Vulnerability Search Top
Show Search Menu
|
You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database). |
JVN Vulnerability Information
Update Date":May 22, 2026, 6 p.m.
| No | CVSS | Level Attach Vector |
Vendor Name | Project Name | Title | CWE | CVE | Update Date | Publication Date | Impact Show |
Exploit PoC Search |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 242731 | 7.5 | 危険 | esoftpro | - | Online Guestbook Pro の ogp_show.php における SQL インジェクションの脆弱性 |
CWE-89
SQLインジェクション |
CVE-2009-4935 | 2012-06-26 16:19 | 2010-07-12 | Show | GitHub Exploit DB Packet Storm |
| 242732 | 4.3 | 警告 | esoftpro | - | Online Photo Pro の index.php におけるクロスサイトスクリプティングの脆弱性 |
CWE-79
クロスサイト・スクリプティング(XSS) |
CVE-2009-4934 | 2012-06-26 16:19 | 2010-07-12 | Show | GitHub Exploit DB Packet Storm |
| 242733 | 6.8 | 警告 | bestwebsharing | - | Groovy Media Player におけるスタックベースのバッファオーバーフローの脆弱性 |
CWE-119
バッファエラー |
CVE-2009-4931 | 2012-06-26 16:19 | 2010-07-12 | Show | GitHub Exploit DB Packet Storm |
| 242734 | 4.3 | 警告 | esoftpro | - | Online Contact Manager および EContact PRO におけるクロスサイトスクリプティングの脆弱性 |
CWE-79
クロスサイト・スクリプティング(XSS) |
CVE-2009-4926 | 2012-06-26 16:19 | 2010-07-12 | Show | GitHub Exploit DB Packet Storm |
| 242735 | 6.8 | 警告 | creasito | - | Portale e-commerce Creasito における SQL インジェクションの脆弱性 |
CWE-89
SQLインジェクション |
CVE-2009-4925 | 2012-06-26 16:19 | 2010-07-12 | Show | GitHub Exploit DB Packet Storm |
| 242736 | 4.3 | 警告 | dan pascu | - | Dan Pascu python-cjson における特定のクロスサイトスクリプティング攻撃を誘発する脆弱性 |
CWE-79
クロスサイト・スクリプティング(XSS) |
CVE-2009-4924 | 2012-06-26 16:19 | 2010-07-2 | Show | GitHub Exploit DB Packet Storm |
| 242737 | 6.8 | 警告 | dootzky | - | oBlog の admin/index.php における総当りパスワード推測攻撃を実行される脆弱性 |
CWE-287
不適切な認証 |
CVE-2009-4909 | 2012-06-26 16:19 | 2010-06-25 | Show | GitHub Exploit DB Packet Storm |
| 242738 | 4.3 | 警告 | dootzky | - | oBlog におけるクロスサイトスクリプティングの脆弱性 |
CWE-79
クロスサイト・スクリプティング(XSS) |
CVE-2009-4908 | 2012-06-26 16:19 | 2010-06-25 | Show | GitHub Exploit DB Packet Storm |
| 242739 | 6.8 | 警告 | dootzky | - | oBlog におけるクロスサイトリクエストフォージェリの脆弱性 |
CWE-352
同一生成元ポリシー違反 |
CVE-2009-4907 | 2012-06-26 16:19 | 2010-06-25 | Show | GitHub Exploit DB Packet Storm |
| 242740 | 7.8 | 危険 | シスコシステムズ | - | Cisco ASA 5580 シリーズの DTLS 実装におけるサービス運用妨害 (DoS) の脆弱性 |
CWE-noinfo
情報不足 |
CVE-2009-4923 | 2012-06-26 16:19 | 2009-04-6 | Show | GitHub Exploit DB Packet Storm |
NVD Vulnerability Information
Update Date:May 22, 2026, 4:08 a.m.
| No | CVSS | Level Attach Vector |
Vendor Name | Project Name | Title | CWE | CVE | Update Date | Publication Date | Show Affected | Exploit PoC Search |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 268161 | 5.5 |
MEDIUM
Local |
canonical |
ubuntu_linux lxd |
LXD before 2.0.2 does not properly set permissions when switching an unprivileged container into privileged mode, which allows local users to access arbitrary world readable paths in the container di… |
CWE-200
Information Exposure |
CVE-2016-1582 | 2024-11-21 11:46 | 2016-06-10 | Show | GitHub Exploit DB Packet Storm |
| 268162 | 5.5 |
MEDIUM
Local |
canonical |
ubuntu_linux lxd |
LXD before 2.0.2 uses world-readable permissions for /var/lib/lxd/zfs.img when setting up a loop based ZFS pool, which allows local users to copy and read data from arbitrary containers via unspecifi… |
CWE-284
Improper Access Control |
CVE-2016-1581 | 2024-11-21 11:46 | 2016-06-10 | Show | GitHub Exploit DB Packet Storm |
| 268163 | 7.8 |
HIGH
Local |
cisco | aironet_access_point_software_ | Cisco Aironet Access Point Software 8.2(100.0) on 1830e, 1830i, 1850e, 1850i, 2800, and 3800 access points allows local users to obtain Linux root access via crafted CLI command parameters, aka Bug I… |
CWE-20
Improper Input Validation |
CVE-2016-1418 | 2024-11-21 11:46 | 2016-06-8 | Show | GitHub Exploit DB Packet Storm |
| 268164 | 7.5 |
HIGH
Network |
clamav cisco |
clamav email_security_appliance web_security_appliance |
libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before… |
CWE-119
Incorrect Access of Indexable Resource ('Range Error') |
CVE-2016-1405 | 2024-11-21 11:46 | 2016-06-8 | Show | GitHub Exploit DB Packet Storm |
| 268165 | 8.8 |
HIGH
Network |
google debian canonical redhat suse opensuse |
chrome debian_linux ubuntu_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation linux_enterprise leap opensuse |
Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.79 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. |
NVD-CWE-noinfo
|
CVE-2016-1703 | 2024-11-21 11:46 | 2016-06-6 | Show | GitHub Exploit DB Packet Storm |
| 268166 | 6.5 |
MEDIUM
Network |
debian canonical redhat suse opensuse |
debian_linux ubuntu_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation linux_enterprise leap opensuse chrome |
The SkRegion::readFromMemory function in core/SkRegion.cpp in Skia, as used in Google Chrome before 51.0.2704.79, does not validate the interval count, which allows remote attackers to cause a denial… |
CWE-119
Incorrect Access of Indexable Resource ('Range Error') |
CVE-2016-1702 | 2024-11-21 11:46 | 2016-06-6 | Show | GitHub Exploit DB Packet Storm |
| 268167 | 8.8 |
HIGH
Network |
google debian redhat suse opensuse |
chrome debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation linux_enterprise leap opensuse |
The Autofill implementation in Google Chrome before 51.0.2704.79 mishandles the interaction between field updates and JavaScript code that triggers a frame deletion, which allows remote attackers to … |
NVD-CWE-Other
|
CVE-2016-1701 | 2024-11-21 11:46 | 2016-06-6 | Show | GitHub Exploit DB Packet Storm |
| 268168 | 6.5 |
MEDIUM
Network |
debian redhat suse opensuse |
debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation linux_enterprise leap opensuse chrome |
The createCustomType function in extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.79 does not validate module types, which might allow attackers to… |
CWE-200
Information Exposure |
CVE-2016-1698 | 2024-11-21 11:46 | 2016-06-6 | Show | GitHub Exploit DB Packet Storm |
| 268169 | 8.8 |
HIGH
Network |
google debian redhat suse opensuse |
chrome debian_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation linux_enterprise leap opensuse |
The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors. |
CWE-254 CWE-284 7PK - Security Features Improper Access Control |
CVE-2016-1696 | 2024-11-21 11:46 | 2016-06-6 | Show | GitHub Exploit DB Packet Storm |
| 268170 | 8.8 |
HIGH
Network |
google debian canonical redhat suse opensuse |
chrome debian_linux ubuntu_linux enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation linux_enterprise leap opensuse |
Multiple unspecified vulnerabilities in Google Chrome before 51.0.2704.63 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. |
NVD-CWE-noinfo
|
CVE-2016-1695 | 2024-11-21 11:46 | 2016-06-6 | Show | GitHub Exploit DB Packet Storm |