Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 26, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
248081 4.3 警告 galatolo - Galatolo WebManager の all.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-6248 2012-06-26 16:10 2009-02-23 Show GitHub Exploit DB Packet Storm
248082 6.8 警告 china-on-site - FlexPHPSite の admin/usercheck.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-6241 2012-06-26 16:10 2009-02-23 Show GitHub Exploit DB Packet Storm
248083 7.5 危険 Cafuego - SDMS の login.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-6236 2012-06-26 16:10 2009-02-21 Show GitHub Exploit DB Packet Storm
248084 7.5 危険 fivedollarscripts - Five Dollar Scripts Drinks スクリプトの index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-6233 2012-06-26 16:10 2009-02-20 Show GitHub Exploit DB Packet Storm
248085 7.5 危険 dadamailproject
Joomla!		 - Joomla! 用の Dada Mail Manager コンポーネントの config.dadamail.php における PHP リモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2008-6221 2012-06-26 16:10 2009-02-20 Show GitHub Exploit DB Packet Storm
248086 4.3 警告 extrakt - Extrakt Framework の index.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-6217 2012-06-26 16:10 2009-02-20 Show GitHub Exploit DB Packet Storm
248087 7.5 危険 bookingcentre - Venalsur Booking Centre Booking System の cadena_ofertas_ext.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-6216 2012-06-26 16:10 2009-02-20 Show GitHub Exploit DB Packet Storm
248088 4.3 警告 bookingcentre - Venalsur Booking Centre Booking System の cadena_ofertas_ext.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-6215 2012-06-26 16:10 2009-02-20 Show GitHub Exploit DB Packet Storm
248089 7.5 危険 dream4 - dream4 Koobi の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2008-6210 2012-06-26 16:10 2009-02-19 Show GitHub Exploit DB Packet Storm
248090 4 警告 2532gigs - 2532designs 2532|Gigs における重要な情報を取得される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2008-6199 2012-06-26 16:10 2009-02-19 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 27, 2026, 4:35 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
200511 4.3 MEDIUM
Network 		mozilla thunderbird Thunderbird did not check if the user ID associated with an OpenPGP key has a valid self signature. An attacker may create a crafted version of an OpenPGP key, by either replacing the original user I… CWE-347
 Improper Verification of Cryptographic Signature 		CVE-2021-23992 2024-11-21 14:52 2021-06-24 Show GitHub Exploit DB Packet Storm
200512 6.8 MEDIUM
Network 		mozilla thunderbird If a Thunderbird user has previously imported Alice's OpenPGP key, and Alice has extended the validity period of her key, but Alice's updated key has not yet been imported, an attacker may send an em… NVD-CWE-Other
CVE-2021-23991 2024-11-21 14:52 2021-06-24 Show GitHub Exploit DB Packet Storm
200513 5.4 MEDIUM
Network 		codecabin wp_go_maps The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, validate of escape the Map Name when output in the Map List of the admin dashboard, leading to an authenticated Stored Cross-Site S… CWE-79
Cross-site Scripting 		CVE-2021-24383 2024-11-21 14:52 2021-06-22 Show GitHub Exploit DB Packet Storm
200514 5.3 MEDIUM
Network 		wphappycoders comments_like_dislike The Comments Like Dislike WordPress plugin before 1.1.4 allows users to like/dislike posted comments, however does not prevent them from replaying the AJAX request to add a like. This allows any user… - CVE-2021-24379 2024-11-21 14:52 2021-06-22 Show GitHub Exploit DB Packet Storm
200515 4.8 MEDIUM
Network 		autoptimize autoptimize The Autoptimize WordPress plugin before 2.7.8 does not check for malicious files such as .html in the archive uploaded via the 'Import Settings' feature. As a result, it is possible for a high privil… - CVE-2021-24378 2024-11-21 14:52 2021-06-22 Show GitHub Exploit DB Packet Storm
200516 8.1 HIGH
Network 		autoptimize autoptimize The Autoptimize WordPress plugin before 2.7.8 attempts to remove potential malicious files from the extracted archive uploaded via the 'Import Settings' feature, however this is not sufficient to pro… - CVE-2021-24377 2024-11-21 14:52 2021-06-22 Show GitHub Exploit DB Packet Storm
200517 9.8 CRITICAL
Network 		autoptimize autoptimize The Autoptimize WordPress plugin before 2.7.8 attempts to delete malicious files (such as .php) form the uploaded archive via the "Import Settings" feature, after its extraction. However, the extract… - CVE-2021-24376 2024-11-21 14:52 2021-06-22 Show GitHub Exploit DB Packet Storm
200518 5.3 MEDIUM
Network 		automattic jetpack The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. A security vulnerability was f… - CVE-2021-24374 2024-11-21 14:52 2021-06-22 Show GitHub Exploit DB Packet Storm
200519 6.1 MEDIUM
Network 		getastra wp_hardening The WP Hardening – Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the historyvalue GET parameter before outputting it in a Javascript block, leading to a reflect… - CVE-2021-24373 2024-11-21 14:52 2021-06-22 Show GitHub Exploit DB Packet Storm
200520 6.1 MEDIUM
Network 		getastra wp_hardening The WP Hardening – Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the $_SERVER['REQUEST_URI'] before outputting it in an attribute, leading to a reflected Cross-… CWE-79
Cross-site Scripting 		CVE-2021-24372 2024-11-21 14:52 2021-06-22 Show GitHub Exploit DB Packet Storm