Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 10, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
249321 7.5 危険 CA Technologies - 複数の CA 製品の BrightStor Backup Discovery Service におけるバッファオーバーフローの脆弱性 - CVE-2006-6379 2012-06-26 15:38 2006-12-8 Show GitHub Exploit DB Packet Storm
249322 7.5 危険 awrate - awrate の login.php.inc における PHP リモートファイルインクルージョンの脆弱性 - CVE-2006-6368 2012-06-26 15:38 2006-12-7 Show GitHub Exploit DB Packet Storm
249323 7.5 危険 duware - DUware DUdownload の detail.asp における SQL インジェクションの脆弱性 - CVE-2006-6367 2012-06-26 15:38 2006-12-7 Show GitHub Exploit DB Packet Storm
249324 6.8 警告 Cerberus, LLC - Cerberus Helpdesk の includes/elements/spellcheck/spellwin.php におけるクロスサイトスクリプティングの脆弱性 - CVE-2006-6366 2012-06-26 15:38 2006-12-7 Show GitHub Exploit DB Packet Storm
249325 7.5 危険 duware - DUware DUpaypal の detail.asp における SQL インジェクションの脆弱性 - CVE-2006-6365 2012-06-26 15:38 2006-12-7 Show GitHub Exploit DB Packet Storm
249326 6.8 警告 bluesocket - BlueSocket Secure Controller (BSC) の admin.pl におけるクロスサイトスクリプティングの脆弱性 - CVE-2006-6363 2012-06-26 15:38 2006-12-7 Show GitHub Exploit DB Packet Storm
249327 10 危険 bitflux - Bitflux Upload Progress Meter の uploadprogress_php_rfc1867_file 関数におけるヒープベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2006-6361 2012-06-26 15:38 2006-12-7 Show GitHub Exploit DB Packet Storm
249328 10 危険 duware - DuWare DuClassmate の default.asp における SQL インジェクションの脆弱性 - CVE-2006-6355 2012-06-26 15:38 2006-12-6 Show GitHub Exploit DB Packet Storm
249329 7.5 危険 duware - DuWare DuNews の detail.asp における SQL インジェクションの脆弱性 - CVE-2006-6354 2012-06-26 15:38 2006-12-6 Show GitHub Exploit DB Packet Storm
249330 5 警告 アップル - Mac OS X の BOMArchiveHelper におけるサービス運用妨害 (DoS) の脆弱性 - CVE-2006-6353 2012-06-26 15:38 2006-12-6 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 10, 2026, 5 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
197041 6.1 MEDIUM
Network 		10web photo_gallery The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.69 was vulnerable to Reflected Cross-Site Scripting (XSS) issues via the gallery_id, tag, album_id and _id GET p… - CVE-2021-24291 2024-11-21 14:52 2021-05-14 Show GitHub Exploit DB Packet Storm
197042 6.1 MEDIUM
Network 		mooveagency select_all_categories_and_taxonomies\
_change_checkbox_to_radio_buttons 		The settings page of the Select All Categories and Taxonomies, Change Checkbox to Radio Buttons WordPress plugin before 1.3.2 did not properly sanitise the tab parameter before outputting it back, le… - CVE-2021-24287 2024-11-21 14:52 2021-05-14 Show GitHub Exploit DB Packet Storm
197043 6.1 MEDIUM
Network 		mooveagency redirect_404_to_parent The settings page of the Redirect 404 to parent WordPress plugin before 1.3.1 did not properly sanitise the tab parameter before outputting it back, leading to a reflected Cross-Site Scripting issue - CVE-2021-24286 2024-11-21 14:52 2021-05-14 Show GitHub Exploit DB Packet Storm
197044 9.8 CRITICAL
Network 		cars-seller-auto-classifieds-script_project cars-seller-auto-classifieds-script The request_list_request AJAX call of the Car Seller - Auto Classifieds Script WordPress plugin through 2.1.0, available to both authenticated and unauthenticated users, does not sanitise, validate o… - CVE-2021-24285 2024-11-21 14:52 2021-05-14 Show GitHub Exploit DB Packet Storm
197045 9.8 CRITICAL
Network 		kaswara_project kaswara The Kaswara Modern VC Addons WordPress plugin through 3.0.1 allows unauthenticated arbitrary file upload via the 'uploadFontIcon' AJAX action. The supplied zipfile being unzipped in the wp-content/up… - CVE-2021-24284 2024-11-21 14:52 2021-05-14 Show GitHub Exploit DB Packet Storm
197046 5.4 MEDIUM
Network 		pickplugins accordion The tab GET parameter of the settings page is not sanitised or escaped when being output back in an HTML attribute, leading to a reflected XSS issue. - CVE-2021-24283 2024-11-21 14:52 2021-05-14 Show GitHub Exploit DB Packet Storm
197047 6.3 MEDIUM
Network 		querysol redirection_for_contact_form_7 In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the various AJAX actions in the plugin to do a variety of things. For exam… - CVE-2021-24282 2024-11-21 14:52 2021-05-14 Show GitHub Exploit DB Packet Storm
197048 4.3 MEDIUM
Network 		querysol redirection_for_contact_form_7 In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the delete_action_post AJAX action to delete any post on a target site. - CVE-2021-24281 2024-11-21 14:52 2021-05-14 Show GitHub Exploit DB Packet Storm
197049 8.8 HIGH
Network 		querysol redirection_for_contact_form_7 In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, any authenticated user, such as a subscriber, could use the import_from_debug AJAX action to inject PHP objects. CWE-502
 Deserialization of Untrusted Data 		CVE-2021-24280 2024-11-21 14:52 2021-05-14 Show GitHub Exploit DB Packet Storm
197050 6.5 MEDIUM
Network 		querysol redirection_for_contact_form_7 In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, low level users, such as subscribers, could use the import_from_debug AJAX action to install any plugin from the WordPress reposit… - CVE-2021-24279 2024-11-21 14:52 2021-05-14 Show GitHub Exploit DB Packet Storm