Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 8, 2026, 4:01 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
230091	7.5	危険	xigla	-	Absolute Banner Manager .NET における認証を回避される脆弱性	CWE-287 不適切な認証	CVE-2008-6858	2012-12-20 19:10	2009-07-14	Show	GitHub Exploit DB Packet Storm

230092	7.5	危険	xigla	-	Absolute Podcast .NET における認証を回避される脆弱性	CWE-287 不適切な認証	CVE-2008-6857	2012-12-20 19:10	2009-07-14	Show	GitHub Exploit DB Packet Storm

230093	7.5	危険	xigla	-	Xigla Software Absolute News Manager.NET における認証を回避される脆弱性	CWE-287 不適切な認証	CVE-2008-6856	2012-12-20 19:10	2009-07-14	Show	GitHub Exploit DB Packet Storm

230094	7.5	危険	xigla	-	Xigla Software Absolute News Feed における認証を回避される脆弱性	CWE-287 不適切な認証	CVE-2008-6855	2012-12-20 19:10	2009-07-14	Show	GitHub Exploit DB Packet Storm

230095	7.5	危険	xigla	-	Xigla Software Absolute FAQ Manager.NET における認証を回避される脆弱性	CWE-287 不適切な認証	CVE-2008-6854	2012-12-20 19:10	2009-07-14	Show	GitHub Exploit DB Packet Storm

230096	4.3	警告	PHP-Fusion	-	PHP-Fusion の messages.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-6850	2012-12-20 19:10	2009-07-7	Show	GitHub Exploit DB Packet Storm

230097	6.8	警告	w2b	-	phpGreetCards の index.php における任意の PHP コードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2008-6849	2012-12-20 19:10	2009-07-7	Show	GitHub Exploit DB Packet Storm

230098	4.3	警告	w2b	-	phpGreetCards の index.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-6848	2012-12-20 19:10	2009-07-7	Show	GitHub Exploit DB Packet Storm

230099	4.3	警告	PreProject.com	-	Pre ASP Job Board の Employee/emp_login.asp におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-6847	2012-12-20 19:10	2009-07-2	Show	GitHub Exploit DB Packet Storm

230100	6.8	警告	Pluck CMS	-	Pluck の data/modules/blog/module_pages_site.php におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2008-6842	2012-12-20 19:10	2009-07-2	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 8, 2026, 4:09 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
195701	5.4	MEDIUM Network	yop-poll	yop_poll	The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cross-Site Scripting vulnerability, which exists in the Admin preview module where a user with a role as low as author is allowed to…	-	CVE-2021-24833	2024-11-21 14:53	2021-11-17	Show	GitHub Exploit DB Packet Storm

195702	4.8	MEDIUM Network	wpplugin	accept_donations_with_paypal	The Accept Donations with PayPal WordPress plugin before 1.3.2 does not escape the Amount Menu Name field of created Buttons, which could allow a high privilege users to perform Cross-Site Scripting …	-	CVE-2021-24815	2024-11-21 14:53	2021-11-17	Show	GitHub Exploit DB Packet Storm

195703	8.8	HIGH Network	simple_jwt_login_project	simple_jwt_login	The Simple JWT Login WordPress plugin before 3.2.1 does not have nonce checks when saving its settings, allowing attackers to make a logged in admin changed them. Settings such as HMAC verification s…	-	CVE-2021-24804	2024-11-21 14:53	2021-11-17	Show	GitHub Exploit DB Packet Storm

195704	6.5	MEDIUM Network	gesundheit-bewegt	colorful_categories	The Colorful Categories WordPress plugin before 2.0.15 does not enforce nonce checks which could allow attackers to make a logged in admin or editor change taxonomy colors via a CSRF attack	-	CVE-2021-24802	2024-11-21 14:53	2021-11-17	Show	GitHub Exploit DB Packet Storm

195705	6.1	MEDIUM Network	my_tickets_project	my_tickets	The My Tickets WordPress plugin before 1.8.31 does not properly sanitise and escape the Email field of booked tickets before outputting it in the Payment admin dashboard, which could allow unauthenti…	-	CVE-2021-24796	2024-11-21 14:53	2021-11-17	Show	GitHub Exploit DB Packet Storm

195706	4.8	MEDIUM Network	webventures	client_invoicing_by_sprout_invoices	The Client Invoicing by Sprout Invoices WordPress plugin before 19.9.7 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attack…	-	CVE-2021-24787	2024-11-21 14:53	2021-11-17	Show	GitHub Exploit DB Packet Storm

195707	4.3	MEDIUM Network	wp_performance_score_booster_project	wp_performance_score_booster	The WP Performance Score Booster WordPress plugin before 2.1 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.	-	CVE-2021-24776	2024-11-21 14:53	2021-11-17	Show	GitHub Exploit DB Packet Storm

195708	8.8	HIGH Network	xwp	stream	The Stream WordPress plugin before 3.8.2 does not sanitise and validate the order GET parameter from the Stream Records admin dashboard before using it in a SQL statement, leading to an SQL injection…	-	CVE-2021-24772	2024-11-21 14:53	2021-11-17	Show	GitHub Exploit DB Packet Storm

195709	8.8	HIGH Network	email_log_project	email_log	The Email Log WordPress plugin before 2.4.7 does not properly validate, sanitise and escape the "orderby" and "order" GET parameters before using them in SQL statement in the admin dashboard, leading…	CWE-89 SQL Injection	CVE-2021-24758	2024-11-21 14:53	2021-11-17	Show	GitHub Exploit DB Packet Storm

195710	4.8	MEDIUM Network	wpshopmart	testimonial_builder	The Testimonial WordPress plugin before 1.6.0 does not escape some testimonial fields which could allow high privilege users to perform Cross Site Scripting attacks even when the unfiltered_html capa…	-	CVE-2021-24598	2024-11-21 14:53	2021-11-17	Show	GitHub Exploit DB Packet Storm