Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":July 1, 2026, 4:01 p.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show
Exploit
PoC
Search
241131 4.3 警告 kronos - Kronos webTA におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2008-6666 2012-09-25 17:27 2009-04-8 Show GitHub Exploit DB Packet Storm
241132 6.8 警告 ozerov - Alexey Ozerov BigDump の bigdump.php における任意のコードを実行される脆弱性 CWE-Other
その他
CVE-2008-6660 2012-09-25 17:27 2009-04-7 Show GitHub Exploit DB Packet Storm
241133 7.5 危険 openautoclassifieds - Open Auto Classifieds における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2008-6656 2012-09-25 17:27 2009-04-7 Show GitHub Exploit DB Packet Storm
241134 7.5 危険 InsaneVisions - OneCMS の asd.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2008-6652 2012-09-25 17:27 2009-04-7 Show GitHub Exploit DB Packet Storm
241135 10 危険 oxyproject - OxYProject OxYBox の edithistory.php における任意の PHP コードを挿入される脆弱性 CWE-94
コード・インジェクション
CVE-2008-6651 2012-09-25 17:27 2009-04-7 Show GitHub Exploit DB Packet Storm
241136 5 警告 mywebland - miniBloggie の del.php における任意の投稿を削除される脆弱性 CWE-264
認可・権限・アクセス制御
CVE-2008-6650 2012-09-25 17:27 2009-04-7 Show GitHub Exploit DB Packet Storm
241137 7.5 危険 Ktools.net LLC. - Ktools PhotoStore の manager/image_details_editor.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2008-6649 2012-09-25 17:27 2009-04-7 Show GitHub Exploit DB Packet Storm
241138 7.5 危険 Ktools.net LLC. - Ktools PhotoStore の crumbs.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2008-6648 2012-09-25 17:27 2009-04-7 Show GitHub Exploit DB Packet Storm
241139 7.5 危険 Ktools.net LLC. - Ktools PhotoStore の gallery.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2008-6647 2012-09-25 17:27 2009-04-7 Show GitHub Exploit DB Packet Storm
241140 4.3 警告 opencosmo - Opencosmo VisualSentinel におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2008-6645 2012-09-25 17:27 2009-04-7 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:July 1, 2026, 4:27 a.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
265741 7.5 HIGH
Network
freedesktop
debian
poppler
debian_linux
The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to laun… CWE-476
 NULL Pointer Dereference
CVE-2017-14977 2024-11-21 12:13 2017-10-2 Show GitHub Exploit DB Packet Storm
265742 7.5 HIGH
Network
freedesktop
debian
poppler
debian_linux
The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an at… CWE-125
Out-of-bounds Read
CVE-2017-14976 2024-11-21 12:13 2017-10-2 Show GitHub Exploit DB Packet Storm
265743 7.5 HIGH
Network
freedesktop
debian
poppler
debian_linux
The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch… CWE-476
 NULL Pointer Dereference
CVE-2017-14975 2024-11-21 12:13 2017-10-2 Show GitHub Exploit DB Packet Storm
265744 5.5 MEDIUM
Local
gnu binutils The *_get_synthetic_symtab functions in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandle the failure of a certain canonicalization step, which all… CWE-476
 NULL Pointer Dereference
CVE-2017-14974 2024-11-21 12:13 2017-10-2 Show GitHub Exploit DB Packet Storm
265745 5.9 MEDIUM
Network
openvswitch openvswitch In lib/ofp-util.c in Open vSwitch (OvS) before 2.8.1, there are multiple memory leaks while parsing malformed OpenFlow group mod messages. NOTE: the vendor disputes the relevance of this report, stat… CWE-772
 Missing Release of Resource after Effective Lifetime
CVE-2017-14970 2024-11-21 12:13 2017-10-2 Show GitHub Exploit DB Packet Storm
265746 7.2 HIGH
Network
pivotx pivotx lib.php in PivotX 2.3.11 does not properly block uploads of dangerous file types by admin users, which allows remote PHP code execution via an upload of a .php file. CWE-434
 Unrestricted Upload of File with Dangerous Type 
CVE-2017-14958 2024-11-21 12:13 2017-10-2 Show GitHub Exploit DB Packet Storm
265747 6.1 MEDIUM
Network
blogotext_project blogotext Stored XSS vulnerability via a comment in inc/conv.php in BlogoText before 3.7.6 allows an unauthenticated attacker to inject JavaScript. If the victim is an administrator, an attacker can (for examp… CWE-79
Cross-site Scripting
CVE-2017-14957 2024-11-21 12:13 2017-10-2 Show GitHub Exploit DB Packet Storm
265748 5.9 MEDIUM
Network
checkmk checkmk Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GU… CWE-200
CWE-362
Information Exposure
Race Condition
CVE-2017-14955 2024-11-21 12:13 2017-10-2 Show GitHub Exploit DB Packet Storm
265749 5.5 MEDIUM
Local
linux linux_kernel The waitid implementation in kernel/exit.c in the Linux kernel through 4.13.4 accesses rusage data structures in unintended cases, which allows local users to obtain sensitive information, and bypass… CWE-200
Information Exposure
CVE-2017-14954 2024-11-21 12:13 2017-10-2 Show GitHub Exploit DB Packet Storm
265750 6.5 MEDIUM
Network
jaspersoft jasperreports Jaspersoft JasperReports 4.7 suffers from a saved credential disclosure vulnerability, which allows a remote authenticated user to retrieve stored Data Source passwords by accessing flow.html and rea… CWE-200
Information Exposure
CVE-2017-14941 2024-11-21 12:13 2017-10-2 Show GitHub Exploit DB Packet Storm