Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
230351 5 警告 Nathan Haug - Drupal 用の Webform モジュールにおけるセッション変数を読み取られる脆弱性 CWE-200
情報漏えい 		CVE-2009-4533 2012-09-25 17:38 2009-10-14 Show GitHub Exploit DB Packet Storm
230352 3.5 注意 Nathan Haug - Webform モジュールにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2009-4532 2012-09-25 17:38 2009-10-14 Show GitHub Exploit DB Packet Storm
230353 5 警告 JasPer Project - httpdx における Web ページのソースコードを取得される脆弱性 CWE-200
情報漏えい 		CVE-2009-4531 2012-09-25 17:38 2009-12-31 Show GitHub Exploit DB Packet Storm
230354 5 警告 intervations - InterVations NaviCOPA Web Server における Web ページのソースコードを取得される脆弱性 CWE-200
情報漏えい 		CVE-2009-4529 2012-09-25 17:38 2009-12-31 Show GitHub Exploit DB Packet Storm
230355 6.5 警告 Moshe Weitzman - Drupal 用の OG Vocabulary モジュールにおける語彙を作成される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2009-4528 2012-09-25 17:38 2009-10-14 Show GitHub Exploit DB Packet Storm
230356 4.6 警告 National Information Infrastructure Development Institute - Drupal 用の Shibboleth 認証モジュールにおける権限を取得される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2009-4527 2012-09-25 17:38 2009-10-14 Show GitHub Exploit DB Packet Storm
230357 5 警告 Joao Ventura - Drupal 用の Print モジュールの電子メールサブモジュールにおけるページタイトルを読まれる脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2009-4526 2012-09-25 17:38 2009-10-14 Show GitHub Exploit DB Packet Storm
230358 4.3 警告 Joao Ventura - Drupal 用の Print モジュールにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2009-4525 2012-09-25 17:38 2009-10-14 Show GitHub Exploit DB Packet Storm
230359 4.3 警告 Nancy Wichmann - Drupal 用の RealName モジュールにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2009-4524 2012-09-25 17:38 2009-10-14 Show GitHub Exploit DB Packet Storm
230360 5 警告 Kristof De Jaeger - Drupal の CCK Comment Reference モジュールにおけるアクセス制限を回避される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2009-4520 2012-09-25 17:38 2009-10-28 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:April 26, 2026, 4:08 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
298161 - knowledgetree_document_management knowledgetree_document_management The DropDocuments plugin in KnowledgeTree before 3.5.4a allows remote authenticated users to gain administrative privileges via a certain sequence of "browse documents" and dashboard requests. NVD-CWE-Other
CVE-2008-5857 2017-08-8 10:33 2009-01-7 Show GitHub Exploit DB Packet Storm
298162 - knowledgetree_document_management knowledgetree_document_management Multiple cross-site scripting (XSS) vulnerabilities in KnowledgeTree before 3.5.4a allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-20… CWE-79
Cross-site Scripting 		CVE-2008-5858 2017-08-8 10:33 2009-01-7 Show GitHub Exploit DB Packet Storm
298163 - yerba yerba Directory traversal vulnerability in Yerba SACphp 6.3 allows remote attackers to read arbitrary files, and possibly have other impact, via directory traversal sequences in the mod field contained in … CWE-22
Path Traversal 		CVE-2008-5867 2017-08-8 10:33 2009-01-8 Show GitHub Exploit DB Packet Storm
298164 - nortel multimedia_communication_server_5100 Nortel Multimedia Communication Server (MSC) 5100 3.0.13 does not verify credentials during call placement, which allows remote attackers to spoof and redirect VoIP calls, possibly related to the sno… CWE-255
Credentials Management 		CVE-2008-5871 2017-08-8 10:33 2009-01-9 Show GitHub Exploit DB Packet Storm
298165 - nortel multimedia_communication_server_5100 Multiple unspecified vulnerabilities in the UNIStim File Transfer Protocol (UFTP) processing in IP Client Manager (IPCM) in Nortel Multimedia Communication Server (MSC) 5100 3.0.13 allow remote attac… CWE-20
 Improper Input Validation  		CVE-2008-5872 2017-08-8 10:33 2009-01-9 Show GitHub Exploit DB Packet Storm
298166 - irrlicht irrlicht Buffer overflow in Irrlicht before 1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors in the B3D loader. CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2008-5876 2017-08-8 10:33 2009-01-9 Show GitHub Exploit DB Packet Storm
298167 - xrdp xrdp Array index error in the xrdp_bitmap_def_proc function in xrdp/funcs.c in xrdp 0.4.1 and earlier allows remote attackers to execute arbitrary code via vectors that manipulate the value of the edit_po… CWE-189
Numeric Errors 		CVE-2008-5903 2017-08-8 10:33 2009-01-16 Show GitHub Exploit DB Packet Storm
298168 - xrdp xrdp The rdp_rdp_process_color_pointer_pdu function in rdp/rdp_rdp.c in xrdp 0.4.1 and earlier allows remote RDP servers to have an unknown impact via input data that sets crafted values for certain lengt… CWE-20
 Improper Input Validation  		CVE-2008-5904 2017-08-8 10:33 2009-01-16 Show GitHub Exploit DB Packet Storm
298169 - ktorrent ktorrent The web interface plugin in KTorrent before 3.1.4 allows remote attackers to bypass intended access restrictions and upload arbitrary torrent files, and trigger the start of downloads and seeding, vi… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2008-5905 2017-08-8 10:33 2009-01-16 Show GitHub Exploit DB Packet Storm
298170 - ktorrent ktorrent Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts. CWE-20
 Improper Input Validation  		CVE-2008-5906 2017-08-8 10:33 2009-01-16 Show GitHub Exploit DB Packet Storm