Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 4, 2026, 2 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
253301 7.5 危険 Valid - Valid tiny-erp における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2011-4672 2011-12-6 16:25 2011-12-2 Show GitHub Exploit DB Packet Storm
253302 7.5 危険 AdRotate Plugin - WordPress 用 AdRotate プラグインにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2011-4671 2011-12-6 16:24 2011-12-2 Show GitHub Exploit DB Packet Storm
253303 10 危険 Iron Mountain - Iron Mountain Connected Backup の Agent service における任意のコードを実行される脆弱性 CWE-20
不適切な入力確認 		CVE-2011-2397 2011-12-6 16:22 2011-12-5 Show GitHub Exploit DB Packet Storm
253304 6.4 警告 Widelands - Widelands の io/filesystem/filesystem.cc におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2011-1932 2011-12-6 16:22 2011-12-5 Show GitHub Exploit DB Packet Storm
253305 4.3 警告 Etomite Project - Etomite におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2011-4264 2011-12-6 12:01 2011-12-6 Show GitHub Exploit DB Packet Storm
253306 7.5 危険 jonkemp - WordPress 用 WordPress Users プラグインの wp-users.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2011-4669 2011-12-5 16:08 2011-12-2 Show GitHub Exploit DB Packet Storm
253307 7.5 危険 IBM - IBM Tivoli Netcool/Reporter における任意のコードを実行される脆弱性 CWE-94
コード・インジェクション 		CVE-2011-4668 2011-12-5 16:07 2011-12-2 Show GitHub Exploit DB Packet Storm
253308 5 警告 Schneider Electric - Schneider Electric の複数の製品におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2011-4036 2011-12-5 16:06 2011-10-24 Show GitHub Exploit DB Packet Storm
253309 4.3 警告 Schneider Electric - Schneider Electric の複数の製品におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2011-4035 2011-12-5 16:05 2011-10-24 Show GitHub Exploit DB Packet Storm
253310 9.3 危険 Schneider Electric - Steema TeeChart ActiveX コントロールにおけるバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2011-4034 2011-12-5 16:05 2011-10-24 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 4, 2026, 4:17 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
195041 4.8 MEDIUM
Network 		erident_custom_login_and_dashboard_project erident_custom_login_and_dashboard The Erident Custom Login and Dashboard WordPress plugin before 3.5.9 did not properly sanitise its settings, allowing high privilege users to use XSS payloads in them (even when the unfileted_html is… CWE-79
Cross-site Scripting 		CVE-2021-24658 2024-11-21 14:53 2021-08-23 Show GitHub Exploit DB Packet Storm
195042 8.8 HIGH
Network 		hmplugin hm_multiple_roles The HM Multiple Roles WordPress plugin before 1.3 does not have any access control to prevent low privilege users to set themselves as admin via their profile page CWE-669
 Incorrect Resource Transfer Between Spheres 		CVE-2021-24602 2024-11-21 14:53 2021-08-23 Show GitHub Exploit DB Packet Storm
195043 4.8 MEDIUM
Network 		simple_banner_project simple_banner The Simple Banner WordPress plugin before 2.10.4 does not sanitise and escape one of its settings, allowing high privilege users such as admin to use Cross-Site Scripting payload even when the unfilt… CWE-79
Cross-site Scripting 		CVE-2021-24574 2024-11-21 14:53 2021-08-23 Show GitHub Exploit DB Packet Storm
195044 5.4 MEDIUM
Network 		harmonicdesign hd_quiz The HD Quiz WordPress plugin before 1.8.4 does not escape some of its Answers before outputting them in attribute when generating the Quiz, which could lead to Stored Cross-Site Scripting issues CWE-79
Cross-site Scripting 		CVE-2021-24571 2024-11-21 14:53 2021-08-23 Show GitHub Exploit DB Packet Storm
195045 8.8 HIGH
Network 		contact_form_7_captcha_project contact_form_7_captcha The Contact Form 7 Captcha WordPress plugin before 0.0.9 does not have any CSRF check in place when saving its settings, allowing attacker to make a logged in user with the manage_options change them… CWE-352
CWE-79
 Origin Validation Error
Cross-site Scripting 		CVE-2021-24565 2024-11-21 14:53 2021-08-23 Show GitHub Exploit DB Packet Storm
195046 5.4 MEDIUM
Network 		wpfront scroll_top The WPFront Scroll Top WordPress plugin before 2.0.6.07225 does not sanitise or escape its Image ALT setting before outputting it attributes, leading to an Authenticated Stored Cross-Site Scripting i… CWE-79
Cross-site Scripting 		CVE-2021-24564 2024-11-21 14:53 2021-08-23 Show GitHub Exploit DB Packet Storm
195047 7.5 HIGH
Network 		lifterlms lifterlms The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.2 was affected by an IDOR issue, allowing students to see other student answers a… CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2021-24562 2024-11-21 14:53 2021-08-23 Show GitHub Exploit DB Packet Storm
195048 5.4 MEDIUM
Network 		veronalabs wp_sms The WP SMS WordPress plugin before 5.4.13 does not sanitise the "wp_group_name" parameter before outputting it back in the "Groups" page, leading to an Authenticated Stored Cross-Site Scripting issue - CVE-2021-24561 2024-11-21 14:53 2021-08-23 Show GitHub Exploit DB Packet Storm
195049 5.4 MEDIUM
Network 		3.7designs project_status The pspin_duplicate_post_save_as_new_post function of the Project Status WordPress plugin through 1.6 does not sanitise, validate or escape the post GET parameter passed to it before outputting it in… CWE-79
Cross-site Scripting 		CVE-2021-24558 2024-11-21 14:53 2021-08-23 Show GitHub Exploit DB Packet Storm
195050 7.2 HIGH
Network 		nimble3 m-vslider The update functionality in the rslider_page uses an rs_id POST parameter which is not validated, sanitised or escaped before being inserted in sql query, therefore leading to SQL injection for users… - CVE-2021-24557 2024-11-21 14:53 2021-08-23 Show GitHub Exploit DB Packet Storm