Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 6, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
253231	5	警告	Parallels	-	Parallels Plesk Panel の billing system におけるスプーフィング攻撃の脆弱性	CWE-310 暗号の問題	CVE-2011-4746	2011-12-20 11:23	2011-12-16	Show	GitHub Exploit DB Packet Storm

253232	4.3	警告	Parallels	-	Parallels Plesk Panel の billing system におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-4745	2011-12-20 11:17	2011-12-16	Show	GitHub Exploit DB Packet Storm

253233	10	危険	Parallels	-	Parallels Plesk Panel の Control Panel における詳細不明な脆弱性	CWE-DesignError	CVE-2011-4744	2011-12-20 11:16	2011-12-16	Show	GitHub Exploit DB Packet Storm

253234	10	危険	Parallels	-	Parallels Plesk Panel の Control Panel における詳細不明な脆弱性	CWE-DesignError	CVE-2011-4743	2011-12-20 11:16	2011-12-16	Show	GitHub Exploit DB Packet Storm

253235	5	警告	Parallels	-	Parallels Plesk Panel の Control Panel における重要な情報を取得される脆弱性	CWE-200 情報漏えい	CVE-2011-4742	2011-12-20 11:15	2011-12-16	Show	GitHub Exploit DB Packet Storm

253236	5	警告	Parallels	-	Parallels Plesk Panel の Control Panel における重要な情報を取得される脆弱性	CWE-200 情報漏えい	CVE-2011-4741	2011-12-20 11:09	2011-12-16	Show	GitHub Exploit DB Packet Storm

253237	4.3	警告	Parallels	-	Parallels Plesk Panel の Control Panel における重要な情報を取得される脆弱性	CWE-200 情報漏えい	CVE-2011-4740	2011-12-20 10:57	2011-12-16	Show	GitHub Exploit DB Packet Storm

253238	10	危険	Parallels	-	Parallels Plesk Panel の Control Panel における認証を回避される脆弱性	CWE-255 証明書・パスワード管理	CVE-2011-4739	2011-12-20 10:56	2011-12-16	Show	GitHub Exploit DB Packet Storm

253239	5	警告	Parallels	-	Parallels Plesk Panel の Control Panel における重要な情報を取得される脆弱性	CWE-200 情報漏えい	CVE-2011-4738	2011-12-20 10:55	2011-12-16	Show	GitHub Exploit DB Packet Storm

253240	5	警告	Parallels	-	Parallels Plesk Panel の Control Panel における重要な情報を取得される脆弱性	CWE-200 情報漏えい	CVE-2011-4737	2011-12-20 10:30	2011-12-16	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 6, 2026, 4:18 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
194961	7.5	HIGH Network	tipsacarrier_project	tipsacarrier	The Tipsacarrier WordPress plugin before 1.5.0.5 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to re…	-	CVE-2021-25002	2024-11-21 14:54	2022-05-3	Show	GitHub Exploit DB Packet Storm

194962	3.9	LOW Physics	sophos	intercept_x authenticator	An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and…	CWE-922 Insecure Storage of Sensitive Information	CVE-2021-25266	2024-11-21 14:54	2022-04-28	Show	GitHub Exploit DB Packet Storm

194963	6.1	MEDIUM Network	english_wordpress_admin_project	english_wordpress_admin	The English WordPress Admin WordPress plugin before 1.5.2 does not validate the admin_custom_language_return_url before redirecting users o it, leading to an open redirect issue	-	CVE-2021-25111	2024-11-21 14:54	2022-04-26	Show	GitHub Exploit DB Packet Storm

194964	8.1	HIGH Network	brandexponents	tatsu	The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By ad…	-	CVE-2021-25094	2024-11-21 14:54	2022-04-26	Show	GitHub Exploit DB Packet Storm

194965	8.8	HIGH Network	advanced_page_visit_counter_project	advanced_page_visit_counter	The Advanced Page Visit Counter WordPress plugin before 6.1.6 does not escape the artID parameter before using it in a SQL statement in the apvc_reset_count_art AJAX action, available to any authenti…	-	CVE-2021-24957	2024-11-21 14:54	2022-04-26	Show	GitHub Exploit DB Packet Storm

194966	6.1	MEDIUM Network	easysocialfeed	easy_social_feed	The Easy Social Feed Free and Pro WordPress plugins before 6.2.7 do not sanitise some of their parameters used via AJAX actions before outputting them back in the response, leading to Reflected Cross…	-	CVE-2021-25120	2024-11-21 14:54	2022-04-19	Show	GitHub Exploit DB Packet Storm

194967	5.4	MEDIUM Network	wpsofts	portfolio_gallery\ _product_catalog_-_grid_kit_portfolio	The Portfolio Gallery, Product Catalog WordPress plugin before 2.1.0 does not have authorisation and CSRF checks in various functions related to AJAX actions, allowing any authenticated users, such a…	-	CVE-2021-25090	2024-11-21 14:54	2022-04-12	Show	GitHub Exploit DB Packet Storm

194968	6.1	MEDIUM Network	heateor	super_socializer	The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.30 does not sanitise and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both…	CWE-79 Cross-site Scripting	CVE-2021-24987	2024-11-21 14:54	2022-04-12	Show	GitHub Exploit DB Packet Storm

194969	6.1	MEDIUM Network	pickplugins	post_grid	The Post Grid WordPress plugin before 2.1.16 does not escape the keyword parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in pages containing a Post Gr…	-	CVE-2021-24986	2024-11-21 14:54	2022-04-12	Show	GitHub Exploit DB Packet Storm

194970	5.4	MEDIUM Network	dropdown_menu_widget_project	dropdown_menu_widget	The Dropdown Menu Widget WordPress plugin through 1.9.7 does not have authorisation and CSRF checks when saving its settings, allowing low privilege users such as subscriber to update them. Due to th…	-	CVE-2021-25113	2024-11-21 14:54	2022-04-5	Show	GitHub Exploit DB Packet Storm