Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 30, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
224501	5	警告	Rock Lobster	-	Rock Lobster Contact Form 7 における CAPTCHA 保護メカニズムを回避される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2014-2265	2014-04-8 17:49	2014-02-26	Show	GitHub Exploit DB Packet Storm

224502	5	警告	アップル	-	Apple Safari などで使用される WebKit におけるサンドボックス保護メカニズムを回避される脆弱性	CWE-20 不適切な入力確認	CVE-2014-1297	2014-04-8 17:33	2014-04-1	Show	GitHub Exploit DB Packet Storm

224503	9.3	危険	Mozilla Foundation	-	複数の Mozilla 製品の vmtypedarrayobject.cpp における任意のコードを実行される脆弱性	CWE-119 バッファエラー	CVE-2014-1514	2014-04-8 17:09	2014-03-18	Show	GitHub Exploit DB Packet Storm

224504	9.3	危険	Mozilla Foundation	-	複数の Mozilla 製品の TypedArrayObject.cpp における任意のコードを実行される脆弱性	CWE-119 バッファエラー	CVE-2014-1513	2014-04-8 17:08	2014-03-18	Show	GitHub Exploit DB Packet Storm

224505	9.3	危険	Mozilla Foundation	-	複数の Mozilla 製品の JavaScript エンジンの TypeObject クラスにおける任意のコードを実行される脆弱性	CWE-399 リソース管理の問題	CVE-2014-1512	2014-04-8 17:07	2014-03-18	Show	GitHub Exploit DB Packet Storm

224506	9.3	危険	Mozilla Foundation	-	複数の Mozilla 製品におけるポップアップブロッカーを回避される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2014-1511	2014-04-8 17:06	2014-03-18	Show	GitHub Exploit DB Packet Storm

224507	9.3	危険	Mozilla Foundation	-	複数の Mozilla 製品の Web IDL の実装におけるクローム特権で任意の JavaScript コードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2014-1510	2014-04-8 17:05	2014-03-18	Show	GitHub Exploit DB Packet Storm

224508	7.6	危険	Mozilla Foundation	-	複数の Mozilla 製品で使用される Cairo の _cairo_truetype_index_to_ucs4 関数におけるバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2014-1509	2014-04-8 17:04	2014-03-18	Show	GitHub Exploit DB Packet Storm

224509	6.8	警告	Mozilla Foundation	-	複数の Mozilla 製品の libxul.so!gfxContext::Polygon 関数におけるプロセスメモリから重要な情報を取得される脆弱性	CWE-119 バッファエラー	CVE-2014-1508	2014-04-8 17:03	2014-03-18	Show	GitHub Exploit DB Packet Storm

224510	6.8	警告	Mozilla Foundation	-	複数の Mozilla 製品の SVG フィルタの実装における重要な変位相関情報を取得される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2014-1505	2014-04-8 17:03	2014-03-18	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:July 1, 2026, 4:27 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
200601	8.8	HIGH Network	frenify	mediamatic	The mediamaticAjaxRenameCategory AJAX action of the Mediamatic WordPress plugin before 2.8.1, available to any authenticated user, does not sanitise the categoryID parameter before using it in a SQL …	CWE-89 SQL Injection	CVE-2021-24848	2024-11-21 14:53	2021-12-13	Show	GitHub Exploit DB Packet Storm

200602	6.5	MEDIUM Network	improved_include_page_project	improved_include_page	The Improved Include Page WordPress plugin through 1.2 allows passing shortcode attributes with post_type & post_status which can be used to retrieve arbitrary content. This way, users with a role as…	NVD-CWE-Other	CVE-2021-24845	2024-11-21 14:53	2021-12-13	Show	GitHub Exploit DB Packet Storm

200603	4.3	MEDIUM Network	storeapps	temporary_login_without_password	The Temporary Login Without Password WordPress plugin before 1.7.1 does not have authorisation and CSRF checks when updating its settings, which could allows any logged-in users, such as subscribers …	CWE-352 CWE-862 Origin Validation Error Missing Authorization	CVE-2021-24836	2024-11-21 14:53	2021-12-13	Show	GitHub Exploit DB Packet Storm

200604	4.3	MEDIUM Network	page\/post_content_shortcode_project	page\/post_content_shortcode	The Page/Post Content Shortcode WordPress plugin through 1.0 does not have proper authorisation in place, allowing users with a role as low as contributor to access draft/private/password protected/t…	CWE-863 Incorrect Authorization	CVE-2021-24819	2024-11-21 14:53	2021-12-13	Show	GitHub Exploit DB Packet Storm

200605	4.3	MEDIUM Network	wp_limits_project	wp_limits	The WP Limits WordPress plugin through 1.0 does not have CSRF check when saving its settings, allowing attacker to make a logged in admin change them, which could make the blog unstable by setting lo…	-	CVE-2021-24818	2024-11-21 14:53	2021-12-13	Show	GitHub Exploit DB Packet Storm

200606	5.4	MEDIUM Network	ultimate_nofollow_project	ultimate_nofollow	The Ultimate NoFollow WordPress plugin through 1.4.8 does not sanitise and escape the href attribute of its shortcodes, allowing users with a role as low as contributor to perform Cross-Site Scriptin…	-	CVE-2021-24817	2024-11-21 14:53	2021-12-13	Show	GitHub Exploit DB Packet Storm

200607	6.5	MEDIUM Network	phoeniixx	filter_portfolio_gallery	The Filter Portfolio Gallery WordPress plugin through 1.5 is lacking Cross-Site Request Forgery (CSRF) check when deleting a Gallery, which could allow attackers to make a logged in admin delete arbi…	-	CVE-2021-24795	2024-11-21 14:53	2021-12-13	Show	GitHub Exploit DB Packet Storm

200608	6.1	MEDIUM Network	wpeden	shiny_buttons	The Shiny Buttons WordPress plugin through 1.1.0 does not have any authorisation and CSRF in place when saving a template (wpbtn_save_template function hooked to the init action), nor sanitise and es…	-	CVE-2021-24792	2024-11-21 14:53	2021-12-13	Show	GitHub Exploit DB Packet Storm

200609	4.3	MEDIUM Network	contact_form_advanced_database_project	contact_form_advanced_database	The Contact Form Advanced Database WordPress plugin through 1.0.8 does not have any authorisation as well as CSRF checks in its delete_cf7_data and export_cf7_data AJAX actions, available to any auth…	CWE-352 CWE-862 Origin Validation Error Missing Authorization	CVE-2021-24790	2024-11-21 14:53	2021-12-13	Show	GitHub Exploit DB Packet Storm

200610	6.5	MEDIUM Network	wp_admin_logo_changer_project	wp_admin_logo_changer	The WP Admin Logo Changer WordPress plugin through 1.0 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin update them via a CSRF attack.	-	CVE-2021-24784	2024-11-21 14:53	2021-12-13	Show	GitHub Exploit DB Packet Storm