Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 20, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
233541 10 危険 php-stats - Php-Stats の php-stats.recjs.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2007-5452 2012-12-20 18:33 2007-10-14 Show GitHub Exploit DB Packet Storm
233542 7.5 危険 softbiz - Softbiz Recipes Portal Script の searchresult.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2007-5449 2012-12-20 18:33 2007-10-14 Show GitHub Exploit DB Packet Storm
233543 1.9 注意 VMware - VMware Workstation などの Reconfig.DLL における vmount2.exe がサービス運用妨害 (DoS) 状態となる脆弱性 CWE-20
不適切な入力確認 		CVE-2007-5438 2012-12-20 18:33 2007-10-12 Show GitHub Exploit DB Packet Storm
233544 4.3 警告 pro.setun - PRO-search におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2007-5434 2012-12-20 18:33 2007-10-12 Show GitHub Exploit DB Packet Storm
233545 4.3 警告 siteup - Site-Up の index.cgi におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2007-5433 2012-12-20 18:33 2007-10-12 Show GitHub Exploit DB Packet Storm
233546 7.5 危険 scottmanktelow - Stride における管理者権限を取得される脆脆弱性 CWE-200
情報漏えい 		CVE-2007-5432 2012-12-20 18:33 2007-10-12 Show GitHub Exploit DB Packet Storm
233547 7.5 危険 scottmanktelow - Stride における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2007-5430 2012-12-20 18:33 2007-10-12 Show GitHub Exploit DB Packet Storm
233548 4.3 警告 Umisoft - UMI CMS におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2007-5428 2012-12-20 18:33 2007-10-12 Show GitHub Exploit DB Packet Storm
233549 7.5 危険 Tiki Software Community Association - TikiWiki の tiki-graph_formula.php における任意のコードを実行される脆弱性 CWE-94
コード・インジェクション 		CVE-2007-5423 2012-12-20 18:33 2007-10-12 Show GitHub Exploit DB Packet Storm
233550 6.8 警告 quoc-huy - Joomla! 用の Quoc-Huy mp3_allopass コンポーネントにおける PHP リモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2007-5412 2012-12-20 18:33 2007-10-12 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 20, 2026, 4:01 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
314871 6.1 MEDIUM
Network 		- - The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & rem… CWE-79
Cross-site Scripting 		CVE-2024-10876 2024-11-12 22:56 2024-11-9 Show GitHub Exploit DB Packet Storm
314872 4.3 MEDIUM
Network 		- - The Attesa Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.2 via the 'attesa-template' shortcode due to insufficient restrictions on which p… CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2024-10688 2024-11-12 22:56 2024-11-9 Show GitHub Exploit DB Packet Storm
314873 6.1 MEDIUM
Network 		- - The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the… CWE-79
Cross-site Scripting 		CVE-2024-10683 2024-11-12 22:56 2024-11-9 Show GitHub Exploit DB Packet Storm
314874 9.8 CRITICAL
Network 		- - The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation and permissions checks… CWE-22
Path Traversal 		CVE-2024-10470 2024-11-12 22:56 2024-11-9 Show GitHub Exploit DB Packet Storm
314875 5.3 MEDIUM
Network 		- - The Quform - WordPress Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.20.0 via the 'saveUploadedFile' function. This makes i… CWE-200
Information Exposure 		CVE-2024-8756 2024-11-12 22:56 2024-11-9 Show GitHub Exploit DB Packet Storm
314876 6.4 MEDIUM
Network 		- - The Code Embed plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5 via the ce_get_file() function. This makes it possible for authenticated att… CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2024-10814 2024-11-12 22:56 2024-11-9 Show GitHub Exploit DB Packet Storm
314877 4.3 MEDIUM
Network 		- - The Envo Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.3 via the 'elementor-template' shortcode due to insufficient restrictions on which … CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2024-10770 2024-11-12 22:56 2024-11-9 Show GitHub Exploit DB Packet Storm
314878 4.3 MEDIUM
Network 		- - The Countdown Timer block – Display the event's date into a timer. plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.4 via the [ctb] shortcode … CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2024-10669 2024-11-12 22:56 2024-11-9 Show GitHub Exploit DB Packet Storm
314879 - - - The Content Slider Block plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.1.5 via the [csb] shortcode due to insufficient restrictions on which posts… - CVE-2024-10667 2024-11-12 22:56 2024-11-9 Show GitHub Exploit DB Packet Storm
314880 6.1 MEDIUM
Network 		- - The Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate esca… CWE-79
Cross-site Scripting 		CVE-2024-9226 2024-11-12 22:56 2024-11-9 Show GitHub Exploit DB Packet Storm