Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 5, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
230541	7.5	危険	willo	-	Mobius for Mimsy XG における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-3420	2012-12-20 18:52	2008-07-31	Show	GitHub Exploit DB Packet Storm

230542	7.5	危険	willo	-	TriO の browse.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-3418	2012-12-20 18:52	2008-07-31	Show	GitHub Exploit DB Packet Storm

230543	7.5	危険	siteadmin	-	SiteAdmin の line2.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-3414	2012-12-20 18:52	2008-07-31	Show	GitHub Exploit DB Packet Storm

230544	5	警告	phplinkat	-	phpLinkat における認証を回避される脆弱性	CWE-287 不適切な認証	CVE-2008-3407	2012-12-20 18:52	2008-07-31	Show	GitHub Exploit DB Packet Storm

230545	7.5	危険	phplinkat	-	TribunaLibre の ftag.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-3406	2012-12-20 18:52	2008-07-31	Show	GitHub Exploit DB Packet Storm

230546	4.3	警告	xrms	-	XRMS CRM における設定情報を取得される脆弱性	CWE-200 情報漏えい	CVE-2008-3400	2012-12-20 18:52	2008-07-31	Show	GitHub Exploit DB Packet Storm

230547	6.8	警告	xrms	-	XRMS CRM の activities/workflow-activities.php における PHP リモートファイルインクルージョンの脆弱性	CWE-94 コード・インジェクション	CVE-2008-3399	2012-12-20 18:52	2008-07-31	Show	GitHub Exploit DB Packet Storm

230548	2.6	注意	xrms	-	XRMS CRM におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-3398	2012-12-20 18:52	2008-07-31	Show	GitHub Exploit DB Packet Storm

230549	4.3	警告	runesoft	-	Runesoft Cerberus CMS におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-3397	2012-12-20 18:52	2008-07-31	Show	GitHub Exploit DB Packet Storm

230550	5.8	警告	webwizguide	-	Web Wiz Forum におけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2008-3392	2012-12-20 18:52	2008-07-31	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 6, 2026, 4:18 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
196181	7.5	HIGH Network	accessally	accessally	In the AccessAlly WordPress plugin before 3.5.7, the file "resource/frontend/product/product-shortcode.php" responsible for the [accessally_order_form] shortcode is dumping serialize($_SERVER), which…	-	CVE-2021-24226	2024-11-21 14:52	2021-04-12	Show	GitHub Exploit DB Packet Storm

196182	5.4	MEDIUM Network	elbtide	advanced_booking_calendar	The Advanced Booking Calendar WordPress plugin before 1.6.7 did not sanitise the calId GET parameter in the "Seasons & Calendars" page before outputing it in an A tag, leading to a reflected XSS issue	-	CVE-2021-24225	2024-11-21 14:52	2021-04-12	Show	GitHub Exploit DB Packet Storm

196183	8.8	HIGH Network	easy-form-builder-by-bitware_project	easy-form-builder-by-bitware	The EFBP_verify_upload_file AJAX action of the Easy Form Builder WordPress plugin through 1.0, available to authenticated users, does not have any security in place to verify uploaded files, allowing…	-	CVE-2021-24224	2024-11-21 14:52	2021-04-12	Show	GitHub Exploit DB Packet Storm

196184	9.8	CRITICAL Network	n5_upload_form_project	n5_upload_form	The N5 Upload Form WordPress plugin through 1.0 suffers from an arbitrary file upload issue in page where a Form from the plugin is embed, as any file can be uploaded. The uploaded filename might be …	-	CVE-2021-24223	2024-11-21 14:52	2021-04-12	Show	GitHub Exploit DB Packet Storm

196185	9.8	CRITICAL Network	williamluis	wp-curriculo_vitae_free	The WP-Curriculo Vitae Free WordPress plugin through 6.3 suffers from an arbitrary file upload issue in page where the [formCadastro] is embed. The form allows unauthenticated user to register and su…	-	CVE-2021-24222	2024-11-21 14:52	2021-04-12	Show	GitHub Exploit DB Packet Storm

196186	8.8	HIGH Network	facebook	facebook	The wp_ajax_save_fbe_settings and wp_ajax_delete_fbe_settings AJAX actions of the Facebook for WordPress plugin before 3.0.4 were vulnerable to CSRF due to a lack of nonce protection. The settings in…	-	CVE-2021-24218	2024-11-21 14:52	2021-04-12	Show	GitHub Exploit DB Packet Storm

196187	8.8	HIGH Network	expresstech	quiz_and_survey_master	The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin before 7.1.12 did not sanitise the result_id GET parameter on pages with the [qsm_result] shortcode without id attr…	-	CVE-2021-24221	2024-11-21 14:52	2021-04-12	Show	GitHub Exploit DB Packet Storm

196188	9.1	CRITICAL Network	thrivethemes	ignition luxe minus performag pressive rise squared storied voice focusblog	Thrive “Legacy” Rise by Thrive Themes WordPress theme before 2.0.0, Luxe by Thrive Themes WordPress theme before 2.0.0, Minus by Thrive Themes WordPress theme before 2.0.0, Ignition by Thrive Themes …	-	CVE-2021-24220	2024-11-21 14:52	2021-04-12	Show	GitHub Exploit DB Packet Storm

196189	5.3	MEDIUM Network	thrivethemes	thrive_ovation thrive_dashboard thrive_visual_editor thrive_apprentice thrive_quiz_builder thrive_headline_optimizer thrive_comments thrive_optimize thrive_clever_widgets f…	The Thrive Optimize WordPress plugin before 1.4.13.3, Thrive Comments WordPress plugin before 1.4.15.3, Thrive Headline Optimizer WordPress plugin before 1.3.7.3, Thrive Leads WordPress plugin before…	CWE-306 Missing Authentication for Critical Function	CVE-2021-24219	2024-11-21 14:52	2021-04-12	Show	GitHub Exploit DB Packet Storm

196190	8.1	HIGH Network	facebook	facebook	The run_action function of the Facebook for WordPress plugin before 3.0.0 deserializes user supplied data making it possible for PHP objects to be supplied creating an Object Injection vulnerability.…	-	CVE-2021-24217	2024-11-21 14:52	2021-04-12	Show	GitHub Exploit DB Packet Storm