Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 7, 2026, 4 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
230061 4.3 警告 phpPgAdmin - phpPgAdmin の libraries/lib.inc.php におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2008-5587 2012-12-20 18:52 2008-12-16 Show GitHub Exploit DB Packet Storm
230062 4.3 警告 ProjectPier - ProjectPier におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-5584 2012-12-20 18:52 2008-12-15 Show GitHub Exploit DB Packet Storm
230063 6.8 警告 ProjectPier - ProjectPier の index.php におけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2008-5583 2012-12-20 18:52 2008-12-15 Show GitHub Exploit DB Packet Storm
230064 7.5 危険 scssboard - sCssBoard の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-5578 2012-12-20 18:52 2008-12-15 Show GitHub Exploit DB Packet Storm
230065 7.5 危険 scssboard - sCssBoard の index.php における PHP リモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2008-5577 2012-12-20 18:52 2008-12-15 Show GitHub Exploit DB Packet Storm
230066 7.5 危険 scssboard - sCssBoard の admin/forums.php における認証を回避される脆弱性 CWE-287
不適切な認証 		CVE-2008-5576 2012-12-20 18:52 2008-12-15 Show GitHub Exploit DB Packet Storm
230067 7.5 危険 proclanmanager - Pro Clan Manager におけるセッションをハイジャックされる脆弱性 CWE-287
不適切な認証 		CVE-2008-5575 2012-12-20 18:52 2008-12-15 Show GitHub Exploit DB Packet Storm
230068 7.5 危険 unscripts - Webmaster Marketplace の member.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-5574 2012-12-20 18:52 2008-12-15 Show GitHub Exploit DB Packet Storm
230069 4.3 警告 phpeppershop - PHPepperShop におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-5569 2012-12-20 18:52 2008-12-15 Show GitHub Exploit DB Packet Storm
230070 4.3 警告 php multiple newsletters - Triangle Solutions PHP Multiple Newsletters の index.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-5566 2012-12-20 18:52 2008-12-15 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 7, 2026, 4:13 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
195801 4.8 MEDIUM
Network 		planso planso_forms The PlanSo Forms WordPress plugin through 2.6.3 does not escape the title of its Form before outputting it in attributes, allowing high privilege users such as admin to set XSS payload in it, even wh… - CVE-2021-24516 2024-11-21 14:53 2021-10-18 Show GitHub Exploit DB Packet Storm
195802 5.4 MEDIUM
Network 		bplugins streamcast_radio_player The StreamCast – Radio Player for WordPress plugin before 2.1.1 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scr… - CVE-2021-24416 2024-11-21 14:53 2021-10-18 Show GitHub Exploit DB Packet Storm
195803 5.4 MEDIUM
Network 		bplugins polo_video_gallery The Polo Video Gallery – Best wordpress video gallery plugin WordPress plugin through 1.2 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contrib… - CVE-2021-24415 2024-11-21 14:53 2021-10-18 Show GitHub Exploit DB Packet Storm
195804 5.4 MEDIUM
Network 		bplugins easy_twitter_feed The Easy Twitter Feed WordPress plugin before 1.2 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload… - CVE-2021-24413 2024-11-21 14:53 2021-10-18 Show GitHub Exploit DB Packet Storm
195805 5.4 MEDIUM
Network 		bplugins html5_audio_player The Html5 Audio Player – Audio Player for WordPress plugin before 2.1.3 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-… - CVE-2021-24412 2024-11-21 14:53 2021-10-18 Show GitHub Exploit DB Packet Storm
195806 5.7 MEDIUM
Network 		catchplugins catch_scroll_progress_bar
catch_sticky_menu
catch_themes_demo_import
catch_under_construction
catch_web_tools
essential_content_types
generate_child_theme
header_enhancement
t… 		Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctp_switch AJAX action, which could allow any authenticated users, such as Subscriber to change the Essen… CWE-352
 Origin Validation Error 		CVE-2021-24752 2024-11-21 14:53 2021-10-18 Show GitHub Exploit DB Packet Storm
195807 4.8 MEDIUM
Network 		gvectors wpdiscuz The Comments – wpDiscuz WordPress plugin through 7.3.0 does not properly sanitise or escape the Follow and Unfollow messages before outputting them in the page, which could allow high privilege users… - CVE-2021-24737 2024-11-21 14:53 2021-10-11 Show GitHub Exploit DB Packet Storm
195808 5.4 MEDIUM
Network 		ayecode geodirectory The GeoDirectory Business Directory WordPress plugin before 2.1.1.3 was vulnerable to Authenticated Stored Cross-Site Scripting (XSS). - CVE-2021-24720 2024-11-21 14:53 2021-10-11 Show GitHub Exploit DB Packet Storm
195809 6.1 MEDIUM
Network 		kriesi enfold The Enfold Enfold WordPress theme before 4.8.4 was vulnerable to Reflected Cross-Site Scripting (XSS). The vulnerability is present on Enfold versions previous than 4.8.4 which use Avia Page Builder. CWE-79
Cross-site Scripting 		CVE-2021-24719 2024-11-21 14:53 2021-10-11 Show GitHub Exploit DB Packet Storm
195810 5.4 MEDIUM
Network 		dwbooster appointment_hour_booking The Appointment Hour Booking WordPress plugin before 1.3.17 does not properly sanitize values used when creating new calendars. CWE-79
Cross-site Scripting 		CVE-2021-24712 2024-11-21 14:53 2021-10-11 Show GitHub Exploit DB Packet Storm