Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":June 4, 2026, 4 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
239261	4.3	警告	MediaWiki	-	MediaWiki の API pretty-printing モードにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2007-4828	2012-09-25 16:59	2007-09-10	Show	GitHub Exploit DB Packet Storm

239262	6.8	警告	markus iser	-	Markus Iser ED Engine の WebED における PHP リモートファイルインクルージョンの脆弱性	CWE-94 コード・インジェクション	CVE-2007-4815	2012-09-25 16:59	2007-09-11	Show	GitHub Exploit DB Packet Storm

239263	7.5	危険	マイクロソフト	-	Microsoft SQL Server Enterprise Manager におけるバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2007-4814	2012-09-25 16:59	2007-09-11	Show	GitHub Exploit DB Packet Storm

239264	4.3	警告	netjuke	-	Netjuke におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2007-4811	2012-09-25 16:59	2007-09-11	Show	GitHub Exploit DB Packet Storm

239265	7.5	危険	netjuke	-	Netjuke における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2007-4810	2012-09-25 16:59	2007-09-11	Show	GitHub Exploit DB Packet Storm

239266	7.5	危険	online fantasy football league	-	OFFL における PHP リモートファイルインクルージョンの脆弱性	CWE-94 コード・インジェクション	CVE-2007-4809	2012-09-25 16:59	2007-09-11	Show	GitHub Exploit DB Packet Storm

239267	6.8	警告	ourgame.com	-	GlobalLink におけるヒープベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2007-4802	2012-09-25 16:59	2007-09-11	Show	GitHub Exploit DB Packet Storm

239268	6.6	警告	Joomla!	-	Joomla! のインストーラコンポーネントにおける任意のファイルを tmp/ へアップロードされる脆弱性	CWE-20 不適切な入力確認	CVE-2007-4781	2012-09-25 16:59	2007-09-10	Show	GitHub Exploit DB Packet Storm

239269	6.8	警告	Joomla!	-	Joomla! における重要な情報を取得される脆弱性	CWE-20 不適切な入力確認	CVE-2007-4780	2012-09-25 16:59	2007-08-31	Show	GitHub Exploit DB Packet Storm

239270	4.3	警告	Joomla!	-	Joomla! におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2007-4779	2012-09-25 16:59	2007-08-31	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:June 5, 2026, 4:11 a.m.

No	CVSS	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
286121	-	ckeditor	ckeditor	Cross-site scripting (XSS) vulnerability in the Preview plugin before 4.4.3 in CKEditor allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.	CWE-79 Cross-site Scripting	CVE-2014-5191	2024-11-21 11:11	2014-08-7	Show	GitHub Exploit DB Packet Storm

286122	-	si_captcha_anti-spam_project	si_captcha_anti-spam	Cross-site scripting (XSS) vulnerability in captcha-secureimage/test/index.php in the SI CAPTCHA Anti-Spam plugin 2.7.4 for WordPress allows remote attackers to inject arbitrary web script or HTML vi…	CWE-79 Cross-site Scripting	CVE-2014-5190	2024-11-21 11:11	2014-08-7	Show	GitHub Exploit DB Packet Storm

286123	-	leadoctopus	lead_octopus	SQL injection vulnerability in lib/optin/optin_page.php in the Lead Octopus plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.	CWE-89 SQL Injection	CVE-2014-5189	2024-11-21 11:11	2014-08-7	Show	GitHub Exploit DB Packet Storm

286124	-	lyris	list_manager	Cross-site scripting (XSS) vulnerability in doemailpassword.tml in Lyris ListManager (LM) 8.95a allows remote attackers to inject arbitrary web script or HTML via the EmailAddr parameter.	CWE-79 Cross-site Scripting	CVE-2014-5188	2024-11-21 11:11	2014-08-7	Show	GitHub Exploit DB Packet Storm

286125	-	tom_m8te_plugin_project	tom-m8te_plugin	Directory traversal vulnerability in the Tom M8te (tom-m8te) plugin 1.5.3 for WordPress allows remote attackers to read arbitrary files via the file parameter to tom-download-file.php.	CWE-22 Path Traversal	CVE-2014-5187	2024-11-21 11:11	2014-08-7	Show	GitHub Exploit DB Packet Storm

286126	-	all_video_gallery_plugin_project	all-video-gallery	SQL injection vulnerability in the All Video Gallery (all-video-gallery) plugin 1.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in …	CWE-89 SQL Injection	CVE-2014-5186	2024-11-21 11:11	2014-08-7	Show	GitHub Exploit DB Packet Storm

286127	-	quartz_plugin_project	quartz_plugin	SQL injection vulnerability in the Quartz plugin 1.01.1 for WordPress allows remote authenticated users with Contributor privileges to execute arbitrary SQL commands via the quote parameter in an edi…	CWE-89 SQL Injection	CVE-2014-5185	2024-11-21 11:11	2014-08-7	Show	GitHub Exploit DB Packet Storm

286128	-	stripshow_plugin_project	stripshow	SQL injection vulnerability in the stripshow-storylines page in the stripShow plugin 2.5.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the story par…	CWE-89 SQL Injection	CVE-2014-5184	2024-11-21 11:11	2014-08-7	Show	GitHub Exploit DB Packet Storm

286129	-	simple_retail_menus_plugin_project	simple-retail-menus	SQL injection vulnerability in includes/mode-edit.php in the Simple Retail Menus (simple-retail-menus) plugin before 4.1 for WordPress allows remote authenticated editors to execute arbitrary SQL com…	CWE-89 SQL Injection	CVE-2014-5183	2024-11-21 11:11	2014-08-7	Show	GitHub Exploit DB Packet Storm

286130	-	ostenta	yawpp	Multiple SQL injection vulnerabilities in the yawpp plugin 1.2 for WordPress allow remote authenticated users with Contributor privileges to execute arbitrary SQL commands via vectors related to (1) …	CWE-89 SQL Injection	CVE-2014-5182	2024-11-21 11:11	2014-08-7	Show	GitHub Exploit DB Packet Storm