Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 5, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
228351	7.5	危険	proarcadescript	-	ProArcadeScript の games/game.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2010-1069	2012-12-20 19:29	2010-03-23	Show	GitHub Exploit DB Packet Storm

228352	5	警告	the-ghost	-	AWCM におけるデータベースをダウンロードされる脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2010-1066	2012-12-20 19:29	2010-03-23	Show	GitHub Exploit DB Packet Storm

228353	6.8	警告	PHP工房	-	Phpkobo Free Real Estate Contact Form におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2010-1063	2012-12-20 19:29	2010-03-23	Show	GitHub Exploit DB Packet Storm

228354	6.8	警告	PHP工房	-	Phpkobo Free Real Estate Contact Form の codelib/sys/common.inc.php におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2010-1062	2012-12-20 19:29	2010-03-23	Show	GitHub Exploit DB Packet Storm

228355	6.8	警告	PHP工房	-	Phpkobo Short URL におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2010-1061	2012-12-20 19:29	2010-03-23	Show	GitHub Exploit DB Packet Storm

228356	6.8	警告	PHP工房	-	Phpkobo Short URL の staff/app/common.inc.php におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2010-1060	2012-12-20 19:29	2010-03-23	Show	GitHub Exploit DB Packet Storm

228357	6.8	警告	PHP工房	-	Phpkobo Address Book Script の codelib/cfg/common.inc.php におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2010-1059	2012-12-20 19:29	2010-03-23	Show	GitHub Exploit DB Packet Storm

228358	6.8	警告	PHP工房	-	Phpkobo Address Book Script の codelib/cfg/common.inc.php におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2010-1058	2012-12-20 19:29	2010-03-23	Show	GitHub Exploit DB Packet Storm

228359	6.8	警告	PHP工房	-	Phpkobo AdFreely におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2010-1057	2012-12-20 19:29	2010-03-23	Show	GitHub Exploit DB Packet Storm

228360	6.8	警告	rockettheme	-	Joomla! 用の Rokdownloads コンポーネントにおけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2010-1056	2012-12-20 19:29	2010-03-16	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 5, 2026, 4:11 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
194481	6.1	MEDIUM Network	crmperks	contact_form_entries	The Contact Form Entries WordPress plugin before 1.2.4 does not sanitise and escape various parameters, such as form_id, status, end_date, order, orderby and search before outputting them back in the…	-	CVE-2021-25079	2024-11-21 14:54	2022-01-24	Show	GitHub Exploit DB Packet Storm

194482	6.1	MEDIUM Network	wpaffiliatemanager	affiliates_manager	The Affiliates Manager WordPress plugin before 2.9.0 does not validate, sanitise and escape the IP address of requests logged by the click tracking feature, allowing unauthenticated attackers to perf…	CWE-79 Cross-site Scripting	CVE-2021-25078	2024-11-21 14:54	2022-01-24	Show	GitHub Exploit DB Packet Storm

194483	8.8	HIGH Network	wedevs	wp_user_frontend	The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due…	-	CVE-2021-25076	2024-11-21 14:54	2022-01-24	Show	GitHub Exploit DB Packet Storm

194484	6.1	MEDIUM Network	webp_converter_for_media_project	webp_converter_for_media	The WebP Converter for Media WordPress plugin before 4.0.3 contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an Open Redirect issue	-	CVE-2021-25074	2024-11-21 14:54	2022-01-24	Show	GitHub Exploit DB Packet Storm

194485	8.8	HIGH Network	webmaster-source	wp125	The WP125 WordPress plugin before 1.5.5 does not have CSRF checks in various action, for example when deleting an ad, allowing attackers to make a logged in admin delete them via a CSRF attack	-	CVE-2021-25073	2024-11-21 14:54	2022-01-24	Show	GitHub Exploit DB Packet Storm

194486	6.1	MEDIUM Network	villatheme	orders_tracking_for_woocommerce	The Orders Tracking for WooCommerce WordPress plugin before 1.1.10 does not sanitise and escape the file_url before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting	-	CVE-2021-25062	2024-11-21 14:54	2022-01-24	Show	GitHub Exploit DB Packet Storm

194487	4.8	MEDIUM Network	mobileeventsmanager	mobile_events_manager	The Mobile Events Manager WordPress plugin before 1.4.4 does not sanitise and escape various of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfil…	-	CVE-2021-25049	2024-11-21 14:54	2022-01-24	Show	GitHub Exploit DB Packet Storm

194488	7.2	HIGH Network	asgaros	asgaros_forum	The Asgaros Forum WordPress plugin before 1.15.15 does not validate or escape the forum_id parameter before using it in a SQL statement when editing a forum, leading to an SQL injection issue	-	CVE-2021-25045	2024-11-21 14:54	2022-01-24	Show	GitHub Exploit DB Packet Storm

194489	6.1	MEDIUM Network	revmakx	backup_and_staging_by_wp_time_capsule	The Backup and Staging by WP Time Capsule WordPress plugin before 1.22.7 does not sanitise and escape the error parameter before outputting it back in an admin page, leading to a Reflected Cross-Site…	-	CVE-2021-25035	2024-11-21 14:54	2022-01-24	Show	GitHub Exploit DB Packet Storm

194490	6.1	MEDIUM Network	oxilab	image_hover_effects_ultimate	The Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier) WordPress plugin before 9.7.1 does not escape the effects parameter before outputting it back in an attrib…	CWE-79 Cross-site Scripting	CVE-2021-25031	2024-11-21 14:54	2022-01-24	Show	GitHub Exploit DB Packet Storm