Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 7, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
230051 4.3 警告 txtblogcms - TxtBlog の index.php におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2008-5639 2012-12-20 18:52 2008-12-17 Show GitHub Exploit DB Packet Storm
230052 6.8 警告 qualityunit - Post Affiliate Pro の merchants/index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-5630 2012-12-20 18:52 2008-12-17 Show GitHub Exploit DB Packet Storm
230053 7.5 危険 turnkeyarcade - Turnkey Arcade Script の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-5629 2012-12-20 18:52 2008-12-17 Show GitHub Exploit DB Packet Storm
230054 7.8 危険 Roundcube.net - roundcubemail におけるサービス運用妨害 (DoS) の脆弱性 CWE-399
リソース管理の問題 		CVE-2008-5620 2012-12-20 18:52 2008-12-16 Show GitHub Exploit DB Packet Storm
230055 10 危険 Roundcube.net - roundcubemail で使用されている Chuggnutt HTML to Text Converter における任意のコードを実行される脆弱性 CWE-94
コード・インジェクション 		CVE-2008-5619 2012-12-20 18:52 2008-12-8 Show GitHub Exploit DB Packet Storm
230056 5 警告 Adiscon - rsyslog の imudp におけるサービス運用妨害 (DoS) の脆弱性 CWE-DesignError
CVE-2008-5618 2012-12-20 18:52 2008-12-16 Show GitHub Exploit DB Packet Storm
230057 8.5 危険 Adiscon - rsyslog の ACL ハンドリングにおけるアクセス制限を回避される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2008-5617 2012-12-20 18:52 2008-12-4 Show GitHub Exploit DB Packet Storm
230058 7.5 危険 TYPO3 Association - TYPO3 用の Commerce エクステンションにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-5609 2012-12-20 18:52 2008-12-16 Show GitHub Exploit DB Packet Storm
230059 5 警告 robs-projects - User Engine Lite ASP におけるデータベースファイルをダウンロードされる脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2008-5601 2012-12-20 18:52 2008-12-16 Show GitHub Exploit DB Packet Storm
230060 5 警告 phpmygallery - PHPmyGallery の index.php におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2008-5598 2012-12-20 18:52 2008-12-16 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 7, 2026, 4:13 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
195871 7.2 HIGH
Network 		solvercircle wp_icommerce The Orders functionality in the WP iCommerce WordPress plugin through 1.1.1 has an `order_id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQ… - CVE-2021-24402 2024-11-21 14:53 2021-09-20 Show GitHub Exploit DB Packet Storm
195872 8.8 HIGH
Network 		cozmoslabs membership_\&_content_restriction_-_paid_member_subscriptions The Membership & Content Restriction – Paid Member Subscriptions WordPress plugin before 2.4.2 did not sanitise, validate or escape its order and orderby parameters before using them in SQL statement… - CVE-2021-24728 2024-11-21 14:53 2021-09-14 Show GitHub Exploit DB Packet Storm
195873 8.8 HIGH
Network 		stopbadbots block_and_stop_bad_bots The StopBadBots WordPress plugin before 6.60 did not validate or escape the order and orderby GET parameter in some of its admin dashboard pages, leading to Authenticated SQL Injections - CVE-2021-24727 2024-11-21 14:53 2021-09-14 Show GitHub Exploit DB Packet Storm
195874 8.8 HIGH
Network 		wpsimplebookingcalendar wp_simple_booking_calendar The WP Simple Booking Calendar WordPress plugin before 2.0.6 did not escape, validate or sanitise the orderby parameter in its Search Calendars action, before using it in a SQL statement, leading to … - CVE-2021-24726 2024-11-21 14:53 2021-09-14 Show GitHub Exploit DB Packet Storm
195875 4.3 MEDIUM
Network 		quantumcloud comment_link_remove_and_other_comment_tools The Comment Link Remove and Other Comment Tools WordPress plugin before 2.1.6 does not have CSRF check in its 'Delete comments easily', which could allow attackers to make logged in admin delete arbi… - CVE-2021-24725 2024-11-21 14:53 2021-09-14 Show GitHub Exploit DB Packet Storm
195876 5.4 MEDIUM
Network 		motopress timetable_and_event_schedule The Timetable and Event Schedule by MotoPress WordPress plugin before 2.3.19 does not sanitise some of its parameters, which could allow low privilege users such as author to perform XSS attacks agai… - CVE-2021-24724 2024-11-21 14:53 2021-09-14 Show GitHub Exploit DB Packet Storm
195877 4.8 MEDIUM
Network 		ticket-system wordpress_advanced_ticket_system The WordPress Advanced Ticket System, Elite Support Helpdesk WordPress plugin before 1.0.64 does not sanitize or escape form values before saving to the database or when outputting, which allows high… - CVE-2021-24623 2024-11-21 14:53 2021-09-14 Show GitHub Exploit DB Packet Storm
195878 4.8 MEDIUM
Network 		stratospheredigital wp_courses_lms The WP Courses LMS WordPress plugin before 2.0.44 does not sanitise its Video Embed Code, allowing malicious code to be injected in it by high privilege users, even when the unfiltered_html capabilit… CWE-79
Cross-site Scripting 		CVE-2021-24621 2024-11-21 14:53 2021-09-14 Show GitHub Exploit DB Packet Storm
195879 8.8 HIGH
Network 		simple-e-commerce-shopping-cart_project simple-e-commerce-shopping-cart The WordPress Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin through 2.2.5 does not check for the uploaded Downloadable Digital product file, allowing any file, such as PH… CWE-352
CWE-434
 Origin Validation Error
 Unrestricted Upload of File with Dangerous Type  		CVE-2021-24620 2024-11-21 14:53 2021-09-14 Show GitHub Exploit DB Packet Storm
195880 4.8 MEDIUM
Network 		evona per_page_add_to_head The Per page add to head WordPress plugin through 1.4.4 does not properly sanitise one of its setting, allowing malicious HTML to be inserted by high privilege users even when the unfiltered_html cap… - CVE-2021-24619 2024-11-21 14:53 2021-09-14 Show GitHub Exploit DB Packet Storm