qluster deepdiff DeepDiff es un proyecto centrado en la Diferencia Profunda y la búsqueda de cualquier dato de Python. Desde la versión 5.0.0 hasta antes de la versión 8.6.2, el des-serializador de pickle _Restricted… CWE-400
CWE-770
 Uncontrolled Resource Consumption
 Allocation of Resources Without Limits or Throttling 		CVE-2026-33155 2026-04-15 03:24 2026-03-21 Show GitHub Exploit DB Packet Storm
1332 8.1 HIGH
Network 		dynaconf dynaconf dynaconf is a configuration management tool for Python. Prior to version 3.2.13, Dynaconf is vulnerable to Server-Side Template Injection (SSTI) due to unsafe template evaluation in the @Jinja resolv… CWE-94
CWE-1336
CWE-78
Code Injection
 Improper Neutralization of Special Elements Used in a Template Engine
OS Command  		CVE-2026-33154 2026-04-15 03:23 2026-03-21 Show GitHub Exploit DB Packet Storm
1333 8.1 HIGH
Network 		dynaconf dynaconf dynaconf es una herramienta de gestión de configuración para Python. Antes de la versión 3.2.13, Dynaconf es vulnerable a la Inyección de Plantilla del Lado del Servidor (SSTI) debido a la evaluación… CWE-94
CWE-1336
CWE-78
Code Injection
 Improper Neutralization of Special Elements Used in a Template Engine
OS Command  		CVE-2026-33154 2026-04-15 03:23 2026-03-21 Show GitHub Exploit DB Packet Storm
1334 7.5 HIGH
Network 		socket socket.io-parser Socket.IO is an open source, real-time, bidirectional, event-based, communication framework. Prior to versions 3.3.5, 3.4.4, and 4.2.6, a specially crafted Socket.IO packet can make the server wait f… CWE-20
CWE-754
NVD-CWE-noinfo
 Improper Input Validation 
 Improper Check for Unusual or Exceptional Conditions 		CVE-2026-33151 2026-04-15 03:22 2026-03-21 Show GitHub Exploit DB Packet Storm
1335 7.5 HIGH
Network 		socket socket.io-parser Socket.IO es un framework de comunicación de código abierto, en tiempo real, bidireccional y basado en eventos. Antes de las versiones 3.3.5, 3.4.4 y 4.2.6, un paquete de Socket.IO especialmente dise… CWE-20
CWE-754
NVD-CWE-noinfo
 Improper Input Validation 
 Improper Check for Unusual or Exceptional Conditions 		CVE-2026-33151 2026-04-15 03:22 2026-03-21 Show GitHub Exploit DB Packet Storm
1336 7.8 HIGH
Local 		gpac gpac GPAC is an open-source multimedia framework. Prior to commit 86b0e36, a heap-based buffer overflow (write) vulnerability was discovered in GPAC MP4Box. The vulnerability exists in the gf_xml_parse_bi… CWE-787
 Out-of-bounds Write 		CVE-2026-33144 2026-04-15 03:21 2026-03-21 Show GitHub Exploit DB Packet Storm
1337 7.8 HIGH
Local 		gpac gpac GPAC es un framework multimedia de código abierto. Antes del commit 86b0e36, se descubrió una vulnerabilidad de desbordamiento de búfer basado en montículo (escritura) en GPAC MP4Box. La vulnerabilid… CWE-787
 Out-of-bounds Write 		CVE-2026-33144 2026-04-15 03:21 2026-03-21 Show GitHub Exploit DB Packet Storm
1338 4.0 MEDIUM
Network 		- - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in magepeopleteam Bus Ticket Booking with Seat Reservation bus-ticket-booking-with-seat-reservation allows Ret… CWE-497
 Exposure of Sensitive System Information to an Unauthorized Control Sphere 		CVE-2026-39572 2026-04-15 03:17 2026-04-8 Show GitHub Exploit DB Packet Storm
1339 5.3 MEDIUM
Network 		- - Insertion of Sensitive Information Into Sent Data vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Retrieve Embedded Sensitive Data.This issue affects 12 Step Meeting … CWE-201
 Insertion of Sensitive Information Into Sent Data 		CVE-2026-39570 2026-04-15 03:17 2026-04-8 Show GitHub Exploit DB Packet Storm
1340 4.0 MEDIUM
Network 		- - Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Designinvento DirectoryPress directorypress allows Retrieve Embedded Sensitive Data.This issue affects Dire… CWE-497
 Exposure of Sensitive System Information to an Unauthorized Control Sphere 		CVE-2026-39566 2026-04-15 03:17 2026-04-8 Show GitHub Exploit DB Packet Storm