Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 8, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
230111 7.5 危険 surat kabar - phpWebNews の bukutamu.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-6812 2012-12-20 19:10 2009-05-22 Show GitHub Exploit DB Packet Storm
230112 7.5 危険 scripts-for-sites - SFS EZ Link Directory の links.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-6808 2012-12-20 19:10 2009-05-12 Show GitHub Exploit DB Packet Storm
230113 7.5 危険 yigit aybuga - Yigit Aybuga Dizi Portali の diziler.asp における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-6803 2012-12-20 19:10 2009-05-11 Show GitHub Exploit DB Packet Storm
230114 7.5 危険 phpexplorer - phPhotoGallery の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-6802 2012-12-20 19:10 2009-05-7 Show GitHub Exploit DB Packet Storm
230115 4.4 警告 vivvo - Vivvo CMS におけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2008-6801 2012-12-20 19:10 2009-05-7 Show GitHub Exploit DB Packet Storm
230116 7.5 危険 tufat - FlashChat の connection.php におけるロールフィルタメカニズムを回避される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2008-6799 2012-12-20 19:10 2009-05-7 Show GitHub Exploit DB Packet Storm
230117 7.5 危険 PreProject.com - Pre Projects Pre Real Estate Listings の login.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-6798 2012-12-20 19:10 2009-05-7 Show GitHub Exploit DB Packet Storm
230118 7.5 危険 PreProject.com - Pre Projects Pre Real Estate Listings の manager/login.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-6796 2012-12-20 19:10 2009-05-7 Show GitHub Exploit DB Packet Storm
230119 7.5 危険 sfs ez pub - SFS EZ Pub Site の directory.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-6794 2012-12-20 19:10 2009-05-7 Show GitHub Exploit DB Packet Storm
230120 7.5 危険 scripts-for-sites - SFS EZ Adult Directory の directory.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-6784 2012-12-20 19:10 2009-05-1 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 8, 2026, 4:09 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
195721 7.2 HIGH
Network 		draftpress header_footer_code_manager The Header Footer Code Manager WordPress plugin before 1.1.14 does not validate and escape the "orderby" and "order" request parameters before using them in a SQL statement when viewing the Snippets … CWE-89
SQL Injection 		CVE-2021-24791 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm
195722 6.5 MEDIUM
Network 		batch_cat_project batch_cat The Batch Cat WordPress plugin through 0.3 defines 3 custom AJAX actions, which both require authentication but are available for all roles. As a result, any authenticated user (including simple subs… NVD-CWE-Other
CVE-2021-24788 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm
195723 6.5 MEDIUM
Network 		publishpress post_expirator The Post Expirator WordPress plugin before 2.6.0 does not have proper capability checks in place, which could allow users with a role as low as Contributor to schedule deletion of arbitrary posts. CWE-863
 Incorrect Authorization 		CVE-2021-24783 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm
195724 6.5 MEDIUM
Network 		fullworks redirect_404_error_page_to_homepage_or_custom_page_with_logs The Redirect 404 Error Page to Homepage or Custom Page with Logs WordPress plugin before 1.7.9 does not check for CSRF when deleting logs, which could allow attacker to make a logged in admin delete … - CVE-2021-24767 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm
195725 6.5 MEDIUM
Network 		404_to_301_project 404_to_301 The 404 to 301 – Redirect, Log and Notify 404 Errors WordPress plugin before 3.0.9 does not have CSRF check in place when cleaning the logs, which could allow attacker to make a logged in admin delet… - CVE-2021-24766 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm
195726 8.8 HIGH
Network 		wclovers frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible WordPress plugin before 6.5.12, when used in combination with another WCFM - WooCommerce Multivendor p… CWE-89
SQL Injection 		CVE-2021-24835 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm
195727 9.8 CRITICAL
Network 		genetechsolutions pie_register The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it in a… - CVE-2021-24731 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm
195728 6.5 MEDIUM
Network 		loco_translate_project loco_translate The Loco Translate WordPress plugin before 2.5.4 mishandles data inputs which get saved to a file, which can be renamed to an extension ending in .php, resulting in authenticated "translator" users b… - CVE-2021-24721 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm
195729 4.8 MEDIUM
Network 		print-o-matic_project print-o-matic The Print-O-Matic WordPress plugin before 2.0.3 does not escape some of its settings before outputting them in attribute, which could allow high privilege users to perform Cross-Site Scripting attack… - CVE-2021-24710 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm
195730 4.8 MEDIUM
Network 		wp_all_export_project wp_all_export The Export any WordPress data to XML/CSV WordPress plugin before 1.3.1 does not escape its Export's Name before outputting it in Manage Exports settings, which could allow high privilege users to per… - CVE-2021-24708 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm