Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 24, 2026, 10 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
247941 9 危険 アバイア - Avaya CM の Web 管理インターフェースにおける任意のコードを実行される脆弱性 CWE-20
不適切な入力確認 		CVE-2008-5709 2012-06-26 16:03 2008-10-8 Show GitHub Exploit DB Packet Storm
247942 7.5 危険 ASP indir - Iltaweb Alisveris Sistemi の urunler.asp における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-5707 2012-06-26 16:03 2008-12-24 Show GitHub Exploit DB Packet Storm
247943 7.6 危険 gpsdrive - gpsdrive-scripts の src/unit_test.c における任意のファイルを上書きされる脆弱性 CWE-59
リンク解釈の問題 		CVE-2008-5704 2012-06-26 16:03 2008-12-22 Show GitHub Exploit DB Packet Storm
247944 6.2 警告 gpsdrive - gpsdrive-scripts における任意のファイルを上書きされる脆弱性 CWE-59
リンク解釈の問題 		CVE-2008-5703 2012-06-26 16:03 2008-12-22 Show GitHub Exploit DB Packet Storm
247945 4 警告 fdgroup - FDI OLIB7 WebView におけるファイルから重要な情報を取得される脆弱性 CWE-20
不適切な入力確認 		CVE-2008-5678 2012-06-26 16:03 2008-12-18 Show GitHub Exploit DB Packet Storm
247946 9.4 危険 darkwet - Darkwet Network webcamXP の HTTP サーバにおけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認 		CVE-2008-5674 2012-06-26 16:03 2008-12-18 Show GitHub Exploit DB Packet Storm
247947 6.8 警告 GNOME Project - Vinagre の vinagre_utils_show_error 関数 におけるフォーマットストリングの脆弱性 CWE-134
書式文字列の問題 		CVE-2008-5660 2012-06-26 16:03 2008-12-17 Show GitHub Exploit DB Packet Storm
247948 7.5 危険 AlstraSoft - AlstraSoft Web Host Directory のログインディレクトリにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-5650 2012-06-26 16:03 2008-12-17 Show GitHub Exploit DB Packet Storm
247949 10 危険 AlstraSoft - AlstraSoft Article Manager Pro の admin/admin.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-5649 2012-06-26 16:03 2008-12-17 Show GitHub Exploit DB Packet Storm
247950 7.5 危険 DeltaScripts - DeltaScripts PHP Shop の admin/login.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-5648 2012-06-26 16:03 2008-12-17 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 24, 2026, 4 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
197881 4.3 MEDIUM
Network 		designwall dw_question_\&_answer The DW Question & Answer Pro WordPress plugin through 1.3.4 does not properly check for CSRF in some of its functions, allowing attackers to make logged in users perform unwanted actions, such as upd… - CVE-2021-24805 2024-11-21 14:53 2022-04-26 Show GitHub Exploit DB Packet Storm
197882 4.3 MEDIUM
Network 		designwall dw_question_\&_answer The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments. CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2021-24800 2024-11-21 14:53 2022-04-26 Show GitHub Exploit DB Packet Storm
197883 6.1 MEDIUM
Network 		heateor sassy_social_share The Social Sharing Plugin WordPress plugin before 3.3.40 does not escape the viewed post URL before outputting it back in onclick attributes when the "Enable 'More' icon" option is enabled (which is … - CVE-2021-24746 2024-11-21 14:53 2022-03-29 Show GitHub Exploit DB Packet Storm
197884 8.0 HIGH
Network 		vsourz advanced_cf7_db The Advanced Contact form 7 DB WordPress plugin before 1.8.7 does not have authorisation nor CSRF checks in the acf7_db_edit_scr_file_delete AJAX action, and does not validate the file to be deleted,… CWE-352
 Origin Validation Error 		CVE-2021-24905 2024-11-21 14:53 2022-03-22 Show GitHub Exploit DB Packet Storm
197885 5.4 MEDIUM
Network 		viitorcloud add_subtitle The Add Subtitle WordPress plugin through 1.1.0 does not sanitise or escape the sub-title field (available only with classic editor) when output in the page, which could allow users with a role as lo… - CVE-2021-24897 2024-11-21 14:53 2022-03-15 Show GitHub Exploit DB Packet Storm
197886 4.8 MEDIUM
Network 		webbigt cybersoldier The Cybersoldier WordPress plugin before 1.7.0 does not sanitise and escape the URL settings before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scripti… CWE-79
Cross-site Scripting 		CVE-2021-24895 2024-11-21 14:53 2022-03-15 Show GitHub Exploit DB Packet Storm
197887 6.5 MEDIUM
Network 		tipsandtricks-hq simple_download_monitor The Simple Download Monitor WordPress plugin before 3.9.5 allows users with a role as low as Contributor to download any file on the web server (such as wp-config.php) via a path traversal vector. - CVE-2021-24692 2024-11-21 14:53 2022-03-15 Show GitHub Exploit DB Packet Storm
197888 5.4 MEDIUM
Network 		custom_content_shortcode_project custom_content_shortcode The Custom Content Shortcode WordPress plugin before 4.0.2 does not escape custom fields before outputting them, which could allow Contributor+ (v < 4.0.1) or Admin+ (v < 4.0.2) users to perform Cros… CWE-79
Cross-site Scripting 		CVE-2021-24826 2024-11-21 14:53 2022-03-7 Show GitHub Exploit DB Packet Storm
197889 4.3 MEDIUM
Network 		custom_content_shortcode_project custom_content_shortcode The Custom Content Shortcode WordPress plugin before 4.0.2 does not validate the data passed to its load shortcode, which could allow Contributor+ (v < 4.0.1) or Admin+ (v < 4.0.2) users to display a… - CVE-2021-24825 2024-11-21 14:53 2022-03-7 Show GitHub Exploit DB Packet Storm
197890 4.3 MEDIUM
Network 		custom_content_shortcode_project custom_content_shortcode The [field] shortcode included with the Custom Content Shortcode WordPress plugin before 4.0.1, allows authenticated users with a role as low as contributor, to access arbitrary post metadata. This c… CWE-863
 Incorrect Authorization 		CVE-2021-24824 2024-11-21 14:53 2022-03-7 Show GitHub Exploit DB Packet Storm