Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 2, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
229011 5 警告 Rockwell Automation - Rockwell Automation ControlLogix 1756-ENBT/A EtherNet/IP Bridge Module の Web インターフェースにおける "内部の Web ページ情報" などを取得される脆弱性 CWE-200
情報漏えい 		CVE-2009-0474 2012-12-20 19:10 2009-02-6 Show GitHub Exploit DB Packet Storm
229012 4.3 警告 vivvo - Vivvo CMS におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2009-0466 2012-12-20 19:10 2009-02-10 Show GitHub Exploit DB Packet Storm
229013 9.3 危険 synactis - Synactis ALL In-The-Box ActiveX の ALL_IN_THE_BOX.OCX における任意のファイルを作成される脆弱性 CWE-20
不適切な入力確認 		CVE-2009-0465 2012-12-20 19:10 2009-02-10 Show GitHub Exploit DB Packet Storm
229014 7.5 危険 wholehogsoftware - Whole Hog Password Protec における認証を回避される脆弱性 CWE-287
不適切な認証 		CVE-2009-0461 2012-12-20 19:10 2009-02-10 Show GitHub Exploit DB Packet Storm
229015 7.5 危険 wholehogsoftware - Whole Hog Ware Support における認証を回避される脆弱性 CWE-287
不適切な認証 		CVE-2009-0460 2012-12-20 19:10 2009-02-10 Show GitHub Exploit DB Packet Storm
229016 7.5 危険 wholehogsoftware - Whole Hog Password Protect の admin/login_submit.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2009-0459 2012-12-20 19:10 2009-02-10 Show GitHub Exploit DB Packet Storm
229017 7.5 危険 wholehogsoftware - Whole Hog Ware Support の admin/login_submit.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2009-0458 2012-12-20 19:10 2009-02-10 Show GitHub Exploit DB Packet Storm
229018 7.5 危険 sourdough - Sourdough で使用されている patForms の examples/example_clientside_javascript.php における PHP リモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2009-0456 2012-12-20 19:10 2009-02-10 Show GitHub Exploit DB Packet Storm
229019 7.5 危険 skalinks - Skalfa SkaLinks における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2009-0451 2012-12-20 19:10 2009-02-10 Show GitHub Exploit DB Packet Storm
229020 7.5 危険 syntax desktop - Syntax Desktop の admin/modules/aa/preview.php におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2009-0448 2012-12-20 19:10 2009-02-10 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 2, 2026, 4:18 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
194971 5.4 MEDIUM
Network 		themify portfolio_post Unvalidated input and lack of output encoding in the Themify Portfolio Post WordPress plugin, versions before 1.1.6, lead to Stored Cross-Site Scripting (XSS) vulnerabilities allowing low-privileged … CWE-79
Cross-site Scripting 		CVE-2021-24129 2024-11-21 14:52 2021-03-19 Show GitHub Exploit DB Packet Storm
194972 5.4 MEDIUM
Network 		wpdarko team_members Unvalidated input and lack of output encoding in the Team Members WordPress plugin, versions before 5.0.4, lead to Cross-site scripting vulnerabilities allowing medium-privileged authenticated attack… CWE-79
Cross-site Scripting 		CVE-2021-24128 2024-11-21 14:52 2021-03-19 Show GitHub Exploit DB Packet Storm
194973 5.4 MEDIUM
Network 		caseproof thirstyaffiliates_affiliate_link_manager Unvalidated input and lack of output encoding in the ThirstyAffiliates Affiliate Link Manager WordPress plugin, versions before 3.9.3, was vulnerable to authenticated Stored Cross-Site Scripting (XSS… CWE-79
Cross-site Scripting 		CVE-2021-24127 2024-11-21 14:52 2021-03-19 Show GitHub Exploit DB Packet Storm
194974 5.4 MEDIUM
Network 		enviragallery envira_gallery Unvalidated input and lack of output encoding in the Envira Gallery Lite WordPress plugin, versions before 1.8.3.3, did not properly sanitise the images metadata (namely title) before outputting them… CWE-79
Cross-site Scripting 		CVE-2021-24126 2024-11-21 14:52 2021-03-19 Show GitHub Exploit DB Packet Storm
194975 7.2 HIGH
Network 		contact_form_submissions_project contact_form_submissions Unvalidated input in the Contact Form Submissions WordPress plugin before 1.7.1, could lead to SQL injection in the wpcf7_contact_form GET parameter when submitting a filter request as a high privile… CWE-89
SQL Injection 		CVE-2021-24125 2024-11-21 14:52 2021-03-19 Show GitHub Exploit DB Packet Storm
194976 6.1 MEDIUM
Network 		terryl wp_shieldon Unvalidated input and lack of output encoding in the WP Shieldon WordPress plugin, version 1.6.3 and below, leads to Unauthenticated Reflected Cross-Site Scripting (XSS) when the CAPTCHA page is show… CWE-79
Cross-site Scripting 		CVE-2021-24124 2024-11-21 14:52 2021-03-19 Show GitHub Exploit DB Packet Storm
194977 7.2 HIGH
Network 		blubrry powerpress Arbitrary file upload in the PowerPress WordPress plugin, versions before 8.3.8, did not verify some of the uploaded feed images (such as the ones from Podcast Artwork section), allowing high privile… CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2021-24123 2024-11-21 14:52 2021-03-19 Show GitHub Exploit DB Packet Storm
194978 7.5 HIGH
Network 		facebook proxygen
mvfst 		A packet of death scenario is possible in mvfst via a specially crafted message during a QUIC session, which causes a crash via a failed assertion. Per QUIC specification, this particular message sho… CWE-617
 Reachable Assertion 		CVE-2021-24029 2024-11-21 14:52 2021-03-16 Show GitHub Exploit DB Packet Storm
194979 7.8 HIGH
Local 		microsoft high_efficiency_video_coding HEVC Video Extensions Remote Code Execution Vulnerability NVD-CWE-noinfo
CVE-2021-24110 2024-11-21 14:52 2021-03-12 Show GitHub Exploit DB Packet Storm
194980 7.8 HIGH
Local 		microsoft office
365_apps 		Microsoft Office Remote Code Execution Vulnerability NVD-CWE-noinfo
CVE-2021-24108 2024-11-21 14:52 2021-03-12 Show GitHub Exploit DB Packet Storm