Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 18, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
242221	7.5	危険	boldfx	-	Model Agency Manager PRO の photos.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-4731	2012-06-26 16:19	2010-03-18	Show	GitHub Exploit DB Packet Storm

242222	5.1	警告	Arab Portal	-	Arab Portal の modules/aljazeera/admin/setup.php におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2009-4725	2012-06-26 16:19	2010-03-18	Show	GitHub Exploit DB Packet Storm

242223	7.5	危険	andrews-web	-	A-W BannerAd の Admin/index.asp における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-4721	2012-06-26 16:19	2010-03-18	Show	GitHub Exploit DB Packet Storm

242224	7.5	危険	gnudip	-	GnuDIP の cgi-bin/gnudip.cgi における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-4720	2012-06-26 16:19	2010-03-18	Show	GitHub Exploit DB Packet Storm

242225	7.5	危険	bob jewell	-	Discloser の index.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-4719	2012-06-26 16:19	2010-03-18	Show	GitHub Exploit DB Packet Storm

242226	7.5	危険	gonafish	-	Gonafish WebStatCaffe における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-4718	2012-06-26 16:19	2010-03-15	Show	GitHub Exploit DB Packet Storm

242227	4.3	警告	gonafish	-	Gonafish WebStatCaffe におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-4717	2012-06-26 16:19	2010-03-15	Show	GitHub Exploit DB Packet Storm

242228	4.3	警告	edgephp	-	EDGEPHP EZWebSearch の results.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-4716	2012-06-26 16:19	2010-03-15	Show	GitHub Exploit DB Packet Storm

242229	4.3	警告	alexandre amaral	-	XOOPS Celepar の quiz モジュールにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-4714	2012-06-26 16:19	2010-03-15	Show	GitHub Exploit DB Packet Storm

242230	4.3	警告	alexandre amaral	-	XOOPS Celepar の Qas モジュールにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-4713	2012-06-26 16:19	2010-03-15	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 18, 2026, 4:12 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
266781	5.5	MEDIUM Local	bouncycastle google	legion-of-the-bouncy-castle-java-crytography-api android	The AES-GCM specification in RFC 5084, as used in Android 5.x and 6.x, recommends 12 octets for the aes-ICVlen parameter field, which might make it easier for attackers to defeat a cryptographic prot…	CWE-200 Information Exposure	CVE-2016-2427	2024-11-21 11:48	2016-04-18	Show	GitHub Exploit DB Packet Storm

266782	6.1	MEDIUM Physics	google	android	server/telecom/CallsManager.java in Telephony in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider whether a device is provisioned…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2016-2423	2024-11-21 11:48	2016-04-18	Show	GitHub Exploit DB Packet Storm

266783	7.8	HIGH Local	google	android	Wi-Fi in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not prevent use of a Wi-Fi CA certificate in an unrelated CA role, which allows attackers to …	CWE-264 Permissions, Privileges, and Access Controls	CVE-2016-2422	2024-11-21 11:48	2016-04-18	Show	GitHub Exploit DB Packet Storm

266784	6.1	MEDIUM Physics	google	android	Setup Wizard in Android 5.1.x before 5.1.1 and 6.x before 2016-04-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified …	CWE-264 Permissions, Privileges, and Access Controls	CVE-2016-2421	2024-11-21 11:48	2016-04-18	Show	GitHub Exploit DB Packet Storm

266785	7.8	HIGH Local	google	android	rootdir/init.rc in Android 4.x before 4.4.4 does not ensure that the /data/tombstones directory exists for the Debuggerd component, which allows attackers to gain privileges via a crafted application…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2016-2420	2024-11-21 11:48	2016-04-18	Show	GitHub Exploit DB Packet Storm

266786	9.8	CRITICAL Network	google	android	media/libmedia/IDrm.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize a certain key-request data structure, which allows attackers to obtain sensitive information from process m…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2016-2419	2024-11-21 11:48	2016-04-18	Show	GitHub Exploit DB Packet Storm

266787	9.8	CRITICAL Network	google	android	media/libmedia/IOMX.cpp in mediaserver in Android 6.x before 2016-04-01 does not initialize certain metadata buffer pointers, which allows attackers to obtain sensitive information from process memor…	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2016-2418	2024-11-21 11:48	2016-04-18	Show	GitHub Exploit DB Packet Storm

266788	9.8	CRITICAL Network	google	android	media/libmedia/IOMX.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a parameter data structure, which allows atta…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2016-2417	2024-11-21 11:48	2016-04-18	Show	GitHub Exploit DB Packet Storm

266789	9.8	CRITICAL Network	google	android	libs/gui/BufferQueueConsumer.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not check for the android.permission.DUMP permissio…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2016-2416	2024-11-21 11:48	2016-04-18	Show	GitHub Exploit DB Packet Storm

266790	5.5	MEDIUM Local	google	android	exchange/eas/EasAutoDiscover.java in the Autodiscover implementation in Exchange ActiveSync in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 allows attackers to obtain sen…	CWE-200 Information Exposure	CVE-2016-2415	2024-11-21 11:48	2016-04-18	Show	GitHub Exploit DB Packet Storm