Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 15, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
258101	9.3	危険	Google	-	Google Chrome の browser kernel におけるバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2009-2121	2010-10-19 14:50	2009-06-22	Show	GitHub Exploit DB Packet Storm

258102	6.8	警告	Google	-	Google Chrome における任意の https サイトになりすまされる脆弱性	CWE-287 不適切な認証	CVE-2009-2071	2010-10-19 14:49	2009-03-23	Show	GitHub Exploit DB Packet Storm

258103	6.4	警告	The PHP Group	-	PHP の zend_ini.c 内にある zend_restore_ini_entry_cb 関数における重要な情報を取得される脆弱性	CWE-Other その他	CVE-2009-2626	2010-10-18 15:22	2009-12-1	Show	GitHub Exploit DB Packet Storm

258104	4	警告	オラクル	-	Oracle iPlanet Web Server におけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2010-3544	2010-10-18 12:03	2010-10-18	Show	GitHub Exploit DB Packet Storm

258105	5	警告	ISC, Inc.	-	BIND の ACL の処理に問題	CWE-264 認可・権限・アクセス制御	CVE-2010-0218	2010-10-15 13:24	2010-10-1	Show	GitHub Exploit DB Packet Storm

258106	5.1	警告	K2 Software	-	K2Editor における実行ファイル読み込みに関する脆弱性	CWE-Other その他	CVE-2010-3156	2010-10-15 11:22	2010-10-15	Show	GitHub Exploit DB Packet Storm

258107	6.8	警告	kMonos.NET	-	XacRett における実行ファイル読み込みに関する脆弱性	CWE-Other その他	CVE-2010-3157	2010-10-15 11:22	2010-10-15	Show	GitHub Exploit DB Packet Storm

258108	5	警告	The PHP Group	-	PHP における重要な情報を取得される脆弱性	CWE-200 情報漏えい	CVE-2010-2101	2010-10-14 16:20	2010-05-26	Show	GitHub Exploit DB Packet Storm

258109	9.3	危険	レッドハット	-	Winamp および libmikmod の IN_MOD.DLL におけるヒープベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2009-3996	2010-10-14 16:19	2009-12-18	Show	GitHub Exploit DB Packet Storm

258110	9.3	危険	レッドハット	-	Winamp および libmikmod の IN_MOD.DLL におけるヒープベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2009-3995	2010-10-14 16:19	2009-12-18	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 15, 2026, 4:10 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
196961	8.8	HIGH Network	wickedplugins	wicked_folders	The Wicked Folders WordPress plugin before 2.8.10 does not sanitise and escape the folder_id parameter before using it in a SQL statement in the wicked_folders_save_sort_order AJAX action, available …	CWE-89 SQL Injection	CVE-2021-24919	2024-11-21 14:54	2022-02-1	Show	GitHub Exploit DB Packet Storm

196962	6.1	MEDIUM Network	roundupwp	registrations_for_the_events_calendar	The Registrations for the Events Calendar WordPress plugin before 2.7.10 does not escape the qtype parameter before outputting it back in an attribute in the settings page, leading to a Reflected Cro…	-	CVE-2021-25083	2024-11-21 14:54	2022-01-24	Show	GitHub Exploit DB Packet Storm

196963	6.1	MEDIUM Network	crmperks	contact_form_entries	The Contact Form Entries WordPress plugin before 1.1.7 does not validate, sanitise and escape the IP address retrieved via headers such as CLIENT-IP and X-FORWARDED-FOR, allowing unauthenticated atta…	-	CVE-2021-25080	2024-11-21 14:54	2022-01-24	Show	GitHub Exploit DB Packet Storm

196964	6.1	MEDIUM Network	crmperks	contact_form_entries	The Contact Form Entries WordPress plugin before 1.2.4 does not sanitise and escape various parameters, such as form_id, status, end_date, order, orderby and search before outputting them back in the…	-	CVE-2021-25079	2024-11-21 14:54	2022-01-24	Show	GitHub Exploit DB Packet Storm

196965	6.1	MEDIUM Network	wpaffiliatemanager	affiliates_manager	The Affiliates Manager WordPress plugin before 2.9.0 does not validate, sanitise and escape the IP address of requests logged by the click tracking feature, allowing unauthenticated attackers to perf…	CWE-79 Cross-site Scripting	CVE-2021-25078	2024-11-21 14:54	2022-01-24	Show	GitHub Exploit DB Packet Storm

196966	8.8	HIGH Network	wedevs	wp_user_frontend	The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due…	-	CVE-2021-25076	2024-11-21 14:54	2022-01-24	Show	GitHub Exploit DB Packet Storm

196967	6.1	MEDIUM Network	webp_converter_for_media_project	webp_converter_for_media	The WebP Converter for Media WordPress plugin before 4.0.3 contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an Open Redirect issue	-	CVE-2021-25074	2024-11-21 14:54	2022-01-24	Show	GitHub Exploit DB Packet Storm

196968	8.8	HIGH Network	webmaster-source	wp125	The WP125 WordPress plugin before 1.5.5 does not have CSRF checks in various action, for example when deleting an ad, allowing attackers to make a logged in admin delete them via a CSRF attack	-	CVE-2021-25073	2024-11-21 14:54	2022-01-24	Show	GitHub Exploit DB Packet Storm

196969	6.1	MEDIUM Network	villatheme	orders_tracking_for_woocommerce	The Orders Tracking for WooCommerce WordPress plugin before 1.1.10 does not sanitise and escape the file_url before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting	-	CVE-2021-25062	2024-11-21 14:54	2022-01-24	Show	GitHub Exploit DB Packet Storm

196970	4.8	MEDIUM Network	mobileeventsmanager	mobile_events_manager	The Mobile Events Manager WordPress plugin before 1.4.4 does not sanitise and escape various of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfil…	-	CVE-2021-25049	2024-11-21 14:54	2022-01-24	Show	GitHub Exploit DB Packet Storm