Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 7, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
229801 5 警告 robs-projects - ASP User Engine.NET におけるデータベースをダウンロードされる脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2008-6494 2012-12-20 19:10 2009-03-19 Show GitHub Exploit DB Packet Storm
229802 6.8 警告 tizag - Tizag Countdown Creator の process.php における任意のコードを実行される脆弱性 CWE-20
不適切な入力確認 		CVE-2008-6492 2012-12-20 19:10 2009-03-19 Show GitHub Exploit DB Packet Storm
229803 7.5 危険 softcomplex - SoftComplex PHP Image Gallery の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-6488 2012-12-20 19:10 2009-03-18 Show GitHub Exploit DB Packet Storm
229804 6.8 警告 shatm - SharedLog の slideshow_uploadvideo.content.php における PHP リモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2008-6486 2012-12-20 19:10 2009-03-18 Show GitHub Exploit DB Packet Storm
229805 7.5 危険 softcomplex - SoftComplex PHP Image Gallery の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-6485 2012-12-20 19:10 2009-03-18 Show GitHub Exploit DB Packet Storm
229806 7.5 危険 virtuemart-solutions - Joomla! 用の Ecom Solutions VirtueMart Google Base コンポーネントにおける PHP リモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2008-6483 2012-12-20 19:10 2009-03-18 Show GitHub Exploit DB Packet Storm
229807 7.2 危険 SCO - SCO UnixWare の ReliantHA におけるルート権限を取得される脆弱性 CWE-20
不適切な入力確認 		CVE-2008-6559 2012-12-20 19:10 2008-05-5 Show GitHub Exploit DB Packet Storm
229808 7.2 危険 unixware
SCO		 - SCO UnixWare の ReliantHA におけるルート権限を取得される脆弱性 CWE-20
不適切な入力確認 		CVE-2008-6558 2012-12-20 19:10 2008-05-5 Show GitHub Exploit DB Packet Storm
229809 6.8 警告 softnews media group - Datalife Engine の engine/modules/imagepreview.php におけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2008-6480 2012-12-20 19:10 2009-03-16 Show GitHub Exploit DB Packet Storm
229810 7.5 危険 plaincart - PlainCart の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-6469 2012-12-20 19:10 2009-03-13 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 7, 2026, 4:13 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
195581 4.3 MEDIUM
Network 		bplugins document_embedder The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft… CWE-668
 Exposure of Resource to Wrong Sphere 		CVE-2021-24868 2024-11-21 14:53 2022-02-1 Show GitHub Exploit DB Packet Storm
195582 5.3 MEDIUM
Network 		bplugins document_embedder The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts. CWE-668
 Exposure of Resource to Wrong Sphere 		CVE-2021-24775 2024-11-21 14:53 2022-02-1 Show GitHub Exploit DB Packet Storm
195583 6.1 MEDIUM
Network 		getperfectsurvey perfect_survey The Perfect Survey WordPress plugin through 1.5.2 does not validate and escape the X-Forwarded-For header value before outputting it in the statistic page when the Anonymize IP setting of a survey is… CWE-79
Cross-site Scripting 		CVE-2021-24765 2024-11-21 14:53 2022-02-1 Show GitHub Exploit DB Packet Storm
195584 9.6 CRITICAL
Network 		welaunch wordpress_gdpr\&ccpa The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.26, available to both unauthenticated and authenticated users, responds with JSON data without an "application… CWE-79
Cross-site Scripting 		CVE-2021-24814 2024-11-21 14:53 2022-02-1 Show GitHub Exploit DB Packet Storm
195585 6.1 MEDIUM
Network 		getperfectsurvey perfect_survey The Perfect Survey WordPress plugin before 1.5.2 does not sanitise and escape multiple parameters (id and filters[session_id] of single_statistics page, type and message of importexport page) before … CWE-79
Cross-site Scripting 		CVE-2021-24764 2024-11-21 14:53 2022-02-1 Show GitHub Exploit DB Packet Storm
195586 8.8 HIGH
Network 		getperfectsurvey perfect_survey The Perfect Survey WordPress plugin before 1.5.2 does not have proper authorisation nor CSRF checks in the save_global_setting AJAX action, allowing unauthenticated users to edit surveys and modify s… CWE-352
 Origin Validation Error 		CVE-2021-24763 2024-11-21 14:53 2022-02-1 Show GitHub Exploit DB Packet Storm
195587 9.8 CRITICAL
Network 		getperfectsurvey perfect_survey The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticate… - CVE-2021-24762 2024-11-21 14:53 2022-02-1 Show GitHub Exploit DB Packet Storm
195588 6.5 MEDIUM
Network 		bestwebsoft error_log_viewer The Error Log Viewer WordPress plugin before 1.1.2 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in a… - CVE-2021-24761 2024-11-21 14:53 2022-02-1 Show GitHub Exploit DB Packet Storm
195589 4.8 MEDIUM
Network 		nd-learning_project nd-learning The Learning Courses WordPress plugin before 5.0 does not sanitise and escape the Email PDT identity token settings, which could allow high privilege users to perform cross-Site Scripting attacks eve… CWE-79
Cross-site Scripting 		CVE-2021-24707 2024-11-21 14:53 2022-02-1 Show GitHub Exploit DB Packet Storm
195590 4.8 MEDIUM
Network 		benbodhi svg_support The SVG Support WordPress plugin before 2.3.20 does not escape the "CSS Class to target" setting before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scr… CWE-79
Cross-site Scripting 		CVE-2021-24686 2024-11-21 14:53 2022-02-1 Show GitHub Exploit DB Packet Storm