Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CVE
Urgent
Important
Warning
Warning
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
レベルソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":July 1, 2026, 6 p.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show
Exploit
PoC
Search
253011 10 危険 jquindlen - WordPress 用 wpStoreCart プラグインの php/upload.php における任意のコードを実行される脆弱性 CWE-264
認可・権限・アクセス制御
CVE-2012-3576 2012-06-19 16:51 2012-06-16 Show GitHub Exploit DB Packet Storm
253012 10 危険 RBX Gallery - WordPress 用 RBX Gallery プラグインの uploader.php における任意のコードを実行される脆弱性 CWE-264
認可・権限・アクセス制御
CVE-2012-3575 2012-06-19 16:50 2012-06-16 Show GitHub Exploit DB Packet Storm
253013 7.5 危険 MM Forms - WordPress 用 MM Forms Community プラグインにおける任意のコードを実行される脆弱性 CWE-Other
その他
CVE-2012-3574 2012-06-19 16:48 2012-06-16 Show GitHub Exploit DB Packet Storm
253014 9.3 危険 Devscripts Devel Team - devscripts の debdiff.pl における任意のコードを実行される脆弱性 CWE-20
不適切な入力確認
CVE-2012-0211 2012-06-19 16:40 2012-06-16 Show GitHub Exploit DB Packet Storm
253015 9.3 危険 Devscripts Devel Team - devscripts の debdiff.pl におけるシステムの情報を取得される脆弱性 CWE-20
不適切な入力確認
CVE-2012-0210 2012-06-19 16:34 2012-02-15 Show GitHub Exploit DB Packet Storm
253016 7.5 危険 Canonical - Ubuntu の Ubuntu One クライアントにおけるサーバになりすまされる脆弱性 CWE-20
不適切な入力確認
CVE-2011-4409 2012-06-19 16:32 2012-06-6 Show GitHub Exploit DB Packet Storm
253017 6.8 警告 Canonical - Ubuntu Single Sign On Client におけるサーバになりすまされる脆弱性 CWE-Other
その他
CVE-2011-4408 2012-06-19 16:29 2012-06-6 Show GitHub Exploit DB Packet Storm
253018 9.3 危険 ノキア - Qt の gui/image/qtiffhandler.cpp 内の TIFF リーダーにおけるバッファオーバーフローの脆弱性 CWE-119
バッファエラー
CVE-2011-3194 2012-06-19 16:25 2012-06-16 Show GitHub Exploit DB Packet Storm
253019 10 危険 Pango.org
ノキア
- Qt および Pango で使用される HarfBuzz モジュールにおけるヒープベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー
CVE-2011-3193 2012-06-19 16:23 2012-06-16 Show GitHub Exploit DB Packet Storm
253020 4.3 警告 My First HDML - SmallPICT におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2012-2638 2012-06-19 12:02 2012-06-19 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:July 1, 2026, 4:27 a.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
318161 7.5 HIGH
Network
zimaspace zimaos ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the ZimaOS API endpoint `http://<Zima_Server_IP:PORT>/v3/file?t… CWE-22
Path Traversal
CVE-2024-48931 2024-11-7 00:46 2024-10-25 Show GitHub Exploit DB Packet Storm
318162 9.8 CRITICAL
Network
lunary lunary A SQL injection vulnerability exists in the `/api/v1/external-users` route of lunary-ai/lunary version v1.4.2. The `order by` clause of the SQL query uses `sql.unsafe` without prior sanitization, all… CWE-89
SQL Injection
CVE-2024-7456 2024-11-7 00:45 2024-11-1 Show GitHub Exploit DB Packet Storm
318163 4.8 MEDIUM
Network
dublue table_of_contents_plus The Table of Contents Plus WordPress plugin through 2408 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Cross-Site Scripting atta… CWE-79
Cross-site Scripting
CVE-2024-5578 2024-11-7 00:44 2024-11-5 Show GitHub Exploit DB Packet Storm
318164 4.8 MEDIUM
Network
nsqua simply_schedule_appointments The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Notification settings, which could allow high … CWE-79
Cross-site Scripting
CVE-2024-7877 2024-11-7 00:42 2024-11-5 Show GitHub Exploit DB Packet Storm
318165 4.8 MEDIUM
Network
nsqua simply_schedule_appointments The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Appointment Type settings, which could allow h… CWE-79
Cross-site Scripting
CVE-2024-7876 2024-11-7 00:42 2024-11-5 Show GitHub Exploit DB Packet Storm
318166 - - - An Incorrect Access Control vulnerability was found in /admin/edit_room_controller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to edit the valid hotel room… - CVE-2024-42773 2024-11-7 00:35 2024-08-23 Show GitHub Exploit DB Packet Storm
318167 8.8 HIGH
Network
zohocorp manageengine_exchange_reporter_plus Zohocorp ManageEngine Exchange Reporter Plus versions 5718 and prior are vulnerable to authenticated SQL Injection in reports module. CWE-89
SQL Injection
CVE-2024-9459 2024-11-7 00:29 2024-11-5 Show GitHub Exploit DB Packet Storm
318168 7.5 HIGH
Network
zimaspace zimaos ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoints in ZimaOS, such as `http://<Server-IP>/v1/use… CWE-862
 Missing Authorization
CVE-2024-49357 2024-11-7 00:28 2024-10-25 Show GitHub Exploit DB Packet Storm
318169 7.5 HIGH
Network
zimaspace zimaos ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoint `http://<Zima_Server_IP:PORT>/v2_1/file` in Zi… CWE-22
Path Traversal
CVE-2024-49359 2024-11-7 00:27 2024-10-25 Show GitHub Exploit DB Packet Storm
318170 5.3 MEDIUM
Network
zimaspace zimaos ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoint `http://<Server-IP>/v1/users/login` in ZimaOS … CWE-203
 Information Exposure Through Discrepancy
CVE-2024-49358 2024-11-7 00:27 2024-10-25 Show GitHub Exploit DB Packet Storm