Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":June 28, 2026, 2 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
260691 5 警告 アップル - Apple Safari の WebKit における任意の Web サイトにリクエストされる脆弱性 CWE-Other
その他 		CVE-2009-2841 2010-02-25 12:33 2009-11-11 Show GitHub Exploit DB Packet Storm
260692 10 危険 アップル - Apple Safari の WebKit における任意のコードを実行される脆弱性 CWE-noinfo
情報不足 		CVE-2009-3384 2010-02-25 12:33 2009-11-11 Show GitHub Exploit DB Packet Storm
260693 7.1 危険 Linux
レッドハット		 - Linux kernel の icmp_send 関数におけるサービス運用妨害 (DoS) の脆弱性 CWE-Other
その他 		CVE-2009-0778 2010-02-25 12:33 2009-03-12 Show GitHub Exploit DB Packet Storm
260694 7.2 危険 サイバートラスト株式会社
Linux
レッドハット		 - Linux Kernel の audit_syscall_entry 関数におけるシステムコール監査設定を回避される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2009-0834 2010-02-25 12:33 2009-03-6 Show GitHub Exploit DB Packet Storm
260695 7.2 危険 サイバートラスト株式会社
Linux
レッドハット		 - Linux kernel の hrtimer_start 関数における整数オーバーフローの脆弱性 CWE-189
数値処理の問題 		CVE-2007-5966 2010-02-25 12:31 2007-12-20 Show GitHub Exploit DB Packet Storm
260696 4.3 警告 シスコシステムズ - Cisco Secure Desktop の +CSCOT+/translation におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2010-0440 2010-02-24 12:27 2010-02-1 Show GitHub Exploit DB Packet Storm
260697 6.2 警告 ヒューレット・パッカード - HP ECMT におけるデータベースにアクセスされる脆弱性 CWE-noinfo
情報不足 		CVE-2009-4184 2010-02-24 12:27 2009-10-5 Show GitHub Exploit DB Packet Storm
260698 4.6 警告 アップル - Apple iPhone OS のリカバリモードにおける任意のデータを読まれる脆弱性 CWE-399
リソース管理の問題 		CVE-2010-0038 2010-02-24 12:26 2010-02-2 Show GitHub Exploit DB Packet Storm
260699 5 警告 サン・マイクロシステムズ
VMware		 - Sun Java SE におけるサービス運用妨害 (DoS) の脆弱性 CWE-noinfo
情報不足 		CVE-2009-3885 2010-02-24 12:26 2009-11-9 Show GitHub Exploit DB Packet Storm
260700 7.5 危険 サン・マイクロシステムズ
VMware		 - JDK および JRE の Java Update 機能における古いバージョンの脆弱性を利用される脆弱性 CWE-Other
その他 		CVE-2009-3864 2010-02-24 12:26 2009-11-3 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:June 28, 2026, 4:01 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
200031 6.5 MEDIUM
Network 		get_custom_field_values_project get_custom_field_values The Get Custom Field Values WordPress plugin before 4.0 allows users with a role as low as Contributor to access other posts metadata without validating the permissions. Eg. contributors can access a… - CVE-2021-24872 2024-11-21 14:53 2021-12-13 Show GitHub Exploit DB Packet Storm
200032 5.4 MEDIUM
Network 		get_custom_field_values_project get_custom_field_values The Get Custom Field Values WordPress plugin before 4.0.1 does not escape custom fields before outputting them in the page, which could allow users with a role as low as contributor to perform Cross-… - CVE-2021-24871 2024-11-21 14:53 2021-12-13 Show GitHub Exploit DB Packet Storm
200033 9.8 CRITICAL
Network 		stopbadbots block_and_stop_bad_bots The WP Block and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection Plugin StopBadBots WordPress plugin before 6.67 does not sanitise and escape the User Agent before using it in a SQL state… CWE-89
SQL Injection 		CVE-2021-24863 2024-11-21 14:53 2021-12-13 Show GitHub Exploit DB Packet Storm
200034 7.2 HIGH
Network 		quotes_collection_project quotes_collection The Quotes Collection WordPress plugin through 2.5.2 does not validate and escape the bulkcheck parameter before using it in a SQL statement, leading to a SQL injection - CVE-2021-24861 2024-11-21 14:53 2021-12-13 Show GitHub Exploit DB Packet Storm
200035 4.3 MEDIUM
Network 		user_meta_shortcodes_project user_meta_shortcodes The User Meta Shortcodes WordPress plugin through 0.5 registers a shortcode that allows any user with a role as low as contributor to access other users metadata by specifying the user login as a par… - CVE-2021-24859 2024-11-21 14:53 2021-12-13 Show GitHub Exploit DB Packet Storm
200036 9.8 CRITICAL
Network 		nocean totop_link The ToTop Link WordPress plugin through 1.7.1 passes base64 encoded user input to the unserialize() PHP function, which could lead to PHP Object injection if a plugin installed on the blog has a suit… - CVE-2021-24857 2024-11-21 14:53 2021-12-13 Show GitHub Exploit DB Packet Storm
200037 5.4 MEDIUM
Network 		display_post_metadata_project display_post_metadata The Display Post Metadata WordPress plugin before 1.5.0 adds a shortcode to print out custom fields, however their content is not sanitised or escaped which could allow users with a role as low as Co… - CVE-2021-24855 2024-11-21 14:53 2021-12-13 Show GitHub Exploit DB Packet Storm
200038 8.8 HIGH
Network 		frenify mediamatic The mediamaticAjaxRenameCategory AJAX action of the Mediamatic WordPress plugin before 2.8.1, available to any authenticated user, does not sanitise the categoryID parameter before using it in a SQL … CWE-89
SQL Injection 		CVE-2021-24848 2024-11-21 14:53 2021-12-13 Show GitHub Exploit DB Packet Storm
200039 6.5 MEDIUM
Network 		improved_include_page_project improved_include_page The Improved Include Page WordPress plugin through 1.2 allows passing shortcode attributes with post_type & post_status which can be used to retrieve arbitrary content. This way, users with a role as… NVD-CWE-Other
CVE-2021-24845 2024-11-21 14:53 2021-12-13 Show GitHub Exploit DB Packet Storm
200040 4.3 MEDIUM
Network 		storeapps temporary_login_without_password The Temporary Login Without Password WordPress plugin before 1.7.1 does not have authorisation and CSRF checks when updating its settings, which could allows any logged-in users, such as subscribers … CWE-352
CWE-862
 Origin Validation Error
 Missing Authorization 		CVE-2021-24836 2024-11-21 14:53 2021-12-13 Show GitHub Exploit DB Packet Storm