Vulnerability Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 8, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
258281	4.6	警告	IBM	-	IBM DB2 の dasauto における管理者権限を持たないユーザが実行可能な脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2009-4150	2010-01-15 14:10	2009-12-2	Show	GitHub Exploit DB Packet Storm

258282	2.1	注意	サン・マイクロシステムズ	-	Sun Solaris の ldap_cachemgr におけるサービス運用妨害 (DoS) の脆弱性	CWE-Other その他	CVE-2009-4080	2010-01-15 14:10	2009-11-24	Show	GitHub Exploit DB Packet Storm

258283	5	警告	サン・マイクロシステムズ	-	Sun Solaris の sshd におけるサービス運用妨害 (DoS) の脆弱性	CWE-noinfo 情報不足	CVE-2009-4075	2010-01-15 14:09	2009-11-23	Show	GitHub Exploit DB Packet Storm

258284	2.6	注意	オラクル	-	Oracle Application Server におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	-	2010-01-14 15:01	2010-01-14	Show	GitHub Exploit DB Packet Storm

258285	9.3	危険	マイクロソフト	-	Microsoft Internet Explorer に脆弱性	CWE-94 コード・インジェクション	CVE-2009-3672	2010-01-14 12:08	2009-11-25	Show	GitHub Exploit DB Packet Storm

258286	9.3	危険	サン・マイクロシステムズ VMware	-	Sun Java SE の java.lang パッケージにおける脆弱性	CWE-362 競合状態	CVE-2009-2724	2010-01-14 12:08	2009-08-10	Show	GitHub Exploit DB Packet Storm

258287	10	危険	サン・マイクロシステムズ VMware	-	Sun Java SE の Provider クラスにおける脆弱性	CWE-noinfo 情報不足	CVE-2009-2721	2010-01-14 12:08	2009-08-10	Show	GitHub Exploit DB Packet Storm

258288	5	警告	有限会社シースリー	-	WebCalenderC3 におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2010-0348	2010-01-12 15:01	2010-01-12	Show	GitHub Exploit DB Packet Storm

258289	4.3	警告	有限会社シースリー	-	WebCalenderC3 におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-0349	2010-01-12 15:00	2010-01-12	Show	GitHub Exploit DB Packet Storm

258290	10	危険	サイバートラスト株式会社 XEmacs	-	XEmacs の glyphs-eimage.c における整数オーバーフローの脆弱性	CWE-189 数値処理の問題	CVE-2009-2688	2010-01-12 14:48	2009-08-5	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 8, 2026, 4:09 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
195071	8.4	HIGH Network	sophos	firewall_firmware	Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA.	CWE-79 Cross-site Scripting	CVE-2021-25268	2024-11-21 14:54	2022-05-6	Show	GitHub Exploit DB Packet Storm

195072	8.4	HIGH Network	sophos	firewall_firmware	Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 19.0 GA.	CWE-79 Cross-site Scripting	CVE-2021-25267	2024-11-21 14:54	2022-05-6	Show	GitHub Exploit DB Packet Storm

195073	4.7	MEDIUM Network	tipsandtricks-hq	all_in_one_wp_security_\&_firewall	The All In One WP Security & Firewall WordPress plugin before 4.4.11 does not validate, sanitise and escape the redirect_to parameter before using it to redirect user, either via a Location header, o…	-	CVE-2021-25102	2024-11-21 14:54	2022-05-3	Show	GitHub Exploit DB Packet Storm

195074	6.1	MEDIUM Network	advanced_page_visit_counter_project	advanced_page_visit_counter	The Advanced Page Visit Counter WordPress plugin before 6.1.2 does not sanitise and escape some input before outputting it in an admin dashboard page, allowing unauthenticated attackers to perform Cr…	CWE-79 Cross-site Scripting	CVE-2021-25086	2024-11-21 14:54	2022-05-3	Show	GitHub Exploit DB Packet Storm

195075	7.5	HIGH Network	tipsacarrier_project	tipsacarrier	The Tipsacarrier WordPress plugin before 1.5.0.5 does not have any authorisation check in place some functions, which could allow unauthenticated users to access Orders data which could be used to re…	-	CVE-2021-25002	2024-11-21 14:54	2022-05-3	Show	GitHub Exploit DB Packet Storm

195076	3.9	LOW Physics	sophos	intercept_x authenticator	An insecure data storage vulnerability allows a physical attacker with root privileges to retrieve TOTP secret keys from unlocked phones in Sophos Authenticator for Android version 3.4 and older, and…	CWE-922 Insecure Storage of Sensitive Information	CVE-2021-25266	2024-11-21 14:54	2022-04-28	Show	GitHub Exploit DB Packet Storm

195077	6.1	MEDIUM Network	english_wordpress_admin_project	english_wordpress_admin	The English WordPress Admin WordPress plugin before 1.5.2 does not validate the admin_custom_language_return_url before redirecting users o it, leading to an open redirect issue	-	CVE-2021-25111	2024-11-21 14:54	2022-04-26	Show	GitHub Exploit DB Packet Storm

195078	8.1	HIGH Network	brandexponents	tatsu	The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By ad…	-	CVE-2021-25094	2024-11-21 14:54	2022-04-26	Show	GitHub Exploit DB Packet Storm

195079	8.8	HIGH Network	advanced_page_visit_counter_project	advanced_page_visit_counter	The Advanced Page Visit Counter WordPress plugin before 6.1.6 does not escape the artID parameter before using it in a SQL statement in the apvc_reset_count_art AJAX action, available to any authenti…	-	CVE-2021-24957	2024-11-21 14:54	2022-04-26	Show	GitHub Exploit DB Packet Storm

195080	6.1	MEDIUM Network	easysocialfeed	easy_social_feed	The Easy Social Feed Free and Pro WordPress plugins before 6.2.7 do not sanitise some of their parameters used via AJAX actions before outputting them back in the response, leading to Reflected Cross…	-	CVE-2021-25120	2024-11-21 14:54	2022-04-19	Show	GitHub Exploit DB Packet Storm

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed