Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":July 1, 2026, 6 p.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show
Exploit
PoC
Search
248901 7.5 危険 codeavalanche - CodeAvalanche RateMySite における管理者パスワードを含むデータベースファイルをダウンロードされる脆弱性 CWE-264
認可・権限・アクセス制御
CVE-2008-5896 2012-06-26 16:10 2009-01-12 Show GitHub Exploit DB Packet Storm
248902 7.5 危険 gobbl - Gobbl CMS の admin/auth.php における管理アクセス権を取得される脆弱性 CWE-287
不適切な認証
CVE-2008-5880 2012-06-26 16:10 2009-01-8 Show GitHub Exploit DB Packet Storm
248903 4.3 警告 FastStone Soft - FastStone Image Viewer におけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認
CVE-2008-5870 2012-06-26 16:10 2009-01-8 Show GitHub Exploit DB Packet Storm
248904 5 警告 freelyrics - FreeLyrics の source.php におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル
CVE-2008-5861 2012-06-26 16:10 2009-01-6 Show GitHub Exploit DB Packet Storm
248905 5.1 警告 constructr - Constructr CMS の backend/template.php におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル
CVE-2008-5860 2012-06-26 16:10 2009-01-6 Show GitHub Exploit DB Packet Storm
248906 5.1 警告 constructr - Constructr CMS の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2008-5859 2012-06-26 16:10 2009-01-6 Show GitHub Exploit DB Packet Storm
248907 5 警告 class - ClaSS の scripts/export.php におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル
CVE-2008-5856 2012-06-26 16:10 2009-01-6 Show GitHub Exploit DB Packet Storm
248908 5 警告 chicomas - Chilek Content Management System におけるデータベースのバックアップを読み取られる脆弱性 CWE-264
認可・権限・アクセス制御
CVE-2008-5853 2012-06-26 16:10 2009-01-6 Show GitHub Exploit DB Packet Storm
248909 5 警告 emefa - Emefa Guestbook におけるデータベースファイルをダウンロードされる脆弱性 CWE-264
認可・権限・アクセス制御
CVE-2008-5852 2012-06-26 16:10 2009-01-6 Show GitHub Exploit DB Packet Storm
248910 10 危険 アドバンテック株式会社 - Advantech ADAM-6000 モジュールにおける HTTP セッションを取得される脆弱性 CWE-255
証明書・パスワード管理
CVE-2008-5848 2012-06-26 16:10 2009-01-6 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:July 1, 2026, 4:27 a.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
200681 6.1 MEDIUM
Network
androidbubbles wp_header_images The WP Header Images WordPress plugin before 2.0.1 does not sanitise and escape the t parameter before outputting it back in the plugin's settings page, leading to a Reflected Cross-Site Scripting is… CWE-79
Cross-site Scripting
CVE-2021-24798 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm
200682 7.2 HIGH
Network
draftpress header_footer_code_manager The Header Footer Code Manager WordPress plugin before 1.1.14 does not validate and escape the "orderby" and "order" request parameters before using them in a SQL statement when viewing the Snippets … CWE-89
SQL Injection
CVE-2021-24791 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm
200683 6.5 MEDIUM
Network
batch_cat_project batch_cat The Batch Cat WordPress plugin through 0.3 defines 3 custom AJAX actions, which both require authentication but are available for all roles. As a result, any authenticated user (including simple subs… NVD-CWE-Other
CVE-2021-24788 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm
200684 6.5 MEDIUM
Network
publishpress post_expirator The Post Expirator WordPress plugin before 2.6.0 does not have proper capability checks in place, which could allow users with a role as low as Contributor to schedule deletion of arbitrary posts. CWE-863
 Incorrect Authorization
CVE-2021-24783 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm
200685 6.5 MEDIUM
Network
fullworks redirect_404_error_page_to_homepage_or_custom_page_with_logs The Redirect 404 Error Page to Homepage or Custom Page with Logs WordPress plugin before 1.7.9 does not check for CSRF when deleting logs, which could allow attacker to make a logged in admin delete … - CVE-2021-24767 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm
200686 6.5 MEDIUM
Network
404_to_301_project 404_to_301 The 404 to 301 – Redirect, Log and Notify 404 Errors WordPress plugin before 3.0.9 does not have CSRF check in place when cleaning the logs, which could allow attacker to make a logged in admin delet… - CVE-2021-24766 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm
200687 8.8 HIGH
Network
wclovers frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible WordPress plugin before 6.5.12, when used in combination with another WCFM - WooCommerce Multivendor p… CWE-89
SQL Injection
CVE-2021-24835 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm
200688 9.8 CRITICAL
Network
genetechsolutions pie_register The Registration Forms – User profile, Content Restriction, Spam Protection, Payment Gateways, Invitation Codes WordPress plugin before 3.7.1.6 does not properly escape user data before using it in a… - CVE-2021-24731 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm
200689 6.5 MEDIUM
Network
loco_translate_project loco_translate The Loco Translate WordPress plugin before 2.5.4 mishandles data inputs which get saved to a file, which can be renamed to an extension ending in .php, resulting in authenticated "translator" users b… - CVE-2021-24721 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm
200690 4.8 MEDIUM
Network
print-o-matic_project print-o-matic The Print-O-Matic WordPress plugin before 2.0.3 does not escape some of its settings before outputting them in attribute, which could allow high privilege users to perform Cross-Site Scripting attack… - CVE-2021-24710 2024-11-21 14:53 2021-11-9 Show GitHub Exploit DB Packet Storm