Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 3, 2025, 1:14 p.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show
Exploit
PoC
Search
186911 4 警告 ThinkShout - Drupal 用 Mandrill モジュールにおけるパスワードのリセットリンクを取得される脆弱性 CWE-200
情報漏えい
CVE-2012-5544 2012-12-5 16:57 2012-10-9 Show GitHub Exploit DB Packet Storm
186912 4.3 警告 Phase2 Technology - Drupal 用 Feeds モジュールにおける任意のノードを作成される脆弱性 CWE-264
認可・権限・アクセス制御
CVE-2012-5543 2012-12-5 16:56 2012-10-10 Show GitHub Exploit DB Packet Storm
186913 6.8 警告 Pedro Cambra - Drupal 用 Commerce Extra Panes モジュールにおけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反
CVE-2012-5542 2012-12-5 16:55 2012-10-3 Show GitHub Exploit DB Packet Storm
186914 4.3 警告 Twitter Pull Project - Drupal用 Twitter Pull モジュールにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2012-5541 2012-12-5 16:54 2012-10-3 Show GitHub Exploit DB Packet Storm
186915 4.3 警告 Tekritisoftware - Drupal 用 Hostip モジュールにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2012-5540 2012-12-5 16:54 2012-10-3 Show GitHub Exploit DB Packet Storm
186916 3.5 注意 Moshe Weitzman - Drupal 用 Organic Groups モジュールにおける任意のグループに投稿される脆弱性 CWE-264
認可・権限・アクセス制御
CVE-2012-5539 2012-12-5 16:51 2012-09-26 Show GitHub Exploit DB Packet Storm
186917 2.1 注意 Nathan Haug - Drupal 用 FileField Sources モジュールにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2012-5538 2012-12-5 16:48 2012-09-19 Show GitHub Exploit DB Packet Storm
186918 6 警告 Simplenews Scheduler Project - Drupal 用 Simplenews Scheduler モジュールにおける任意の PHP コード を挿入される脆弱性 CWE-94
コード・インジェクション
CVE-2012-5537 2012-12-5 16:44 2012-09-19 Show GitHub Exploit DB Packet Storm
186919 5 警告 Erik Webb - Drupal 用 Password policy モジュールにおけるパスワードハッシュを取得される脆弱性 CWE-200
情報漏えい
CVE-2012-5552 2012-12-5 16:21 2012-10-31 Show GitHub Exploit DB Packet Storm
186920 4.3 警告 ThinkShout - Drupal 用 MailChimp モジュールにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2012-5551 2012-12-5 16:17 2012-10-23 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:Feb. 26, 2025, 4:08 a.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
321 7.2 HIGH
Network
- - The SMTP for SendGrid – YaySMTP plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. T… CWE-79
Cross-site Scripting
CVE-2025-0918 2025-02-22 22:15 2025-02-22 Show GitHub Exploit DB Packet Storm
322 - - - In the Linux kernel, the following vulnerability has been resolved: usb: cdc-acm: Check control transfer buffer size before access If the first fragment is shorter than struct usb_cdc_notification,… - CVE-2025-21704 2025-02-22 19:15 2025-02-22 Show GitHub Exploit DB Packet Storm
323 7.5 HIGH
Network
- - The IP2Location Country Blocker plugin for WordPress is vulnerable to Regular Information Exposure in all versions up to, and including, 2.38.8 due to missing capability checks on the admin_init() fu… CWE-285
Improper Authorization
CVE-2025-1361 2025-02-22 18:15 2025-02-22 Show GitHub Exploit DB Packet Storm
324 6.4 MEDIUM
Network
- - The Rife Elementor Extensions & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Writing Effect Headline shortcode in all versions up to, and including, 1.… CWE-79
Cross-site Scripting
CVE-2024-13564 2025-02-22 18:15 2025-02-22 Show GitHub Exploit DB Packet Storm
325 5.3 MEDIUM
Network
- - The Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress is vulnerable to unauthorized order creation in all versions up to, and including, 2.3.5. This is due to insufficient verificatio… CWE-20
 Improper Input Validation 
CVE-2024-13798 2025-02-22 14:15 2025-02-22 Show GitHub Exploit DB Packet Storm
326 7.5 HIGH
Network
- - The LTL Freight Quotes – Purolator Edition plugin for WordPress is vulnerable to SQL Injection via the 'dropship_edit_id' and 'edit_id' parameters in all versions up to, and including, 2.2.3 due to i… CWE-89
SQL Injection
CVE-2024-13474 2025-02-22 14:15 2025-02-22 Show GitHub Exploit DB Packet Storm
327 6.1 MEDIUM
Network
- - The Pago por Redsys plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'Ds_MerchantParameters' parameter in all versions up to, and including, 1.0.12 due to insufficient inp… CWE-79
Cross-site Scripting
CVE-2024-12467 2025-02-22 14:15 2025-02-22 Show GitHub Exploit DB Packet Storm
328 6.4 MEDIUM
Network
- - The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin… CWE-79
Cross-site Scripting
CVE-2024-12038 2025-02-22 14:15 2025-02-22 Show GitHub Exploit DB Packet Storm
329 7.3 HIGH
Network
- - The The Custom Post Type Date Archives plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 2.7.1. This is due to the software allowing users to e… CWE-94
Code Injection
CVE-2025-1510 2025-02-22 13:15 2025-02-22 Show GitHub Exploit DB Packet Storm
330 7.3 HIGH
Network
- - The The Show Me The Cookies plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.0. This is due to the software allowing users to execute an act… CWE-94
Code Injection
CVE-2025-1509 2025-02-22 13:15 2025-02-22 Show GitHub Exploit DB Packet Storm