Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 6, 2026, 4 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
226561 4 警告 The phpMyAdmin Project - phpMyAdmin の export.php における値を挿入される脆弱性 CWE-noinfo
情報不足 		CVE-2013-3241 2013-04-30 18:23 2013-04-24 Show GitHub Exploit DB Packet Storm
226562 6.5 警告 The phpMyAdmin Project - phpMyAdmin のエクスポート機能におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2013-3240 2013-04-30 18:21 2013-04-24 Show GitHub Exploit DB Packet Storm
226563 6.8 警告 Crunchify - WordPress 用 FourSquare Checkins プラグインにおけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2013-2709 2013-04-30 17:54 2013-04-22 Show GitHub Exploit DB Packet Storm
226564 6.8 警告 Crunchify - WordPress 用 All in One Webmaster プラグインにおけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2013-2696 2013-04-30 17:52 2013-04-22 Show GitHub Exploit DB Packet Storm
226565 5 警告 Blink Web Effects - WordPress 用 Social Media Widget プラグインにおける任意のファイルのアップロードを強制される脆弱性 CWE-noinfo
情報不足 		CVE-2013-1949 2013-04-30 17:51 2013-04-9 Show GitHub Exploit DB Packet Storm
226566 10 危険 Rob Westgeest - Ruby 用 md2pdf gem の converter.rb における任意のコマンドを実行される脆弱性 CWE-noinfo
情報不足 		CVE-2013-1948 2013-04-30 17:51 2013-04-10 Show GitHub Exploit DB Packet Storm
226567 9.3 危険 Kelly D. Redding - Ruby 用 kelredd-pruview gem における任意のコマンドを実行される脆弱性 CWE-78
OSコマンド・インジェクション 		CVE-2013-1947 2013-04-30 17:50 2013-04-4 Show GitHub Exploit DB Packet Storm
226568 9.3 危険 karteek-docsplit - Ruby 用 Karteek Docsplit gem における任意のコマンドを実行される脆弱性 CWE-78
OSコマンド・インジェクション 		CVE-2013-1933 2013-04-30 17:49 2013-04-1 Show GitHub Exploit DB Packet Storm
226569 6.8 警告 Novell
plataformatec		 - Ruby 用 Devise gem における不正な結果が返される脆弱性 CWE-399
リソース管理の問題 		CVE-2013-0233 2013-04-30 17:48 2013-01-28 Show GitHub Exploit DB Packet Storm
226570 7.5 危険 Grape
Erik Michaels-Ober		 - Grape などの製品で使用される Ruby 用 multi_xml gem におけるオブジェクトインジェクション攻撃を誘発される脆弱性 CWE-20
不適切な入力確認 		CVE-2013-0175 2013-04-30 17:43 2013-01-10 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 6, 2026, 4:18 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
195561 6.5 MEDIUM
Network 		implecode reviews_plus The Reviews Plus WordPress plugin before 1.2.14 does not validate the submitted rating, allowing submission of long integer, causing a Denial of Service in the review section when an authenticated us… CWE-20
 Improper Input Validation  		CVE-2021-24894 2024-11-21 14:53 2021-11-24 Show GitHub Exploit DB Packet Storm
195562 8.8 HIGH
Network 		advanced_forms_project advanced_forms Insecure Direct Object Reference in edit function of Advanced Forms (Free & Pro) before 1.6.9 allows authenticated remote attacker to change arbitrary user's email address and request for reset passw… CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2021-24892 2024-11-21 14:53 2021-11-24 Show GitHub Exploit DB Packet Storm
195563 6.1 MEDIUM
Network 		elementor website_builder The Elementor Website Builder WordPress plugin before 3.4.8 does not sanitise or escape user input appended to the DOM via a malicious hash, resulting in a DOM Cross-Site Scripting issue. - CVE-2021-24891 2024-11-21 14:53 2021-11-24 Show GitHub Exploit DB Packet Storm
195564 4.8 MEDIUM
Network 		imageboss imageboss The ImageBoss WordPress plugin before 3.0.6 does not sanitise and escape its Source Name setting, which could allow high privilege users to perform Cross-Site Scripting attacks - CVE-2021-24888 2024-11-21 14:53 2021-11-24 Show GitHub Exploit DB Packet Storm
195565 4.8 MEDIUM
Network 		tribulant slideshow_gallery The Slideshow Gallery WordPress plugin before 1.7.4 does not sanitise and escape the Slide "Title", "Description", and Gallery "Title" fields, which could allow high privilege users to perform Cross-… - CVE-2021-24882 2024-11-21 14:53 2021-11-24 Show GitHub Exploit DB Packet Storm
195566 7.2 HIGH
Network 		mainwp mainwp_child The MainWP Child WordPress plugin before 4.1.8 does not validate the orderby and order parameter before using them in a SQL statement, leading to an SQL injection exploitable by high privilege users … - CVE-2021-24877 2024-11-21 14:53 2021-11-24 Show GitHub Exploit DB Packet Storm
195567 6.1 MEDIUM
Network 		implecode ecommerce_product_catalog The eCommerce Product Catalog Plugin for WordPress plugin before 3.0.39 does not escape the ic-settings-search parameter before outputting it back in the page in an attribute, leading to a Reflected … - CVE-2021-24875 2024-11-21 14:53 2021-11-24 Show GitHub Exploit DB Packet Storm
195568 6.1 MEDIUM
Network 		themeum tutor_lms The Tutor LMS WordPress plugin before 1.9.11 does not sanitise and escape user input before outputting back in attributes in the Student Registration page, leading to a Reflected Cross-Site Scripting… - CVE-2021-24873 2024-11-21 14:53 2021-11-24 Show GitHub Exploit DB Packet Storm
195569 4.8 MEDIUM
Network 		vasyltech advanced_access_manager The Advanced Access Manager WordPress plugin before 6.8.0 does not escape some of its settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even when th… - CVE-2021-24830 2024-11-21 14:53 2021-11-24 Show GitHub Exploit DB Packet Storm
195570 5.4 MEDIUM
Network 		wpdeveloper betterlinks The BetterLinks WordPress plugin before 1.2.6 does not sanitise and escape some of imported link fields, which could lead to Stored Cross-Site Scripting issues when an admin import a malicious CSV. - CVE-2021-24812 2024-11-21 14:53 2021-11-24 Show GitHub Exploit DB Packet Storm