Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 7, 2026, 4 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
230341 7.5 危険 Vastal I-Tech & Co. - Vastal I-Tech Cosmetics Zone の view_products_cat.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-4466 2012-12-20 18:52 2008-10-6 Show GitHub Exploit DB Packet Storm
230342 7.5 危険 Vastal I-Tech & Co. - Vastal I-Tech DVD Zone の view_mags.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-4465 2012-12-20 18:52 2008-10-6 Show GitHub Exploit DB Packet Storm
230343 7.5 危険 Vastal I-Tech & Co. - Vastal I-Tech Mag Zone の view_mags.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-4464 2012-12-20 18:52 2008-10-6 Show GitHub Exploit DB Packet Storm
230344 7.5 危険 Vastal I-Tech & Co. - Vastal I-Tech Jobs Zone の view_news.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-4463 2012-12-20 18:52 2008-10-6 Show GitHub Exploit DB Packet Storm
230345 7.5 危険 Vastal I-Tech & Co. - Vastal I-Tech Visa Zone の view_news.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-4462 2012-12-20 18:52 2008-10-6 Show GitHub Exploit DB Packet Storm
230346 7.5 危険 Vastal I-Tech & Co. - Vastal I-Tech Dating Zone の advanced_search_results.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-4461 2012-12-20 18:52 2008-10-6 Show GitHub Exploit DB Packet Storm
230347 7.5 危険 Vastal I-Tech & Co. - Vastal I-Tech MMORPG Zone の game.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-4460 2012-12-20 18:52 2008-10-6 Show GitHub Exploit DB Packet Storm
230348 6.8 警告 positive software - Positive Software H-Sphere WebShell の actions.php におけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2008-4448 2012-12-20 18:52 2008-10-6 Show GitHub Exploit DB Packet Storm
230349 4.3 警告 positive software - Positive Software H-Sphere WebShell の actions.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-4447 2012-12-20 18:52 2008-10-6 Show GitHub Exploit DB Packet Storm
230350 4.3 警告 rmsoft - Xoops 用の rmdp モジュールにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-4435 2012-12-20 18:52 2008-10-3 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 7, 2026, 4:13 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
196001 4.8 MEDIUM
Network 		yandex yandex_turbo The RSS for Yandex Turbo WordPress plugin through 1.30 does not sanitise or escape some of its settings before saving and outputing them in the admin dashboard, leading to an Authenticated Stored Cro… CWE-79
Cross-site Scripting 		CVE-2021-24428 2024-11-21 14:53 2021-08-2 Show GitHub Exploit DB Packet Storm
196002 5.4 MEDIUM
Network 		kainelabs youzify The About Me widget of the Youzify – BuddyPress Community, User Profile, Social Network & Membership WordPress plugin before 1.0.7 does not properly sanitise its Biography field, allowing any authent… - CVE-2021-24443 2024-11-21 14:53 2021-08-2 Show GitHub Exploit DB Packet Storm
196003 4.8 MEDIUM
Network 		premio mystickymenu The Floating Notification Bar, Sticky Menu on Scroll, and Sticky Header for Any Theme – myStickymenu WordPress plugin before 2.5.2 does not sanitise or escape its Bar Text settings, allowing hight pr… - CVE-2021-24425 2024-11-21 14:53 2021-08-2 Show GitHub Exploit DB Packet Storm
196004 4.8 MEDIUM
Network 		never5 related_posts The Related Posts for WordPress plugin through 2.0.4 does not sanitise its heading_text and CSS settings, allowing high privilege users (admin) to set XSS payloads in them, leading to Stored Cross-Si… - CVE-2021-24482 2024-11-21 14:53 2021-07-19 Show GitHub Exploit DB Packet Storm
196005 8.8 HIGH
Network 		include_me_project include_me The Include Me WordPress plugin through 1.2.1 is vulnerable to path traversal / local file inclusion, which can lead to Remote Code Execution (RCE) of the system due to log poisoning and therefore po… - CVE-2021-24453 2024-11-21 14:53 2021-07-19 Show GitHub Exploit DB Packet Storm
196006 5.3 MEDIUM
Network 		silkypress wp_image_zoom The WP Image Zoom WordPress plugin before 1.47 did not validate its tab parameter before using it in the include_once() function, leading to a local file inclusion issue in the admin dashboard - CVE-2021-24447 2024-11-21 14:53 2021-07-19 Show GitHub Exploit DB Packet Storm
196007 6.1 MEDIUM
Network 		boldgrid w3_total_cache The W3 Total Cache WordPress plugin before 2.1.4 was vulnerable to a reflected Cross-Site Scripting (XSS) security vulnerability within the "extension" parameter in the Extensions dashboard, which is… - CVE-2021-24436 2024-11-21 14:53 2021-07-19 Show GitHub Exploit DB Packet Storm
196008 6.1 MEDIUM
Network 		boldgrid w3_total_cache The W3 Total Cache WordPress plugin before 2.1.5 was affected by a reflected Cross-Site Scripting (XSS) issue within the "extension" parameter in the Extensions dashboard, when the 'Anonymously track… - CVE-2021-24452 2024-11-21 14:53 2021-07-19 Show GitHub Exploit DB Packet Storm
196009 6.1 MEDIUM
Network 		yop-poll yop_poll In the YOP Poll WordPress plugin before 6.2.8, when a pool is created with the options "Allow other answers", "Display other answers in the result list" and "Show results", it can lead to Stored Cros… - CVE-2021-24454 2024-11-21 14:53 2021-07-13 Show GitHub Exploit DB Packet Storm
196010 9.8 CRITICAL
Network 		wpdevart poll\
_survey\
_questionnaire_and_voting_system 		The Poll, Survey, Questionnaire and Voting system WordPress plugin before 1.5.3 did not sanitise, escape or validate the date_answers[] POST parameter before using it in a SQL statement when sending … - CVE-2021-24442 2024-11-21 14:53 2021-07-13 Show GitHub Exploit DB Packet Storm