Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 3, 2026, 6:08 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
228351 7.5 危険 q2solutions - Q2 Solutions ConnX の frmLoginPwdReminderPopup.aspx における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2009-4947 2012-12-20 19:28 2010-07-22 Show GitHub Exploit DB Packet Storm
228352 6.8 警告 thetricky - Joomla! 用の Messaging コンポーネントにおけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2009-4946 2012-12-20 19:28 2010-07-22 Show GitHub Exploit DB Packet Storm
228353 7.5 危険 zeuscart - Zeus Cart の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2009-4940 2012-12-20 19:28 2010-07-22 Show GitHub Exploit DB Packet Storm
228354 7.5 危険 warphd - Joomla! 用の JVideo! コンポーネントにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2009-4938 2012-12-20 19:28 2010-07-22 Show GitHub Exploit DB Packet Storm
228355 4.3 警告 spirate - SPirate におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2009-4937 2012-12-20 19:28 2010-07-22 Show GitHub Exploit DB Packet Storm
228356 7.5 危険 spirate - SPirate における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2009-4936 2012-12-20 19:28 2010-07-22 Show GitHub Exploit DB Packet Storm
228357 7.5 危険 winterwebs - EZ Webitor の login.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2009-4933 2012-12-20 19:28 2010-07-12 Show GitHub Exploit DB Packet Storm
228358 4.3 警告 sungard - SunGard Banner Student System の twbkwbis.P_SecurityQuestion ページにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2009-4930 2012-12-20 19:28 2010-07-12 Show GitHub Exploit DB Packet Storm
228359 7.5 危険 sweetphp - TotalCalendar の admin/manage_users.php における任意のパスワードを変更される脆弱性 CWE-287
不適切な認証 		CVE-2009-4929 2012-12-20 19:28 2010-07-12 Show GitHub Exploit DB Packet Storm
228360 7.5 危険 sweetphp - TotalCalendar の config.php における PHP リモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2009-4928 2012-12-20 19:28 2010-07-12 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 3, 2026, 4:18 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
194641 4.8 MEDIUM
Network 		qwizcards_project qwizcards The Qwizcards – online quizzes and flashcards WordPress plugin before 3.62 does not properly sanitize and escape some of its settings, allowing high privilege users to perform Cross-Site Scripting at… - CVE-2021-24706 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm
194642 4.8 MEDIUM
Network 		quiz_tool_lite_project quiz_tool_lite The Quiz Tool Lite WordPress plugin through 2.3.15 does not sanitize multiple input fields used when creating or managing quizzes and in other setting options, allowing high privilege users to perfor… - CVE-2021-24701 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm
194643 4.3 MEDIUM
Network 		tipsandtricks-hq simple_download_monitor The Simple Download Monitor WordPress plugin before 3.9.6 allows users with a role as low as Contributor to remove thumbnails from downloads they do not own, even if they cannot normally edit the dow… NVD-CWE-noinfo
CVE-2021-24698 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm
194644 6.1 MEDIUM
Network 		tipsandtricks-hq simple_download_monitor The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the 1) sdm_active_tab GET parameter and 2) sdm_stats_start_date/sdm_stats_end_date POST parameters before outputting them bac… - CVE-2021-24697 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm
194645 7.5 HIGH
Network 		tipsandtricks-hq simple_download_monitor The Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to down… - CVE-2021-24695 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm
194646 6.5 MEDIUM
Network 		genie_wp_favicon_project genie_wp_favicon The Genie WP Favicon WordPress plugin through 0.5.2 does not have CSRF in place when updating the favicon, which could allow attackers to make a logged in admin change it via a CSRF attack CWE-352
 Origin Validation Error 		CVE-2021-24674 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm
194647 8.8 HIGH
Network 		feataholic maz_loader The MAZ Loader – Preloader Builder for WordPress plugin before 1.3.3 does not validate or escape the loader_id parameter of the mzldr shortcode, which allows users with a role as low as Contributor t… - CVE-2021-24669 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm
194648 9.0 CRITICAL
Network 		tipsandtricks-hq simple_download_monitor The Simple Download Monitor WordPress plugin before 3.9.5 does not escape the "File Thumbnail" post meta before outputting it in some pages, which could allow users with a role as low as Contributor … - CVE-2021-24693 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm
194649 4.8 MEDIUM
Network 		igexsolutions wpschoolpress The School Management System – WPSchoolPress WordPress plugin before 2.1.17 sanitise some fields using sanitize_text_field() but does not escape them before outputting in attributes, resulting in Sto… - CVE-2021-24664 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm
194650 8.1 HIGH
Network 		genetechsolutions pie_register The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.1.7.6 has a flaw in the social login implementation, allowing… - CVE-2021-24647 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm