Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 13, 2026, noon

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
248011 5 警告 blue-collar productions - Blue-Collar Productions i-Gallery の igallery.asp におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2007-5776 2012-06-26 15:54 2007-11-1 Show GitHub Exploit DB Packet Storm
248012 9.3 危険 BitDefender - BitDefender における任意のコードを実行される脆弱性 CWE-noinfo
情報不足 		CVE-2007-5775 2012-06-26 15:54 2007-11-1 Show GitHub Exploit DB Packet Storm
248013 5 警告 flatnuke3 - Flatnuke 3 の File Manager モジュールの index.php における重要な情報を取得される脆弱性 CWE-200
情報漏えい 		CVE-2007-5774 2012-06-26 15:54 2007-11-1 Show GitHub Exploit DB Packet Storm
248014 4.3 警告 flatnuke3 - Flatnuke 3 の File Manager モジュールにおけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2007-5773 2012-06-26 15:54 2007-11-1 Show GitHub Exploit DB Packet Storm
248015 6 警告 flatnuke3 - Flatnuke 3 の download モジュールにおける description.it.php ファイルへ PHP コードを挿入される脆弱性 CWE-94
コード・インジェクション 		CVE-2007-5772 2012-06-26 15:54 2007-11-1 Show GitHub Exploit DB Packet Storm
248016 7.5 危険 flatnuke3 - Flatnuke 3 における管理者のアクセス権を取得される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2007-5771 2012-06-26 15:54 2007-11-1 Show GitHub Exploit DB Packet Storm
248017 5 警告 globe7 - Globe7 ソフト電話クライアントにおける重要な情報を取得される脆弱性 CWE-310
暗号の問題 		CVE-2007-5768 2012-06-26 15:54 2007-10-31 Show GitHub Exploit DB Packet Storm
248018 9.3 危険 AOL - AOL Radio の AmpX.dll の AOL AmpX ActiveX コントロールにおけるスタックベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2007-5755 2012-06-26 15:54 2007-11-13 Show GitHub Exploit DB Packet Storm
248019 7.5 危険 agtc websolutions - PHP-AGTC Membership System の adduser.php におけるアカウントを作成される脆弱性 CWE-287
不適切な認証 		CVE-2007-5752 2012-06-26 15:54 2007-10-31 Show GitHub Exploit DB Packet Storm
248020 5 警告 ghlab - Korean GHBoard の FlashUpload コンポーネントにおけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2007-5739 2012-06-26 15:54 2007-10-30 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 13, 2026, 4:20 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
197831 5.4 MEDIUM
Network 		wedevs happy_addons_for_elementor The Happy Addons for Elementor WordPress plugin before 2.24.0, Happy Addons Pro for Elementor WordPress plugin before 1.17.0 have a number of widgets that are vulnerable to stored Cross-Site Scriptin… - CVE-2021-24292 2024-11-21 14:52 2021-05-18 Show GitHub Exploit DB Packet Storm
197832 6.1 MEDIUM
Network 		10web photo_gallery The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.69 was vulnerable to Reflected Cross-Site Scripting (XSS) issues via the gallery_id, tag, album_id and _id GET p… - CVE-2021-24291 2024-11-21 14:52 2021-05-14 Show GitHub Exploit DB Packet Storm
197833 6.1 MEDIUM
Network 		mooveagency select_all_categories_and_taxonomies\
_change_checkbox_to_radio_buttons 		The settings page of the Select All Categories and Taxonomies, Change Checkbox to Radio Buttons WordPress plugin before 1.3.2 did not properly sanitise the tab parameter before outputting it back, le… - CVE-2021-24287 2024-11-21 14:52 2021-05-14 Show GitHub Exploit DB Packet Storm
197834 6.1 MEDIUM
Network 		mooveagency redirect_404_to_parent The settings page of the Redirect 404 to parent WordPress plugin before 1.3.1 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue - CVE-2021-24286 2024-11-21 14:52 2021-05-14 Show GitHub Exploit DB Packet Storm
197835 9.8 CRITICAL
Network 		cars-seller-auto-classifieds-script_project cars-seller-auto-classifieds-script The request_list_request AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitise, validate o… - CVE-2021-24285 2024-11-21 14:52 2021-05-14 Show GitHub Exploit DB Packet Storm
197836 9.8 CRITICAL
Network 		kaswara_project kaswara The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/up… - CVE-2021-24284 2024-11-21 14:52 2021-05-14 Show GitHub Exploit DB Packet Storm
197837 5.4 MEDIUM
Network 		pickplugins accordion The tab GET parameter of the settings page is not sanitised or escaped when being output back in an HTML attribute, leading to a reflected XSS issue. - CVE-2021-24283 2024-11-21 14:52 2021-05-14 Show GitHub Exploit DB Packet Storm
197838 6.3 MEDIUM
Network 		querysol redirection_for_contact_form_7 In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the various AJAX actions in the plugin to do a variety of things. For exam… - CVE-2021-24282 2024-11-21 14:52 2021-05-14 Show GitHub Exploit DB Packet Storm
197839 4.3 MEDIUM
Network 		querysol redirection_for_contact_form_7 In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the delete_action_post AJAX action to delete any post on a target site. - CVE-2021-24281 2024-11-21 14:52 2021-05-14 Show GitHub Exploit DB Packet Storm
197840 8.8 HIGH
Network 		querysol redirection_for_contact_form_7 In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the import_from_debug AJAX action to inject PHP objects. CWE-502
 Deserialization of Untrusted Data 		CVE-2021-24280 2024-11-21 14:52 2021-05-14 Show GitHub Exploit DB Packet Storm