Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":July 1, 2026, 10 a.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show
Exploit
PoC
Search
231431 4.3 警告 Simple Invoices - SimpleInvoices におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2012-4932 2013-01-4 16:16 2012-12-28 Show GitHub Exploit DB Packet Storm
231432 5 警告 ModSecurity - Apache HTTP Server 用 mod_security2 モジュールにおけるルールを回避される脆弱性 CWE-264
認可・権限・アクセス制御
CVE-2012-4528 2013-01-4 16:14 2012-10-15 Show GitHub Exploit DB Packet Storm
231433 4.3 警告 MediaWiki - MediaWiki 用 RSS Reader 拡張機能におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2012-6453 2013-01-4 14:54 2012-12-31 Show GitHub Exploit DB Packet Storm
231434 4.3 警告 Cerberus, LLC - Cerberus FTP Server の管理用 Web インターフェースにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2012-6339 2013-01-4 14:51 2012-12-11 Show GitHub Exploit DB Packet Storm
231435 6.5 警告 Open Constructor - Open Constructor における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2012-3873 2013-01-4 14:47 2012-12-28 Show GitHub Exploit DB Packet Storm
231436 4.3 警告 Open Constructor - Open Constructor におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2012-3872 2013-01-4 14:46 2012-12-28 Show GitHub Exploit DB Packet Storm
231437 3.5 注意 Open Constructor - Open Constructor におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2012-3871 2013-01-4 14:22 2012-12-28 Show GitHub Exploit DB Packet Storm
231438 3.5 注意 Open Constructor - Open Constructor におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2012-3870 2013-01-4 14:22 2012-12-28 Show GitHub Exploit DB Packet Storm
231439 3.3 注意 サムスン - 複数の Samsung Galaxy デバイス上の Android 用 SamsungDive におけるデバイスの発見を妨害される脆弱性 CWE-200
情報漏えい
CVE-2012-6337 2013-01-4 14:07 2012-12-31 Show GitHub Exploit DB Packet Storm
231440 3.3 注意 Lookout Mobile Security - Lookout の端末捜索機能における任意の位置データに偽装される脆弱性 CWE-noinfo
情報不足
CVE-2012-6336 2013-01-4 14:04 2012-12-31 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:July 1, 2026, 4:27 a.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
200551 5.4 MEDIUM
Network
supportcandy supportcandy The SupportCandy WordPress plugin before 2.2.7 does not validate and escape the page attribute of its shortcode, which could allow users with a role as low as Contributor to perform Cross-Site Script… CWE-79
Cross-site Scripting
CVE-2021-24880 2024-11-21 14:53 2022-02-8 Show GitHub Exploit DB Packet Storm
200552 8.8 HIGH
Network
supportcandy supportcandy The SupportCandy WordPress plugin before 2.2.7 does not have CSRF check in the wpsc_tickets AJAX action, nor has any sanitisation or escaping in some of the filter fields which could allow attackers … CWE-352
 Origin Validation Error
CVE-2021-24879 2024-11-21 14:53 2022-02-8 Show GitHub Exploit DB Packet Storm
200553 6.1 MEDIUM
Network
supportcandy supportcandy The SupportCandy WordPress plugin before 2.2.7 does not sanitise and escape the query string before outputting it back in pages with the [wpsc_create_ticket] shortcode embed, leading to a Reflected C… CWE-79
Cross-site Scripting
CVE-2021-24878 2024-11-21 14:53 2022-02-8 Show GitHub Exploit DB Packet Storm
200554 6.5 MEDIUM
Network
supportcandy supportcandy The SupportCandy WordPress plugin before 2.2.7 does not have CRSF check in its wpsc_tickets AJAX action, which could allow attackers to make a logged in admin call it and delete arbitrary tickets via… CWE-352
 Origin Validation Error
CVE-2021-24843 2024-11-21 14:53 2022-02-8 Show GitHub Exploit DB Packet Storm
200555 7.5 HIGH
Network
supportcandy supportcandy The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CSRF checks in its wpsc_tickets AJAX action, which could allow unauthenticated users to call it and delete arbitrary tic… CWE-862
 Missing Authorization
CVE-2021-24839 2024-11-21 14:53 2022-02-8 Show GitHub Exploit DB Packet Storm
200556 4.8 MEDIUM
Network
wpmanageninja ninja_tables The Ninja Tables WordPress plugin before 4.1.8 does not sanitise and escape some of its table fields, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfi… - CVE-2021-24900 2024-11-21 14:53 2022-02-1 Show GitHub Exploit DB Packet Storm
200557 4.3 MEDIUM
Network
bplugins document_embedder The Document Embedder WordPress plugin before 1.7.9 contains a AJAX action endpoint, which could allow any authenticated user, such as subscriber to enumerate the title of arbitrary private and draft… CWE-668
 Exposure of Resource to Wrong Sphere
CVE-2021-24868 2024-11-21 14:53 2022-02-1 Show GitHub Exploit DB Packet Storm
200558 5.3 MEDIUM
Network
bplugins document_embedder The Document Embedder WordPress plugin before 1.7.5 contains a REST endpoint, which could allow unauthenticated users to enumerate the title of arbitrary private and draft posts. CWE-668
 Exposure of Resource to Wrong Sphere
CVE-2021-24775 2024-11-21 14:53 2022-02-1 Show GitHub Exploit DB Packet Storm
200559 6.1 MEDIUM
Network
getperfectsurvey perfect_survey The Perfect Survey WordPress plugin through 1.5.2 does not validate and escape the X-Forwarded-For header value before outputting it in the statistic page when the Anonymize IP setting of a survey is… CWE-79
Cross-site Scripting
CVE-2021-24765 2024-11-21 14:53 2022-02-1 Show GitHub Exploit DB Packet Storm
200560 9.6 CRITICAL
Network
welaunch wordpress_gdpr\&ccpa The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.26, available to both unauthenticated and authenticated users, responds with JSON data without an "application… CWE-79
Cross-site Scripting
CVE-2021-24814 2024-11-21 14:53 2022-02-1 Show GitHub Exploit DB Packet Storm