Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 6, 2026, 2 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
218681	6.8	警告	XYZScripts	-	WordPress 用 Newsletter Manager プラグインにおけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2012-6629	2014-01-21 17:03	2012-05-15	Show	GitHub Exploit DB Packet Storm

218682	4.3	警告	XYZScripts	-	WordPress 用 Newsletter Manager プラグインにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-6628	2014-01-21 17:03	2012-04-20	Show	GitHub Exploit DB Packet Storm

218683	4.3	警告	XYZScripts	-	WordPress 用 Newsletter Manager プラグインの admin/test_mail.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-6627	2014-01-21 17:02	2012-05-15	Show	GitHub Exploit DB Packet Storm

218684	4.3	警告	VastHTML	-	WordPress 用 ForumPress WP Forum Server プラグインにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-6623	2014-01-21 17:01	2012-07-14	Show	GitHub Exploit DB Packet Storm

218685	4.3	警告	VastHTML	-	WordPress 用 ForumPress WP Forum Server プラグインにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-6622	2014-01-21 17:01	2012-04-18	Show	GitHub Exploit DB Packet Storm

218686	7.5	危険	VastHTML	-	WordPress 用 ForumPress WP Forum Server プラグインにおける SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2012-6625	2014-01-21 16:09	2012-04-18	Show	GitHub Exploit DB Packet Storm

218687	4.3	警告	Mightymess	-	WordPress 用 SoundCloud Is Gold プラグインにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-6624	2014-01-21 16:08	2012-05-15	Show	GitHub Exploit DB Packet Storm

218688	7.5	危険	Brian Cabunac	-	b2ePMS の verify-user.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2012-6626	2014-01-21 14:52	2012-05-11	Show	GitHub Exploit DB Packet Storm

218689	4.3	警告	Vessio	-	Vessio NetBill におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-6632	2014-01-21 14:26	2012-05-11	Show	GitHub Exploit DB Packet Storm

218690	6.8	警告	Vessio	-	Vessio NetBill の accounts/admin/index.php におけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2012-6631	2014-01-21 14:24	2012-05-11	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 6, 2026, 4:08 a.m.

No	CVSS	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
295051	-	widgetfactorylimited	com_jce	Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the JCE component before 2.0.18 for Joomla! allows remote authenticated users with the author privileges to execute arb…	NVD-CWE-Other	CVE-2011-5134	2024-11-21 10:33	2012-08-31	Show	GitHub Exploit DB Packet Storm

295052	-	mybb	mybb	Unspecified vulnerability in MyBB before 1.6.5 has unknown impact and attack vectors, related to an "unparsed user avatar in the buddy list."	NVD-CWE-noinfo	CVE-2011-5133	2024-11-21 10:33	2012-08-31	Show	GitHub Exploit DB Packet Storm

295053	-	mybb	mybb	Cross-site scripting (XSS) vulnerability in MyBB before 1.6.5 allows remote attackers to inject arbitrary web script or HTML via vectors related to "usernames via AJAX."	CWE-79 Cross-site Scripting	CVE-2011-5132	2024-11-21 10:33	2012-08-31	Show	GitHub Exploit DB Packet Storm

295054	-	mybb	mybb	Cross-site request forgery (CSRF) vulnerability in global.php in MyBB before 1.6.5 allows remote attackers to hijack the authentication of a user for requests that change the user's language via the …	CWE-352 Origin Validation Error	CVE-2011-5131	2024-11-21 10:33	2012-08-31	Show	GitHub Exploit DB Packet Storm

295055	-	haudenschilt	family_connections_cms	dev/less.php in Family Connections CMS (FCMS) 2.5.0 - 2.7.1, when register_globals is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the argv[1] parameter.	CWE-94 Code Injection	CVE-2011-5130	2024-11-21 10:33	2012-08-31	Show	GitHub Exploit DB Packet Storm

295056	-	xchat	xchat	Heap-based buffer overflow in XChat 2.8.9 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long response string.	CWE-119 Incorrect Access of Indexable Resource ('Range Error')	CVE-2011-5129	2024-11-21 10:33	2012-08-31	Show	GitHub Exploit DB Packet Storm

295057	-	bueltge	adminimize	Multiple cross-site scripting (XSS) vulnerabilities in the Adminimize plugin before 1.7.22 for WordPress allow remote attackers to inject arbitrary web script or HTML via the page parameter to (1) in…	CWE-79 Cross-site Scripting	CVE-2011-5128	2024-11-21 10:33	2012-08-29	Show	GitHub Exploit DB Packet Storm

295058	-	bueltge	adminimize	Cross-site scripting (XSS) vulnerability in adminimize/adminimize_page.php in the Adminimize plugin before 1.7.22 for WordPress allows remote attackers to inject arbitrary web script or HTML via the …	CWE-79 Cross-site Scripting	CVE-2011-4926	2024-11-21 10:33	2012-08-29	Show	GitHub Exploit DB Packet Storm

295059	-	elxis	elxis_cms	Multiple cross-site scripting (XSS) vulnerabilities in Elxis CMS 2009.2, 2009.3 and 2009.3 Aphrodite before revision 2684 allow remote attackers to inject arbitrary web script or HTML via the (1) tas…	CWE-79 Cross-site Scripting	CVE-2011-4918	2024-11-21 10:33	2012-08-29	Show	GitHub Exploit DB Packet Storm

295060	-	python	python	Python 2.6 through 3.2 creates ~/.pypirc with world-readable permissions before changing them after data has been written, which introduces a race condition that allows local users to obtain a userna…	CWE-264 Permissions, Privileges, and Access Controls	CVE-2011-4944	2024-11-21 10:33	2012-08-28	Show	GitHub Exploit DB Packet Storm