Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 15, 2026, 10 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
224241 4.3 警告 Zenphoto - Zenphoto の zp-core/zp-extensions/mergedRSS.php 内の export 関数におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2013-7241 2014-01-7 10:49 2013-10-1 Show GitHub Exploit DB Packet Storm
224242 6.5 警告 シスコシステムズ - Cisco Unified Presence Server の Web インターフェースにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2013-6983 2014-01-6 18:30 2014-01-3 Show GitHub Exploit DB Packet Storm
224243 6.8 警告 The JForum Team - JForum の Admin モジュールの admBase/login.page におけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2013-7209 2014-01-6 18:29 2013-12-26 Show GitHub Exploit DB Packet Storm
224244 6.8 警告 WordPress.org - WordPress の wp-admin/options-discussion.php の retrospam コンポーネントにおけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2013-7233 2014-01-6 18:28 2013-12-17 Show GitHub Exploit DB Packet Storm
224245 7.5 危険 Esri - ESRI ArcGIS for Server における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2013-7232 2014-01-6 18:27 2013-12-19 Show GitHub Exploit DB Packet Storm
224246 3.5 注意 Esri - ESRI ArcGIS for Server の Mobile Content Server におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2013-7231 2014-01-6 18:27 2013-08-2 Show GitHub Exploit DB Packet Storm
224247 3.5 注意 Esri - ESRI ArcGIS for Server におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2013-5222 2014-01-6 18:26 2013-08-7 Show GitHub Exploit DB Packet Storm
224248 4.3 警告 ADTRAN - NetVanta 7000 シリーズ製品上で稼働する ADTRAN AOS の GUI ログインページにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2013-5210 2014-01-6 18:14 2013-09-9 Show GitHub Exploit DB Packet Storm
224249 4.3 警告 X.Org Foundation - X.Org xdm におけるサービス運用妨害 (DoS) の脆弱性 CWE-310
暗号の問題 		CVE-2013-2179 2014-01-6 17:58 2013-06-7 Show GitHub Exploit DB Packet Storm
224250 7.2 危険 DELL EMC (旧 EMC Corporation) - EMC Replication Manager における権限を取得される脆弱性 CWE-Other
その他 		CVE-2013-6182 2014-01-6 17:54 2013-12-24 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 15, 2026, 4:10 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
197591 8.8 HIGH
Network 		teamlead pdf-light-viewer The WordPress PDF Light Viewer Plugin WordPress plugin before 1.4.12 allows users with Author roles to execute arbitrary OS command on the server via OS Command Injection when invoking Ghostscript. - CVE-2021-24684 2024-11-21 14:53 2021-10-18 Show GitHub Exploit DB Packet Storm
197592 5.3 MEDIUM
Network 		find_my_blocks_project find_my_blocks The Find My Blocks WordPress plugin before 3.4.0 does not have authorisation checks in its REST API, which could allow unauthenticated users to enumerate private posts' titles. - CVE-2021-24677 2024-11-21 14:53 2021-10-18 Show GitHub Exploit DB Packet Storm
197593 6.5 MEDIUM
Network 		onedesigns one_user_avatar The One User Avatar WordPress plugin before 2.3.7 does not check for CSRF when updating the Avatar in page where the [avatar_upload] shortcode is embed. As a result, attackers could make logged in us… - CVE-2021-24675 2024-11-21 14:53 2021-10-18 Show GitHub Exploit DB Packet Storm
197594 5.4 MEDIUM
Network 		onedesigns one_user_avatar The One User Avatar WordPress plugin before 2.3.7 does not escape the link and target attributes of its shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Script… - CVE-2021-24672 2024-11-21 14:53 2021-10-18 Show GitHub Exploit DB Packet Storm
197595 6.5 MEDIUM
Network 		scroll_banner_project scroll_banner The Scroll Baner WordPress plugin through 1.0 does not have CSRF check in place when saving its settings, nor perform any sanitisation, escaping or validation on them. This could allow attackers to m… - CVE-2021-24642 2024-11-21 14:53 2021-10-18 Show GitHub Exploit DB Packet Storm
197596 4.8 MEDIUM
Network 		emarketdesign customer_service_software_\&_support_ticket_system The Customer Service Software & Support Ticket System WordPress plugin before 5.10.4 does not sanitize or escape form fields before outputting it in the List, which could allow high privilege users t… - CVE-2021-24622 2024-11-21 14:53 2021-10-18 Show GitHub Exploit DB Packet Storm
197597 6.1 MEDIUM
Network 		gamepress_project gamepress The GamePress WordPress plugin through 1.1.0 does not escape the op_edit POST parameter before outputting it back in multiple Game Option pages, leading to Reflected Cross-Site Scripting issues - CVE-2021-24617 2024-11-21 14:53 2021-10-18 Show GitHub Exploit DB Packet Storm
197598 5.4 MEDIUM
Network 		wechat_reward_project wechat_reward The Wechat Reward WordPress plugin through 1.7 does not sanitise or escape its QR settings, nor has any CSRF check in place, allowing attackers to make a logged in admin change the settings and perfo… - CVE-2021-24615 2024-11-21 14:53 2021-10-18 Show GitHub Exploit DB Packet Storm
197599 4.8 MEDIUM
Network 		sociable_project sociable The Sociable WordPress plugin through 4.3.4.1 does not sanitise or escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site Scri… CWE-79
Cross-site Scripting 		CVE-2021-24612 2024-11-21 14:53 2021-10-18 Show GitHub Exploit DB Packet Storm
197600 6.5 MEDIUM
Network 		wp_cookie_choice_project wp_cookie_choice The Wp Cookie Choice WordPress plugin through 1.1.0 is lacking any CSRF check when saving its options, and do not escape them when outputting them in attributes. As a result, an attacker could make a… - CVE-2021-24595 2024-11-21 14:53 2021-10-18 Show GitHub Exploit DB Packet Storm