Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 4, 2026, 4 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
228501	4.3	警告	SQLiteManager	-	SQLiteManager の main.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-4539	2012-12-20 19:28	2010-01-4	Show	GitHub Exploit DB Packet Storm

228502	4	警告	vsecurity	-	TANDBERG Video Communication Server (VCS) が稼動している Web 管理インターフェースにおけるディレクトリトラバーサルの脆弱性	CWE-200 情報漏えい	CVE-2009-4511	2012-12-20 19:28	2010-04-9	Show	GitHub Exploit DB Packet Storm

228503	8.5	危険	vsecurity	-	TANDBERG VCS 上で稼動している SSH サービスにおける任意のサーバになりすまされる脆弱性	CWE-310 暗号の問題	CVE-2009-4510	2012-12-20 19:28	2010-04-9	Show	GitHub Exploit DB Packet Storm

228504	10	危険	vsecurity	-	ANDBERG VCS 上で稼動している管理 Web コンソールにおける認証を回避される脆弱性	CWE-94 コード・インジェクション	CVE-2009-4509	2012-12-20 19:28	2010-04-9	Show	GitHub Exploit DB Packet Storm

228505	5	警告	Yaws	-	Yaws におけるウィンドウのタイトルを変更される脆弱性	CWE-20 不適切な入力確認	CVE-2009-4495	2012-12-20 19:28	2010-01-13	Show	GitHub Exploit DB Packet Storm

228506	5	警告	valenok	-	Mongoose におけるソースコードなどを取得される脆弱性	CWE-200 情報漏えい	CVE-2009-4535	2012-12-20 19:28	2009-12-31	Show	GitHub Exploit DB Packet Storm

228507	5	警告	sergey lyubka	-	Mongoose における Web ページのソースコードを取得される脆弱性	CWE-200 情報漏えい	CVE-2009-4530	2012-12-20 19:28	2009-12-31	Show	GitHub Exploit DB Packet Storm

228508	4.3	警告	zainu	-	Zainu の index.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-4523	2012-12-20 19:28	2009-12-31	Show	GitHub Exploit DB Packet Storm

228509	5	警告	speedtech	-	Drupal 用の Storm モジュールにおけるノードタイトルを読み取られる脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2009-4515	2012-12-20 19:28	2009-10-28	Show	GitHub Exploit DB Packet Storm

228510	10	危険	tversity	-	TVersity の MediaServer.exe におけるバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2009-4482	2012-12-20 19:28	2009-12-30	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 4, 2026, 4:17 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
194681	5.4	MEDIUM Network	custom_content_shortcode_project	custom_content_shortcode	The Custom Content Shortcode WordPress plugin before 4.0.2 does not escape custom fields before outputting them, which could allow Contributor+ (v < 4.0.1) or Admin+ (v < 4.0.2) users to perform Cros…	CWE-79 Cross-site Scripting	CVE-2021-24826	2024-11-21 14:53	2022-03-7	Show	GitHub Exploit DB Packet Storm

194682	4.3	MEDIUM Network	custom_content_shortcode_project	custom_content_shortcode	The Custom Content Shortcode WordPress plugin before 4.0.2 does not validate the data passed to its load shortcode, which could allow Contributor+ (v < 4.0.1) or Admin+ (v < 4.0.2) users to display a…	-	CVE-2021-24825	2024-11-21 14:53	2022-03-7	Show	GitHub Exploit DB Packet Storm

194683	4.3	MEDIUM Network	custom_content_shortcode_project	custom_content_shortcode	The [field] shortcode included with the Custom Content Shortcode WordPress plugin before 4.0.1, allows authenticated users with a role as low as contributor, to access arbitrary post metadata. This c…	CWE-863 Incorrect Authorization	CVE-2021-24824	2024-11-21 14:53	2022-03-7	Show	GitHub Exploit DB Packet Storm

194684	5.4	MEDIUM Network	nicdark	cost_calculator	The Cost Calculator WordPress plugin before 1.6 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the Description fields of a Cost Calculator > Price S…	CWE-79 Cross-site Scripting	CVE-2021-24821	2024-11-21 14:53	2022-03-7	Show	GitHub Exploit DB Packet Storm

194685	4.8	MEDIUM Network	wp-eventmanager	wp_event_manager	The WP Event Manager WordPress plugin before 3.1.23 does not escape some of its Field Editor settings when outputting them, allowing high privilege users to perform Cross-Site Scripting attacks even …	CWE-79 Cross-site Scripting	CVE-2021-24810	2024-11-21 14:53	2022-03-7	Show	GitHub Exploit DB Packet Storm

194686	7.2	HIGH Network	wpaffiliatefeed	tradetracker-store	The test parameter of the xmlfeed in the Tradetracker-Store WordPress plugin before 4.6.60 is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.	CWE-89 SQL Injection	CVE-2021-24778	2024-11-21 14:53	2022-03-7	Show	GitHub Exploit DB Packet Storm

194687	7.2	HIGH Network	hotscot	contact_form	The view submission functionality in the Hotscot Contact Form WordPress plugin before 1.3 makes a get request with the sub_id parameter which not sanitised, escaped or validated before inserting to a…	CWE-89 SQL Injection	CVE-2021-24777	2024-11-21 14:53	2022-03-7	Show	GitHub Exploit DB Packet Storm

194688	4.8	MEDIUM Network	codeasily	grand_flagallery	The GRAND FlaGallery WordPress plugin through 6.1.2 does not sanitise and escape some of its gallery settings, which could allow high privilege users to perform Cross-Site scripting attacks even when…	-	CVE-2021-24903	2024-11-21 14:53	2022-02-28	Show	GitHub Exploit DB Packet Storm

194689	4.8	MEDIUM Network	securemoz	security_audit	The Security Audit WordPress plugin through 1.0.0 does not sanitise and escape the Data Id setting, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilt…	-	CVE-2021-24901	2024-11-21 14:53	2022-02-28	Show	GitHub Exploit DB Packet Storm

194690	4.8	MEDIUM Network	editable-table_project	editable_table	The EditableTable WordPress plugin through 0.1.4 does not sanitise and escape any of the Table and Column fields, which could allow high privilege users to perform Cross-Site Scripting attacks even w…	-	CVE-2021-24898	2024-11-21 14:53	2022-02-28	Show	GitHub Exploit DB Packet Storm