Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 3, 2026, 6:08 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
228271	3.5	注意	thomas turnbull roger lopez	-	Drupal 用の Node Blocks モジュールにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-0370	2012-12-20 19:28	2010-01-13	Show	GitHub Exploit DB Packet Storm

228272	9.3	危険	VideoLAN	-	VideoLAN VLC Media Player におけるスタックベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2010-0364	2012-12-20 19:28	2010-01-21	Show	GitHub Exploit DB Packet Storm

228273	2.6	注意	zeus	-	Zeus Web Server におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-0363	2012-12-20 19:28	2010-01-13	Show	GitHub Exploit DB Packet Storm

228274	5	警告	zeus	-	Zeus Web Server における DNS レスポンスを偽装される脆弱性	CWE-310 暗号の問題	CVE-2010-0362	2012-12-20 19:28	2010-01-13	Show	GitHub Exploit DB Packet Storm

228275	10	危険	zeus	-	Zeus Web Server の SSLv2 サポートにおけるバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2010-0359	2012-12-20 19:28	2010-01-13	Show	GitHub Exploit DB Packet Storm

228276	9.3	危険	Viscom Software	-	Viscom Software Movie Player Pro SDK ActiveX の MOVIEPLAYER.MoviePlayerCtrl.1 ActiveX コントロールにおけるスタックベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2010-0356	2012-12-20 19:28	2010-01-18	Show	GitHub Exploit DB Packet Storm

228277	4.3	警告	TYPO3 Association	-	TYPO3 用の VD / Geomap エクステンションにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-0347	2012-12-20 19:28	2010-01-15	Show	GitHub Exploit DB Packet Storm

228278	4.3	警告	TYPO3 Association	-	TYPO3 用の Tip many friends エクステンションにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-0346	2012-12-20 19:28	2010-01-15	Show	GitHub Exploit DB Packet Storm

228279	4.3	警告	TYPO3 Association	-	TYPO3 用の Majordomo エクステンションにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-0345	2012-12-20 19:28	2010-01-15	Show	GitHub Exploit DB Packet Storm

228280	7.5	危険	TYPO3 Association	-	TYPO3 用の zak_store_management エクステンションにおける SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2010-0344	2012-12-20 19:28	2010-01-15	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 3, 2026, 4:18 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
194651	4.8	MEDIUM Network	bookingholdings	booking.com_banner_creator	The Booking.com Banner Creator WordPress plugin before 1.4.3 does not properly sanitize inputs when creating banners, which could allow high privilege users to perform Cross-Site Scripting attacks ev…	-	CVE-2021-24646	2024-11-21 14:53	2021-11-9	Show	GitHub Exploit DB Packet Storm

194652	4.8	MEDIUM Network	bookingholdings	booking.com_product_helper	The Booking.com Product Helper WordPress plugin before 1.0.2 does not sanitize and escape Product Code when creating Product Shortcode, which could allow high privilege users to perform Cross-Site Sc…	-	CVE-2021-24645	2024-11-21 14:53	2021-11-9	Show	GitHub Exploit DB Packet Storm

194653	8.8	HIGH Network	unlimited_popups_project	unlimited_popups	The Unlimited PopUps WordPress plugin through 4.5.3 does not sanitise or escape the did GET parameter before using it in a SQL statement, available to users as low as editor, leading to an authentica…	-	CVE-2021-24631	2024-11-21 14:53	2021-11-9	Show	GitHub Exploit DB Packet Storm

194654	8.8	HIGH Network	schreikasten_project	schreikasten	The Schreikasten WordPress plugin through 0.14.18 does not sanitise or escape the id GET parameter before using it in SQL statements in the comments dashboard from various actions, leading to authent…	-	CVE-2021-24630	2024-11-21 14:53	2021-11-9	Show	GitHub Exploit DB Packet Storm

194655	7.2	HIGH Network	post_content_xmlrpc_project	post_content_xmlrpc	The Post Content XMLRPC WordPress plugin through 1.0 does not sanitise or escape multiple GET/POST parameters before using them in SQL statements in the admin dashboard, leading to an authenticated S…	-	CVE-2021-24629	2024-11-21 14:53	2021-11-9	Show	GitHub Exploit DB Packet Storm

194656	7.2	HIGH Network	wow-company	wow_forms	The Wow Forms WordPress plugin through 3.1.3 does not sanitise or escape a 'did' GET parameter before using it in a SQL statement, when deleting a form in the admin dashboard, leading to an authentic…	CWE-89 SQL Injection	CVE-2021-24628	2024-11-21 14:53	2021-11-9	Show	GitHub Exploit DB Packet Storm

194657	7.2	HIGH Network	g_auto-hyperlink_project	g_auto-hyperlink	The G Auto-Hyperlink WordPress plugin through 1.0.1 does not sanitise or escape an 'id' GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard, leadin…	-	CVE-2021-24627	2024-11-21 14:53	2021-11-9	Show	GitHub Exploit DB Packet Storm

194658	8.8	HIGH Network	chameleon_css_project	chameleon_css	The Chameleon CSS WordPress plugin through 1.2 does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unautho…	-	CVE-2021-24626	2024-11-21 14:53	2021-11-9	Show	GitHub Exploit DB Packet Storm

194659	7.2	HIGH Network	web-dorado	spidercatalog	The SpiderCatalog WordPress plugin through 1.7.3 does not sanitise or escape the 'parent' and 'ordering' parameters from the admin dashboard before using them in a SQL statement, leading to a SQL inj…	-	CVE-2021-24625	2024-11-21 14:53	2021-11-9	Show	GitHub Exploit DB Packet Storm

194660	4.8	MEDIUM Network	addtoany	addtoany_share_buttons	The AddToAny Share Buttons WordPress plugin before 1.7.48 does not escape its Image URL button setting, which could lead allow high privilege users to perform Cross-Site Scripting attacks even when t…	-	CVE-2021-24616	2024-11-21 14:53	2021-11-9	Show	GitHub Exploit DB Packet Storm