Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 20, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
257631	6.8	警告	レッドハット	-	IcedTea の JNLP SecurityManager におけるセキュリティポリシーを回避される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2010-4351	2011-02-21 14:58	2011-01-20	Show	GitHub Exploit DB Packet Storm

257632	4.3	警告	シマンテック	-	Symantec Norton Mobile Security for Android における重要な情報を取得される脆弱性	CWE-255 証明書・パスワード管理	CVE-2010-0113	2011-02-21 14:55	2010-11-15	Show	GitHub Exploit DB Packet Storm

257633	4.3	警告	Google	-	Android の Dalvik API におけるサービス運用妨害 (DoS) 脆弱性	CWE-noinfo 情報不足	CVE-2009-3698	2011-02-21 14:54	2009-10-14	Show	GitHub Exploit DB Packet Storm

257634	5	警告	CollabNet, Inc.	-	CollabNet ScrumWorks Basic Server における認証情報取り扱いに関する問題	CWE-310 暗号の問題	CVE-2011-0410	2011-02-21 14:54	2011-01-24	Show	GitHub Exploit DB Packet Storm

257635	5	警告	The PHP Group レッドハット	-	Libmbfl の mb_strcut 関数における重要な情報を取得される脆弱性	CWE-20 不適切な入力確認	CVE-2010-4156	2011-02-18 15:07	2010-11-10	Show	GitHub Exploit DB Packet Storm

257636	6.8	警告	The PHP Group サイバートラスト株式会社レッドハット	-	PHP の xml_utf8_decode 関数における整数オーバーフローの脆弱性	CWE-189 数値処理の問題	CVE-2009-5016	2011-02-18 15:03	2010-11-12	Show	GitHub Exploit DB Packet Storm

257637	6.8	警告	The PHP Group	-	PHP の set_magic_quotes_runtime 関数における SQL インジェクション攻撃を誘導される脆弱性	CWE-89 SQLインジェクション	CVE-2010-4700	2011-02-18 14:42	2010-07-1	Show	GitHub Exploit DB Packet Storm

257638	7.5	危険	The PHP Group	-	PHP の iconv_mime_decode_headers 関数におけるスパムの検出を回避される脆弱性	CWE-189 数値処理の問題	CVE-2010-4699	2011-02-18 14:40	2010-09-28	Show	GitHub Exploit DB Packet Storm

257639	5	警告	The PHP Group	-	PHP の GD 拡張モジュールにおけるバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2010-4698	2011-02-18 14:38	2010-12-7	Show	GitHub Exploit DB Packet Storm

257640	6.8	警告	The PHP Group	-	PHP の Zend Engine におけるサービス運用妨害 (DoS) の脆弱性	CWE-399 リソース管理の問題	CVE-2010-4697	2011-02-18 14:35	2010-09-18	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 20, 2026, 4:01 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
198291	6.1	MEDIUM Network	properfraction	profilepress	The User Registration, User Profile, Login & Membership – ProfilePress (Formerly WP User Avatar) WordPress plugin before 3.1.11's widget for tabbed login/register was not properly escaped and could b…	-	CVE-2021-24522	2024-11-21 14:53	2021-08-9	Show	GitHub Exploit DB Packet Storm

198292	7.2	HIGH Network	wow-estore	side_menu	The Side Menu Lite – add sticky fixed buttons WordPress plugin before 2.2.1 does not properly sanitize input values from the browser when building an SQL statement. Users with the administrator role …	-	CVE-2021-24521	2024-11-21 14:53	2021-08-9	Show	GitHub Exploit DB Packet Storm

198293	8.8	HIGH Network	coderstimes	out_of_stock_message_for_woocommerce	The Stock in & out WordPress plugin through 1.0.4 lacks proper sanitization before passing variables to an SQL request, making it vulnerable to SQL Injection attacks. Users with a role of contributor…	-	CVE-2021-24520	2024-11-21 14:53	2021-08-9	Show	GitHub Exploit DB Packet Storm

198294	5.4	MEDIUM Network	a3rev	page_view_count	The Page View Count WordPress plugin before 2.4.9 does not escape the postid parameter of pvc_stats shortcode, allowing users with a role as low as Contributor to perform Stored XSS attacks. A post m…	-	CVE-2021-24509	2024-11-21 14:53	2021-08-9	Show	GitHub Exploit DB Packet Storm

198295	9.8	CRITICAL Network	brainstormforce	astra	The Astra Pro Addon WordPress plugin before 3.5.2 did not properly sanitise or escape some of the POST parameters from the astra_pagination_infinite and astra_shop_pagination_infinite AJAX action (av…	-	CVE-2021-24507	2024-11-21 14:53	2021-08-9	Show	GitHub Exploit DB Packet Storm

198296	5.4	MEDIUM Network	madeit	forms	The Forms WordPress plugin before 1.12.3 did not sanitise its input fields, leading to Stored Cross-Site scripting issues. The plugin was vulnerable to an Authenticated Stored Cross-Site Scripting (X…	-	CVE-2021-24505	2024-11-21 14:53	2021-08-9	Show	GitHub Exploit DB Packet Storm

198297	4.8	MEDIUM Network	flippercode	wp_google_map	The WP Google Map WordPress plugin before 1.7.7 did not sanitise or escape the Map Title before outputting them in the page, leading to a Stored Cross-Site Scripting issue by high privilege users, ev…	-	CVE-2021-24502	2024-11-21 14:53	2021-08-9	Show	GitHub Exploit DB Packet Storm

198298	8.1	HIGH Network	amentotech	workreap	The Workreap WordPress theme before 2.2.2 had several AJAX actions missing authorization checks to verify that a user was authorized to perform critical operations such as modifying or deleting objec…	-	CVE-2021-24501	2024-11-21 14:53	2021-08-9	Show	GitHub Exploit DB Packet Storm

198299	8.1	HIGH Network	amentotech	workreap	Several AJAX actions available in the Workreap WordPress theme before 2.2.2 lacked CSRF protections, as well as allowing insecure direct object references that were not validated. This allows an atta…	CWE-352 Origin Validation Error	CVE-2021-24500	2024-11-21 14:53	2021-08-9	Show	GitHub Exploit DB Packet Storm

198300	9.8	CRITICAL Network	amentotech	workreap	The Workreap WordPress theme before 2.2.2 AJAX actions workreap_award_temp_file_uploader and workreap_temp_file_uploader did not perform nonce checks, or validate that the request is from a valid use…	-	CVE-2021-24499	2024-11-21 14:53	2021-08-9	Show	GitHub Exploit DB Packet Storm