Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 18, 2026, 10 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
242301	7.5	危険	elvinbts	-	Elvin における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-2123	2012-06-26 16:10	2009-06-19	Show	GitHub Exploit DB Packet Storm

242302	4.3	警告	F5 Networks	-	F5 FirePass SSL VPN のログインインターフェースにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-2119	2012-06-26 16:10	2009-06-18	Show	GitHub Exploit DB Packet Storm

242303	7.5	危険	daan sprenkels	-	FretsWeb における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-2113	2012-06-26 16:10	2009-06-18	Show	GitHub Exploit DB Packet Storm

242304	7.5	危険	frank-karau	-	phpFK の include/page_bottom.php におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2009-2112	2012-06-26 16:10	2009-06-18	Show	GitHub Exploit DB Packet Storm

242305	5	警告	daan sprenkels	-	FretsWeb におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2009-2109	2012-06-26 16:10	2009-06-18	Show	GitHub Exploit DB Packet Storm

242306	7.5	危険	com jumi Joomla!	-	Joomla の jumi コンポーネントにおける SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-2102	2012-06-26 16:10	2009-06-17	Show	GitHub Exploit DB Packet Storm

242307	6.8	警告	castro xl	-	TorrentVolve の archive.php におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2009-2101	2012-06-26 16:10	2009-06-17	Show	GitHub Exploit DB Packet Storm

242308	7.5	危険	david degner	-	phpCollegeExchange の house/listing_view.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-2096	2012-06-26 16:10	2009-06-17	Show	GitHub Exploit DB Packet Storm

242309	7.5	危険	creative web solutions	-	Creative Web Solutions Multi-Level CMS における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-2082	2012-06-26 16:10	2009-06-16	Show	GitHub Exploit DB Packet Storm

242310	3.5	注意	Drupal	-	Drupal 用の Taxonomy manager モジュールの管理ページインターフェースにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-2079	2012-06-26 16:10	2009-06-10	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 18, 2026, 4:12 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
266921	9.8	CRITICAL Network	pam_tacplus_project	pam_tacplus	In pam_tacplus.c in pam_tacplus before 1.4.1, pam_sm_acct_mgmt does not zero out the arep data structure.	NVD-CWE-Other	CVE-2016-20014	2024-11-21 11:47	2022-04-21	Show	GitHub Exploit DB Packet Storm

266922	7.5	HIGH Network	sha256crypt_project sha512crypt_project	sha256crypt sha512crypt	sha256crypt and sha512crypt through 0.6 allow attackers to cause a denial of service (CPU consumption) because the algorithm's runtime is proportional to the square of the length of the password.	CWE-770 Allocation of Resources Without Limits or Throttling	CVE-2016-20013	2024-11-21 11:47	2022-02-19	Show	GitHub Exploit DB Packet Storm

266923	5.9	MEDIUM Network	samba debian fedoraproject redhat canonical	samba debian_linux fedora enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_for_scientific_computing enterprise_linux enterprise_linux_server enterprise_l…	A flaw was found in the way samba implemented SMB1 authentication. An attacker could use this flaw to retrieve the plaintext password sent over the wire even if Kerberos authentication was required.	CWE-287 Improper Authentication	CVE-2016-2124	2024-11-21 11:47	2022-02-19	Show	GitHub Exploit DB Packet Storm

266924	5.3	MEDIUM Network	openbsd netapp	openssh ontap_select_deploy_administration_utility clustered_data_ontap solidfire hci_management_node	OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occu…	NVD-CWE-Other	CVE-2016-20012	2024-11-21 11:47	2021-09-16	Show	GitHub Exploit DB Packet Storm

266925	7.5	HIGH Network	gnome	libgrss	libgrss through 0.7.0 fails to perform TLS certificate verification when downloading feeds, allowing remote attackers to manipulate the contents of feeds without detection. This occurs because of the…	CWE-295 Improper Certificate Validation	CVE-2016-20011	2024-11-21 11:47	2021-05-26	Show	GitHub Exploit DB Packet Storm

266926	10.0	CRITICAL Network	ewww	image_optimizer	EWWW Image Optimizer before 2.8.5 allows remote command execution because it relies on a protection mechanism involving boolval, which is unavailable before PHP 5.5.	NVD-CWE-noinfo	CVE-2016-20010	2024-11-21 11:47	2021-05-5	Show	GitHub Exploit DB Packet Storm

266927	9.8	CRITICAL Network	windriver siemens	vxworks sgt-100_firmware sgt-200_firmware sgt-300_firmware sgt-400_firmware sgt-a20_firmware sgt-a35_firmware sgt-a65_firmware	A DNS client stack-based buffer overflow in ipdnsc_decode_name() affects Wind River VxWorks 6.5 through 7. NOTE: This vulnerability only affects products that are no longer supported by the maintainer	CWE-787 Out-of-bounds Write	CVE-2016-20009	2024-11-21 11:47	2021-03-12	Show	GitHub Exploit DB Packet Storm

266928	9.8	CRITICAL Network	rest\/json_project	rest\/json	The REST/JSON project 7.x-1.x for Drupal allows user registration bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.	CWE-863 Incorrect Authorization	CVE-2016-20005	2024-11-21 11:47	2021-01-1	Show	GitHub Exploit DB Packet Storm

266929	9.8	CRITICAL Network	rest\/json_project	rest\/json	The REST/JSON project 7.x-1.x for Drupal allows field access bypass, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.	CWE-863 Incorrect Authorization	CVE-2016-20004	2024-11-21 11:47	2021-01-1	Show	GitHub Exploit DB Packet Storm

266930	7.5	HIGH Network	rest\/json_project	rest\/json	The REST/JSON project 7.x-1.x for Drupal allows user enumeration, aka SA-CONTRIB-2016-033. NOTE: This project is not covered by Drupal's security advisory policy.	NVD-CWE-Other	CVE-2016-20003	2024-11-21 11:47	2021-01-1	Show	GitHub Exploit DB Packet Storm