Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 11, 2026, 2 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
258761	10	危険	マイクロソフト	-	Microsoft Windows の License Logging Server (llssrv.exe) における任意のコードを実行される脆弱性	CWE-119 バッファエラー	CVE-2009-2523	2010-01-4 15:24	2009-11-10	Show	GitHub Exploit DB Packet Storm

258762	9.3	危険	マイクロソフト	-	Microsoft Windows の Web Services on Devices API (WSDAPI) における任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2009-2512	2010-01-4 15:23	2009-11-10	Show	GitHub Exploit DB Packet Storm

258763	10	危険	アップル VMware サン・マイクロシステムズ	-	Sun Java SE の Provider クラスにおける詳細不明な脆弱性	CWE-noinfo 情報不足	CVE-2009-2722	2010-01-4 14:56	2009-08-10	Show	GitHub Exploit DB Packet Storm

258764	10	危険	アップル VMware サン・マイクロシステムズ	-	Sun Java SE の Provider クラスにおける詳細不明な脆弱性	CWE-noinfo 情報不足	CVE-2009-2723	2010-01-4 14:55	2009-08-10	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 11, 2026, 5:13 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
196251	6.1	MEDIUM Network	english_wordpress_admin_project	english_wordpress_admin	The English WordPress Admin WordPress plugin before 1.5.2 does not validate the admin_custom_language_return_url before redirecting users o it, leading to an open redirect issue	-	CVE-2021-25111	2024-11-21 14:54	2022-04-26	Show	GitHub Exploit DB Packet Storm

196252	8.1	HIGH Network	brandexponents	tatsu	The Tatsu WordPress plugin before 3.3.12 add_custom_font action can be used without prior authentication to upload a rogue zip file which is uncompressed under the WordPress's upload directory. By ad…	-	CVE-2021-25094	2024-11-21 14:54	2022-04-26	Show	GitHub Exploit DB Packet Storm

196253	8.8	HIGH Network	advanced_page_visit_counter_project	advanced_page_visit_counter	The Advanced Page Visit Counter WordPress plugin before 6.1.6 does not escape the artID parameter before using it in a SQL statement in the apvc_reset_count_art AJAX action, available to any authenti…	-	CVE-2021-24957	2024-11-21 14:54	2022-04-26	Show	GitHub Exploit DB Packet Storm

196254	6.1	MEDIUM Network	easysocialfeed	easy_social_feed	The Easy Social Feed Free and Pro WordPress plugins before 6.2.7 do not sanitise some of their parameters used via AJAX actions before outputting them back in the response, leading to Reflected Cross…	-	CVE-2021-25120	2024-11-21 14:54	2022-04-19	Show	GitHub Exploit DB Packet Storm

196255	5.4	MEDIUM Network	wpsofts	portfolio_gallery\ _product_catalog_-_grid_kit_portfolio	The Portfolio Gallery, Product Catalog WordPress plugin before 2.1.0 does not have authorisation and CSRF checks in various functions related to AJAX actions, allowing any authenticated users, such a…	-	CVE-2021-25090	2024-11-21 14:54	2022-04-12	Show	GitHub Exploit DB Packet Storm

196256	6.1	MEDIUM Network	heateor	super_socializer	The Social Share, Social Login and Social Comments Plugin WordPress plugin before 7.13.30 does not sanitise and escape the urls parameter in its the_champ_sharing_count AJAX action (available to both…	CWE-79 Cross-site Scripting	CVE-2021-24987	2024-11-21 14:54	2022-04-12	Show	GitHub Exploit DB Packet Storm

196257	6.1	MEDIUM Network	pickplugins	post_grid	The Post Grid WordPress plugin before 2.1.16 does not escape the keyword parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting in pages containing a Post Gr…	-	CVE-2021-24986	2024-11-21 14:54	2022-04-12	Show	GitHub Exploit DB Packet Storm

196258	5.4	MEDIUM Network	dropdown_menu_widget_project	dropdown_menu_widget	The Dropdown Menu Widget WordPress plugin through 1.9.7 does not have authorisation and CSRF checks when saving its settings, allowing low privilege users such as subscriber to update them. Due to th…	-	CVE-2021-25113	2024-11-21 14:54	2022-04-5	Show	GitHub Exploit DB Packet Storm

196259	5.4	MEDIUM Network	king-theme	kingcomposer	The KingComposer WordPress plugin through 2.9.6 does not have authorisation, CSRF and sanitisation/escaping when creating profile, allowing any authenticated users to create arbitrary ones, with Cros…	-	CVE-2021-25048	2024-11-21 14:54	2022-04-5	Show	GitHub Exploit DB Packet Storm

196260	6.1	MEDIUM Network	inpsyde	akismet_privacy_policies	The WordPress plugin through 2.0.1 does not sanitise and escape the translation parameter before outputting it back in an admin page, leading to a Reflected Cross-Site Scripting	-	CVE-2021-25071	2024-11-21 14:54	2022-03-29	Show	GitHub Exploit DB Packet Storm