Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 7, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
230311 7.5 危険 steve dawson - PokerMax Poker League Tournament Script の configure.php における認証を回避される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2008-4600 2012-12-20 18:52 2008-10-17 Show GitHub Exploit DB Packet Storm
230312 10 危険 slaytanic scripts - Slaytanic Scripts Content Plus における脆弱性 CWE-noinfo
情報不足 		CVE-2008-4595 2012-12-20 18:52 2008-10-17 Show GitHub Exploit DB Packet Storm
230313 10 危険 sportspanel - Sports Clubs Web Panel の index.php におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2008-4592 2012-12-20 18:52 2008-10-16 Show GitHub Exploit DB Packet Storm
230314 4.3 警告 phpwebgallery - PhpWebGallery の admin/include/isadmin.inc.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-4591 2012-12-20 18:52 2008-10-16 Show GitHub Exploit DB Packet Storm
230315 7.5 危険 stash - Stash における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-4590 2012-12-20 18:52 2008-10-16 Show GitHub Exploit DB Packet Storm
230316 5 警告 Matthias Wandel - jhead の DoCommand 関数におけるバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2008-4575 2012-12-20 18:52 2008-10-15 Show GitHub Exploit DB Packet Storm
230317 7.5 危険 real-estate-scripts - Real Estate Classifieds の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-4570 2012-12-20 18:52 2008-10-15 Show GitHub Exploit DB Packet Storm
230318 7.5 危険 xigla - XIGLA Software Absolute Poll Manager XE の xlacomments.asp における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-4569 2012-12-20 18:52 2008-10-15 Show GitHub Exploit DB Packet Storm
230319 6.8 警告 VideoLAN - VLC Media Player における任意のメモリを上書きされる脆弱性 CWE-399
リソース管理の問題 		CVE-2008-4558 2012-12-20 18:52 2008-10-14 Show GitHub Exploit DB Packet Storm
230320 7.2 危険 Fabrice Bellard - Debian GNU/Linux 上で稼動する qemu の qemu-make-debian-root における任意のファイルを上書きされる脆弱性 CWE-59
リンク解釈の問題 		CVE-2008-4553 2012-12-20 18:52 2008-10-15 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 7, 2026, 4:13 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
196021 4.8 MEDIUM
Network 		wp_youtube_lyte_project wp_youtube_lyte The WP YouTube Lyte WordPress plugin before 1.7.16 did not sanitise or escape its lyte_yt_api_key and lyte_notification settings before outputting them back in the page, allowing high privilege users… - CVE-2021-24419 2024-11-21 14:53 2021-07-13 Show GitHub Exploit DB Packet Storm
196022 4.8 MEDIUM
Network 		smooth_scroll_page_up\/down_buttons_project smooth_scroll_page_up\/down_buttons The Smooth Scroll Page Up/Down Buttons WordPress plugin through 1.4 does not properly sanitise and validate its psb_positioning settings, allowing high privilege users such as admin to set an XSS pay… - CVE-2021-24418 2024-11-21 14:53 2021-07-13 Show GitHub Exploit DB Packet Storm
196023 6.1 MEDIUM
Network 		plugin-planet prismatic The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed i… - CVE-2021-24409 2024-11-21 14:53 2021-07-13 Show GitHub Exploit DB Packet Storm
196024 5.4 MEDIUM
Network 		plugin-planet prismatic The Prismatic WordPress plugin before 2.8 does not sanitise or validate some of its shortcode parameters, allowing users with a role as low as Contributor to set Cross-Site payload in them. A post ma… - CVE-2021-24408 2024-11-21 14:53 2021-07-13 Show GitHub Exploit DB Packet Storm
196025 5.4 MEDIUM
Network 		deliciousbrains wp_offload_ses_lite The WP Offload SES Lite WordPress plugin before 1.4.5 did not escape some of the fields in the Activity page of the admin dashboard, such as the email's id, subject and recipient, which could lead to… - CVE-2021-24494 2024-11-21 14:53 2021-07-6 Show GitHub Exploit DB Packet Storm
196026 7.2 HIGH
Network 		export_users_with_meta_project export_users_with_meta The Export Users With Meta WordPress plugin before 0.6.5 did not escape the list of roles to export before using them in a SQL statement in the export functionality, available to admins, leading to a… - CVE-2021-24451 2024-11-21 14:53 2021-07-6 Show GitHub Exploit DB Packet Storm
196027 6.1 MEDIUM
Network 		tielabs jannah The Jannah WordPress theme before 5.4.5 did not properly sanitize the 'query' POST parameter in its tie_ajax_search AJAX action, leading to a Reflected Cross-site Scripting (XSS) vulnerability. - CVE-2021-24407 2024-11-21 14:53 2021-07-6 Show GitHub Exploit DB Packet Storm
196028 6.1 MEDIUM
Network 		gvectors wpforo_forum The wpForo Forum WordPress plugin before 1.9.7 did not validate the redirect_to parameter in the login form of the forum, leading to an open redirect issue after a successful login. Such issue could … - CVE-2021-24406 2024-11-21 14:53 2021-07-6 Show GitHub Exploit DB Packet Storm
196029 6.5 MEDIUM
Network 		izsoft easy_cookies_policy The Easy Cookies Policy WordPress plugin through 1.6.2 is lacking any capability and CSRF check when saving its settings, allowing any authenticated users (such as subscriber) to change them. If user… NVD-CWE-Other
CVE-2021-24405 2024-11-21 14:53 2021-07-6 Show GitHub Exploit DB Packet Storm
196030 7.2 HIGH
Network 		benjaminrojas wp_editor The WP Editor WordPress plugin before 1.2.7 did not sanitise or validate its setting fields leading to an authenticated (admin+) blind SQL injection issue via an arbitrary parameter when making a req… CWE-89
SQL Injection 		CVE-2021-24151 2024-11-21 14:52 2024-01-17 Show GitHub Exploit DB Packet Storm