NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:Jan. 9, 2025, 4:56 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
551	-	-	-	-	The Email Subscribers by Icegram Express WordPress plugin before 5.7.44 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks New	-	CVE-2024-12311	2025-01-6 23:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

552	-	-	-	-	The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its Campaign settings, which could allow authors and above to perform Stored Cross-Site Scripting attacks New	-	CVE-2024-12302	2025-01-6 23:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

553	-	-	-	-	The Pods WordPress plugin before 3.2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even w… New	-	CVE-2024-11849	2025-01-6 23:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

554	-	-	-	-	The tourmaster WordPress plugin before 5.3.4 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting att… New	-	CVE-2024-11356	2025-01-6 23:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

555	3.9	LOW Physics	-	-	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TUBITAK BILGEM Pardus OS My Computer allows OS Command Injection.This issue affects Pardus … New	CWE-78 OS Command	CVE-2024-12970	2025-01-6 21:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

556	5.5	MEDIUM Local	-	-	Transient DOS can occur when GVM sends a specific message type to the Vdev-FastRPC backend. New	CWE-126 Buffer Over-read	CVE-2024-45559	2025-01-6 20:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

557	7.5	HIGH Network	-	-	Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length. New	CWE-126 Buffer Over-read	CVE-2024-45558	2025-01-6 20:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

558	8.4	HIGH Local	-	-	Memory corruption can occur if an already verified IFS2 image is overwritten, bypassing boot verification. This allows unauthorized programs to be injected into security-sensitive images, enabling th… New	CWE-787 Out-of-bounds Write	CVE-2024-45555	2025-01-6 20:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

559	7.8	HIGH Local	-	-	Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may … New	CWE-416 Use After Free	CVE-2024-45553	2025-01-6 20:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

560	7.8	HIGH Local	-	-	Memory corruption occurs when invoking any IOCTL-calling application that executes all MCDM driver IOCTL calls. New	CWE-129 Improper Validation of Array Index	CVE-2024-45550	2025-01-6 20:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

561	7.8	HIGH Local	-	-	Memory corruption while processing FIPS encryption or decryption validation functionality IOCTL call. New	CWE-126 Buffer Over-read	CVE-2024-45548	2025-01-6 20:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

562	7.8	HIGH Local	-	-	Memory corruption while processing IOCTL call invoked from user-space to verify non extension FIPS encryption and decryption functionality. New	CWE-120 Classic Buffer Overflow	CVE-2024-45547	2025-01-6 20:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

563	7.8	HIGH Local	-	-	Memory corruption while processing FIPS encryption or decryption IOCTL call invoked from user-space. New	CWE-126 Buffer Over-read	CVE-2024-45546	2025-01-6 20:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

564	7.8	HIGH Local	-	-	Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver. New	CWE-121 Stack-based Buffer Overflow	CVE-2024-45542	2025-01-6 20:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

565	7.8	HIGH Local	-	-	Memory corruption when IOCTL call is invoked from user-space to read board data. New	CWE-120 Classic Buffer Overflow	CVE-2024-45541	2025-01-6 20:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

566	7.5	HIGH Local	-	-	Uncontrolled resource consumption when a driver, an application or a SMMU client tries to access the global registers through SMMU. New	CWE-264 Permissions, Privileges, and Access Controls	CVE-2024-43064	2025-01-6 20:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

567	6.1	MEDIUM Local	-	-	information disclosure while invoking the mailbox read API. New	CWE-126 Buffer Over-read	CVE-2024-43063	2025-01-6 20:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

568	6.1	MEDIUM Local	-	-	Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver. New	CWE-126 Buffer Over-read	CVE-2024-33067	2025-01-6 20:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

569	6.8	MEDIUM Local	-	-	Information disclosure while processing IOCTL call made for releasing a trusted VM process release or opening a channel without initializing the process. New	CWE-126 Buffer Over-read	CVE-2024-33061	2025-01-6 20:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

570	6.7	MEDIUM Local	-	-	Memory corruption while processing frame command IOCTL calls. New	CWE-416 Use After Free	CVE-2024-33059	2025-01-6 20:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

571	6.7	MEDIUM Local	-	-	Memory corruption while invoking IOCTL calls to unmap the DMA buffers. New	CWE-416 Use After Free	CVE-2024-33055	2025-01-6 20:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

572	6.7	MEDIUM Local	-	-	Memory corruption when input parameter validation for number of fences is missing for fence frame IOCTL calls, New	CWE-823 Use of Out-of-range Pointer Offset	CVE-2024-33041	2025-01-6 20:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

573	6.6	MEDIUM Local	-	-	Information Disclosure while invoking the mailbox write API when message received from user is larger than mailbox size. New	CWE-126 Buffer Over-read	CVE-2024-23366	2025-01-6 20:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

574	8.4	HIGH Local	-	-	Memory corruption while processing IPA statistics, when there are no active clients registered. New	CWE-120 Classic Buffer Overflow	CVE-2024-21464	2025-01-6 20:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

575	-	-	-	-	A vulnerability classified as critical was found in zhenfeng13 My-Blog 1.0. Affected by this vulnerability is the function upload of the file src/main/java/com/site/blog/my/core/controller/admin/uplo… New	CWE-284 CWE-434 Improper Access Control Unrestricted Upload of File with Dangerous Type	CVE-2024-13145	2025-01-6 10:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

576	-	-	-	-	A vulnerability classified as critical has been found in zhenfeng13 My-Blog 1.0. Affected is the function uploadFileByEditomd of the file src/main/java/com/site/blog/my/core/controller/admin/BlogCont… New	CWE-284 CWE-434 Improper Access Control Unrestricted Upload of File with Dangerous Type	CVE-2024-13144	2025-01-6 09:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

577	-	-	-	-	A vulnerability was found in ZeroWdd studentmanager 1.0. It has been rated as problematic. This issue affects the function submitAddPermission of the file src/main/java/com/zero/system/controller/Per… New	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2024-13143	2025-01-6 09:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

578	-	-	-	-	A vulnerability was found in Codezips Project Management System 1.0. It has been classified as critical. This affects an unknown part of the file /pages/forms/course.php. The manipulation of the argu… New	CWE-89 CWE-74 SQL Injection Injection	CVE-2025-0233	2025-01-6 08:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

579	-	-	-	-	A vulnerability was found in ZeroWdd studentmanager 1.0. It has been declared as problematic. This vulnerability affects the function submitAddRole of the file src/main/java/com/zero/system/controlle… New	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2024-13142	2025-01-6 08:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

580	-	-	-	-	A vulnerability was found in Codezips Blood Bank Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /successadmin.php. The manipulation… New	CWE-89 CWE-74 SQL Injection Injection	CVE-2025-0232	2025-01-6 07:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

581	-	-	-	-	A vulnerability has been found in Codezips Gym Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard/admin/submit_payment… New	CWE-89 CWE-74 SQL Injection Injection	CVE-2025-0231	2025-01-6 07:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

582	-	-	-	-	A vulnerability, which was classified as critical, was found in code-projects Responsive Hotel Site 1.0. Affected is an unknown function of the file /admin/print.php. The manipulation of the argument… New	CWE-89 CWE-74 SQL Injection Injection	CVE-2025-0230	2025-01-6 06:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

583	-	-	-	-	A vulnerability, which was classified as critical, has been found in code-projects Travel Management System 1.0. This issue affects some unknown processing of the file /enquiry.php. The manipulation … New	CWE-89 CWE-74 SQL Injection Injection	CVE-2025-0229	2025-01-6 05:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

584	-	-	-	-	A vulnerability has been found in code-projects Local Storage Todo App 1.0 and classified as problematic. This vulnerability affects unknown code of the file /js-todo-app/index.html. The manipulation… New	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2025-0228	2025-01-6 04:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

585	-	-	-	-	A vulnerability, which was classified as problematic, was found in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). This affects an unknown part of the file /Logs/Annals/downLoad.html.… New	CWE-200 CWE-284 Information Exposure Improper Access Control	CVE-2025-0227	2025-01-6 03:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

586	-	-	-	-	A vulnerability, which was classified as problematic, has been found in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). Affected by this issue is the function download of the file /co… New	CWE-200 CWE-284 Information Exposure Improper Access Control	CVE-2025-0226	2025-01-6 03:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

587	-	-	-	-	A vulnerability classified as problematic was found in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). Affected by this vulnerability is an unknown functionality of the file /setting/… New	CWE-23 CWE-25 Relative Path Traversal	CVE-2025-0225	2025-01-6 02:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

588	-	-	-	-	A vulnerability was found in Provision-ISR SH-4050A-2, SH-4100A-2L(MM), SH-8100A-2L(MM), SH-16200A-2(1U), SH-16200A-5(1U) and NVR5-8200PX up to 20241220. It has been declared as problematic. Affected… New	CWE-200 CWE-284 Information Exposure Improper Access Control	CVE-2025-0224	2025-01-6 02:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

589	-	-	-	-	A vulnerability was found in IObit Protected Folder up to 13.6.0.5. It has been classified as problematic. Affected is the function 0x8001E000/0x8001E00C/0x8001E004/0x8001E010 in the library IURegist… New	CWE-476 CWE-404 NULL Pointer Dereference Improper Resource Shutdown or Release	CVE-2025-0223	2025-01-6 01:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

590	-	-	-	-	A vulnerability was found in IObit Protected Folder up to 13.6.0.5 and classified as problematic. This issue affects the function 0x8001E000/0x8001E004 in the library IUProcessFilter.sys of the compo… New	CWE-476 CWE-404 NULL Pointer Dereference Improper Resource Shutdown or Release	CVE-2025-0222	2025-01-6 01:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

591	-	-	-	-	A vulnerability has been found in IOBit Protected Folder up to 1.3.0 and classified as problematic. This vulnerability affects the function 0x22200c in the library pffilter.sys of the component IOCTL… New	CWE-476 CWE-404 NULL Pointer Dereference Improper Resource Shutdown or Release	CVE-2025-0221	2025-01-6 00:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

592	-	-	-	-	A vulnerability classified as problematic was found in osuuu LightPicture up to 1.2.2. This vulnerability affects unknown code of the file /api/upload of the component SVG File Upload Handler. The ma… New	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2024-13141	2025-01-6 00:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

593	-	-	-	-	A vulnerability, which was classified as problematic, was found in Trimble SPS851 488.01. This affects an unknown part of the component Ethernet Configuration Menu. The manipulation of the argument H…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2025-0220	2025-01-5 22:15	2025-01-5	Show	GitHub Exploit DB Packet Storm

594	-	-	-	-	A vulnerability classified as problematic has been found in Emlog Pro up to 2.4.3. Affected is an unknown function of the file /admin/article.php?action=upload_cover of the component Cover Upload Han…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2024-13140	2025-01-5 21:15	2025-01-5	Show	GitHub Exploit DB Packet Storm

595	-	-	-	-	A vulnerability was found in wangl1989 mysiteforme 1.0. It has been rated as critical. This issue affects the function doContent of the file src/main/java/com/mysiteform/admin/controller/system/FileC…	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2024-13139	2025-01-5 20:15	2025-01-5	Show	GitHub Exploit DB Packet Storm

596	-	-	-	-	A vulnerability was found in wangl1989 mysiteforme 1.0. It has been declared as critical. This vulnerability affects the function upload of the file src/main/java/com/mysiteform/admin/service/ipl/Loc…	CWE-284 CWE-434 Improper Access Control Unrestricted Upload of File with Dangerous Type	CVE-2024-13138	2025-01-5 20:15	2025-01-5	Show	GitHub Exploit DB Packet Storm

597	-	-	-	-	A vulnerability was found in wangl1989 mysiteforme 1.0. It has been classified as problematic. This affects the function RestResponse of the file src/main/java/com/mysiteforme/admin/controller/system…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2024-13137	2025-01-5 19:15	2025-01-5	Show	GitHub Exploit DB Packet Storm

598	-	-	-	-	A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical. Affected by this issue is the function rememberMeManager of the file src/main/java/com/mysiteforme/admin/config/Shir…	CWE-20 CWE-502 Improper Input Validation Deserialization of Untrusted Data	CVE-2024-13136	2025-01-5 18:15	2025-01-5	Show	GitHub Exploit DB Packet Storm

599	-	-	-	-	A vulnerability has been found in Emlog Pro 2.4.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/twitter.php of the component Subpage Han…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2024-13135	2025-01-5 18:15	2025-01-5	Show	GitHub Exploit DB Packet Storm

600	-	-	-	-	A vulnerability, which was classified as critical, was found in ZeroWdd studentmanager 1.0. Affected is the function addTeacher/editTeacher of the file src/main/Java/com/wdd/studentmanager/controller…	CWE-284 CWE-434 Improper Access Control Unrestricted Upload of File with Dangerous Type	CVE-2024-13134	2025-01-5 17:15	2025-01-5	Show	GitHub Exploit DB Packet Storm