Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 2, 2026, 4 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
228121	6.8	警告	technotoad	-	TT Web Site Manager の tt/index.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-4732	2012-12-20 19:28	2010-03-18	Show	GitHub Exploit DB Packet Storm

228122	7.5	危険	x10media	-	x10 Adult Media Script の report.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-4730	2012-12-20 19:28	2010-03-18	Show	GitHub Exploit DB Packet Storm

228123	4.3	警告	x10media	-	x10 Adult Media Script におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-4729	2012-12-20 19:28	2010-03-18	Show	GitHub Exploit DB Packet Storm

228124	7.5	危険	questions answered	-	Questions Answered の管理インターフェースにおける SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-4728	2012-12-20 19:28	2010-03-18	Show	GitHub Exploit DB Packet Storm

228125	4.3	警告	phpscriptsnow	-	Real Time Currency Exchange の rates.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-4715	2012-12-20 19:28	2010-03-15	Show	GitHub Exploit DB Packet Storm

228126	7.5	危険	tukanas	-	Tukanas Classifieds Script の index.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-4712	2012-12-20 19:28	2010-03-15	Show	GitHub Exploit DB Packet Storm

228127	4.3	警告	Pligg	-	Pligg におけるオープンリダイレクトの脆弱性	CWE-20 不適切な入力確認	CVE-2009-4788	2012-12-20 19:28	2009-11-30	Show	GitHub Exploit DB Packet Storm

228128	6.8	警告	Pligg	-	Pligg におけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2009-4787	2012-12-20 19:28	2009-11-30	Show	GitHub Exploit DB Packet Storm

228129	4.3	警告	Pligg	-	Pligg におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-4786	2012-12-20 19:28	2009-11-30	Show	GitHub Exploit DB Packet Storm

228130	4.3	警告	phpMyFAQ	-	phpMyFAQ の index.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-4780	2012-12-20 19:28	2009-12-1	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 2, 2026, 4:18 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
194921	4.3	MEDIUM Network	ninjaforms	ninja_forms	In the Ninja Forms Contact Form WordPress plugin before 3.4.34.1, low-level users, such as subscribers, were able to trigger the action, wp_ajax_nf_oauth, and retrieve the connection url needed to es…	CWE-862 Missing Authorization	CVE-2021-24164	2024-11-21 14:52	2021-04-6	Show	GitHub Exploit DB Packet Storm

194922	8.8	HIGH Network	ninjaforms	ninja_forms	The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such…	CWE-862 Missing Authorization	CVE-2021-24163	2024-11-21 14:52	2021-04-6	Show	GitHub Exploit DB Packet Storm

194923	8.8	HIGH Network	expresstech	responsive_menu	In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings. These settings could be modified to in…	CWE-352 Origin Validation Error	CVE-2021-24162	2024-11-21 14:52	2021-04-6	Show	GitHub Exploit DB Packet Storm

194924	8.8	HIGH Network	expresstech	responsive_menu	In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into uploading a zip archive containing malicious PHP files. The attack…	CWE-352 Origin Validation Error	CVE-2021-24161	2024-11-21 14:52	2021-04-6	Show	GitHub Exploit DB Packet Storm

194925	8.8	HIGH Network	expresstech	responsive_menu	In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, subscribers could upload zip archives containing malicious PHP files that would get extracted to the /rmp-menu/ directory. These f…	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2021-24160	2024-11-21 14:52	2021-04-6	Show	GitHub Exploit DB Packet Storm

194926	8.8	HIGH Network	rocklobster	contact_form_7	Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordP…	CWE-352 Origin Validation Error	CVE-2021-24159	2024-11-21 14:52	2021-04-6	Show	GitHub Exploit DB Packet Storm

194927	6.5	MEDIUM Network	themeisle	orbit_fox	Orbit Fox by ThemeIsle has a feature to add a registration form to both the Elementor and Beaver Builder page builders functionality. As part of the registration form, administrators can choose which…	NVD-CWE-Other	CVE-2021-24158	2024-11-21 14:52	2021-04-6	Show	GitHub Exploit DB Packet Storm

194928	5.4	MEDIUM Network	themeisle	orbit_fox	Orbit Fox by ThemeIsle has a feature to add custom scripts to the header and footer of a page or post. There were no checks to verify that a user had the unfiltered_html capability prior to saving th…	CWE-79 Cross-site Scripting	CVE-2021-24157	2024-11-21 14:52	2021-04-6	Show	GitHub Exploit DB Packet Storm

194929	5.4	MEDIUM Network	testimonial_rotator_project	testimonial_rotator	Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0.3 allow low privileged users (Contributor) to inject arbitrary JavaScript code or HTML without approval. This could lead to priv…	CWE-79 Cross-site Scripting	CVE-2021-24156	2024-11-21 14:52	2021-04-6	Show	GitHub Exploit DB Packet Storm

194930	7.2	HIGH Network	backup-guard	backup_guard	The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+…	-	CVE-2021-24155	2024-11-21 14:52	2021-04-6	Show	GitHub Exploit DB Packet Storm