Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 25, 2026, 10:01 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
255331 5 警告 Claus Due - TYPO3 用 System Utilities エクステンションにおける重要な情報を取得される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2012-1078 2012-02-17 14:35 2012-02-14 Show GitHub Exploit DB Packet Storm
255332 7.5 危険 Bluechip Software - TYPO3 用 Post data records to Facebook エクステンションにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2012-1077 2012-02-17 14:34 2012-02-14 Show GitHub Exploit DB Packet Storm
255333 4.3 警告 Robert Gonda - TYPO3 用 Documents download エクステンションにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2012-1076 2012-02-17 14:34 2012-02-14 Show GitHub Exploit DB Packet Storm
255334 7.5 危険 Robert Gonda - TYPO3 用 Documents download エクステンションにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2012-1075 2012-02-17 14:33 2012-02-14 Show GitHub Exploit DB Packet Storm
255335 7.5 危険 White Papers - TYPO3 用 White Papers エクステンションにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2012-1074 2012-02-17 14:33 2012-02-14 Show GitHub Exploit DB Packet Storm
255336 4.3 警告 Category-System - TYPO3 用 Category-System エクステンションにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2012-1073 2012-02-17 14:31 2012-02-14 Show GitHub Exploit DB Packet Storm
255337 7.5 危険 Category-System - TYPO3 用 Category-System エクステンションにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2012-1072 2012-02-17 14:31 2012-02-14 Show GitHub Exploit DB Packet Storm
255338 7.5 危険 Mathieu Vidal - TYPO3 用 Kitchen recipe エクステンションにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2012-1071 2012-02-17 14:29 2012-02-14 Show GitHub Exploit DB Packet Storm
255339 4.3 警告 Netcreators - TYPO3 用 Modern FAQ エクステンションにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2012-1070 2012-02-17 14:29 2012-02-14 Show GitHub Exploit DB Packet Storm
255340 4.3 警告 Juergen Furrer - TYPO3 用 Additional TCA Forms エクステンションにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2011-5080 2012-02-17 14:27 2012-02-14 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 25, 2026, 4:04 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
197511 6.1 MEDIUM
Network 		mycred mycred The myCred WordPress plugin before 2.4 does not sanitise and escape the search query before outputting it back in the history dashboard page, leading to a Reflected Cross-Site Scripting issue - CVE-2021-25015 2024-11-21 14:54 2022-01-24 Show GitHub Exploit DB Packet Storm
197512 6.5 MEDIUM
Network 		themeum qubely The Qubely WordPress plugin before 1.7.8 does not have authorisation and CSRF check on the qubely_delete_saved_block AJAX action, and does not ensure that the block to be deleted belong to the plugin… CWE-352
 Origin Validation Error 		CVE-2021-25013 2024-11-21 14:54 2022-01-24 Show GitHub Exploit DB Packet Storm
197513 6.1 MEDIUM
Network 		codesnippets code_snippets The Code Snippets WordPress plugin before 2.14.3 does not escape the snippets-safe-mode parameter before outputting it back in attributes, leading to a Reflected Cross-Site Scripting issue - CVE-2021-25008 2024-11-21 14:54 2022-01-24 Show GitHub Exploit DB Packet Storm
197514 6.5 MEDIUM
Network 		wpplugin accept_donations_with_paypal The Accept Donations with PayPal WordPress plugin before 1.3.4 does not have CSRF check in place and does not ensure that the post to be deleted belongs to the plugin, allowing attackers to make a lo… - CVE-2021-24989 2024-11-21 14:54 2022-01-24 Show GitHub Exploit DB Packet Storm
197515 6.1 MEDIUM
Network 		yikesinc easy_forms_for_mailchimp The Easy Forms for Mailchimp WordPress plugin before 6.8.6 does not sanitise and escape the field_name and field_type parameters before outputting them back in attributes, leading to Reflected Cross-… - CVE-2021-24985 2024-11-21 14:54 2022-01-24 Show GitHub Exploit DB Packet Storm
197516 6.1 MEDIUM
Network 		wbolt smart_seo_tool The Smart SEO Tool WordPress plugin before 3.0.6 does not sanitise and escape the search parameter before outputting it back in an attribute when the TDK optimisation setting is enabled, leading to a… - CVE-2021-24976 2024-11-21 14:54 2022-01-24 Show GitHub Exploit DB Packet Storm
197517 5.4 MEDIUM
Network 		adtribes product_feed_pro_for_woocommerce The Product Feed PRO for WooCommerce WordPress plugin before 11.0.7 does not have authorisation and CSRF check in some of its AJAX actions, allowing any authenticated users to call then, which could … - CVE-2021-24974 2024-11-21 14:54 2022-01-24 Show GitHub Exploit DB Packet Storm
197518 5.7 MEDIUM
Network 		etoilewebdesign ultimate_faq The Ultimate FAQ WordPress plugin before 2.1.2 does not have capability and CSRF checks in the ewd_ufaq_welcome_add_faq and ewd_ufaq_welcome_add_faq_page AJAX actions, available to any authenticated … CWE-352
 Origin Validation Error 		CVE-2021-24968 2024-11-21 14:54 2022-01-24 Show GitHub Exploit DB Packet Storm
197519 5.4 MEDIUM
Network 		fivestarplugins five_star_restaurant_reservations The Five Star Restaurant Reservations WordPress plugin before 2.4.8 does not have capability and CSRF checks in the rtb_welcome_set_schedule AJAX action, allowing any authenticated users to call it. … - CVE-2021-24965 2024-11-21 14:54 2022-01-24 Show GitHub Exploit DB Packet Storm
197520 8.0 HIGH
Network 		wp_extra_file_types_project wp_extra_file_types The WP Extra File Types WordPress plugin before 0.5.1 does not have CSRF check when saving its settings, nor sanitise and escape some of them, which could allow attackers to make a logged in admin ch… - CVE-2021-24936 2024-11-21 14:54 2022-01-24 Show GitHub Exploit DB Packet Storm