Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":May 9, 2026, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
242041	2.6	注意	constructr	-	Constructr CMS における重要な情報を取得される脆弱性	CWE-255 証明書・パスワード管理	CVE-2008-5847	2012-06-26 16:10	2009-01-5	Show	GitHub Exploit DB Packet Storm

242042	4.3	警告	fujitsu-siemens	-	Fujitsu-Siemens WebTrasactions におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-5842	2012-06-26 16:10	2009-01-5	Show	GitHub Exploit DB Packet Storm

242043	9.3	危険	foxmail	-	Foxmail におけるバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2008-5839	2012-06-26 16:10	2009-01-5	Show	GitHub Exploit DB Packet Storm

242044	7.5	危険	ephpscripts	-	E-Php Scripts E-Shop Shopping Cart Script における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-5838	2012-06-26 16:10	2009-01-5	Show	GitHub Exploit DB Packet Storm

242045	7.5	危険	edreamers	-	eDreamers eDNews の eDNews_view.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-5820	2012-06-26 16:10	2009-01-2	Show	GitHub Exploit DB Packet Storm

242046	6.8	警告	edreamers	-	eDreamers eDNews の eDNews_archive.php におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2008-5819	2012-06-26 16:10	2009-01-2	Show	GitHub Exploit DB Packet Storm

242047	6.8	警告	edreamers	-	eDreamers eDContainer の index.php におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2008-5818	2012-06-26 16:10	2009-01-2	Show	GitHub Exploit DB Packet Storm

242048	10	危険	fujitsu-siemens	-	Fujitsu-Siemens WebTransactions の WBPublish.exe における任意のコマンドを実行される脆弱性	CWE-20 不適切な入力確認	CVE-2008-5810	2012-06-26 16:10	2009-01-2	Show	GitHub Exploit DB Packet Storm

242049	7.5	危険	DeltaScripts	-	DeltaScripts PHP Classifieds の login.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-5806	2012-06-26 16:10	2008-12-31	Show	GitHub Exploit DB Packet Storm

242050	7.5	危険	DeltaScripts	-	DeltaScripts PHP Classifieds の detail.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-5805	2012-06-26 16:10	2008-12-31	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:May 9, 2026, 5:07 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
267991	7.5	HIGH Network	estrutura-basica_project	estrutura-basica	The estrutura-basica theme through 2015-09-13 for WordPress has directory traversal via the scripts/download.php arquivo parameter.	CWE-22 Path Traversal	CVE-2015-9473	2024-11-21 11:40	2019-10-11	Show	GitHub Exploit DB Packet Storm

267992	6.1	MEDIUM Network	monitorbacklinks	incoming_links	The incoming-links plugin before 0.9.10b for WordPress has referrers.php XSS via the Referer HTTP header.	CWE-79 Cross-site Scripting	CVE-2015-9472	2024-11-21 11:40	2019-10-11	Show	GitHub Exploit DB Packet Storm

267993	9.8	CRITICAL Network	digitalzoomstudio	zoomsounds	The dzs-zoomsounds plugin through 2.0 for WordPress has admin/upload.php arbitrary file upload.	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2015-9471	2024-11-21 11:40	2019-10-11	Show	GitHub Exploit DB Packet Storm

267994	7.5	HIGH Network	ionadas	history_collection	The history-collection plugin through 1.1.1 for WordPress has directory traversal via the download.php var parameter.	CWE-22 Path Traversal	CVE-2015-9470	2024-11-21 11:40	2019-10-11	Show	GitHub Exploit DB Packet Storm

267995	4.8	MEDIUM Network	cybercraftit	content-grabber	The content-grabber plugin 1.0 for WordPress has XSS via obj_field_name or obj_field_id.	CWE-79 Cross-site Scripting	CVE-2015-9469	2024-11-21 11:40	2019-10-11	Show	GitHub Exploit DB Packet Storm

267996	6.1	MEDIUM Network	k-78	broken_link_manager	The broken-link-manager plugin 0.4.5 for WordPress has XSS via the page parameter in a delURL action.	CWE-79 Cross-site Scripting	CVE-2015-9468	2024-11-21 11:40	2019-10-11	Show	GitHub Exploit DB Packet Storm

267997	9.8	CRITICAL Network	k-78	broken_link_manager	The broken-link-manager plugin before 0.5.0 for WordPress has wpslDelURL or wpslEditURL SQL injection via the url parameter.	CWE-89 SQL Injection	CVE-2015-9467	2024-11-21 11:40	2019-10-11	Show	GitHub Exploit DB Packet Storm

267998	9.8	CRITICAL Network	webtechideas	wti_like_post	The wti-like-post plugin before 1.4.3 for WordPress has WtiLikePostProcessVote SQL injection via the HTTP_CLIENT_IP, HTTP_X_FORWARDED_FOR, HTTP_X_FORWARDED, HTTP_FORWARDED_FOR, or HTTP_FORWARDED vari…	CWE-89 SQL Injection	CVE-2015-9466	2024-11-21 11:40	2019-10-11	Show	GitHub Exploit DB Packet Storm

267999	8.8	HIGH Network	yet_another_stars_rating_project	yet_another_stars_rating	The yet-another-stars-rating plugin before 0.9.1 for WordPress has yasr_get_multi_set_values_and_field SQL injection via the set_id parameter.	CWE-89 SQL Injection	CVE-2015-9465	2024-11-21 11:40	2019-10-11	Show	GitHub Exploit DB Packet Storm

268000	7.5	HIGH Network	s3bubble	s3bubble-amazon-s3-audio-streaming	The s3bubble-amazon-s3-audio-streaming plugin 2.0 for WordPress has directory traversal via the adverts/assets/plugins/ultimate/content/downloader.php path parameter.	CWE-22 Path Traversal	CVE-2015-9463	2024-11-21 11:40	2019-10-11	Show	GitHub Exploit DB Packet Storm