Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 3, 2026, 6:08 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
228241	4.3	警告	videosearchscript	-	VideoSearchScript Pro の index.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-0699	2012-12-20 19:28	2010-02-23	Show	GitHub Exploit DB Packet Storm

228242	6	警告	TIBCO Software	-	TIBCO Administrator の TIBRepoServer5.jar における全ドメインノード上で任意のコードを実行される脆弱性	CWE-noinfo 情報不足	CVE-2010-0683	2012-12-20 19:28	2010-02-25	Show	GitHub Exploit DB Packet Storm

228243	4	警告	WordPress.org	-	WordPress における他の作成者にゴミ箱の中の投稿を読まれる脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2010-0682	2012-12-20 19:28	2010-02-15	Show	GitHub Exploit DB Packet Storm

228244	5	警告	zeuscms	-	ZeusCMS における重要な情報を取得される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2010-0681	2012-12-20 19:28	2010-02-22	Show	GitHub Exploit DB Packet Storm

228245	7.5	危険	zeuscms	-	ZeusCMS の index.php におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2010-0680	2012-12-20 19:28	2010-02-22	Show	GitHub Exploit DB Packet Storm

228246	5	警告	weberr	-	Joomla! 用の RWCards コンポーネントにおけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2010-0676	2012-12-20 19:28	2010-02-22	Show	GitHub Exploit DB Packet Storm

228247	7.5	危険	webmastersite	-	WSN Guest の index.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2010-0672	2012-12-20 19:28	2010-02-22	Show	GitHub Exploit DB Packet Storm

228248	5	警告	xs4all	-	JAG における重要な情報を取得される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2010-0665	2012-12-20 19:28	2010-02-19	Show	GitHub Exploit DB Packet Storm

228249	7.5	危険	flex project	-	Fast Lexical Analyzer Generator における脆弱性	CWE-noinfo 情報不足	CVE-2010-0634	2012-12-20 19:28	2010-02-12	Show	GitHub Exploit DB Packet Storm

228250	7.5	危険	webguerilla	-	Joomla! 用の Photoblog コンポーネントにおける SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2010-0610	2012-12-20 19:28	2010-02-11	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 3, 2026, 4:18 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
194671	4.8	MEDIUM Network	flat_preloader_project	flat_preloader	The Flat Preloader WordPress plugin before 1.5.5 does not escape some of its settings when outputting them in attribute in the frontend, which could allow high privilege users to perform Cross-Site S…	CWE-79 Cross-site Scripting	CVE-2021-24789	2024-11-21 14:53	2021-11-1	Show	GitHub Exploit DB Packet Storm

194672	4.3	MEDIUM Network	imagesourcecontrol	image_source_control	The Image Source Control WordPress plugin before 2.3.1 allows users with a role as low as Contributor to change arbitrary post meta fields of arbitrary posts (even those they should not be able to ed…	NVD-CWE-noinfo	CVE-2021-24781	2024-11-21 14:53	2021-11-1	Show	GitHub Exploit DB Packet Storm

194673	4.8	MEDIUM Network	wpdownloadmanager	wordpress_download_manager	The WordPress Download Manager WordPress plugin before 3.2.16 does not escape some of the Download settings when outputting them, allowing high privilege users to perform XSS attacks even when the un…	CWE-79 Cross-site Scripting	CVE-2021-24773	2024-11-21 14:53	2021-11-1	Show	GitHub Exploit DB Packet Storm

194674	6.5	MEDIUM Network	stylishpricelist	stylish_price_list	The Stylish Price List WordPress plugin before 6.9.1 does not perform capability checks in its spl_upload_ser_img AJAX action (available to authenticated users), which could allow any authenticated u…	-	CVE-2021-24770	2024-11-21 14:53	2021-11-1	Show	GitHub Exploit DB Packet Storm

194675	5.3	MEDIUM Network	stylishpricelist	stylish_price_list	The Stylish Price List WordPress plugin before 6.9.0 does not perform capability checks in its spl_upload_ser_img AJAX action (available to both unauthenticated and authenticated users), which could …	-	CVE-2021-24757	2024-11-21 14:53	2021-11-1	Show	GitHub Exploit DB Packet Storm

194676	6.5	MEDIUM Network	radiustheme	logo_slider_and_showcase	The Logo Slider and Showcase WordPress plugin before 1.3.37 allows Editor users to update the plugin's settings via the rtWLSSettings AJAX action because it uses a nonce for authorisation instead of …	-	CVE-2021-24742	2024-11-21 14:53	2021-11-1	Show	GitHub Exploit DB Packet Storm

194677	5.4	MEDIUM Network	wpreactions	wp_reactions_lite	The WP Reactions Lite WordPress plugin before 1.3.6 does not properly sanitize inputs within wp-admin pages, allowing users with sufficient access to inject XSS payloads within /wp-admin/ pages.	CWE-79 Cross-site Scripting	CVE-2021-24723	2024-11-21 14:53	2021-11-1	Show	GitHub Exploit DB Packet Storm

194678	4.8	MEDIUM Network	motopress	restaurant_menu	The Restaurant Menu by MotoPress WordPress plugin before 2.4.2 does not properly sanitize or escape inputs when creating new menu items, which could allow high privilege users to perform Cross-Site S…	CWE-79 Cross-site Scripting	CVE-2021-24722	2024-11-21 14:53	2021-11-1	Show	GitHub Exploit DB Packet Storm

194679	8.8	HIGH Network	automatorwp	automatorwp	The AutomatorWP WordPress plugin before 1.7.6 does not perform capability checks which allows users with Subscriber roles to enumerate automations, disclose title of private posts or user emails, cal…	CWE-863 Incorrect Authorization	CVE-2021-24717	2024-11-21 14:53	2021-11-1	Show	GitHub Exploit DB Packet Storm

194680	5.4	MEDIUM Network	webnus	modern_events_calendar_lite	The Modern Events Calendar Lite WordPress plugin before 5.22.3 does not properly sanitize or escape values set by users with access to adjust settings withing wp-admin.	CWE-79 Cross-site Scripting	CVE-2021-24716	2024-11-21 14:53	2021-11-1	Show	GitHub Exploit DB Packet Storm