Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 16, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
248011 5 警告 ELOG - ELOG の elogd の replace_inline_img 関数 におけるサービス運用妨害 (DoS) の脆弱性 CWE-DesignError
CVE-2008-0445 2012-06-26 15:55 2008-01-24 Show GitHub Exploit DB Packet Storm
248012 4.3 警告 ELOG - ELOG におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-0444 2012-06-26 15:55 2008-01-24 Show GitHub Exploit DB Packet Storm
248013 5 警告 AlstraSoft - AlstraSoft Forum Pay Per Post Exchange におけるユーザアカウントへアクセスされる脆弱性 CWE-255
証明書・パスワード管理 		CVE-2008-0440 2012-06-26 15:55 2008-01-23 Show GitHub Exploit DB Packet Storm
248014 4.3 警告 deluxebb - DeluxeBB におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-0439 2012-06-26 15:55 2008-01-23 Show GitHub Exploit DB Packet Storm
248015 9.3 危険 Gecad Technologies - AXIGEN Mail Server の AXIMilter モジュールにおけるフォーマットストリングの脆弱性 CWE-189
数値処理の問題 		CVE-2008-0434 2012-06-26 15:55 2008-01-23 Show GitHub Exploit DB Packet Storm
248016 7.5 危険 agaresmedia - Agares phpAutoVideo の theme/phpAutoVideo/LightTwoOh/sidebar.php における PHP リモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2008-0433 2012-06-26 15:55 2008-01-23 Show GitHub Exploit DB Packet Storm
248017 4.3 警告 agaresmedia - phpAutoVideo の index.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-0432 2012-06-26 15:55 2008-01-23 Show GitHub Exploit DB Packet Storm
248018 7.5 危険 360 web manager - 360 Web Manager の form.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-0430 2012-06-26 15:55 2008-01-23 Show GitHub Exploit DB Packet Storm
248019 7.5 危険 AlstraSoft - AlstraSoft Forum Pay Per Post Exchange の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-0429 2012-06-26 15:55 2008-01-23 Show GitHub Exploit DB Packet Storm
248020 7.5 危険 bloofox - bloofoxCMS の system/class_permissions.php の login 関数における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-0428 2012-06-26 15:55 2008-01-23 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 17, 2026, 4:19 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
197921 8.8 HIGH
Network 		getperfectsurvey perfect_survey The Perfect Survey WordPress plugin before 1.5.2 does not have proper authorisation nor CSRF checks in the save_global_setting AJAX action, allowing unauthenticated users to edit surveys and modify s… CWE-352
 Origin Validation Error 		CVE-2021-24763 2024-11-21 14:53 2022-02-1 Show GitHub Exploit DB Packet Storm
197922 9.8 CRITICAL
Network 		getperfectsurvey perfect_survey The Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET parameter before using it in a SQL statement in the get_question AJAX action, allowing unauthenticate… - CVE-2021-24762 2024-11-21 14:53 2022-02-1 Show GitHub Exploit DB Packet Storm
197923 6.5 MEDIUM
Network 		bestwebsoft error_log_viewer The Error Log Viewer WordPress plugin before 1.1.2 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in a… - CVE-2021-24761 2024-11-21 14:53 2022-02-1 Show GitHub Exploit DB Packet Storm
197924 4.8 MEDIUM
Network 		nd-learning_project nd-learning The Learning Courses WordPress plugin before 5.0 does not sanitise and escape the Email PDT identity token settings, which could allow high privilege users to perform cross-Site Scripting attacks eve… CWE-79
Cross-site Scripting 		CVE-2021-24707 2024-11-21 14:53 2022-02-1 Show GitHub Exploit DB Packet Storm
197925 4.8 MEDIUM
Network 		benbodhi svg_support The SVG Support WordPress plugin before 2.3.20 does not escape the "CSS Class to target" setting before outputting it in an attribute, which could allow high privilege users to perform Cross-Site Scr… CWE-79
Cross-site Scripting 		CVE-2021-24686 2024-11-21 14:53 2022-02-1 Show GitHub Exploit DB Packet Storm
197926 6.1 MEDIUM
Network 		metagauss registrationmagic The RegistrationMagic WordPress plugin before 5.0.1.9 does not sanitise and escape the rm_search_value parameter before outputting back in an attribute, leading to a Reflected Cross-Site Scripting CWE-79
Cross-site Scripting 		CVE-2021-24648 2024-11-21 14:53 2022-02-1 Show GitHub Exploit DB Packet Storm
197927 7.5 HIGH
Network 		wp-experts protect_wp_admin The Protect WP Admin WordPress plugin before 3.6.2 does not check for authorisation in the lib/pwa-deactivate.php file, which could allow unauthenticated users to disable the plugin (and therefore th… - CVE-2021-24906 2024-11-21 14:53 2022-01-24 Show GitHub Exploit DB Packet Storm
197928 7.2 HIGH
Network 		acf-extended advanced_custom_fields\ The Advanced Custom Fields: Extended WordPress plugin before 0.8.8.7 does not validate the order and orderby parameters before using them in a SQL statement, leading to a SQL Injection issue - CVE-2021-24865 2024-11-21 14:53 2022-01-24 Show GitHub Exploit DB Packet Storm
197929 7.2 HIGH
Network 		accesspressthemes wp_cookie_user_info The Cookie Notification Plugin for WordPress plugin before 1.0.9 does not sanitise or escape the id GET parameter before using it in a SQL statement, when retrieving the setting to edit in the admin … - CVE-2021-24858 2024-11-21 14:53 2022-01-24 Show GitHub Exploit DB Packet Storm
197930 4.3 MEDIUM
Network 		wp_post_page_clone_project wp_post_page_clone The WP Post Page Clone WordPress plugin before 1.2 allows users with a role as low as Contributor to clone and view other users' draft and password-protected posts which they cannot view normally. CWE-863
 Incorrect Authorization 		CVE-2021-24733 2024-11-21 14:53 2022-01-24 Show GitHub Exploit DB Packet Storm