Security assessment and information provision

This site provides information on security and offers web audit tools.

Annoucement Show List

NVD Vulnerability Information NVD Vulnerability Search Top

Update Date":Jan. 15, 2025, 4:11 a.m.

No	CVSS	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date
1	-	-	-	An access control issue in the component /api/squareComment/DelectSquareById of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive information. New	-	CVE-2025-22984	2025-01-15 01:15	2025-01-15
2	-	-	-	An access control issue in the component /square/getAllSquare/circle of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive information. New	-	CVE-2025-22983	2025-01-15 01:15	2025-01-15
3	-	-	-	A vulnerability has been found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0 and classified as problematic. This vulnerability affects unknown code of the file /crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1&related_module=Singin… New	CWE-22 Path Traversal	CVE-2025-0461	2025-01-15 01:15	2025-01-15
4	-	-	-	A vulnerability, which was classified as critical, was found in Blog Botz for Journal Theme 1.0 on OpenCart. This affects an unknown part of the file /index.php?route=extension/module/blog_add. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attac… New	CWE-284 CWE-434 Improper Access Control Unrestricted Upload of File with Dangerous Type	CVE-2025-0460	2025-01-15 01:15	2025-01-15
5	-	-	-	A vulnerability, which was classified as problematic, has been found in libretro RetroArch up to 1.19.1 on Windows. Affected by this issue is some unknown functionality in the library profapi.dll of the component Startup. The manipulation leads to untrusted search path. An attack has to be approach… New	CWE-426 Untrusted Search Path	CVE-2025-0459	2025-01-15 01:15	2025-01-15
6	-	-	-	A vulnerability classified as problematic was found in Virtual Computer Vysual RH Solution 2024.12.1. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login Panel. The manipulation of the argument page leads to cross site scripting. The attack can b… New	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2025-0458	2025-01-15 01:15	2025-01-15
7	-	-	-	Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore™ for Intel Kaby Lake, Phoenix SecureCore™ for Intel Coffee Lake, Phoenix SecureCore™ for Intel Comet Lake, Phoenix SecureCore™ for Intel Ice Lake allows Input Data Manipulation.This issue affects SecureCore™ fo… New	-	CVE-2024-29980	2025-01-15 01:15	2025-01-15
8	-	-	-	Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCore™ for Intel Kaby Lake, Phoenix SecureCore™ for Intel Coffee Lake, Phoenix SecureCore™ for Intel Comet Lake, Phoenix SecureCore™ for Intel Ice Lake allows Input Data Manipulation.This issue affects SecureCore™ fo… New	-	CVE-2024-29979	2025-01-15 01:15	2025-01-15
9	-	-	-	A buffer overflow vulnerability exists in the adm.cgi set_sys_adm() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability. New	-	CVE-2024-39774	2025-01-15 01:15	2025-01-15
10	-	-	-	An information disclosure vulnerability exists in the testsave.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. New	-	CVE-2024-39773	2025-01-15 01:15	2025-01-15

JVN Vulnerability Information JVN Vulnerability Search Top

Update Date:Jan. 15, 2025, 6:03 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date
1	5.5	警告 Local	マイクロソフト	Azure Identity Library	.NET 用 Azure Identity ライブラリの情報漏えいの脆弱性 New	CWE-522 CWE-noinfo	CVE-2024-29992	2025-01-15 17:54	2024-04-9
2	5.5	警告 Local	Linux	Linux Kernel	Linux の Linux Kernel におけるリソースのロックに関する脆弱性 New	CWE-667 不適切なロック	CVE-2024-26873	2025-01-15 17:49	2024-01-24
3	7.8	重要 Local	Linux Debian	Linux Kernel Debian GNU/Linux	Linux の Linux Kernel 等複数ベンダの製品における二重解放に関する脆弱性 New	CWE-415 二重解放	CVE-2023-52691	2025-01-15 17:47	2023-12-14
4	7.8	重要 Local	Linux Debian	Linux Kernel Debian GNU/Linux	Linux の Linux Kernel 等複数ベンダの製品における二重解放に関する脆弱性 New	CWE-415 二重解放	CVE-2023-52679	2025-01-15 17:44	2023-12-29
5	7.8	重要 Local	マイクロソフト	Microsoft Windows Server 2016 Microsoft Windows Server 2012 Microsoft Windows Server 2019 Microsoft Windows Server 2022 Microso…	Windows Telephony Server の特権の昇格の脆弱性 New	CWE-416 CWE-noinfo	CVE-2024-26230	2025-01-15 17:41	2024-04-9
6	5.5	警告 Local	Linux	Linux Kernel	Linux の Linux Kernel における脆弱性 New	CWE-noinfo 情報不足	CVE-2023-52476	2025-01-15 17:41	2023-10-8
7	5.5	警告 Local	Linux	Linux Kernel	Linux の Linux Kernel におけるリソースのロックに関する脆弱性 New	CWE-667 不適切なロック	CVE-2021-47349	2025-01-15 17:39	2021-06-11
8	6.6	警告 Network	マイクロソフト	Microsoft Windows Server 2019 Microsoft Windows Server 2016 Microsoft Windows Server 2022	Windows DNS サーバーのリモートでコードが実行される脆弱性 New	CWE-416 CWE-noinfo	CVE-2024-26224	2025-01-15 17:39	2024-04-9
9	7.4	重要 Local	マイクロソフト	Microsoft Windows Server 2016 Microsoft Windows Server 2012 Microsoft Windows Server 2019 Microsoft Windows Server 2022 Microso…	セキュアブートのセキュリティ機能のバイパスの脆弱性 New	CWE-347 CWE-noinfo	CVE-2024-26194	2025-01-15 17:37	2024-04-9
10	5.5	警告 Local	Linux	Linux Kernel	Linux の Linux Kernel における脆弱性 New	CWE-noinfo 情報不足	CVE-2021-47047	2025-01-15 17:37	2021-04-16

Version update history excerpt Go To Version Update History

Target Period : 2025-01-08 〜 2025-01-15

No	Name	Genre	Version	Release date	Security Fix	Release Information
1	New!! Django5.0	framework	5.0.11	2025-01-14	Unknown	Show
2	New!! Django4.2 LTS	framework	4.2.18	2025-01-14	Yes	Show
3	New!! docker engine 27	virtual	27.5	2025-01-13	Unknown	Show
4	New!! Tailwind 1	framework	4.0.0-beta.9	2025-01-9	Unknown	Show
5	New!! UIkit 3	framework	3.22.0	2025-01-9	Unknown	Show
6	New!! Linux Kernel 5.10（LTS）	os	5.10.233	2025-01-9	Unknown	Show
7	New!! Linux Kernel 5.4（LTS）	os	5.4.289	2025-01-9	Unknown	Show
8	New!! Linux Kernel 5.15（LTS）	os	5.15.176	2025-01-9	Unknown	Show

Support Expiration Date Go to Support Expiration Information

Target Period : 2024-12-01 〜 2025-04-30

No	Name	Normal Support	Security Support	Extended Support
1	Linux Kernel 4.19（LTS）	2024-12-31
2	Symfony 7.1	2025-01-31
3	Ruby 3.1	2025-03-31
4	Node.js 18 (LTS)	2023-10-18	2025-04-30
5	Django5.0	2022-08-31		2025-04-30

Excerpts from security information sites updated in the past two days Go to the Provide Information Site

2025-1-15 JST

media_news

No	Name	URL	Excerpt Of Changes	Tag
1	Bleeping Computer®	https://www.bleepingcomputer.com/	Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws,FBI wipes Chinese PlugX malware from over 4,000 US computers,Fortinet warns of auth bypass zero-day exploited to hijack firewalls,Hack ...	English News Foreign Country Information Provision
2	Dark Reading	https://www.darkreading.com/	A white device with the word Fortinet written on it against a red background,Threat Intelligence,Zero-Day Security Bug Likely Fueling Fortinet Firewall Attacks,Zero-Day Bug Likely Fueling Fortinet Fir ...	English News Foreign Country Information Provision
3	HELPNETSECURITY	https://www.helpnetsecurity.com/	Microsoft fixes actively exploited Windows Hyper-V zero-day flaws,January 14, 2025,Fortinet fixes FortiOS zero-day exploited by attackers for months (CVE-2024-55591),January 14, 2025,Malicious actors’ ...	English News Foreign Country Information Provision
4	Security Intelligence	https://securityintelligence.com/	January 14, 2025,Why do software vendors have such deep access into customer systems?,4,min read,-,To the naked eye, organizations are independent entities trying to make their individual mark on the ...	English News Foreign Country Information Provision
5	SensorsTechForum.com	https://sensorstechforum.com/	HOW TO,Darkadventurer Ransomware [read_it.txt] – Removal & Recovery,Darkadventurer Ransomware Have your files been locked by the Darkadventurer Ransomware virus? The .NBA Virus Files encrypt your info ...	English News Foreign Country Information Provision Malware and ransomware support
6	TechNadu.com	https://www.technadu.com/	Microsoft Moves to Court to Curb Azure OpenAI Abuse by Cybercriminals,Published,Hacker Kiberphant0m is Suspected of Also Orchestrating the BSNL India Cyber Attack,Published,Until Dawn film’s First Loo ...	English News Foreign Country Information Provision
7	www.scmagazine.com	https://www.scmagazine.com/	New bug can bypass macOS SIP security. (Adobe Stock),New bug lets attackers bypass macOS system integrity protection,Steve,Zurier,January 14, 2025,Security pros call any bypass of SIP security signifi ...	English News Foreign Country Information Provision
8	www.securityweek.com	https://www.securityweek.com/	Adobe: Critical Code Execution Flaws in Photoshop,Patch Tuesday: Adobe ships patches for more than a dozen security defects in a wide range of software products.,Microsoft Patches Trio of Exploited Wi ...	English News Foreign Country Information Provision

security_company

No	Image	Name	URL	Excerpt Of Changes	Tag
1		Compass Security	https://www.compass-security.com/	Hitchhiker’s Guide to Managed Security,14.01.2025,Over the past few years, we have had the opportunity to conduct several Purple Teaming exercises together with our customers.,Particularly after…,Read ...	English Web Audit Company CTF Education Incident Response Forensic E-Learning
2		Qualys, Inc	https://www.qualys.com/	January, 2025,21,Webinar,Simplify Security with Qualys Cloud Agent Deployment Using Qualys Scanner,Blog Posts,January 14, 2025,Microsoft Patch Tuesday, January 2025 Security Update Review	English Web Audit Network Audit Tools Company Consulting Endpoint Detection and Response(EDR) E-Learning Automatic Audit tools Cloud Security Support for PCIDSS Cloud Infra Security

tool

No	Image	Name	URL	Excerpt Of Changes	Tag
1		DefenseCode ThunderScan	https://github.com/marketplace/actions/defensecode-thunderscan-action	DefenseCode ThunderScan Action,Actions,Source code scanning for vulnerabilities using DefenseCode ThunderScan SAST solution,v1.0,Latest,By,Verified creator,Star,42,(,42,),You must be signed in to star ...	English Tools Source Code Audit Automatic Audit tools

blog

No	Image	Name	URL	Excerpt Of Changes	Tag
1		Compass Security Blog	https://blog.compass-security.com/	Hitchhiker’s Guide to Managed Security,January 14, 2025,/,Felix Aeppli,/,0 Comments,Over the past few years, we have had the opportunity to conduct several Purple Teaming exercises together with our c ...	English Foreign Country Company Blog Information Provision
2		Whitehat Security Blog	https://www.whitehatsec.com/blog/	BSIMM15: New focus on securing AI and the software supply chain,By,Black Duck Editorial Staff,Jan 14, 2025,/,5 min read,Tags:,Program Strategy & Planning,,,Awareness,,,Manage Security Risks,BSIMM15: N ...	English Foreign Country Blog Information Provision

organization

No	Image	Name	URL	Excerpt Of Changes	Tag
1		Center for Internet Security	https://www.cisecurity.org/	From The Blog 01.14.2025,CIS Benchmarks January 2025 Update,Advisory,01.14.2025,Multiple Vulnerabilities in Ivanti Avalanche Could Allow for Authentication Bypass,Read More,Advisory,01.14.2025,Critica ...	English Foreign Country Organization Information Provision

vulnerability_notification_site

No	Image	Name	URL	Excerpt Of Changes	Tag
1		Packet Storm	https://packetstormsecurity.com/	Fortinet Warns of Auth Bypass Zero Day Exploited to Hijack Firewalls,Posted:,2025/01/14,Source:,Bleeping Computer,Tag(s):,Flaw,,,Hacker,,,Headline,,,0 Day,Malicious WordPress Database Entry, Widget St ...	English News Tools Foreign Country Hacking Exploit
2		VULNERABILITY LAB	https://www.vulnerability-lab.com/	15.01.2025,22333,13658,24215,14611,14813,14965,13740,20917,19889,19418,29037,33312,10756,21482,19747,15835,15277,24268,20523,18425,21320,21954,18033,17681,15809,15426,19216,24351,22116,56716,31153,317 ...	English News Windows Linux/Unix Mac OS Information Provision Android iOS Exploit

2025-1-14 JST

media_news

No	Image	Name	URL	Excerpt Of Changes	Tag
1		Cybersecurity News	https://securityonline.info/	January 13, 2025,Technique,Opportunities and Challenges of Leveraging AI in Software Development,do son,January 13, 2025,Vulnerability,New macOS Exploit Revealed: PoC for CVE-2024-54498 Breaks Sandbox ...	English News Foreign Country Information Provision

security_company

No	Image	Name	URL	Excerpt Of Changes	Tag
1		Hakin9.org	https://hakin9.org/	Unveiling the US Treasury Cyberattack: A Silent Threat to National Security,As the holiday season unfolded in late December 2024, the U.S. Treasury Department became the unexpected focal point of a …, ...	English Foreign Country Company Hacking Education Blog E-Learning

organization

No	Image	Name	URL	Excerpt Of Changes	Tag
1		MISP Threat Sharing	https://www.misp-project.org/	MISP 2.4.204 and 2.5.6 released including new features, performance improvements and many other improvements.,on January 13, 2025,Combined Release Notes: MISP v2.5.6 & v2.4.204 (2025-01-03),The MISP t ...	English Foreign Country Organization Incident Response Open Source Data management and protection Monitoring Threat Intelligence MISP

firewall

No	Image	Name	URL	Excerpt Of Changes	Tag
1		glasswire	https://www.glasswire.com/	Over 44 million downloads!,Version 3.4.768, 81.9MB,Over 44 million downloads!,Version 3.4.768, 81.9MB,© 2025 GlassWire	English Tools