Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 12, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
242361	7.5	危険	cfmsource	-	CF_Forum の forummessages.cfm における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-6324	2012-06-26 16:10	2009-02-27	Show	GitHub Exploit DB Packet Storm

242362	7.5	危険	cfmsource	-	CFMSource CF_Auction の forummessages.cfm における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-6323	2012-06-26 16:10	2009-02-27	Show	GitHub Exploit DB Packet Storm

242363	7.5	危険	cfmsource	-	CFMSource CFMBlog の index.cfm における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-6322	2012-06-26 16:10	2009-02-27	Show	GitHub Exploit DB Packet Storm

242364	5	警告	cfshopkart	-	CF Shopkart におけるユーザ名およびパスワード等の重要な情報を取得される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2008-6321	2012-06-26 16:10	2009-02-27	Show	GitHub Exploit DB Packet Storm

242365	7.5	危険	cfshopkart	-	CF Shopkart の index.cfm における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-6320	2012-06-26 16:10	2009-02-27	Show	GitHub Exploit DB Packet Storm

242366	7.5	危険	cfmsource	-	CF_Calendar の calendarevent.cfm における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-6319	2012-06-26 16:10	2009-02-27	Show	GitHub Exploit DB Packet Storm

242367	7.5	危険	butterflymedia	-	Butterfly Organizer の view.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-6311	2012-06-26 16:10	2009-02-27	Show	GitHub Exploit DB Packet Storm

242368	7.5	危険	e-topbiz	-	E-topbiz Link Back Checker における管理者アクセス権を取得される脆弱性	CWE-287 不適切な認証	CVE-2008-6307	2012-06-26 16:10	2009-02-26	Show	GitHub Exploit DB Packet Storm

242369	6.8	警告	freedirectoryscript	-	Free Directory Script の init.php における PHP リモートファイルインクルージョンの脆弱性	CWE-94 コード・インジェクション	CVE-2008-6305	2012-06-26 16:10	2009-02-26	Show	GitHub Exploit DB Packet Storm

242370	4.3	警告	dhcart	-	DHCart の order.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-6297	2012-06-26 16:10	2009-02-26	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 13, 2026, 5:05 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
267421	5.4	MEDIUM Network	backbone_project	backbone	backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON There exists a potential Cross Site…	CWE-79 Cross-site Scripting	CVE-2016-10537	2024-11-21 11:44	2018-06-1	Show	GitHub Exploit DB Packet Storm

267422	5.9	MEDIUM Network	socket	engine.io-client	engine.io-client is the client for engine.io, the implementation of a transport-based cross-browser/cross-device bi-directional communication layer for Socket.IO. The vulnerability is related to the …	CWE-295 Improper Certificate Validation	CVE-2016-10536	2024-11-21 11:44	2018-06-1	Show	GitHub Exploit DB Packet Storm

267423	5.9	MEDIUM Network	csrf-lite_project	csrf-lite	csrf-lite is a cross-site request forgery protection library for framework-less node sites. csrf-lite uses `===`, a fail first string comparison, instead of a time constant string comparison This ena…	CWE-310 Cryptographic Issues	CVE-2016-10535	2024-11-21 11:44	2018-06-1	Show	GitHub Exploit DB Packet Storm

267424	5.9	MEDIUM Network	electron-packager_project	electron-packager	electron-packager is a command line tool that packages Electron source code into `.app` and `.exe` packages. along with Electron. The `--strict-ssl` command line option in electron-packager >= 5.2.1 …	CWE-295 Improper Certificate Validation	CVE-2016-10534	2024-11-21 11:44	2018-06-1	Show	GitHub Exploit DB Packet Storm

267425	6.1	MEDIUM Network	marked_project	marked	marked is an application that is meant to parse and compile markdown. Due to the way that marked 0.3.5 and earlier parses input, specifically HTML entities, it's possible to bypass marked's content i…	CWE-79 Cross-site Scripting	CVE-2016-10531	2024-11-21 11:44	2018-06-1	Show	GitHub Exploit DB Packet Storm

267426	5.9	MEDIUM Network	airbrake	airbrake	The airbrake module 0.3.8 and earlier defaults to sending environment variables over HTTP. Environment variables can often times contain secret keys and other sensitive values. A malicious user could…	CWE-310 CWE-200 Cryptographic Issues Information Exposure	CVE-2016-10530	2024-11-21 11:44	2018-06-1	Show	GitHub Exploit DB Packet Storm

267427	8.8	HIGH Network	droppy_project	droppy	Droppy versions <3.5.0 does not perform any verification for cross-domain websocket requests. An attacker is able to make a specially crafted page that can send requests as the context of the current…	CWE-352 Origin Validation Error	CVE-2016-10529	2024-11-21 11:44	2018-06-1	Show	GitHub Exploit DB Packet Storm

267428	4.9	MEDIUM Network	restafary_project	restafary	restafary is a REpresentful State Transfer API for Creating, Reading, Using, Deleting files on a server from the web. Restafary before 1.6.1 is able to set up a root path, which should only allow it …	CWE-22 Path Traversal	CVE-2016-10528	2024-11-21 11:44	2018-06-1	Show	GitHub Exploit DB Packet Storm

267429	8.8	HIGH Network	express-restify-mongoose_project	express-restify-mongoose	express-restify-mongoose is a module to easily create a flexible REST interface for mongoose models. express-restify-mongoose 2.4.2 and earlier and 3.0.X through 3.0.1 allows a malicious user to send…	CWE-200 Information Exposure	CVE-2016-10533	2024-11-21 11:44	2018-06-1	Show	GitHub Exploit DB Packet Storm

267430	9.8	CRITICAL Network	console-io_project	console-io	console-io is a module that allows users to implement a web console in their application. A malicious user could bypass the authentication and execute any command that the user who is running the con…	CWE-287 Improper Authentication	CVE-2016-10532	2024-11-21 11:44	2018-06-1	Show	GitHub Exploit DB Packet Storm