Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 3, 2026, 6:08 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
228401 6.8 警告 xlightftpd - Xlight FTP Server における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2009-4795 2012-12-20 19:28 2010-04-22 Show GitHub Exploit DB Packet Storm
228402 7.5 危険 ryan haudenschilt - Family Connections における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2009-4791 2012-12-20 19:28 2010-04-22 Show GitHub Exploit DB Packet Storm
228403 5 警告 XOOPS - XOOPS の Profiles モジュールにおける管理者による承認を回避される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2009-4851 2012-12-20 19:28 2009-11-11 Show GitHub Exploit DB Packet Storm
228404 7.5 危険 phplivesupport - PHP Live! における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2009-4749 2012-12-20 19:28 2010-03-26 Show GitHub Exploit DB Packet Storm
228405 7.5 危険 Tecnick.com - AIOCP の public/code/cp_html2xhtmlbasic.php における PHP リモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2009-4747 2012-12-20 19:28 2010-03-26 Show GitHub Exploit DB Packet Storm
228406 10 危険 Skype Technologies S.A. - Windows 上で稼動する Skype の Extras Manager における脆弱性 CWE-noinfo
情報不足 		CVE-2009-4741 2012-12-20 19:28 2010-03-26 Show GitHub Exploit DB Packet Storm
228407 7.5 危険 TYPO3 Association - TYPO3 用の Webesse E-Card エクステンションにおけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2009-4740 2012-12-20 19:28 2010-03-26 Show GitHub Exploit DB Packet Storm
228408 6.8 警告 skadate - SkaDate Dating の index.php における PHP リモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2009-4739 2012-12-20 19:28 2010-03-26 Show GitHub Exploit DB Packet Storm
228409 4.3 警告 sensesites - CommonSense CMS の search.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2009-4736 2012-12-20 19:28 2010-03-23 Show GitHub Exploit DB Packet Storm
228410 6.8 警告 supercrackmunkey - SimpleLoginSys の checkuser.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2009-4733 2012-12-20 19:28 2010-03-18 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 3, 2026, 4:18 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
194661 4.8 MEDIUM
Network 		wooassist storefront_footer_text The Storefront Footer Text WordPress plugin through 1.0.1 does not sanitize and escape the "Footer Credit Text" added to pages, allowing high privilege users to perform Cross-Site Scripting attacks e… - CVE-2021-24607 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm
194662 4.8 MEDIUM
Network 		gtranslate google_language_translator The Translate WordPress – Google Language Translator WordPress plugin before 6.0.12 does not sanitise and escape some of its settings before outputting it in various pages, allowing high privilege us… - CVE-2021-24594 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm
194663 8.8 HIGH
Network 		igexsolutions wpschoolpress The School Management System – WPSchoolPress WordPress plugin before 2.1.10 does not properly sanitize or use prepared statements before using POST variable in SQL queries, leading to SQL injection i… - CVE-2021-24575 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm
194664 7.2 HIGH
Network 		shareaholic similar_posts The Similar Posts WordPress plugin through 3.1.5 allow high privilege users to execute arbitrary PHP code in an hardened environment (ie with DISALLOW_FILE_EDIT, DISALLOW_FILE_MODS and DISALLOW_UNFIL… NVD-CWE-Other
CVE-2021-24537 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm
194665 4.8 MEDIUM
Network 		e-dynamics events_made_easy The Events Made Easy WordPress plugin before 2.2.24 does not sanitise and escape Custom Field Names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_htm… CWE-79
Cross-site Scripting 		CVE-2021-24813 2024-11-21 14:53 2021-11-1 Show GitHub Exploit DB Packet Storm
194666 8.8 HIGH
Network 		wordplus better_messages The BP Better Messages WordPress plugin before 1.9.9.41 does not check for CSRF in multiple of its AJAX actions: bp_better_messages_leave_chat, bp_better_messages_join_chat, bp_messages_leave_thread,… CWE-352
 Origin Validation Error 		CVE-2021-24809 2024-11-21 14:53 2021-11-1 Show GitHub Exploit DB Packet Storm
194667 6.1 MEDIUM
Network 		wordplus better_messages The BP Better Messages WordPress plugin before 1.9.9.41 sanitise (with sanitize_text_field) but does not escape the 'subject' parameter before outputting it back in an attribute, leading to a Reflect… CWE-79
Cross-site Scripting 		CVE-2021-24808 2024-11-21 14:53 2021-11-1 Show GitHub Exploit DB Packet Storm
194668 4.3 MEDIUM
Network 		tipsandtricks-hq far_future_expiry_header The Far Future Expiry Header WordPress plugin before 1.5 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. CWE-352
 Origin Validation Error 		CVE-2021-24799 2024-11-21 14:53 2021-11-1 Show GitHub Exploit DB Packet Storm
194669 4.8 MEDIUM
Network 		connections-pro connections_business_directory The Connections Business Directory WordPress plugin before 10.4.3 does not escape the Address settings when creating an Entry, which could allow high privilege users to perform Cross-Site Scripting w… CWE-79
Cross-site Scripting 		CVE-2021-24794 2024-11-21 14:53 2021-11-1 Show GitHub Exploit DB Packet Storm
194670 4.8 MEDIUM
Network 		etruel wpematico_rss_feed_fetcher The WPeMatico RSS Feed Fetcher WordPress plugin before 2.6.12 does not escape the Feed URL added to a campaign before outputting it in an attribute, allowing high privilege users to perform Cross-Sit… CWE-79
Cross-site Scripting 		CVE-2021-24793 2024-11-21 14:53 2021-11-1 Show GitHub Exploit DB Packet Storm