Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 26, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
242941	7.5	危険	demarque	-	Typing Pal の demo.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-4860	2012-06-26 16:19	2010-05-11	Show	GitHub Exploit DB Packet Storm

242942	4.3	警告	ecomstudio	-	PHP Photo Vote の login.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-4857	2012-06-26 16:19	2010-05-11	Show	GitHub Exploit DB Packet Storm

242943	4.3	警告	ecomstudio	-	PHP Easy Shopping Cart の subitems.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-4856	2012-06-26 16:19	2010-05-11	Show	GitHub Exploit DB Packet Storm

242944	4.3	警告	festic	-	SemanticScuttle におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-4852	2012-06-26 16:19	2010-05-7	Show	GitHub Exploit DB Packet Storm

242945	9.3	危険	awingsoft	-	Awingsoft Awakening Winds3D Viewer プラグインにおける任意のプログラムを実行される脆弱性	CWE-119 バッファエラー	CVE-2009-4850	2012-06-26 16:19	2010-05-7	Show	GitHub Exploit DB Packet Storm

242946	4	警告	deliantra	-	Deliantra Server におけるサービス運用妨害 (DoS) の脆弱性	CWE-20 不適切な入力確認	CVE-2009-4847	2012-06-26 16:19	2010-05-7	Show	GitHub Exploit DB Packet Storm

242947	6.8	警告	deliantra	-	Deliantra Server におけるバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2009-4846	2012-06-26 16:19	2010-05-7	Show	GitHub Exploit DB Packet Storm

242948	4.3	警告	BASE	-	BASE におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-4839	2012-06-26 16:19	2010-05-6	Show	GitHub Exploit DB Packet Storm

242949	7.5	危険	BASE	-	BASE の base_ag_common.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-4838	2012-06-26 16:19	2010-05-6	Show	GitHub Exploit DB Packet Storm

242950	4.3	警告	BASE	-	Basic Analysis におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-4837	2012-06-26 16:19	2010-05-6	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 27, 2026, 4:52 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
267811	5.4	MEDIUM Network	fourkitchens fedoraproject	block_class fedora	Cross-site scripting (XSS) vulnerability in the Block Class module 7.x-2.x before 7.x-2.2 for Drupal allows remote authenticated users with the "Administer block classes" permission to inject arbitra…	CWE-79 Cross-site Scripting	CVE-2016-3144	2024-11-21 11:49	2016-04-16	Show	GitHub Exploit DB Packet Storm

267812	6.1	MEDIUM Network	redhat	satellite spacewalk-java	Multiple cross-site scripting (XSS) vulnerabilities in the Web UI in Spacewalk and Red Hat Satellite 5.7 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to systems…	CWE-79 Cross-site Scripting	CVE-2016-3079	2024-11-21 11:49	2016-04-14	Show	GitHub Exploit DB Packet Storm

267813	3.8	LOW Local	oracle xen fedoraproject debian	vm_server xen fedora debian_linux	The fpu_fxrstor function in arch/x86/i387.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensiti…	CWE-200 CWE-284 Information Exposure Improper Access Control	CVE-2016-3159	2024-11-21 11:49	2016-04-14	Show	GitHub Exploit DB Packet Storm

267814	3.8	LOW Local	xen fedoraproject oracle	xen fedora vm_server	The xrstor function in arch/x86/xstate.c in Xen 4.x does not properly handle writes to the hardware FSW.ES bit when running on AMD64 processors, which allows local guest OS users to obtain sensitive …	CWE-200 CWE-284 Information Exposure Improper Access Control	CVE-2016-3158	2024-11-21 11:49	2016-04-14	Show	GitHub Exploit DB Packet Storm

267815	8.8	HIGH Network	mercurial debian suse opensuse fedoraproject redhat	mercurial debian_linux linux_enterprise_software_development_kit linux_enterprise_debuginfo opensuse leap fedora enterprise_linux_desktop enterprise_linux_server_aus enterp…	Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.	CWE-20 Improper Input Validation	CVE-2016-3069	2024-11-21 11:49	2016-04-14	Show	GitHub Exploit DB Packet Storm

267816	8.8	HIGH Network	debian mercurial fedoraproject redhat suse opensuse	debian_linux mercurial fedora enterprise_linux_desktop enterprise_linux_server_aus enterprise_linux_workstation enterprise_linux_server enterprise_linux_hpc_node enterprise_li…	Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted git ext:: URL when cloning a subrepository.	CWE-20 Improper Input Validation	CVE-2016-3068	2024-11-21 11:49	2016-04-14	Show	GitHub Exploit DB Packet Storm

267817	8.8	HIGH Network	cacti	cacti	SQL injection vulnerability in tree.php in Cacti 0.8.8g and earlier allows remote authenticated users to execute arbitrary SQL commands via the parent_id parameter in an item_edit action.	CWE-89 SQL Injection	CVE-2016-3172	2024-11-21 11:49	2016-04-13	Show	GitHub Exploit DB Packet Storm

267818	7.8	HIGH Local	xen canonical	xen ubuntu_linux	The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel does not properly context-switch IOPL on 64-bit PV Xen guests, which allows local guest OS users to gain privileges, cause…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2016-3157	2024-11-21 11:49	2016-04-13	Show	GitHub Exploit DB Packet Storm

267819	8.1	HIGH Network	drupal debian	drupal debian_linux	Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data trunc…	CWE-19 Data Processing Errors	CVE-2016-3171	2024-11-21 11:49	2016-04-13	Show	GitHub Exploit DB Packet Storm

267820	5.3	MEDIUM Network	debian drupal	debian_linux drupal	The "have you forgotten your password" links in the User module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allow remote attackers to obtain sensitive username information by leveraging a configur…	CWE-200 Information Exposure	CVE-2016-3170	2024-11-21 11:49	2016-04-13	Show	GitHub Exploit DB Packet Storm