Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 19, 2026, 4 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
236541 7.5 危険 PHPNUKE - PHP-Nuke 用の Kleinanzeigen モジュールにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-3512 2012-09-25 17:17 2008-08-7 Show GitHub Exploit DB Packet Storm
236542 7.5 危険 lovecms - LoveCMS における設定を変更される脆弱性 CWE-94
コード・インジェクション 		CVE-2008-3509 2012-09-25 17:17 2008-08-7 Show GitHub Exploit DB Packet Storm
236543 7.5 危険 mpfm - mPFM における脆弱性 CWE-287
不適切な認証 		CVE-2008-3504 2012-09-25 17:17 2008-08-6 Show GitHub Exploit DB Packet Storm
236544 4.3 警告 Novell - Novell Groupwise の WebAccess 簡易インターフェースにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-3501 2012-09-25 17:17 2008-06-19 Show GitHub Exploit DB Packet Storm
236545 6.8 警告 myphp cms - MyPHP CMS の pages.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-3497 2012-09-25 17:17 2008-08-6 Show GitHub Exploit DB Packet Storm
236546 10 危険 Linux - Linux kernel の V4L 実装におけるバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2008-3496 2012-09-25 17:17 2008-08-6 Show GitHub Exploit DB Packet Storm
236547 7.5 危険 Novell - Novell iManager における Plug-in Studio が作成した Property Book Page を削除される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2008-3488 2012-09-25 17:17 2008-07-31 Show GitHub Exploit DB Packet Storm
236548 7.6 危険 OpenVPN Technologies - OpenVPN における任意のコマンドを実行される脆弱性 CWE-16
環境設定 		CVE-2008-3459 2012-09-25 17:17 2008-08-4 Show GitHub Exploit DB Packet Storm
236549 10 危険 jnshosts - JnSHosts PHP Hosting Directory における PHP リモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2008-3455 2012-09-25 17:17 2008-08-4 Show GitHub Exploit DB Packet Storm
236550 7.5 危険 jnshosts - JnSHosts PHP Hosting Directory における認証を回避される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2008-3454 2012-09-25 17:17 2008-08-4 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 19, 2026, 4:16 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
971 - - - MISP modules are autonomous modules that can be used to extend MISP for new services. Prior to 3.0.7, an unsafe remote resource fetching vulnerability existed in MISP Modules expansion modules. The h… CWE-295
CWE-918
Improper Certificate Validation 
Server-Side Request Forgery (SSRF)  		CVE-2026-44363 2026-05-15 01:54 2026-05-14 Show GitHub Exploit DB Packet Storm
972 - - - Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Flight::jsonp() concatenates the ?jsonp= query parameter directly into an application/javascript response body without validating tha… CWE-79
Cross-site Scripting 		CVE-2026-42548 2026-05-15 01:51 2026-05-14 Show GitHub Exploit DB Packet Storm
973 4.4 MEDIUM
Local 		- - Flight is an extensible micro-framework for PHP. Prior to 3.18.1, the make:controller CLI command calls mkdir(..., recursive: true) on a path built from the user-supplied controller name, before Nett… CWE-22
Path Traversal 		CVE-2026-42549 2026-05-15 01:51 2026-05-14 Show GitHub Exploit DB Packet Storm
974 8.8 HIGH
Network 		- - Flight is an extensible micro-framework for PHP. Prior to 3.18.1, SimplePdo::insert(), SimplePdo::update(), and SimplePdo::delete() build SQL statements by concatenating the $table argument and the k… CWE-89
SQL Injection 		CVE-2026-42550 2026-05-15 01:51 2026-05-14 Show GitHub Exploit DB Packet Storm
975 7.5 HIGH
Network 		- - Flight is an extensible micro-framework for PHP. Prior to 3.18.1, Request::getMethod() unconditionally honors the X-HTTP-Method-Override header and the $_REQUEST['_method'] parameter on any HTTP verb… CWE-436
 Interpretation Conflict 		CVE-2026-42551 2026-05-15 01:51 2026-05-14 Show GitHub Exploit DB Packet Storm
976 7.2 HIGH
Network 		- - CubeCart is an ecommerce software solution. Prior to 6.6.0, Authenticated Time-Based Blind SQL Injection vulnerabilities were identified in the sorting parameters (sort[price], sort_activity, sort_ad… CWE-89
SQL Injection 		CVE-2026-39358 2026-05-15 01:49 2026-05-14 Show GitHub Exploit DB Packet Storm
977 4.8 MEDIUM
Network 		- - CubeCart is an ecommerce software solution. Prior to 6.6.0, a Stored Cross-Site Scripting (XSS) vulnerability exists in CubeCart v6.x. An attacker with administrative privileges can inject malicious … CWE-79
Cross-site Scripting 		CVE-2026-39428 2026-05-15 01:49 2026-05-14 Show GitHub Exploit DB Packet Storm
978 9.1 CRITICAL
Network 		- - CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Server-Side Template Injection (SSTI) vulnerability exists in multiple modules of CubeCart (including Email Templates and … CWE-94
CWE-1336
Code Injection
 Improper Neutralization of Special Elements Used in a Template Engine 		CVE-2026-44377 2026-05-15 01:49 2026-05-14 Show GitHub Exploit DB Packet Storm
979 4.9 MEDIUM
Network 		- - CubeCart is an ecommerce software solution. Prior to 6.7.0, the admin orders-transactions listing page (admin.php?_g=orders&node=transactions) builds a raw ORDER BY SQL fragment from the attacker-con… CWE-89
SQL Injection 		CVE-2026-45054 2026-05-15 01:49 2026-05-14 Show GitHub Exploit DB Packet Storm
980 8.1 HIGH
Network 		- - CubeCart is an ecommerce software solution. Prior to 6.7.2, CubeCart 6.6.x – 6.7.1 builds CC_STORE_URL directly from the Host request header at bootstrap, with no allowlist. The constant is embedded … CWE-20
CWE-345
CWE-601
CWE-784
 Improper Input Validation 
 Insufficient Verification of Data Authenticity
Open Redirect
 Reliance on Cookies without Validation and Integrity Checking in a Security Decision 		CVE-2026-45055 2026-05-15 01:49 2026-05-14 Show GitHub Exploit DB Packet Storm