Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 10, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
258761	9.3	危険	マイクロソフト	-	Microsoft Windows の Web Services on Devices API (WSDAPI) における任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2009-2512	2010-01-4 15:23	2009-11-10	Show	GitHub Exploit DB Packet Storm

258762	10	危険	アップル VMware サン・マイクロシステムズ	-	Sun Java SE の Provider クラスにおける詳細不明な脆弱性	CWE-noinfo 情報不足	CVE-2009-2722	2010-01-4 14:56	2009-08-10	Show	GitHub Exploit DB Packet Storm

258763	10	危険	アップル VMware サン・マイクロシステムズ	-	Sun Java SE の Provider クラスにおける詳細不明な脆弱性	CWE-noinfo 情報不足	CVE-2009-2723	2010-01-4 14:55	2009-08-10	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 10, 2026, 5 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
196591	4.3	MEDIUM Network	tipsandtricks-hq	far_future_expiry_header	The Far Future Expiry Header WordPress plugin before 1.5 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.	CWE-352 Origin Validation Error	CVE-2021-24799	2024-11-21 14:53	2021-11-1	Show	GitHub Exploit DB Packet Storm

196592	4.8	MEDIUM Network	connections-pro	connections_business_directory	The Connections Business Directory WordPress plugin before 10.4.3 does not escape the Address settings when creating an Entry, which could allow high privilege users to perform Cross-Site Scripting w…	CWE-79 Cross-site Scripting	CVE-2021-24794	2024-11-21 14:53	2021-11-1	Show	GitHub Exploit DB Packet Storm

196593	4.8	MEDIUM Network	etruel	wpematico_rss_feed_fetcher	The WPeMatico RSS Feed Fetcher WordPress plugin before 2.6.12 does not escape the Feed URL added to a campaign before outputting it in an attribute, allowing high privilege users to perform Cross-Sit…	CWE-79 Cross-site Scripting	CVE-2021-24793	2024-11-21 14:53	2021-11-1	Show	GitHub Exploit DB Packet Storm

196594	4.8	MEDIUM Network	flat_preloader_project	flat_preloader	The Flat Preloader WordPress plugin before 1.5.5 does not escape some of its settings when outputting them in attribute in the frontend, which could allow high privilege users to perform Cross-Site S…	CWE-79 Cross-site Scripting	CVE-2021-24789	2024-11-21 14:53	2021-11-1	Show	GitHub Exploit DB Packet Storm

196595	4.3	MEDIUM Network	imagesourcecontrol	image_source_control	The Image Source Control WordPress plugin before 2.3.1 allows users with a role as low as Contributor to change arbitrary post meta fields of arbitrary posts (even those they should not be able to ed…	NVD-CWE-noinfo	CVE-2021-24781	2024-11-21 14:53	2021-11-1	Show	GitHub Exploit DB Packet Storm

196596	4.8	MEDIUM Network	wpdownloadmanager	wordpress_download_manager	The WordPress Download Manager WordPress plugin before 3.2.16 does not escape some of the Download settings when outputting them, allowing high privilege users to perform XSS attacks even when the un…	CWE-79 Cross-site Scripting	CVE-2021-24773	2024-11-21 14:53	2021-11-1	Show	GitHub Exploit DB Packet Storm

196597	6.5	MEDIUM Network	stylishpricelist	stylish_price_list	The Stylish Price List WordPress plugin before 6.9.1 does not perform capability checks in its spl_upload_ser_img AJAX action (available to authenticated users), which could allow any authenticated u…	-	CVE-2021-24770	2024-11-21 14:53	2021-11-1	Show	GitHub Exploit DB Packet Storm

196598	5.3	MEDIUM Network	stylishpricelist	stylish_price_list	The Stylish Price List WordPress plugin before 6.9.0 does not perform capability checks in its spl_upload_ser_img AJAX action (available to both unauthenticated and authenticated users), which could …	-	CVE-2021-24757	2024-11-21 14:53	2021-11-1	Show	GitHub Exploit DB Packet Storm

196599	6.5	MEDIUM Network	radiustheme	logo_slider_and_showcase	The Logo Slider and Showcase WordPress plugin before 1.3.37 allows Editor users to update the plugin's settings via the rtWLSSettings AJAX action because it uses a nonce for authorisation instead of …	-	CVE-2021-24742	2024-11-21 14:53	2021-11-1	Show	GitHub Exploit DB Packet Storm

196600	5.4	MEDIUM Network	wpreactions	wp_reactions_lite	The WP Reactions Lite WordPress plugin before 1.3.6 does not properly sanitize inputs within wp-admin pages, allowing users with sufficient access to inject XSS payloads within /wp-admin/ pages.	CWE-79 Cross-site Scripting	CVE-2021-24723	2024-11-21 14:53	2021-11-1	Show	GitHub Exploit DB Packet Storm