Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 1, 2026, 10 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
230671 4.3 警告 SmarterTools Inc. - SmarterTools SmarterMail Enterprise におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-0872 2012-12-20 18:34 2008-02-21 Show GitHub Exploit DB Packet Storm
230672 7.5 危険 woltlab - WoltLab Burning Board の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-0857 2012-12-20 18:34 2008-02-20 Show GitHub Exploit DB Packet Storm
230673 7.5 危険 WordPress.org - WordPress 用の Dean Logan WP-People プラグインにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-0845 2012-12-20 18:34 2008-02-20 Show GitHub Exploit DB Packet Storm
230674 6.4 警告 statcountex - StatCounteX における重要な情報を取得される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2008-0843 2012-12-20 18:34 2008-02-20 Show GitHub Exploit DB Packet Storm
230675 4.4 警告 publicwarehouse - Public Warehouse LightBlog の view_member.php におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2008-0840 2012-12-20 18:34 2008-02-20 Show GitHub Exploit DB Packet Storm
230676 4.3 警告 ソフォス - Sophos ES1000 および ES4000 Email Security Appliance の Web の管理インターフェースにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-0838 2012-12-20 18:34 2008-02-20 Show GitHub Exploit DB Packet Storm
230677 7.5 危険 simple cms - Simple CMS の indexen.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-0835 2012-12-20 18:34 2008-02-20 Show GitHub Exploit DB Packet Storm
230678 7.5 危険 PHPNUKE - PHP-Nuke の Books モジュールにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-0827 2012-12-20 18:34 2008-02-19 Show GitHub Exploit DB Packet Storm
230679 3.6 注意 scribe - Scribe の index.php におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2008-0822 2012-12-20 18:34 2008-02-19 Show GitHub Exploit DB Packet Storm
230680 3.6 注意 plutostatus - PlutoStatus Locator の index.php におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2008-0819 2012-12-20 18:34 2008-02-19 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 1, 2026, 4:12 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
196811 6.1 MEDIUM
Network 		voidtools everything HTTP header injection vulnerability in Everything all versions except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product via unspeci… NVD-CWE-Other
CVE-2021-20784 2024-11-21 14:47 2021-07-14 Show GitHub Exploit DB Packet Storm
196812 8.8 HIGH
Network 		tipsandtricks-hq software_license_manager Cross-site request forgery (CSRF) vulnerability in Software License Manager versions prior to 4.4.6 allows remote attackers to hijack the authentication of administrators via unspecified vectors. CWE-352
 Origin Validation Error 		CVE-2021-20782 2024-11-21 14:47 2021-07-14 Show GitHub Exploit DB Packet Storm
196813 8.8 HIGH
Network 		pluginus wordpress_meta_data_and_taxonomies_filter Cross-site request forgery (CSRF) vulnerability in WordPress Meta Data Filter & Taxonomies Filter versions prior to v.1.2.8 and versions prior to v.2.2.8 allows remote attackers to hijack the authent… CWE-352
 Origin Validation Error 		CVE-2021-20781 2024-11-21 14:47 2021-07-14 Show GitHub Exploit DB Packet Storm
196814 7.5 HIGH
Network 		retty retty Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 uses a hard-coded API key for an external service. By exploiting this vulnerability, API key for an exte… CWE-798
 Use of Hard-coded Credentials 		CVE-2021-20748 2024-11-21 14:47 2021-07-14 Show GitHub Exploit DB Packet Storm
196815 4.3 MEDIUM
Network 		retty retty Improper authorization in handler for custom URL scheme vulnerability in Retty App for Android versions prior to 4.8.13 and Retty App for iOS versions prior to 4.11.14 allows a remote attacker to lea… CWE-862
 Missing Authorization 		CVE-2021-20747 2024-11-21 14:47 2021-07-14 Show GitHub Exploit DB Packet Storm
196816 8.8 HIGH
Network 		wp-currency wordpress_currency_switcher Cross-site request forgery (CSRF) vulnerability in WPCS - WordPress Currency Switcher 1.1.6 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors. CWE-352
 Origin Validation Error 		CVE-2021-20780 2024-11-21 14:47 2021-07-7 Show GitHub Exploit DB Packet Storm
196817 8.8 HIGH
Network 		codemiq wordpress_email_template_designer Cross-site request forgery (CSRF) vulnerability in WordPress Email Template Designer - WP HTML Mail versions prior to 3.0.8 allows remote attackers to hijack the authentication of administrators via … CWE-352
 Origin Validation Error 		CVE-2021-20779 2024-11-21 14:47 2021-07-7 Show GitHub Exploit DB Packet Storm
196818 4.3 MEDIUM
Network 		gu-global gu Improper authorization in handler for custom URL scheme vulnerability in GU App for Android versions from 4.8.0 to 5.0.2 allows a remote attacker to lead a user to access an arbitrary website via the… CWE-862
 Missing Authorization 		CVE-2021-20777 2024-11-21 14:47 2021-07-7 Show GitHub Exploit DB Packet Storm
196819 9.8 CRITICAL
Network 		a-stage-inc at-40cm01sr_firmware
sct-40cm01sr_firmware 		Improper authentication vulnerability in SCT-40CM01SR and AT-40CM01SR allows an attacker to bypass access restriction and execute an arbitrary command via telnet. CWE-287
Improper Authentication 		CVE-2021-20776 2024-11-21 14:47 2021-07-7 Show GitHub Exploit DB Packet Storm
196820 6.5 MEDIUM
Adjacent 		elecom wrc-1167fs-w_firmware
wrc-1167fs-b_firmware
wrc-1167fsa_firmware 		WRC-1167FS-W, WRC-1167FS-B, and WRC-1167FSA all versions allow an unauthenticated network-adjacent attacker to obtain sensitive information via unspecified vectors. NVD-CWE-noinfo
CVE-2021-20738 2024-11-21 14:47 2021-07-7 Show GitHub Exploit DB Packet Storm