Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 3, 2026, 6:08 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
228451 4.3 警告 phpscriptsnow - PHP Scripts Now Astrology の celebrities.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2009-4685 2012-12-20 19:28 2010-03-10 Show GitHub Exploit DB Packet Storm
228452 7.5 危険 Scriptsez.net - Good/Bad Vote の vote.php におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2009-4683 2012-12-20 19:28 2010-03-10 Show GitHub Exploit DB Packet Storm
228453 4.3 警告 Scriptsez.net - Good/Bad Vote の vote.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2009-4682 2012-12-20 19:28 2010-03-10 Show GitHub Exploit DB Packet Storm
228454 4.3 警告 php directory source - phpDirectorySource の search.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2009-4681 2012-12-20 19:28 2010-03-10 Show GitHub Exploit DB Packet Storm
228455 7.5 危険 php directory source - phpDirectorySource の search.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2009-4680 2012-12-20 19:28 2010-03-10 Show GitHub Exploit DB Packet Storm
228456 4.3 警告 Winn GuestBook - Winn Guestbook におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2009-4678 2012-12-20 19:28 2010-03-8 Show GitHub Exploit DB Packet Storm
228457 6.5 警告 phpmember - WebMember の form.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2009-4667 2012-12-20 19:28 2010-03-5 Show GitHub Exploit DB Packet Storm
228458 7.5 危険 qualityunit - Webradev Download Protect における PHP リモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2009-4666 2012-12-20 19:28 2010-03-5 Show GitHub Exploit DB Packet Storm
228459 9.3 危険 quiksoft - Quiksoft EasyMail Objects ActiveX コントロールにおけるヒープベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2009-4663 2012-12-20 19:28 2010-03-3 Show GitHub Exploit DB Packet Storm
228460 7.5 危険 templateplaza - Joomla! 用の tpdugg コンポーネントにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2009-4628 2012-12-20 19:28 2010-01-18 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 3, 2026, 4:18 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
194631 7.2 HIGH
Network 		draftpress header_footer_code_manager The Header Footer Code Manager WordPress plugin before 1.1.14 does not validate and escape the "orderby" and "order" request parameters before using them in a SQL statement when viewing the Snippets … CWE-89
SQL Injection 		CVE-2021-24791 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm
194632 6.5 MEDIUM
Network 		batch_cat_project batch_cat The Batch Cat WordPress plugin through 0.3 defines 3 custom AJAX actions, which both require authentication but are available for all roles. As a result, any authenticated user (including simple subs… NVD-CWE-Other
CVE-2021-24788 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm
194633 6.5 MEDIUM
Network 		publishpress post_expirator The Post Expirator WordPress plugin before 2.6.0 does not have proper capability checks in place, which could allow users with a role as low as Contributor to schedule deletion of arbitrary posts. CWE-863
 Incorrect Authorization 		CVE-2021-24783 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm
194634 6.5 MEDIUM
Network 		fullworks redirect_404_error_page_to_homepage_or_custom_page_with_logs The Redirect 404 Error Page to Homepage or Custom Page with Logs WordPress plugin before 1.7.9 does not check for CSRF when deleting logs, which could allow attacker to make a logged in admin delete … - CVE-2021-24767 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm
194635 6.5 MEDIUM
Network 		404_to_301_project 404_to_301 The 404 to 301 – Redirect, Log and Notify 404 Errors WordPress plugin before 3.0.9 does not have CSRF check in place when cleaning the logs, which could allow attacker to make a logged in admin delet… - CVE-2021-24766 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm
194636 8.8 HIGH
Network 		wclovers frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible WordPress plugin before 6.5.12, when used in combination with another WCFM - WooCommerce Multivendor p… CWE-89
SQL Injection 		CVE-2021-24835 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm
194637 9.8 CRITICAL
Network 		genetechsolutions pie_register The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it in a… - CVE-2021-24731 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm
194638 6.5 MEDIUM
Network 		loco_translate_project loco_translate The Loco Translate WordPress plugin before 2.5.4 mishandles data inputs which get saved to a file, which can be renamed to an extension ending in .php, resulting in authenticated "translator" users b… - CVE-2021-24721 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm
194639 4.8 MEDIUM
Network 		print-o-matic_project print-o-matic The Print-O-Matic WordPress plugin before 2.0.3 does not escape some of its settings before outputting them in attribute, which could allow high privilege users to perform Cross-Site Scripting attack… - CVE-2021-24710 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm
194640 4.8 MEDIUM
Network 		wp_all_export_project wp_all_export The Export any WordPress data to XML/CSV WordPress plugin before 1.3.1 does not escape its Export's Name before outputting it in Manage Exports settings, which could allow high privilege users to per… - CVE-2021-24708 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm