NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:Dec. 27, 2024, 4:04 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1	-	-	-	-	Dell ECS, versions prior to 3.8.1.3 contains an arithmetic overflow vulnerability exists in retention period handling of ECS. An authenticated user with bucket or object-level access and the necessar… New	CWE-190 Integer Overflow or Wraparound	CVE-2024-51540	2024-12-27 01:15	2024-12-27	Show	GitHub Exploit DB Packet Storm

2	-	-	-	-	A vulnerability classified as critical was found in 1000 Projects Portfolio Management System MCA 1.0. This vulnerability affects unknown code of the file /update_personal_details.php. The manipulati… New	CWE-89 CWE-74 SQL Injection Injection	CVE-2024-12959	2024-12-27 01:15	2024-12-27	Show	GitHub Exploit DB Packet Storm

3	-	-	-	-	A vulnerability classified as critical has been found in 1000 Projects Portfolio Management System MCA 1.0. This affects an unknown part of the file /update_pro_details.php. The manipulation of the a… New	CWE-89 CWE-74 SQL Injection Injection	CVE-2024-12958	2024-12-27 01:15	2024-12-27	Show	GitHub Exploit DB Packet Storm

4	-	-	-	-	Delinea addressed a reported case on Secret Server v11.7.31 (protocol handler version 6.0.3.26) where, within the protocol handler function, URI's were compared before normalization and canonicalizat… New	-	CVE-2024-12908	2024-12-27 01:15	2024-12-27	Show	GitHub Exploit DB Packet Storm

5	-	-	-	-	A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. This issue affects some unknown processing of the file /add_achievement_details.php. The man… New	-	CVE-2024-12956	2024-12-27 01:15	2024-12-27	Show	GitHub Exploit DB Packet Storm

6	-	-	-	-	A vulnerability has been found in PHPGurukul Blood Bank & Donor Management System 2.4 and classified as problematic. This vulnerability affects unknown code of the file /logout.php. The manipulation … New	-	CVE-2024-12955	2024-12-27 01:15	2024-12-27	Show	GitHub Exploit DB Packet Storm

7	-	-	-	-	A vulnerability, which was classified as critical, was found in 1000 Projects Portfolio Management System MCA 1.0. This affects an unknown part of the file /update_ach.php. The manipulation of the ar… New	-	CVE-2024-12954	2024-12-27 01:15	2024-12-26	Show	GitHub Exploit DB Packet Storm

8	-	-	-	-	A vulnerability, which was classified as critical, has been found in 1000 Projects Portfolio Management System MCA 1.0. Affected by this issue is some unknown functionality of the file /update_pd_pro… New	-	CVE-2024-12953	2024-12-27 01:15	2024-12-26	Show	GitHub Exploit DB Packet Storm

9	-	-	-	-	A vulnerability classified as critical was found in melMass comfy_mtb up to 0.1.4. Affected by this vulnerability is the function run_command of the file comfy_mtb/endpoint.py of the component Depend… New	-	CVE-2024-12952	2024-12-27 01:15	2024-12-26	Show	GitHub Exploit DB Packet Storm

10	-	-	-	-	A vulnerability classified as critical has been found in 1000 Projects Portfolio Management System MCA 1.0. Affected is an unknown function of the file /add_personal_details.php. The manipulation of … New	-	CVE-2024-12951	2024-12-27 01:15	2024-12-26	Show	GitHub Exploit DB Packet Storm

11	-	-	-	-	A SQL injection in the Amazon Redshift ODBC Driver v2.1.5.0 (Windows or Linux) allows a user to gain escalated privileges via the SQLTables or SQLColumns Metadata APIs. Users are recommended to upgra… New	-	CVE-2024-12746	2024-12-27 00:15	2024-12-25	Show	GitHub Exploit DB Packet Storm

12	-	-	-	-	A SQL injection in the Amazon Redshift Python Connector v2.1.4 allows a user to gain escalated privileges via the get_schemas, get_tables, or get_columns Metadata APIs. Users are recommended to upgra… New	-	CVE-2024-12745	2024-12-27 00:15	2024-12-25	Show	GitHub Exploit DB Packet Storm

13	-	-	-	-	A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driv… New	-	CVE-2024-12744	2024-12-27 00:15	2024-12-25	Show	GitHub Exploit DB Packet Storm

14	-	-	-	-	Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. New	-	CVE-2024-47150	2024-12-26 22:15	2024-12-26	Show	GitHub Exploit DB Packet Storm

15	-	-	-	-	Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. New	-	CVE-2024-47149	2024-12-26 22:15	2024-12-26	Show	GitHub Exploit DB Packet Storm

16	-	-	-	-	Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. New	-	CVE-2024-8994	2024-12-26 21:15	2024-12-26	Show	GitHub Exploit DB Packet Storm

17	-	-	-	-	Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. New	-	CVE-2024-8993	2024-12-26 21:15	2024-12-26	Show	GitHub Exploit DB Packet Storm

18	-	-	-	-	Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. New	-	CVE-2024-8992	2024-12-26 21:15	2024-12-26	Show	GitHub Exploit DB Packet Storm

19	-	-	-	-	Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. New	-	CVE-2024-47157	2024-12-26 21:15	2024-12-26	Show	GitHub Exploit DB Packet Storm

20	-	-	-	-	Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. New	-	CVE-2024-47155	2024-12-26 21:15	2024-12-26	Show	GitHub Exploit DB Packet Storm

21	-	-	-	-	Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. New	-	CVE-2024-47154	2024-12-26 21:15	2024-12-26	Show	GitHub Exploit DB Packet Storm

22	-	-	-	-	Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. New	-	CVE-2024-47153	2024-12-26 21:15	2024-12-26	Show	GitHub Exploit DB Packet Storm

23	-	-	-	-	Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. New	-	CVE-2024-47148	2024-12-26 21:15	2024-12-26	Show	GitHub Exploit DB Packet Storm

24	-	-	-	-	A vulnerability was found in code-projects Travel Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /subcat.php. The manipulation of the arg… New	CWE-89 CWE-74 SQL Injection Injection	CVE-2024-12950	2024-12-26 21:15	2024-12-26	Show	GitHub Exploit DB Packet Storm

25	-	-	-	-	A vulnerability was found in code-projects Travel Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /package.php. The manipulation of the ar… New	CWE-89 CWE-74 SQL Injection Injection	CVE-2024-12949	2024-12-26 21:15	2024-12-26	Show	GitHub Exploit DB Packet Storm

26	-	-	-	-	Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. New	-	CVE-2024-47156	2024-12-26 20:15	2024-12-26	Show	GitHub Exploit DB Packet Storm

27	-	-	-	-	Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution New	-	CVE-2024-47151	2024-12-26 20:15	2024-12-26	Show	GitHub Exploit DB Packet Storm

28	-	-	-	-	A vulnerability was found in code-projects Travel Management System 1.0. It has been classified as critical. This affects an unknown part of the file /detail.php. The manipulation of the argument pid… New	CWE-89 CWE-74 SQL Injection Injection	CVE-2024-12948	2024-12-26 20:15	2024-12-26	Show	GitHub Exploit DB Packet Storm

29	-	-	-	-	A vulnerability was found in Codezips Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /invo.php. The manipulation of the ar… New	CWE-89 CWE-74 SQL Injection Injection	CVE-2024-12947	2024-12-26 20:15	2024-12-26	Show	GitHub Exploit DB Packet Storm

30	-	-	-	-	A vulnerability, which was classified as critical, has been found in 1000 Projects Attendance Tracking Management System 1.0. This issue affects some unknown processing of the file /admin/admin_actio… New	CWE-89 CWE-74 SQL Injection Injection	CVE-2024-12946	2024-12-26 19:15	2024-12-26	Show	GitHub Exploit DB Packet Storm

31	-	-	-	-	A vulnerability classified as critical was found in code-projects Simple Car Rental System 1.0. This vulnerability affects unknown code of the file /account.php. The manipulation of the argument emai… New	CWE-89 CWE-74 SQL Injection Injection	CVE-2024-12945	2024-12-26 19:15	2024-12-26	Show	GitHub Exploit DB Packet Storm

32	-	-	-	-	shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of u… New	-	CVE-2024-56433	2024-12-26 18:15	2024-12-26	Show	GitHub Exploit DB Packet Storm

33	-	-	-	-	A vulnerability was found in CodeAstro House Rental Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /signin.php. The manipulatio… New	CWE-89 CWE-74 SQL Injection Injection	CVE-2024-12944	2024-12-26 18:15	2024-12-26	Show	GitHub Exploit DB Packet Storm

34	-	-	-	-	A vulnerability was found in CodeAstro House Rental Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ownersignup.php. T… New	CWE-89 CWE-74 SQL Injection Injection	CVE-2024-12943	2024-12-26 18:15	2024-12-26	Show	GitHub Exploit DB Packet Storm

35	-	-	-	-	Huawei Home Music System has a path traversal vulnerability. Successful exploitation of this vulnerability may cause the music host file to be deleted or the file permission to be changed.(Vulnerabil… New	-	CVE-2023-7300	2024-12-26 18:15	2024-12-26	Show	GitHub Exploit DB Packet Storm

36	-	-	-	-	A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/admin_login.php. The manipulatio… New	CWE-89 CWE-74 SQL Injection Injection	CVE-2024-12942	2024-12-26 17:15	2024-12-26	Show	GitHub Exploit DB Packet Storm

37	-	-	-	-	A vulnerability was found in CodeAstro Blood Donor Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages/deletedannounce.php. The manipulatio… New	CWE-89 CWE-74 SQL Injection Injection	CVE-2024-12941	2024-12-26 17:15	2024-12-26	Show	GitHub Exploit DB Packet Storm

38	-	-	-	-	A vulnerability has been found in 1000 Projects Attendance Tracking Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/student_action.php. Th… New	CWE-89 CWE-74 SQL Injection Injection	CVE-2024-12940	2024-12-26 16:15	2024-12-26	Show	GitHub Exploit DB Packet Storm

39	-	-	-	-	A vulnerability was found in code-projects Job Recruitment 1.0. It has been rated as critical. This issue affects the function add_edu of the file /_parse/_all_edits.php. The manipulation of the argu… New	CWE-89 CWE-74 SQL Injection Injection	CVE-2024-12939	2024-12-26 16:15	2024-12-26	Show	GitHub Exploit DB Packet Storm

40	-	-	-	-	A vulnerability has been found in code-projects Simple Admin Panel 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file updateOrderStatus.php. The ma… New	CWE-89 CWE-74 SQL Injection Injection	CVE-2024-12938	2024-12-26 15:15	2024-12-26	Show	GitHub Exploit DB Packet Storm

41	-	-	-	-	A vulnerability, which was classified as critical, was found in code-projects Simple Admin Panel 1.0. Affected is an unknown function of the file addVariationController.php. The manipulation of the a… New	CWE-89 CWE-74 SQL Injection Injection	CVE-2024-12937	2024-12-26 15:15	2024-12-26	Show	GitHub Exploit DB Packet Storm

42	-	-	-	-	The WPForms WordPress plugin before 1.9.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks eve… New	-	CVE-2024-11223	2024-12-26 15:15	2024-12-26	Show	GitHub Exploit DB Packet Storm

43	-	-	-	-	The Broken Link Checker WordPress plugin before 2.4.2 does not validate a the link URLs before making a request to them, which could allow admin users to perform SSRF attack, for example on a multisi… New	-	CVE-2024-10903	2024-12-26 15:15	2024-12-26	Show	GitHub Exploit DB Packet Storm

44	-	-	-	-	An integer underflow was discovered in Fort 1.6.3 and 1.6.4 before 1.6.5. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a Manifest RPKI object … Update	-	CVE-2024-56375	2024-12-26 15:15	2024-12-23	Show	GitHub Exploit DB Packet Storm

45	-	-	-	-	A vulnerability, which was classified as critical, has been found in code-projects Simple Admin Panel 1.0. This issue affects some unknown processing of the file catDeleteController.php. The manipula… New	CWE-89 CWE-74 SQL Injection Injection	CVE-2024-12936	2024-12-26 14:15	2024-12-26	Show	GitHub Exploit DB Packet Storm

46	-	-	-	-	A vulnerability classified as critical was found in code-projects Simple Admin Panel 1.0. This vulnerability affects unknown code of the file editItemForm.php. The manipulation of the argument record… New	CWE-89 CWE-74 SQL Injection Injection	CVE-2024-12935	2024-12-26 14:15	2024-12-26	Show	GitHub Exploit DB Packet Storm

47	-	-	-	-	A vulnerability classified as critical has been found in code-projects Simple Admin Panel 1.0. This affects an unknown part of the file updateItemController.php. The manipulation of the argument p_de… New	CWE-89 CWE-74 SQL Injection Injection	CVE-2024-12934	2024-12-26 13:15	2024-12-26	Show	GitHub Exploit DB Packet Storm

48	-	-	-	-	A vulnerability was found in code-projects Simple Admin Panel 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file updateItemController.php. The man… New	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2024-12933	2024-12-26 13:15	2024-12-26	Show	GitHub Exploit DB Packet Storm

49	-	-	-	-	A Improper Control of Generation of Code ('Code Injection') vulnerability in groovy script function in SmartRobot's Conversational AI Platform before v7.2.0 allows remote authenticated users to perfo… New	-	CVE-2024-12652	2024-12-26 13:15	2024-12-26	Show	GitHub Exploit DB Packet Storm

50	-	-	-	-	A vulnerability was found in code-projects Simple Admin Panel 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file addSizeController.php. T… New	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2024-12932	2024-12-26 12:15	2024-12-26	Show	GitHub Exploit DB Packet Storm