Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 15, 2026, 12:08 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
258121	6.8	警告	Schezo	-	Lhaplus における DLL 読み込みに関する脆弱性	CWE-Other その他	CVE-2010-2368	2010-10-12 11:02	2010-10-12	Show	GitHub Exploit DB Packet Storm

258122	6.8	警告	アップル	-	Apple Mac OS X の Apple Filing Protocol Server におけるパスワード要求を回避される脆弱性	CWE-287 不適切な認証	CVE-2010-1820	2010-10-8 17:08	2010-09-21	Show	GitHub Exploit DB Packet Storm

258123	5	警告	マイクロソフト	-	Microsoft .NET Framework における View State フォームデータを復号または変更される脆弱性	CWE-310 暗号の問題	CVE-2010-3332	2010-10-8 17:07	2010-09-17	Show	GitHub Exploit DB Packet Storm

258124	2.6	注意	IBM	-	IBM WebSphere Application Server の Web コンテナにおける重要な情報を取得される脆弱性	CWE-20 不適切な入力確認	CVE-2010-0777	2010-10-8 17:05	2010-05-8	Show	GitHub Exploit DB Packet Storm

258125	5	警告	IBM	-	IBM WebSphere Application Server の Web コンテナにおけるサービス運用妨害 (DoS) の脆弱性	CWE-20 不適切な入力確認	CVE-2010-0776	2010-10-8 17:04	2010-05-8	Show	GitHub Exploit DB Packet Storm

258126	5	警告	Drupal サイバートラスト株式会社	-	Drupal の OpenID モジュールにおける認証を回避される脆弱性	CWE-287 不適切な認証	CVE-2010-3686	2010-10-7 16:40	2010-08-11	Show	GitHub Exploit DB Packet Storm

258127	5	警告	Drupal サイバートラスト株式会社	-	Drupal の OpenID モジュールにおける認証を回避される脆弱性	CWE-287 不適切な認証	CVE-2010-3685	2010-10-7 16:39	2010-08-11	Show	GitHub Exploit DB Packet Storm

258128	5	警告	Drupal サイバートラスト株式会社	-	Drupal の OpenID モジュールにおける認証を回避される脆弱性	CWE-287 不適切な認証	CVE-2010-3091	2010-10-7 16:39	2010-08-11	Show	GitHub Exploit DB Packet Storm

258129	2.1	注意	Drupal サイバートラスト株式会社	-	Drupal におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-3094	2010-10-7 16:39	2010-08-11	Show	GitHub Exploit DB Packet Storm

258130	3.5	注意	Drupal サイバートラスト株式会社	-	Drupal の comment モジュールにおけるアクセス制限を回避される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2010-3093	2010-10-7 16:38	2010-08-11	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 15, 2026, 4:10 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
196961	8.8	HIGH Network	wickedplugins	wicked_folders	The Wicked Folders WordPress plugin before 2.8.10 does not sanitise and escape the folder_id parameter before using it in a SQL statement in the wicked_folders_save_sort_order AJAX action, available …	CWE-89 SQL Injection	CVE-2021-24919	2024-11-21 14:54	2022-02-1	Show	GitHub Exploit DB Packet Storm

196962	6.1	MEDIUM Network	roundupwp	registrations_for_the_events_calendar	The Registrations for the Events Calendar WordPress plugin before 2.7.10 does not escape the qtype parameter before outputting it back in an attribute in the settings page, leading to a Reflected Cro…	-	CVE-2021-25083	2024-11-21 14:54	2022-01-24	Show	GitHub Exploit DB Packet Storm

196963	6.1	MEDIUM Network	crmperks	contact_form_entries	The Contact Form Entries WordPress plugin before 1.1.7 does not validate, sanitise and escape the IP address retrieved via headers such as CLIENT-IP and X-FORWARDED-FOR, allowing unauthenticated atta…	-	CVE-2021-25080	2024-11-21 14:54	2022-01-24	Show	GitHub Exploit DB Packet Storm

196964	6.1	MEDIUM Network	crmperks	contact_form_entries	The Contact Form Entries WordPress plugin before 1.2.4 does not sanitise and escape various parameters, such as form_id, status, end_date, order, orderby and search before outputting them back in the…	-	CVE-2021-25079	2024-11-21 14:54	2022-01-24	Show	GitHub Exploit DB Packet Storm

196965	6.1	MEDIUM Network	wpaffiliatemanager	affiliates_manager	The Affiliates Manager WordPress plugin before 2.9.0 does not validate, sanitise and escape the IP address of requests logged by the click tracking feature, allowing unauthenticated attackers to perf…	CWE-79 Cross-site Scripting	CVE-2021-25078	2024-11-21 14:54	2022-01-24	Show	GitHub Exploit DB Packet Storm

196966	8.8	HIGH Network	wedevs	wp_user_frontend	The WP User Frontend WordPress plugin before 3.5.26 does not validate and escape the status parameter before using it in a SQL statement in the Subscribers dashboard, leading to an SQL injection. Due…	-	CVE-2021-25076	2024-11-21 14:54	2022-01-24	Show	GitHub Exploit DB Packet Storm

196967	6.1	MEDIUM Network	webp_converter_for_media_project	webp_converter_for_media	The WebP Converter for Media WordPress plugin before 4.0.3 contains a file (passthru.php) which does not validate the src parameter before redirecting the user to it, leading to an Open Redirect issue	-	CVE-2021-25074	2024-11-21 14:54	2022-01-24	Show	GitHub Exploit DB Packet Storm

196968	8.8	HIGH Network	webmaster-source	wp125	The WP125 WordPress plugin before 1.5.5 does not have CSRF checks in various action, for example when deleting an ad, allowing attackers to make a logged in admin delete them via a CSRF attack	-	CVE-2021-25073	2024-11-21 14:54	2022-01-24	Show	GitHub Exploit DB Packet Storm

196969	6.1	MEDIUM Network	villatheme	orders_tracking_for_woocommerce	The Orders Tracking for WooCommerce WordPress plugin before 1.1.10 does not sanitise and escape the file_url before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting	-	CVE-2021-25062	2024-11-21 14:54	2022-01-24	Show	GitHub Exploit DB Packet Storm

196970	4.8	MEDIUM Network	mobileeventsmanager	mobile_events_manager	The Mobile Events Manager WordPress plugin before 1.4.4 does not sanitise and escape various of its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfil…	-	CVE-2021-25049	2024-11-21 14:54	2022-01-24	Show	GitHub Exploit DB Packet Storm