NVD Vulnerability Information Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

Update Date:Dec. 7, 2024, 4:06 a.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1 - -
- - Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. New - CVE-2024-54750 2024-12-7 01:15 2024-12-7 Show GitHub Exploit DB Packet Storm
2 - -
- - WAVLINK WN531P3 202383 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. New - CVE-2024-54747 2024-12-7 01:15 2024-12-7 Show GitHub Exploit DB Packet Storm
3 - -
- - WAVLINK WN701AE M01AE_V240305 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. New - CVE-2024-54745 2024-12-7 01:15 2024-12-7 Show GitHub Exploit DB Packet Storm
4 - -
- - liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A correctness error has been identified in the reference implementation of the HQC … New CWE-200
Information Exposure
CVE-2024-54137 2024-12-7 01:15 2024-12-7 Show GitHub Exploit DB Packet Storm
5 - -
- - ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 5.5.1 Revision 199 and below is vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/up… New CWE-502
 Deserialization of Untrusted Data
CVE-2024-54136 2024-12-7 01:15 2024-12-7 Show GitHub Exploit DB Packet Storm
6 - -
- - ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 2.0 to Version 5.5.1 Revision 199 are vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upl… New CWE-502
 Deserialization of Untrusted Data
CVE-2024-54135 2024-12-7 01:15 2024-12-7 Show GitHub Exploit DB Packet Storm
7 - -
- - A cross-site scripting (XSS) vulnerability in OroPlatform CMS v5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter. New - CVE-2024-50677 2024-12-7 01:15 2024-12-7 Show GitHub Exploit DB Packet Storm
8 - -
- - The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would cause the request to be sent to a completely different domain/IP a… New - CVE-2024-30129 2024-12-7 01:15 2024-12-7 Show GitHub Exploit DB Packet Storm
9 - -
- - Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines() method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reache… New - CVE-2024-12254 2024-12-7 01:15 2024-12-7 Show GitHub Exploit DB Packet Storm
10 - -
- - The Sticky Social Icons WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting a… New - CVE-2024-10551 2024-12-7 01:15 2024-12-6 Show GitHub Exploit DB Packet Storm
11 - -
- - The 3DPrint Lite WordPress plugin before 2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. New - CVE-2024-10480 2024-12-7 01:15 2024-12-6 Show GitHub Exploit DB Packet Storm
12 - -
- - phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database (ie postgreSQL) server's credential when connectio… New CWE-209
Information Exposure Through an Error Message
CVE-2024-54141 2024-12-7 00:15 2024-12-7 Show GitHub Exploit DB Packet Storm
13 - -
- - HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs. New - CVE-2024-42196 2024-12-7 00:15 2024-12-7 Show GitHub Exploit DB Packet Storm
14 5.3 MEDIUM
Network
- - A flaw was found in Rustls 0.23.13 and related APIs. This vulnerability allows denial of service (panic) via a fragmented TLS ClientHello message. New CWE-248
 Uncaught Exception
CVE-2024-11738 2024-12-7 00:15 2024-12-7 Show GitHub Exploit DB Packet Storm
15 - -
- - CyberPanel (aka Cyber Panel) before 6778ad1 does not require the FilemanagerAdmin capability for restartMySQL actions. New - CVE-2024-54679 2024-12-7 00:15 2024-12-5 Show GitHub Exploit DB Packet Storm
16 - -
- - Path Traversal vulnerability in NotFound ARForms allows Path Traversal.This issue affects ARForms: from n/a through 6.4.1. New CWE-35
 Path Traversal: '.../...//'
CVE-2024-54216 2024-12-6 23:15 2024-12-6 Show GitHub Exploit DB Packet Storm
17 - -
- - Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Revy allows Upload a Web Shell to a Web Server.This issue affects Revy: from n/a through 1.18. New CWE-434
 Unrestricted Upload of File with Dangerous Type 
CVE-2024-54214 2024-12-6 23:15 2024-12-6 Show GitHub Exploit DB Packet Storm
18 - -
- - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zionbuilder.io WordPress Page Builder – Zion Builder allows Stored XSS.This issue affects WordPre… New CWE-79
Cross-site Scripting
CVE-2024-54213 2024-12-6 23:15 2024-12-6 Show GitHub Exploit DB Packet Storm
19 - -
- - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For El… New CWE-79
Cross-site Scripting
CVE-2024-54212 2024-12-6 23:15 2024-12-6 Show GitHub Exploit DB Packet Storm
20 - -
- - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visualmodo Borderless allows Cross-Site Scripting (XSS).This issue affects Borderless: from n/a t… New CWE-79
Cross-site Scripting
CVE-2024-54211 2024-12-6 23:15 2024-12-6 Show GitHub Exploit DB Packet Storm
21 - -
- - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexShaper Advanced Element Bucket Addons for Elementor allows Stored XSS.This issue affects Adv… New CWE-79
Cross-site Scripting
CVE-2024-54210 2024-12-6 23:15 2024-12-6 Show GitHub Exploit DB Packet Storm
22 - -
- - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Awesome Shortcodes allows Reflected XSS.This issue affects Awesome Shortcodes: from n/a… New CWE-79
Cross-site Scripting
CVE-2024-54209 2024-12-6 23:15 2024-12-6 Show GitHub Exploit DB Packet Storm
23 - -
- - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joni Halabi Block Controller allows Reflected XSS.This issue affects Block Controller: from n/a t… New CWE-79
Cross-site Scripting
CVE-2024-54208 2024-12-6 23:15 2024-12-6 Show GitHub Exploit DB Packet Storm
24 - -
- - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Owen Cutajar & Hyder Jaffari WordPress Auction Plugin allows Stored XSS.This issue affects WordPr… New CWE-79
Cross-site Scripting
CVE-2024-54207 2024-12-6 23:15 2024-12-6 Show GitHub Exploit DB Packet Storm
25 - -
- - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in URBAN BASE Z-Downloads allows Stored XSS.This issue affects Z-Downloads: from n/a through 1.11.7. New CWE-79
Cross-site Scripting
CVE-2024-54206 2024-12-6 23:15 2024-12-6 Show GitHub Exploit DB Packet Storm
26 - -
- - Cross-Site Request Forgery (CSRF) vulnerability in Paloma Paloma Widget allows Cross Site Request Forgery.This issue affects Paloma Widget: from n/a through 1.14. New CWE-352
 Origin Validation Error
CVE-2024-54205 2024-12-6 23:15 2024-12-6 Show GitHub Exploit DB Packet Storm
27 - -
- - Missing Authorization vulnerability in WPSight WPCasa allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPCasa: from n/a through 1.2.13. New - CVE-2024-53826 2024-12-6 23:15 2024-12-6 Show GitHub Exploit DB Packet Storm
28 - -
- - Missing Authorization vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through 6.3.2. New CWE-862
 Missing Authorization
CVE-2024-53825 2024-12-6 23:15 2024-12-6 Show GitHub Exploit DB Packet Storm
29 - -
- - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AREOI All Bootstrap Blocks allows PHP Local File Inclusion.This issue affects … New - CVE-2024-53824 2024-12-6 23:15 2024-12-6 Show GitHub Exploit DB Packet Storm
30 - -
- - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows DOM-Based XSS.This issue affects … New CWE-79
Cross-site Scripting
CVE-2024-53823 2024-12-6 23:15 2024-12-6 Show GitHub Exploit DB Packet Storm
31 - -
- - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Pie Register Premium allows Reflected XSS.This issue affects Pie Register Premium: from … New CWE-79
Cross-site Scripting
CVE-2024-53821 2024-12-6 23:15 2024-12-6 Show GitHub Exploit DB Packet Storm
32 - -
- - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Captivate Audio Ltd Captivate Sync allows Stored XSS.This issue affects Captivate Sync: from n/a … New CWE-79
Cross-site Scripting
CVE-2024-53820 2024-12-6 23:15 2024-12-6 Show GitHub Exploit DB Packet Storm
33 - -
- - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Acowebs Product Labels For Woocommerce allows Blind SQL Injection.This issue affects Product Labe… New CWE-89
SQL Injection
CVE-2024-53817 2024-12-6 23:15 2024-12-6 Show GitHub Exploit DB Packet Storm
34 - -
- - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Blind SQL Injection.This issue affects Pinpoint Boo… New - CVE-2024-53815 2024-12-6 23:15 2024-12-6 Show GitHub Exploit DB Packet Storm
35 - -
- - Missing Authorization vulnerability in WP Travel WP Travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through 9.6.0. New CWE-862
 Missing Authorization
CVE-2024-53813 2024-12-6 23:15 2024-12-6 Show GitHub Exploit DB Packet Storm
36 - -
- - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jacques Malgrange WP GeoNames allows Reflected XSS.This issue affects WP GeoNames: from n/a throu… New CWE-79
Cross-site Scripting
CVE-2024-53812 2024-12-6 23:15 2024-12-6 Show GitHub Exploit DB Packet Storm
37 - -
- - Unrestricted Upload of File with Dangerous Type vulnerability in POSIMYTH WDesignkit allows Upload a Web Shell to a Web Server.This issue affects WDesignkit: from n/a through 1.0.40. New CWE-434
 Unrestricted Upload of File with Dangerous Type 
CVE-2024-53811 2024-12-6 23:15 2024-12-6 Show GitHub Exploit DB Packet Storm
38 - -
- - Missing Authorization vulnerability in Najeeb Ahmad Simple User Registration allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Simple User Registration: from n/a thro… New - CVE-2024-53810 2024-12-6 23:15 2024-12-6 Show GitHub Exploit DB Packet Storm
39 - -
- - Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Namaste! LMS allows Cross Site Request Forgery.This issue affects Namaste! LMS: from n/a through 2.6.4.1. New CWE-352
 Origin Validation Error
CVE-2024-53809 2024-12-6 23:15 2024-12-6 Show GitHub Exploit DB Packet Storm
40 - -
- - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms – Ultimate Form Builder allows SQL Injection.This issue affects NEX-Forms – Ultim… New CWE-89
SQL Injection
CVE-2024-53808 2024-12-6 23:15 2024-12-6 Show GitHub Exploit DB Packet Storm
41 - -
- - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in brandtoss WP Mailster allows Blind SQL Injection.This issue affects WP Mailster: from n/a through… New CWE-89
SQL Injection
CVE-2024-53807 2024-12-6 23:15 2024-12-6 Show GitHub Exploit DB Packet Storm
42 - -
- - Missing Authorization vulnerability in WpMaspik Maspik – Spam blacklist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Maspik – Spam blacklist: from n/a th… New CWE-862
 Missing Authorization
CVE-2024-53806 2024-12-6 23:15 2024-12-6 Show GitHub Exploit DB Packet Storm
43 - -
- - Missing Authorization vulnerability in brandtoss WP Mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through 1.8.16.0. New - CVE-2024-53805 2024-12-6 23:15 2024-12-6 Show GitHub Exploit DB Packet Storm
44 - -
- - Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through 1.8.16.0. New - CVE-2024-53804 2024-12-6 23:15 2024-12-6 Show GitHub Exploit DB Packet Storm
45 - -
- - Missing Authorization vulnerability in brandtoss WP Mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through 1.8.16.0. New CWE-862
 Missing Authorization
CVE-2024-53803 2024-12-6 23:15 2024-12-6 Show GitHub Exploit DB Packet Storm
46 - -
- - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FuturioWP Futurio Extra allows Stored XSS.This issue affects Futurio Extra: from n/a through 2.0.… New CWE-79
Cross-site Scripting
CVE-2024-53802 2024-12-6 23:15 2024-12-6 Show GitHub Exploit DB Packet Storm
47 - -
- - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a thr… New CWE-79
Cross-site Scripting
CVE-2024-53801 2024-12-6 23:15 2024-12-6 Show GitHub Exploit DB Packet Storm
48 - -
- - Missing Authorization vulnerability in BAKKBONE Australia FloristPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FloristPress: from n/a through 7.3.0. New CWE-862
 Missing Authorization
CVE-2024-53799 2024-12-6 23:15 2024-12-6 Show GitHub Exploit DB Packet Storm
49 - -
- - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder allows Stored XSS.This issue affects Beaver Builder: from … New CWE-79
Cross-site Scripting
CVE-2024-53797 2024-12-6 23:15 2024-12-6 Show GitHub Exploit DB Packet Storm
50 - -
- - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesflat Themesflat Addons For Elementor allows DOM-Based XSS.This issue affects Themesflat Add… New CWE-79
Cross-site Scripting
CVE-2024-53796 2024-12-6 23:15 2024-12-6 Show GitHub Exploit DB Packet Storm