NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:Jan. 10, 2025, 4:11 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
701	-	-	-	-	The AHAthat Plugin WordPress plugin through 1.6 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in …	-	CVE-2024-12595	2025-01-7 06:15	2025-01-2	Show	GitHub Exploit DB Packet Storm

702	-	-	-	-	The goodlayers-core WordPress plugin before 2.0.10 does not sanitise and escape some of its settings, which could allow users with the contributor role and above to perform Stored Cross-Site Scriptin…	-	CVE-2024-11357	2025-01-7 06:15	2025-01-2	Show	GitHub Exploit DB Packet Storm

703	-	-	-	-	The wp-enable-svg WordPress plugin through 0.7 does not sanitize SVG files when uploaded, allowing for authors and above to upload SVGs containing malicious scripts	-	CVE-2024-11184	2025-01-7 06:15	2025-01-2	Show	GitHub Exploit DB Packet Storm

704	-	-	-	-	Huang Yaoshi Pharmaceutical Management Software through 16.0 allows arbitrary file upload via a .asp filename in the fileName element of the UploadFile element in a SOAP request to /XSDService.asmx.	-	CVE-2024-56829	2025-01-7 06:15	2025-01-2	Show	GitHub Exploit DB Packet Storm

705	-	-	-	-	Guzzle OAuth Subscriber signs Guzzle requests using OAuth 1.0. Prior to 0.8.1, Nonce generation does not use sufficient entropy nor a cryptographically secure pseudorandom source. This can leave serv…	CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)	CVE-2025-21617	2025-01-7 05:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

706	-	-	-	-	Z-BlogPHP 1.7.3 is vulnerable to arbitrary code execution via \zb_users\theme\shell\template.	-	CVE-2024-55529	2025-01-7 05:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

707	-	-	-	-	A reflected Cross-Site Scripting (XSS) vulnerability exists in the login page of IceHRM v32.4.0.OS. The vulnerability is due to improper sanitization of the "next" parameter, which is included in the…	-	CVE-2024-46073	2025-01-7 05:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

708	-	-	-	-	Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, TCP streams with TCP urgent data (out of band data) can lead to S…	CWE-437	CVE-2024-55629	2025-01-7 03:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

709	-	-	-	-	Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messa…	CWE-405 CWE-779 Asymmetric Resource Consumption (Amplification)	CVE-2024-55628	2025-01-7 03:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

710	-	-	-	-	Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a specially crafted TCP stream can lead to a very large buffer ov…	CWE-191 CWE-122 Integer Underflow (Wrap or Wraparound) Heap-based Buffer Overflow	CVE-2024-55627	2025-01-7 03:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

711	-	-	-	-	Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large BPF filter file provided to Suricata at startup can lead …	CWE-680 Integer Overflow to Buffer Overflow	CVE-2024-55626	2025-01-7 03:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

712	-	-	-	-	File Upload vulnerability in ChestnutCMS through 1.5.0. Based on the code analysis, it was determined that the /api/member/avatar API endpoint receives a base64 string as input. This string is then p…	-	CVE-2024-56828	2025-01-7 03:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

713	-	-	-	-	NiceGUI is an easy-to-use, Python-based UI framework. Prior to 2.9.1, authenticating with NiceGUI logged in the user for all browsers, including browsers in incognito mode. This vulnerability is fixe…	CWE-287 Improper Authentication	CVE-2025-21618	2025-01-7 02:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

714	-	-	-	-	AAT (Another Activity Tracker) is a GPS-tracking application for tracking sportive activities, with emphasis on cycling. Versions lower than v1.26 of AAT are vulnerable to data exfiltration from mali…	CWE-200 Information Exposure	CVE-2025-21615	2025-01-7 02:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

715	-	-	-	-	go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an att…	CWE-400 CWE-770 Uncontrolled Resource Consumption Allocation of Resources Without Limits or Throttling	CVE-2025-21614	2025-01-7 02:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

716	-	-	-	-	go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vuln…	CWE-88 Argument Injection	CVE-2025-21613	2025-01-7 02:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

717	-	-	-	-	Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large input buffer to the to_lowercase, to_uppercase, strip_whi…	CWE-400 Uncontrolled Resource Consumption	CVE-2024-55605	2025-01-7 02:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

718	3.1	LOW Network	-	-	IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrar…	CWE-80 Basic XSS	CVE-2024-51472	2025-01-7 02:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

719	-	-	-	-	A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing mal…	-	CVE-2023-6605	2025-01-7 02:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

720	-	-	-	-	A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbi…	-	CVE-2023-6604	2025-01-7 02:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

721	-	-	-	-	A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file e…	-	CVE-2023-6601	2025-01-7 02:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

722	-	-	-	-	An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The app…	-	CVE-2025-22390	2025-01-7 02:15	2025-01-4	Show	GitHub Exploit DB Packet Storm

723	-	-	-	-	An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue exists in requests for resources where the session token is submitted as a URL parameter. This expos…	-	CVE-2025-22387	2025-01-7 02:15	2025-01-4	Show	GitHub Exploit DB Packet Storm

724	-	-	-	-	An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue concerning business logic exists in the Commerce B2B application, which allows storefront visitors t…	-	CVE-2025-22384	2025-01-7 02:15	2025-01-4	Show	GitHub Exploit DB Packet Storm

725	8.8	HIGH Network	-	-	The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions from 1.23.8 to 1.24.11 via deserialization of untrusted input in the 'recursiv…	-	CVE-2024-10957	2025-01-7 02:15	2025-01-4	Show	GitHub Exploit DB Packet Storm

726	-	-	-	-	In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execut…	-	CVE-2024-53833	2025-01-7 02:15	2025-01-3	Show	GitHub Exploit DB Packet Storm

727	7.5	HIGH Network	progress	whatsup_gold	In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings.	CWE-306 Missing Authentication for Critical Function	CVE-2024-12106	2025-01-7 01:54	2024-12-31	Show	GitHub Exploit DB Packet Storm

728	9.6	CRITICAL Network	progress	whatsup_gold	In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API.	CWE-290 Authentication Bypass by Spoofing	CVE-2024-12108	2025-01-7 01:51	2024-12-31	Show	GitHub Exploit DB Packet Storm

729	-	-	-	-	TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn't escape the user-supplied page name when outputting, so an XSS payload as the page…	CWE-79 CWE-80 Cross-site Scripting Basic XSS	CVE-2025-21612	2025-01-7 01:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

730	-	-	-	-	tgstation-server is a production scale tool for BYOND server management. Prior to 6.12.3, roles used to authorize API methods were incorrectly OR'd instead of AND'ed with the role used to determine i…	CWE-285 Improper Authorization	CVE-2025-21611	2025-01-7 01:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

731	-	-	-	-	LangChain4j-AIDeepin is a Retrieval enhancement generation (RAG) project. Prior to 3.5.0, LangChain4j-AIDeepin uses MD5 to hash files, which may cause file upload conflicts. This issue is fixed in 3.…	CWE-328 Use of Weak Hash	CVE-2025-21604	2025-01-7 01:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

732	-	-	-	-	Cross-Site Scripting (XSS) vulnerability in Pnetlab 5.3.11 allows an attacker to inject malicious scripts into a web page, which are executed in the context of the victim's browser.	-	CVE-2024-51111	2025-01-7 01:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

733	6.4	MEDIUM Network	-	-	IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaS…	CWE-79 Cross-site Scripting	CVE-2024-31914	2025-01-7 01:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

734	5.5	MEDIUM Network	-	-	IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaS…	CWE-79 Cross-site Scripting	CVE-2024-31913	2025-01-7 01:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

735	-	-	-	-	An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity session issue exists in the Commerce B2B application, affecting the longevity of active sessions in the st…	-	CVE-2025-22386	2025-01-7 01:15	2025-01-4	Show	GitHub Exploit DB Packet Storm

736	-	-	-	-	An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B application does not require email confirmation. This medium-severity issue all…	-	CVE-2025-22385	2025-01-7 01:15	2025-01-4	Show	GitHub Exploit DB Packet Storm

737	9.8	CRITICAL Network	1000projects	beauty_parlour_management_system	A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add-customer-se…	CWE-89 SQL Injection	CVE-2024-13072	2025-01-7 00:19	2025-01-1	Show	GitHub Exploit DB Packet Storm

738	-	-	-	-	OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN traf…	-	CVE-2024-8474	2025-01-7 00:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

739	-	-	-	-	Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accid…	-	CVE-2024-12997	2025-01-7 00:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

740	-	-	-	-	Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accid…	-	CVE-2024-12996	2025-01-7 00:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

741	-	-	-	-	In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, wi…	-	CVE-2024-20154	2025-01-7 00:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

742	-	-	-	-	In wlan STA, there is a possible way to trick a client to connect to an AP with spoofed SSID. This could lead to remote information disclosure with no additional execution privileges needed. User int…	-	CVE-2024-20153	2025-01-7 00:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

743	-	-	-	-	In wlan STA driver, there is a possible reachable assertion due to improper exception handling. This could lead to local denial of service if a malicious actor has already obtained the System privile…	-	CVE-2024-20152	2025-01-7 00:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

744	-	-	-	-	In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. Us…	-	CVE-2024-20151	2025-01-7 00:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

745	-	-	-	-	In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploit…	-	CVE-2024-20150	2025-01-7 00:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

746	-	-	-	-	In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed…	-	CVE-2024-20149	2025-01-7 00:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

747	-	-	-	-	In wlan STA FW, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. …	-	CVE-2024-20148	2025-01-7 00:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

748	-	-	-	-	In wlan STA driver, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges need…	-	CVE-2024-20146	2025-01-7 00:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

749	-	-	-	-	In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional…	-	CVE-2024-20145	2025-01-7 00:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

750	-	-	-	-	In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional…	-	CVE-2024-20144	2025-01-7 00:15	2025-01-6	Show	GitHub Exploit DB Packet Storm