Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":May 14, 2026, 6:01 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
241651 6.8 警告 Drupal
paul beaney		 - Drupal 用の PHPList Integration モジュールの "My Account" 機能におけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2009-4066 2012-06-26 16:18 2009-11-18 Show GitHub Exploit DB Packet Storm
241652 4.3 警告 Ezra Barnett Gildesgame
Drupal		 - Drupal の OG モジュールにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2009-4063 2012-06-26 16:18 2009-11-4 Show GitHub Exploit DB Packet Storm
241653 4.3 警告 Drupal
anon-design		 - Drupal の Printfriendly モジュールにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2009-4062 2012-06-26 16:18 2009-11-18 Show GitHub Exploit DB Packet Storm
241654 7.5 危険 CubeCart Limited - CubeCart の includes/content/viewProd.inc.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2009-4060 2012-06-26 16:18 2009-11-23 Show GitHub Exploit DB Packet Storm
241655 6.8 警告 Joomla!
joomclan		 - Joomla! の JoomClip コンポーネントにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2009-4059 2012-06-26 16:18 2009-11-23 Show GitHub Exploit DB Packet Storm
241656 7.5 危険 betsy - Betsy CMS の admin/popup.php におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2009-4056 2012-06-26 16:18 2009-11-23 Show GitHub Exploit DB Packet Storm
241657 5 警告 Digium - Asterisk Open Source および s800i の rtp.c におけるサービス運用妨害 (DoS) の脆弱性 CWE-Other
その他 		CVE-2009-4055 2012-06-26 16:18 2009-11-13 Show GitHub Exploit DB Packet Storm
241658 4 警告 downstairs.dnsalias - Home FTP Server におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2009-4053 2012-06-26 16:18 2009-11-23 Show GitHub Exploit DB Packet Storm
241659 5 警告 downstairs.dnsalias - Home FTP Server におけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認 		CVE-2009-4051 2012-06-26 16:18 2009-11-23 Show GitHub Exploit DB Packet Storm
241660 7.2 危険 AVAST Software s.r.o. - avast! Home and Professional の aswRdr.sys におけるヒープベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2009-4049 2012-06-26 16:18 2009-11-23 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:May 15, 2026, 4:28 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
266821 6.1 MEDIUM
Network 		sophos unified_threat_management_software Cross-site scripting (XSS) vulnerability in the UserPortal page in SOPHOS UTM before 9.353 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. CWE-79
Cross-site Scripting 		CVE-2016-2046 2024-11-21 11:47 2016-02-18 Show GitHub Exploit DB Packet Storm
266822 8.8 HIGH
Network 		mozilla firefox Mozilla Firefox before 44.0.2 does not properly restrict the interaction between Service Workers and plugins, which allows remote attackers to bypass the Same Origin Policy via a crafted web site tha… CWE-264
Permissions, Privileges, and Access Controls 		CVE-2016-1949 2024-11-21 11:47 2016-02-13 Show GitHub Exploit DB Packet Storm
266823 6.5 MEDIUM
Network 		xmlsoft
debian
canonical 		libxml2
debian_linux
ubuntu_linux 		The htmlParseNameComplex function in HTMLparser.c in libxml2 allows attackers to cause a denial of service (out-of-bounds read) via a crafted XML document. CWE-119
Incorrect Access of Indexable Resource ('Range Error')  		CVE-2016-2073 2024-11-21 11:47 2016-02-13 Show GitHub Exploit DB Packet Storm
266824 9.8 CRITICAL
Network 		hp continuous_delivery_automation HP Continuous Delivery Automation (CDA) 1.30 allows remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections library. CWE-94
Code Injection 		CVE-2016-1986 2024-11-21 11:47 2016-02-12 Show GitHub Exploit DB Packet Storm
266825 3.3 LOW
Local 		libdwarf_project libdwarf The dwarf_read_cie_fde_prefix function in dwarf_frame2.c in libdwarf 20151114 allows attackers to cause a denial of service (out-of-bounds read) via a crafted ELF object file. CWE-125
Out-of-bounds Read 		CVE-2016-2091 2024-11-21 11:47 2016-02-9 Show GitHub Exploit DB Packet Storm
266826 6.5 MEDIUM
Network 		jasper_project jasper The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image. CWE-20
 Improper Input Validation  		CVE-2016-2089 2024-11-21 11:47 2016-02-9 Show GitHub Exploit DB Packet Storm
266827 5.5 MEDIUM
Network 		djangoproject django Django 1.9.x before 1.9.2, when ModelAdmin.save_as is set to True, allows remote authenticated users to bypass intended access restrictions and create ModelAdmin objects via the "Save as New" option … CWE-284
Improper Access Control 		CVE-2016-2048 2024-11-21 11:47 2016-02-9 Show GitHub Exploit DB Packet Storm
266828 9.8 CRITICAL
Network 		kubernetes kubernetes Openshift allows remote attackers to gain privileges by updating a build configuration that was created with an allowed type to a type that is not allowed. CWE-264
Permissions, Privileges, and Access Controls 		CVE-2016-1906 2024-11-21 11:47 2016-02-4 Show GitHub Exploit DB Packet Storm
266829 7.7 HIGH
Network 		kubernetes kubernetes The API server in Kubernetes does not properly check admission control, which allows remote authenticated users to access additional resources via a crafted patched object. CWE-284
Improper Access Control 		CVE-2016-1905 2024-11-21 11:47 2016-02-4 Show GitHub Exploit DB Packet Storm
266830 8.8 HIGH
Network 		janrain php-openid examples/consumer/common.php in JanRain PHP OpenID library (aka php-openid) improperly checks the openid.realm parameter against the SERVER_NAME element in the SERVER superglobal array, which might a… CWE-284
Improper Access Control 		CVE-2016-2049 2024-11-21 11:47 2016-02-2 Show GitHub Exploit DB Packet Storm