NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:Jan. 10, 2025, 4:11 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
801	-	-	-	-	A vulnerability has been found in code-projects Local Storage Todo App 1.0 and classified as problematic. This vulnerability affects unknown code of the file /js-todo-app/index.html. The manipulation…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2025-0228	2025-01-6 04:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

802	-	-	-	-	A vulnerability, which was classified as problematic, was found in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). This affects an unknown part of the file /Logs/Annals/downLoad.html.…	CWE-200 CWE-284 Information Exposure Improper Access Control	CVE-2025-0227	2025-01-6 03:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

803	-	-	-	-	A vulnerability, which was classified as problematic, has been found in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). Affected by this issue is the function download of the file /co…	CWE-200 CWE-284 Information Exposure Improper Access Control	CVE-2025-0226	2025-01-6 03:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

804	-	-	-	-	A vulnerability classified as problematic was found in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). Affected by this vulnerability is an unknown functionality of the file /setting/…	CWE-23 CWE-25 Relative Path Traversal	CVE-2025-0225	2025-01-6 02:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

805	-	-	-	-	A vulnerability was found in Provision-ISR SH-4050A-2, SH-4100A-2L(MM), SH-8100A-2L(MM), SH-16200A-2(1U), SH-16200A-5(1U) and NVR5-8200PX up to 20241220. It has been declared as problematic. Affected…	CWE-200 CWE-284 Information Exposure Improper Access Control	CVE-2025-0224	2025-01-6 02:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

806	-	-	-	-	A vulnerability was found in IObit Protected Folder up to 13.6.0.5. It has been classified as problematic. Affected is the function 0x8001E000/0x8001E00C/0x8001E004/0x8001E010 in the library IURegist…	CWE-476 CWE-404 NULL Pointer Dereference Improper Resource Shutdown or Release	CVE-2025-0223	2025-01-6 01:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

807	-	-	-	-	A vulnerability was found in IObit Protected Folder up to 13.6.0.5 and classified as problematic. This issue affects the function 0x8001E000/0x8001E004 in the library IUProcessFilter.sys of the compo…	CWE-476 CWE-404 NULL Pointer Dereference Improper Resource Shutdown or Release	CVE-2025-0222	2025-01-6 01:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

808	-	-	-	-	A vulnerability has been found in IOBit Protected Folder up to 1.3.0 and classified as problematic. This vulnerability affects the function 0x22200c in the library pffilter.sys of the component IOCTL…	CWE-476 CWE-404 NULL Pointer Dereference Improper Resource Shutdown or Release	CVE-2025-0221	2025-01-6 00:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

809	-	-	-	-	A vulnerability classified as problematic was found in osuuu LightPicture up to 1.2.2. This vulnerability affects unknown code of the file /api/upload of the component SVG File Upload Handler. The ma…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2024-13141	2025-01-6 00:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

810	-	-	-	-	A vulnerability, which was classified as problematic, was found in Trimble SPS851 488.01. This affects an unknown part of the component Ethernet Configuration Menu. The manipulation of the argument H…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2025-0220	2025-01-5 22:15	2025-01-5	Show	GitHub Exploit DB Packet Storm

811	-	-	-	-	A vulnerability classified as problematic has been found in Emlog Pro up to 2.4.3. Affected is an unknown function of the file /admin/article.php?action=upload_cover of the component Cover Upload Han…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2024-13140	2025-01-5 21:15	2025-01-5	Show	GitHub Exploit DB Packet Storm

812	-	-	-	-	A vulnerability was found in wangl1989 mysiteforme 1.0. It has been rated as critical. This issue affects the function doContent of the file src/main/java/com/mysiteform/admin/controller/system/FileC…	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2024-13139	2025-01-5 20:15	2025-01-5	Show	GitHub Exploit DB Packet Storm

813	-	-	-	-	A vulnerability was found in wangl1989 mysiteforme 1.0. It has been declared as critical. This vulnerability affects the function upload of the file src/main/java/com/mysiteform/admin/service/ipl/Loc…	CWE-284 CWE-434 Improper Access Control Unrestricted Upload of File with Dangerous Type	CVE-2024-13138	2025-01-5 20:15	2025-01-5	Show	GitHub Exploit DB Packet Storm

814	-	-	-	-	A vulnerability was found in wangl1989 mysiteforme 1.0. It has been classified as problematic. This affects the function RestResponse of the file src/main/java/com/mysiteforme/admin/controller/system…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2024-13137	2025-01-5 19:15	2025-01-5	Show	GitHub Exploit DB Packet Storm

815	-	-	-	-	A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical. Affected by this issue is the function rememberMeManager of the file src/main/java/com/mysiteforme/admin/config/Shir…	CWE-20 CWE-502 Improper Input Validation Deserialization of Untrusted Data	CVE-2024-13136	2025-01-5 18:15	2025-01-5	Show	GitHub Exploit DB Packet Storm

816	-	-	-	-	A vulnerability has been found in Emlog Pro 2.4.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/twitter.php of the component Subpage Han…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2024-13135	2025-01-5 18:15	2025-01-5	Show	GitHub Exploit DB Packet Storm

817	-	-	-	-	A vulnerability, which was classified as critical, was found in ZeroWdd studentmanager 1.0. Affected is the function addTeacher/editTeacher of the file src/main/Java/com/wdd/studentmanager/controller…	CWE-284 CWE-434 Improper Access Control Unrestricted Upload of File with Dangerous Type	CVE-2024-13134	2025-01-5 17:15	2025-01-5	Show	GitHub Exploit DB Packet Storm

818	-	-	-	-	A vulnerability, which was classified as problematic, has been found in Trimble SPS851 488.01. Affected by this issue is some unknown functionality of the component Receiver Status Identity Tab. The …	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2025-0219	2025-01-5 15:15	2025-01-5	Show	GitHub Exploit DB Packet Storm

819	-	-	-	-	A vulnerability, which was classified as critical, has been found in ZeroWdd studentmanager 1.0. This issue affects the function addStudent/editStudent of the file src/main/Java/com/wdd/studentmanage…	CWE-284 CWE-434 Improper Access Control Unrestricted Upload of File with Dangerous Type	CVE-2024-13133	2025-01-5 14:15	2025-01-5	Show	GitHub Exploit DB Packet Storm

820	-	-	-	-	A vulnerability classified as problematic was found in Emlog Pro up to 2.4.3. This vulnerability affects unknown code of the file /admin/article.php of the component Subpage Handler. The manipulation…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2024-13132	2025-01-5 14:15	2025-01-5	Show	GitHub Exploit DB Packet Storm

821	-	-	-	-	A vulnerability classified as problematic has been found in Dahua IPC-HFW1200S, IPC-HFW2300R-Z, IPC-HFW5220E-Z and IPC-HDW1200S up to 20241222. This affects an unknown part of the file /web_caps/webC…	CWE-200 CWE-284 Information Exposure Improper Access Control	CVE-2024-13131	2025-01-5 12:15	2025-01-5	Show	GitHub Exploit DB Packet Storm

822	-	-	-	-	A vulnerability was found in Dahua IPC-HFW1200S, IPC-HFW2300R-Z, IPC-HFW5220E-Z and IPC-HDW1200S up to 20241222. It has been rated as problematic. Affected by this issue is some unknown functionality…	CWE-23 CWE-24 Relative Path Traversal Path Traversal: '../filedir'	CVE-2024-13130	2025-01-5 10:15	2025-01-5	Show	GitHub Exploit DB Packet Storm

823	-	-	-	-	A vulnerability was found in TMD Custom Header Menu 4.0.0.1 on OpenCart. It has been rated as problematic. This issue affects some unknown processing of the file /admin/index.php. The manipulation of…	CWE-89 CWE-74 SQL Injection Injection	CVE-2025-0214	2025-01-5 02:15	2025-01-5	Show	GitHub Exploit DB Packet Storm

824	-	-	-	-	A vulnerability was found in Campcodes Project Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /forms/update_forms.php?action=change_pic2&…	CWE-284 CWE-434 Improper Access Control Unrestricted Upload of File with Dangerous Type	CVE-2025-0213	2025-01-5 02:15	2025-01-5	Show	GitHub Exploit DB Packet Storm

825	-	-	-	-	A vulnerability was found in Campcodes Student Grading System 1.0. It has been classified as critical. This affects an unknown part of the file /view_students.php. The manipulation of the argument id…	CWE-89 CWE-74 SQL Injection Injection	CVE-2025-0212	2025-01-5 01:15	2025-01-5	Show	GitHub Exploit DB Packet Storm

826	-	-	-	-	A vulnerability was found in Campcodes School Faculty Scheduling System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/index.php. The manipula…	CWE-73 External Control of File Name or Path	CVE-2025-0211	2025-01-5 00:15	2025-01-5	Show	GitHub Exploit DB Packet Storm

827	6.5	MEDIUM Network	-	-	IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause an unhandled SSL exception which could leave the connection in an unexpected or insecure sta…	CWE-544 Missing Standardized Error Handling Mechanism	CVE-2024-41768	2025-01-5 00:15	2025-01-5	Show	GitHub Exploit DB Packet Storm

828	7.3	HIGH Network	-	-	IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to vi…	CWE-89 SQL Injection	CVE-2024-41767	2025-01-5 00:15	2025-01-5	Show	GitHub Exploit DB Packet Storm

829	7.5	HIGH Network	-	-	IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression.	CWE-1333 Inefficient Regular Expression Complexity	CVE-2024-41766	2025-01-5 00:15	2025-01-5	Show	GitHub Exploit DB Packet Storm

830	6.5	MEDIUM Network	-	-	IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request contain…	CWE-22 Path Traversal	CVE-2024-41765	2025-01-5 00:15	2025-01-5	Show	GitHub Exploit DB Packet Storm

831	5.9	MEDIUM Network	-	-	IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.	CWE-327 Use of a Broken or Risky Cryptographic Algorithm	CVE-2024-41763	2025-01-5 00:15	2025-01-5	Show	GitHub Exploit DB Packet Storm

832	-	-	-	-	A vulnerability has been found in Campcodes School Faculty Scheduling System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?act…	CWE-89 CWE-74 SQL Injection Injection	CVE-2025-0210	2025-01-4 23:15	2025-01-4	Show	GitHub Exploit DB Packet Storm

833	-	-	-	-	A vulnerability, which was classified as critical, was found in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /summary.php. The manipulation of the argument tid leads …	CWE-89 CWE-74 SQL Injection Injection	CVE-2025-0208	2025-01-4 22:15	2025-01-4	Show	GitHub Exploit DB Packet Storm

834	-	-	-	-	A vulnerability, which was classified as critical, has been found in code-projects Online Shoe Store 1.0. Affected by this issue is some unknown functionality of the file /function/login.php. The man…	CWE-89 CWE-74 SQL Injection Injection	CVE-2025-0207	2025-01-4 22:15	2025-01-4	Show	GitHub Exploit DB Packet Storm

835	-	-	-	-	A vulnerability was found in Tsinghua Unigroup Electronic Archives Management System 3.2.210802(62532). It has been classified as problematic. Affected is the function download of the file /Searchnew…	-	CVE-2024-13042	2025-01-4 22:15	2024-12-31	Show	GitHub Exploit DB Packet Storm

836	-	-	-	-	A vulnerability classified as critical was found in code-projects Online Shoe Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The manipulation lead…	CWE-284 CWE-266 Improper Access Control Incorrect Privilege Assignment	CVE-2025-0206	2025-01-4 21:15	2025-01-4	Show	GitHub Exploit DB Packet Storm

837	6.4	MEDIUM Network	-	-	The WP Multi Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. Th…	CWE-79 Cross-site Scripting	CVE-2024-12475	2025-01-4 21:15	2025-01-4	Show	GitHub Exploit DB Packet Storm

838	6.1	MEDIUM Network	-	-	The WP Social AutoConnect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.2. This is due to missing or incorrect nonce validation on a funct…	CWE-352 Origin Validation Error	CVE-2024-12279	2025-01-4 21:15	2025-01-4	Show	GitHub Exploit DB Packet Storm

839	6.5	MEDIUM Network	-	-	The WP Project Manager – Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to SQL Injection via the 'project_id' parameter of the /w…	CWE-89 SQL Injection	CVE-2024-12195	2025-01-4 21:15	2025-01-4	Show	GitHub Exploit DB Packet Storm

840	6.1	MEDIUM Network	-	-	The Turnkey bbPress by WeaverTheme plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘_wpnonce’ parameter in all versions up to, and including, 1.6.3 due to insufficient in…	CWE-79 Cross-site Scripting	CVE-2024-12221	2025-01-4 19:15	2025-01-4	Show	GitHub Exploit DB Packet Storm

841	-	-	-	-	A vulnerability classified as critical has been found in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /details2.php. The manipulation of the argument id leads to s…	CWE-89 CWE-74 SQL Injection Injection	CVE-2025-0205	2025-01-4 18:15	2025-01-4	Show	GitHub Exploit DB Packet Storm

842	9.9	CRITICAL Network	-	-	The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. …	CWE-1336 Improper Neutralization of Special Elements Used in a Template Engine	CVE-2024-12583	2025-01-4 18:15	2025-01-4	Show	GitHub Exploit DB Packet Storm

843	6.4	MEDIUM Network	-	-	The Taskbuilder – WordPress Project & Task Management plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wppm_tasks shortcode in all versions up to, and includi…	CWE-79 Cross-site Scripting	CVE-2024-11930	2025-01-4 18:15	2025-01-4	Show	GitHub Exploit DB Packet Storm

844	-	-	-	-	A vulnerability was found in code-projects Online Shoe Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file /details.php. The manipulation of the argument …	CWE-89 CWE-74 SQL Injection Injection	CVE-2025-0204	2025-01-4 17:15	2025-01-4	Show	GitHub Exploit DB Packet Storm

845	6.1	MEDIUM Network	-	-	The WP Smart Import : Import any XML File to WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘ page’ parameter in all versions up to, and including, 1.1.2 due t…	CWE-79 Cross-site Scripting	CVE-2024-12701	2025-01-4 17:15	2025-01-4	Show	GitHub Exploit DB Packet Storm

846	5.4	MEDIUM Network	-	-	The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up t…	CWE-352 Origin Validation Error	CVE-2024-12545	2025-01-4 17:15	2025-01-4	Show	GitHub Exploit DB Packet Storm

847	6.1	MEDIUM Network	-	-	The WP Compress – Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘custom_server’ parameter in all versions up to, and including,…	CWE-79 Cross-site Scripting	CVE-2024-12047	2025-01-4 17:15	2025-01-4	Show	GitHub Exploit DB Packet Storm

848	6.1	MEDIUM Network	-	-	The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘smc_settings_tab', 'unattachfixit-action', and 'woofixit-action’ parameters in all versions u…	CWE-79 Cross-site Scripting	CVE-2024-11974	2025-01-4 17:15	2025-01-4	Show	GitHub Exploit DB Packet Storm

849	8.8	HIGH Network	-	-	The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the 'recursive_unserialize_replac…	CWE-502 Deserialization of Untrusted Data	CVE-2024-10932	2025-01-4 17:15	2025-01-4	Show	GitHub Exploit DB Packet Storm

850	-	-	-	-	A vulnerability was found in code-projects Student Management System 1.0. It has been declared as critical. This vulnerability affects the function showSubject1 of the file /config/DbFunction.php. Th…	CWE-89 CWE-74 SQL Injection Injection	CVE-2025-0203	2025-01-4 16:15	2025-01-4	Show	GitHub Exploit DB Packet Storm