Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 4, 2026, 2 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
229611 7.5 危険 TYPO3 Association - TYPO3 用の cm_rdfexport エクステンションにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-6594 2012-12-20 19:10 2009-04-3 Show GitHub Exploit DB Packet Storm
229612 6.8 警告 Vuze, Inc. - Vuze の index.tmpl におけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2008-6587 2012-12-20 19:10 2009-04-3 Show GitHub Exploit DB Packet Storm
229613 6.8 警告 BitTorrent, Inc. - uTorrent WebUI の gui/index.php におけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2008-6586 2012-12-20 19:10 2009-04-3 Show GitHub Exploit DB Packet Storm
229614 6.8 警告 TorrentFlux - TorrentFlux の html/admin.php におけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2008-6585 2012-12-20 19:10 2009-04-3 Show GitHub Exploit DB Packet Storm
229615 6 警告 TorrentFlux - TorrentFlux の html/index.php における任意のコードを実行される脆弱性 CWE-94
コード・インジェクション 		CVE-2008-6584 2012-12-20 19:10 2009-04-3 Show GitHub Exploit DB Packet Storm
229616 6.8 警告 yehe - Yehe における任意のコードを実行される脆弱性 CWE-20
不適切な入力確認 		CVE-2008-6568 2012-12-20 19:10 2009-03-31 Show GitHub Exploit DB Packet Storm
229617 10 危険 puppetmaster - The Puppet Master WebUtil の cgi-bin/webutil.pl における任意のコマンドを実行される脆弱性 CWE-20
不適切な入力確認 		CVE-2008-6557 2012-12-20 19:10 2009-03-30 Show GitHub Exploit DB Packet Storm
229618 10 危険 puppetmaster - The Puppet Master WebUtil の cgi-bin/webutil.pl における任意のコマンドを実行される脆弱性 CWE-20
不適切な入力確認 		CVE-2008-6556 2012-12-20 19:10 2009-03-30 Show GitHub Exploit DB Packet Storm
229619 10 危険 puppetmaster - The Puppet Master WebUtil の cgi-bin/webutil.pl における任意のコマンドを実行される脆弱性 CWE-20
不適切な入力確認 		CVE-2008-6555 2012-12-20 19:10 2009-03-30 Show GitHub Exploit DB Packet Storm
229620 7.1 危険 vwsolutions - NULL FTP Server における任意のコマンドを実行される脆弱性 CWE-20
不適切な入力確認 		CVE-2008-6534 2012-12-20 19:10 2009-03-26 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 4, 2026, 4:17 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
195461 8.8 HIGH
Network 		ninjaforms ninja_forms The AJAX action, wp_ajax_ninja_forms_sendwp_remote_install_handler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such… CWE-862
 Missing Authorization 		CVE-2021-24163 2024-11-21 14:52 2021-04-6 Show GitHub Exploit DB Packet Storm
195462 8.8 HIGH
Network 		expresstech responsive_menu In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into importing all new settings. These settings could be modified to in… CWE-352
 Origin Validation Error 		CVE-2021-24162 2024-11-21 14:52 2021-04-6 Show GitHub Exploit DB Packet Storm
195463 8.8 HIGH
Network 		expresstech responsive_menu In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, attackers could craft a request and trick an administrator into uploading a zip archive containing malicious PHP files. The attack… CWE-352
 Origin Validation Error 		CVE-2021-24161 2024-11-21 14:52 2021-04-6 Show GitHub Exploit DB Packet Storm
195464 8.8 HIGH
Network 		expresstech responsive_menu In the Reponsive Menu (free and Pro) WordPress plugins before 4.0.4, subscribers could upload zip archives containing malicious PHP files that would get extracted to the /rmp-menu/ directory. These f… CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2021-24160 2024-11-21 14:52 2021-04-6 Show GitHub Exploit DB Packet Storm
195465 8.8 HIGH
Network 		rocklobster contact_form_7 Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordP… CWE-352
 Origin Validation Error 		CVE-2021-24159 2024-11-21 14:52 2021-04-6 Show GitHub Exploit DB Packet Storm
195466 6.5 MEDIUM
Network 		themeisle orbit_fox Orbit Fox by ThemeIsle has a feature to add a registration form to both the Elementor and Beaver Builder page builders functionality. As part of the registration form, administrators can choose which… NVD-CWE-Other
CVE-2021-24158 2024-11-21 14:52 2021-04-6 Show GitHub Exploit DB Packet Storm
195467 5.4 MEDIUM
Network 		themeisle orbit_fox Orbit Fox by ThemeIsle has a feature to add custom scripts to the header and footer of a page or post. There were no checks to verify that a user had the unfiltered_html capability prior to saving th… CWE-79
Cross-site Scripting 		CVE-2021-24157 2024-11-21 14:52 2021-04-6 Show GitHub Exploit DB Packet Storm
195468 5.4 MEDIUM
Network 		testimonial_rotator_project testimonial_rotator Stored Cross-Site Scripting vulnerabilities in Testimonial Rotator 3.0.3 allow low privileged users (Contributor) to inject arbitrary JavaScript code or HTML without approval. This could lead to priv… CWE-79
Cross-site Scripting 		CVE-2021-24156 2024-11-21 14:52 2021-04-6 Show GitHub Exploit DB Packet Storm
195469 7.2 HIGH
Network 		backup-guard backup_guard The WordPress Backup and Migrate Plugin – Backup Guard WordPress plugin before 1.6.0 did not ensure that the imported files are of the SGBP format and extension, allowing high privilege users (admin+… - CVE-2021-24155 2024-11-21 14:52 2021-04-6 Show GitHub Exploit DB Packet Storm
195470 4.9 MEDIUM
Network 		themeeditor theme_editor The Theme Editor WordPress plugin before 2.6 did not validate the GET file parameter before passing it to the download_file() function, allowing administrators to download arbitrary files on the web … CWE-552
 Files or Directories Accessible to External Parties 		CVE-2021-24154 2024-11-21 14:52 2021-04-6 Show GitHub Exploit DB Packet Storm