Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 27, 2026, 2 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
232301	9.3	危険	sorinara	-	Sorinara Streaming Audio Player におけるスタックベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2009-1644	2012-12-20 19:10	2009-05-15	Show	GitHub Exploit DB Packet Storm

232302	9.3	危険	sorinara	-	Sorinara Soritong MP3 Player におけるスタックベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2009-1643	2012-12-20 19:10	2009-05-15	Show	GitHub Exploit DB Packet Storm

232303	7.5	危険	t-dreams	-	Techno Dreams Job Career Package における認証を回避される脆弱性	CWE-287 不適切な認証	CVE-2009-1638	2012-12-20 19:10	2009-05-15	Show	GitHub Exploit DB Packet Storm

232304	6.4	警告	simplecustomer	-	Simple Customer の profile.php における admin 電子メールアドレスなどを変更される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2009-1637	2012-12-20 19:10	2009-05-15	Show	GitHub Exploit DB Packet Storm

232305	10	危険	Unisys	-	Windows 上で稼動している Unisys BIS におけるスタックベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2009-1628	2012-12-20 19:10	2009-06-26	Show	GitHub Exploit DB Packet Storm

232306	9.3	危険	sdp multimedia	-	SDP Downloader におけるスタックベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2009-1627	2012-12-20 19:10	2009-05-12	Show	GitHub Exploit DB Packet Storm

232307	7.5	危険	will kraft	-	EZ-Blog の public/specific.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2009-1626	2012-12-20 19:10	2009-05-12	Show	GitHub Exploit DB Packet Storm

232308	7.5	危険	teraway	-	Teraway FileStream における認証を回避される脆弱性	CWE-287 不適切な認証	CVE-2009-1619	2012-12-20 19:10	2009-05-12	Show	GitHub Exploit DB Packet Storm

232309	7.5	危険	teraway	-	Teraway LiveHelp における認証を回避される脆弱性	CWE-287 不適切な認証	CVE-2009-1618	2012-12-20 19:10	2009-05-12	Show	GitHub Exploit DB Packet Storm

232310	7.5	危険	teraway	-	Teraway LinkTracker における認証を回避される脆弱性	CWE-287 不適切な認証	CVE-2009-1617	2012-12-20 19:10	2009-05-12	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 27, 2026, 4:35 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
200391	4.8	MEDIUM Network	drawblog_project	drawblog	The DrawBlog WordPress plugin through 0.90 does not sanitise or validate some of its settings before outputting them back in the page, leading to an authenticated stored Cross-Site Scripting issue	-	CVE-2021-24479	2024-11-21 14:53	2021-08-2	Show	GitHub Exploit DB Packet Storm

200392	5.4	MEDIUM Network	bookshelf_project	bookshelf	The Bookshelf WordPress plugin through 2.0.4 does not sanitise or escape its "Paypal email address" setting before outputting it in the page, leading to an authenticated Stored Cross-Site Scripting i…	CWE-79 Cross-site Scripting	CVE-2021-24478	2024-11-21 14:53	2021-08-2	Show	GitHub Exploit DB Packet Storm

200393	6.1	MEDIUM Network	migrate_users_project	migrate_users	The Migrate Users WordPress plugin through 1.0.1 does not sanitise or escape its Delimiter option before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin …	-	CVE-2021-24477	2024-11-21 14:53	2021-08-2	Show	GitHub Exploit DB Packet Storm

200394	5.4	MEDIUM Network	steam_group_viewer_project	steam_group_viewer	The Steam Group Viewer WordPress plugin through 2.1 does not sanitise or escape its "Steam Group Address" settings before outputting it in the page, leading to an authenticated Stored Cross-Site Scri…	-	CVE-2021-24476	2024-11-21 14:53	2021-08-2	Show	GitHub Exploit DB Packet Storm

200395	6.1	MEDIUM Network	awesome_weather_widget_project	awesome_weather_widget	The Awesome Weather Widget WordPress plugin through 3.0.2 does not sanitize the id parameter of its awesome_weather_refresh AJAX action, leading to an unauthenticated Reflected Cross-Site Scripting (…	CWE-79 Cross-site Scripting	CVE-2021-24474	2024-11-21 14:53	2021-08-2	Show	GitHub Exploit DB Packet Storm

200396	5.4	MEDIUM Network	cozmoslabs	user_profile_picture	The User Profile Picture WordPress plugin before 2.6.0 was affected by an IDOR issue, allowing users with the upload_image capability (by default author and above) to change and delete the profile pi…	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2021-24473	2024-11-21 14:53	2021-08-2	Show	GitHub Exploit DB Packet Storm

200397	9.8	CRITICAL Network	qantumthemes	kentharadio onair2	The OnAir2 WordPress theme before 3.9.9.2 and QT KenthaRadio WordPress plugin before 2.0.2 have exposed proxy functionality to unauthenticated users, sending requests to this proxy functionality will…	-	CVE-2021-24472	2024-11-21 14:53	2021-08-2	Show	GitHub Exploit DB Packet Storm

200398	5.4	MEDIUM Network	yada_wiki_project	yada_wiki	The Yada Wiki WordPress plugin before 3.4.1 did not sanitise, validate or escape the anchor attribute of its shortcode, leading to a Stored Cross-Site Scripting issue	CWE-79 Cross-site Scripting	CVE-2021-24470	2024-11-21 14:53	2021-08-2	Show	GitHub Exploit DB Packet Storm

200399	5.4	MEDIUM Network	bozdoz	leaflet_map	The Leaflet Map WordPress plugin before 3.0.0 does not escape some shortcode attributes before they are used in JavaScript code or HTML, which could allow users with a role as low as Contributors to …	CWE-79 Cross-site Scripting	CVE-2021-24468	2024-11-21 14:53	2021-08-2	Show	GitHub Exploit DB Packet Storm

200400	5.4	MEDIUM Network	wpdevart	youtube_embed\ _playlist_and_popup	The YouTube Embed, Playlist and Popup by WpDevArt WordPress plugin before 2.3.9 did not escape, validate or sanitise some of its shortcode options, available to users with a role as low as Contributo…	-	CVE-2021-24464	2024-11-21 14:53	2021-08-2	Show	GitHub Exploit DB Packet Storm