Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Feb. 9, 2026, 12:59 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
239931	7.5	危険	alkalinephp	-	AlkalinePHP における管理アクセス権を取得される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2008-2346	2012-06-26 16:02	2008-05-20	Show	GitHub Exploit DB Packet Storm

239932	7.5	危険	avalonnet	-	News Manager の ch_readalso.php における PHP リモートファイルインクルージョンの脆弱性	CWE-94 コード・インジェクション	CVE-2008-2341	2012-06-26 16:02	2008-05-19	Show	GitHub Exploit DB Packet Storm

239933	7.5	危険	68classifieds	-	68 Classifieds の category.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-2336	2012-06-26 16:02	2008-05-19	Show	GitHub Exploit DB Packet Storm

239934	7.5	危険	ASP indir	-	W1L3D4 Philboard における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-2334	2012-06-26 16:02	2008-05-19	Show	GitHub Exploit DB Packet Storm

239935	4.3	警告	Django Software Foundation	-	Django の管理アプリケーションのログインフォームにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-2302	2012-06-26 16:02	2008-05-23	Show	GitHub Exploit DB Packet Storm

239936	6.5	警告	シトリックス・システムズ	-	Citrix Presentation Server などの製品における不正にデスクトップへアクセスされる脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2008-2300	2012-06-26 16:02	2008-05-13	Show	GitHub Exploit DB Packet Storm

239937	5	警告	シトリックス・システムズ	-	Citrix Presentation Server などの製品で使用される SecureICA における制限を回避される脆弱性	CWE-310 暗号の問題	CVE-2008-2299	2012-06-26 16:02	2008-05-12	Show	GitHub Exploit DB Packet Storm

239938	7.5	危険	Fusebox	-	Fusebox の fusebox5.php における PHP リモートファイルインクルージョンの脆弱性	CWE-94 コード・インジェクション	CVE-2008-2284	2012-06-26 16:02	2008-05-18	Show	GitHub Exploit DB Packet Storm

239939	5	警告	freelanceauction	-	Freelance Auction Script における権限を取得される脆弱性	CWE-255 証明書・パスワード管理	CVE-2008-2279	2012-06-26 16:02	2008-05-16	Show	GitHub Exploit DB Packet Storm

239940	7.5	危険	freelanceauction	-	Freelance Auction Script の browseproject.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-2278	2012-06-26 16:02	2008-05-16	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:April 26, 2026, 4:08 a.m.

No	CVSS	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
292211	-	glfusion	glfusion	SQL injection vulnerability in private/system/lib-session.php in glFusion 1.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the glf_session cookie parameter.	CWE-89 SQL Injection	CVE-2009-1282	2017-09-29 10:34	2009-04-10	Show	GitHub Exploit DB Packet Storm

292212	-	glfusion	glfusion	glFusion before 1.1.3 performs authentication with a user-provided password hash instead of a password, which allows remote attackers to gain privileges by obtaining the hash and using it in the glf_…	CWE-310 Cryptographic Issues	CVE-2009-1283	2017-09-29 10:34	2009-04-10	Show	GitHub Exploit DB Packet Storm

292213	-	webfileexplorer	web_file_explorer	body.asp in Web File Explorer 3.1 allows remote attackers to create arbitrary files and execute arbitrary code via the savefile action with a file parameter containing a filename that has an executab…	NVD-CWE-noinfo	CVE-2009-1314	2017-09-29 10:34	2009-04-17	Show	GitHub Exploit DB Packet Storm

292214	-	aquacms	aqua_cms	Multiple SQL injection vulnerabilities in Aqua CMS 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) userSID cookie parameter to droplets/fu…	CWE-89 SQL Injection	CVE-2009-1317	2017-09-29 10:34	2009-04-17	Show	GitHub Exploit DB Packet Storm

292215	-	jamroom	jamroom	Directory traversal vulnerability in index.php in Jamroom 3.1.2, 3.2.3 through 3.2.6, 4.0.2, and possibly other versions before 3.4.0 allows remote attackers to include arbitrary files via directory …	CWE-22 Path Traversal	CVE-2009-1318	2017-09-29 10:34	2009-04-17	Show	GitHub Exploit DB Packet Storm

292216	-	guestcal	guest_cal	Directory traversal vulnerability in includes/ini.inc.php in GuestCal 2.1 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the lang parameter to index.php.	CWE-22 Path Traversal	CVE-2009-1319	2017-09-29 10:34	2009-04-17	Show	GitHub Exploit DB Packet Storm

292217	-	humayun_shabbir_bhutta	asp_product_catalog	Cross-site scripting (XSS) vulnerability in search.asp in ASP Product Catalog 1.0 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.	CWE-79 Cross-site Scripting	CVE-2009-1321	2017-09-29 10:34	2009-04-17	Show	GitHub Exploit DB Packet Storm

292218	-	humayun_shabbir_bhutta	asp_product_catalog	ASP Product Catalog 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2009-1322	2017-09-29 10:34	2009-04-17	Show	GitHub Exploit DB Packet Storm

292219	-	webfileexplorer	web_file_explorer	SQL injection vulnerability in body.asp in Web File Explorer 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.	CWE-89 SQL Injection	CVE-2009-1323	2017-09-29 10:34	2009-04-17	Show	GitHub Exploit DB Packet Storm

292220	-	mini-stream	asx_to_mp3_converter	Stack-based buffer overflow in Mini-stream ASX to MP3 Converter 3.0.0.7 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2009-1324	2017-09-29 10:34	2009-04-17	Show	GitHub Exploit DB Packet Storm