Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 20, 2026, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
257911 9.3 危険 リアルネットワークス - RealNetworks RealPlayer の pnen3260.dll モジュールにおける整数オーバーフローの脆弱性 CWE-189
数値処理の問題 		CVE-2010-4397 2011-01-7 15:34 2010-12-10 Show GitHub Exploit DB Packet Storm
257912 9.3 危険 リアルネットワークス - RealNetworks RealPlayer の AAC MLLT Atom 解析処理における整数オーバーフローの脆弱性 CWE-189
数値処理の問題 		CVE-2010-2999 2011-01-7 15:34 2010-12-10 Show GitHub Exploit DB Packet Storm
257913 9.3 危険 レッドハット
リアルネットワークス		 - RealNetworks RealPlayer における任意のコードを実行される脆弱性 CWE-399
リソース管理の問題 		CVE-2010-2997 2011-01-7 15:33 2010-12-10 Show GitHub Exploit DB Packet Storm
257914 2.6 注意 アップル
サイバートラスト株式会社
レッドハット
SquirrelMail Project		 - SquirrelMail におけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2009-2964 2011-01-7 11:03 2009-08-12 Show GitHub Exploit DB Packet Storm
257915 4.3 警告 レッドハット
SquirrelMail Project		 - SquirrelMail におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2007-1262 2011-01-7 11:02 2007-05-9 Show GitHub Exploit DB Packet Storm
257916 9.3 危険 レッドハット
リアルネットワークス		 - RealNetworks RealPlayer のマルチレートオーディオにおけるヒープベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2010-4375 2011-01-6 16:23 2010-12-10 Show GitHub Exploit DB Packet Storm
257917 9.3 危険 レッドハット
リアルネットワークス		 - RealNetworks RealPlayer の RealMedia メディアプロパティーヘッダーにおける任意のコードを実行される脆弱性 CWE-20
不適切な入力確認 		CVE-2010-4384 2011-01-6 16:18 2010-12-10 Show GitHub Exploit DB Packet Storm
257918 4.3 警告 Mozilla Foundation
オラクル		 - 複数の Mozilla 製品の nsAuthSSPI::Unwrap 関数における任意のコードを実行される脆弱性 CWE-399
リソース管理の問題 		CVE-2010-0161 2011-01-6 16:01 2010-03-16 Show GitHub Exploit DB Packet Storm
257919 9.3 危険 Exim Development
レッドハット		 - Exim の string_format 関数にバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2010-4344 2011-01-6 15:58 2010-12-14 Show GitHub Exploit DB Packet Storm
257920 4.3 警告 Mozilla Foundation
レッドハット		 - Mozilla Firefox および SeaMonkey のレンダリングエンジンにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2010-3770 2011-01-6 15:50 2010-12-9 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 21, 2026, 4:01 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
197951 6.1 MEDIUM
Network 		themeboy sportspress The SportsPress WordPress plugin before 2.7.9 does not sanitise and escape its match_day parameter before outputting back in the Events backend page, leading to a Reflected Cross-Site Scripting issue - CVE-2021-24578 2024-11-21 14:53 2021-12-21 Show GitHub Exploit DB Packet Storm
197952 4.8 MEDIUM
Network 		calderaforms caldera_forms The Caldera Forms WordPress plugin before 1.9.5 does not sanitise and escape the Form Name before outputting it in attributes, which could allow high privilege users to perform Cross-Site Scripting a… - CVE-2021-24896 2024-11-21 14:53 2021-12-13 Show GitHub Exploit DB Packet Storm
197953 6.5 MEDIUM
Network 		get_custom_field_values_project get_custom_field_values The Get Custom Field Values WordPress plugin before 4.0 allows users with a role as low as Contributor to access other posts metadata without validating the permissions. Eg. contributors can access a… - CVE-2021-24872 2024-11-21 14:53 2021-12-13 Show GitHub Exploit DB Packet Storm
197954 5.4 MEDIUM
Network 		get_custom_field_values_project get_custom_field_values The Get Custom Field Values WordPress plugin before 4.0.1 does not escape custom fields before outputting them in the page, which could allow users with a role as low as contributor to perform Cross-… - CVE-2021-24871 2024-11-21 14:53 2021-12-13 Show GitHub Exploit DB Packet Storm
197955 9.8 CRITICAL
Network 		stopbadbots block_and_stop_bad_bots The WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots WordPress plugin before 6.67 does not sanitise and escape the User Agent before using it in a SQL state… CWE-89
SQL Injection 		CVE-2021-24863 2024-11-21 14:53 2021-12-13 Show GitHub Exploit DB Packet Storm
197956 7.2 HIGH
Network 		quotes_collection_project quotes_collection The Quotes Collection WordPress plugin through 2.5.2 does not validate and escape the bulkcheck parameter before using it in a SQL statement, leading to a SQL injection - CVE-2021-24861 2024-11-21 14:53 2021-12-13 Show GitHub Exploit DB Packet Storm
197957 4.3 MEDIUM
Network 		user_meta_shortcodes_project user_meta_shortcodes The User Meta Shortcodes WordPress plugin through 0.5 registers a shortcode that allows any user with a role as low as contributor to access other users metadata by specifying the user login as a par… - CVE-2021-24859 2024-11-21 14:53 2021-12-13 Show GitHub Exploit DB Packet Storm
197958 9.8 CRITICAL
Network 		nocean totop_link The ToTop Link WordPress plugin through 1.7.1 passes base64 encoded user input to the unserialize() PHP function, which could lead to PHP Object injection if a plugin installed on the blog has a suit… - CVE-2021-24857 2024-11-21 14:53 2021-12-13 Show GitHub Exploit DB Packet Storm
197959 5.4 MEDIUM
Network 		display_post_metadata_project display_post_metadata The Display Post Metadata WordPress plugin before 1.5.0 adds a shortcode to print out custom fields, however their content is not sanitised or escaped which could allow users with a role as low as Co… - CVE-2021-24855 2024-11-21 14:53 2021-12-13 Show GitHub Exploit DB Packet Storm
197960 8.8 HIGH
Network 		frenify mediamatic The mediamaticAjaxRenameCategory AJAX action of the Mediamatic WordPress plugin before 2.8.1, available to any authenticated user, does not sanitise the categoryID parameter before using it in a SQL … CWE-89
SQL Injection 		CVE-2021-24848 2024-11-21 14:53 2021-12-13 Show GitHub Exploit DB Packet Storm