Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 4, 2026, 4 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
253301	7.5	危険	Automattic Inc.	-	WordPress 用 Jetpack プラグインにおける SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2011-4673	2011-12-6 16:26	2011-12-2	Show	GitHub Exploit DB Packet Storm

253302	7.5	危険	Valid	-	Valid tiny-erp における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2011-4672	2011-12-6 16:25	2011-12-2	Show	GitHub Exploit DB Packet Storm

253303	7.5	危険	AdRotate Plugin	-	WordPress 用 AdRotate プラグインにおける SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2011-4671	2011-12-6 16:24	2011-12-2	Show	GitHub Exploit DB Packet Storm

253304	10	危険	Iron Mountain	-	Iron Mountain Connected Backup の Agent service における任意のコードを実行される脆弱性	CWE-20 不適切な入力確認	CVE-2011-2397	2011-12-6 16:22	2011-12-5	Show	GitHub Exploit DB Packet Storm

253305	6.4	警告	Widelands	-	Widelands の io/filesystem/filesystem.cc におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2011-1932	2011-12-6 16:22	2011-12-5	Show	GitHub Exploit DB Packet Storm

253306	4.3	警告	Etomite Project	-	Etomite におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-4264	2011-12-6 12:01	2011-12-6	Show	GitHub Exploit DB Packet Storm

253307	7.5	危険	jonkemp	-	WordPress 用 WordPress Users プラグインの wp-users.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2011-4669	2011-12-5 16:08	2011-12-2	Show	GitHub Exploit DB Packet Storm

253308	7.5	危険	IBM	-	IBM Tivoli Netcool/Reporter における任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2011-4668	2011-12-5 16:07	2011-12-2	Show	GitHub Exploit DB Packet Storm

253309	5	警告	Schneider Electric	-	Schneider Electric の複数の製品におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2011-4036	2011-12-5 16:06	2011-10-24	Show	GitHub Exploit DB Packet Storm

253310	4.3	警告	Schneider Electric	-	Schneider Electric の複数の製品におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-4035	2011-12-5 16:05	2011-10-24	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 5, 2026, 4:11 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
195001	4.8	MEDIUM Network	helpful_project	helpful	The Helpful WordPress plugin before 4.4.59 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_h…	-	CVE-2021-24841	2024-11-21 14:53	2021-11-17	Show	GitHub Exploit DB Packet Storm

195002	5.4	MEDIUM Network	yop-poll	yop_poll	The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cross-Site Scripting vulnerability which exists in the Create Poll - Options module where a user with a role as low as author is all…	-	CVE-2021-24834	2024-11-21 14:53	2021-11-17	Show	GitHub Exploit DB Packet Storm

195003	5.4	MEDIUM Network	yop-poll	yop_poll	The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cross-Site Scripting vulnerability, which exists in the Admin preview module where a user with a role as low as author is allowed to…	-	CVE-2021-24833	2024-11-21 14:53	2021-11-17	Show	GitHub Exploit DB Packet Storm

195004	4.8	MEDIUM Network	wpplugin	accept_donations_with_paypal	The Accept Donations with PayPal WordPress plugin before 1.3.2 does not escape the Amount Menu Name field of created Buttons, which could allow a high privilege users to perform Cross-Site Scripting …	-	CVE-2021-24815	2024-11-21 14:53	2021-11-17	Show	GitHub Exploit DB Packet Storm

195005	8.8	HIGH Network	simple_jwt_login_project	simple_jwt_login	The Simple JWT Login WordPress plugin before 3.2.1 does not have nonce checks when saving its settings, allowing attackers to make a logged in admin changed them. Settings such as HMAC verification s…	-	CVE-2021-24804	2024-11-21 14:53	2021-11-17	Show	GitHub Exploit DB Packet Storm

195006	6.5	MEDIUM Network	gesundheit-bewegt	colorful_categories	The Colorful Categories WordPress plugin before 2.0.15 does not enforce nonce checks which could allow attackers to make a logged in admin or editor change taxonomy colors via a CSRF attack	-	CVE-2021-24802	2024-11-21 14:53	2021-11-17	Show	GitHub Exploit DB Packet Storm

195007	6.1	MEDIUM Network	my_tickets_project	my_tickets	The My Tickets WordPress plugin before 1.8.31 does not properly sanitise and escape the Email field of booked tickets before outputting it in the Payment admin dashboard, which could allow unauthenti…	-	CVE-2021-24796	2024-11-21 14:53	2021-11-17	Show	GitHub Exploit DB Packet Storm

195008	4.8	MEDIUM Network	webventures	client_invoicing_by_sprout_invoices	The Client Invoicing by Sprout Invoices WordPress plugin before 19.9.7 does not sanitise and escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attack…	-	CVE-2021-24787	2024-11-21 14:53	2021-11-17	Show	GitHub Exploit DB Packet Storm

195009	4.3	MEDIUM Network	wp_performance_score_booster_project	wp_performance_score_booster	The WP Performance Score Booster WordPress plugin before 2.1 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.	-	CVE-2021-24776	2024-11-21 14:53	2021-11-17	Show	GitHub Exploit DB Packet Storm

195010	8.8	HIGH Network	xwp	stream	The Stream WordPress plugin before 3.8.2 does not sanitise and validate the order GET parameter from the Stream Records admin dashboard before using it in a SQL statement, leading to an SQL injection…	-	CVE-2021-24772	2024-11-21 14:53	2021-11-17	Show	GitHub Exploit DB Packet Storm