NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:Jan. 11, 2025, 5:03 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
901	6.1	MEDIUM Network	phpgurukul	land_record_system	A vulnerability was found in PHPGurukul Land Record System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/search-property.php. The manipulation o…	CWE-79 Cross-site Scripting	CVE-2024-13082	2025-01-6 23:46	2025-01-1	Show	GitHub Exploit DB Packet Storm

902	5.4	MEDIUM Network	phpgurukul	land_record_system	A vulnerability classified as problematic has been found in PHPGurukul Land Record System 1.0. Affected is an unknown function of the file /admin/admin-profile.php. The manipulation of the argument A…	CWE-79 Cross-site Scripting	CVE-2024-13083	2025-01-6 23:45	2025-01-1	Show	GitHub Exploit DB Packet Storm

903	9.8	CRITICAL Network	phpgurukul	land_record_system	A vulnerability classified as critical was found in PHPGurukul Land Record System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/search-property.php. The manipulat…	CWE-89 SQL Injection	CVE-2024-13084	2025-01-6 23:44	2025-01-1	Show	GitHub Exploit DB Packet Storm

904	9.8	CRITICAL Network	phpgurukul	land_record_system	A vulnerability, which was classified as critical, has been found in PHPGurukul Land Record System 1.0. Affected by this issue is some unknown functionality of the file /admin/login.php. The manipula…	CWE-89 SQL Injection	CVE-2024-13085	2025-01-6 23:43	2025-01-1	Show	GitHub Exploit DB Packet Storm

905	-	-	-	-	OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which attackers can use to inject unexpected arbitrary data into third-party executables or plug-ins.	-	CVE-2024-5594	2025-01-6 23:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

906	-	-	-	-	The Email Subscribers by Icegram Express WordPress plugin before 5.7.44 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks	-	CVE-2024-12311	2025-01-6 23:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

907	-	-	-	-	The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its Campaign settings, which could allow authors and above to perform Stored Cross-Site Scripting attacks	-	CVE-2024-12302	2025-01-6 23:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

908	-	-	-	-	The Pods WordPress plugin before 3.2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even w…	-	CVE-2024-11849	2025-01-6 23:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

909	-	-	-	-	The tourmaster WordPress plugin before 5.3.4 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting att…	-	CVE-2024-11356	2025-01-6 23:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

910	3.9	LOW Physics	-	-	Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TUBITAK BILGEM Pardus OS My Computer allows OS Command Injection.This issue affects Pardus …	CWE-78 OS Command	CVE-2024-12970	2025-01-6 21:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

911	5.5	MEDIUM Local	-	-	Transient DOS can occur when GVM sends a specific message type to the Vdev-FastRPC backend.	CWE-126 Buffer Over-read	CVE-2024-45559	2025-01-6 20:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

912	7.5	HIGH Network	-	-	Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length.	CWE-126 Buffer Over-read	CVE-2024-45558	2025-01-6 20:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

913	8.4	HIGH Local	-	-	Memory corruption can occur if an already verified IFS2 image is overwritten, bypassing boot verification. This allows unauthorized programs to be injected into security-sensitive images, enabling th…	CWE-787 Out-of-bounds Write	CVE-2024-45555	2025-01-6 20:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

914	7.8	HIGH Local	-	-	Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may …	CWE-416 Use After Free	CVE-2024-45553	2025-01-6 20:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

915	7.8	HIGH Local	-	-	Memory corruption occurs when invoking any IOCTL-calling application that executes all MCDM driver IOCTL calls.	CWE-129 Improper Validation of Array Index	CVE-2024-45550	2025-01-6 20:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

916	7.8	HIGH Local	-	-	Memory corruption while processing FIPS encryption or decryption validation functionality IOCTL call.	CWE-126 Buffer Over-read	CVE-2024-45548	2025-01-6 20:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

917	7.8	HIGH Local	-	-	Memory corruption while processing IOCTL call invoked from user-space to verify non extension FIPS encryption and decryption functionality.	CWE-120 Classic Buffer Overflow	CVE-2024-45547	2025-01-6 20:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

918	7.8	HIGH Local	-	-	Memory corruption while processing FIPS encryption or decryption IOCTL call invoked from user-space.	CWE-126 Buffer Over-read	CVE-2024-45546	2025-01-6 20:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

919	7.8	HIGH Local	-	-	Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.	CWE-121 Stack-based Buffer Overflow	CVE-2024-45542	2025-01-6 20:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

920	7.8	HIGH Local	-	-	Memory corruption when IOCTL call is invoked from user-space to read board data.	CWE-120 Classic Buffer Overflow	CVE-2024-45541	2025-01-6 20:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

921	7.5	HIGH Local	-	-	Uncontrolled resource consumption when a driver, an application or a SMMU client tries to access the global registers through SMMU.	CWE-264 Permissions, Privileges, and Access Controls	CVE-2024-43064	2025-01-6 20:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

922	6.7	MEDIUM Local	-	-	Memory corruption while invoking IOCTL calls to unmap the DMA buffers.	CWE-416 Use After Free	CVE-2024-33055	2025-01-6 20:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

923	6.7	MEDIUM Local	-	-	Memory corruption when input parameter validation for number of fences is missing for fence frame IOCTL calls,	CWE-823 Use of Out-of-range Pointer Offset	CVE-2024-33041	2025-01-6 20:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

924	6.6	MEDIUM Local	-	-	Information Disclosure while invoking the mailbox write API when message received from user is larger than mailbox size.	CWE-126 Buffer Over-read	CVE-2024-23366	2025-01-6 20:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

925	8.4	HIGH Local	-	-	Memory corruption while processing IPA statistics, when there are no active clients registered.	CWE-120 Classic Buffer Overflow	CVE-2024-21464	2025-01-6 20:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

926	-	-	-	-	A vulnerability classified as critical was found in zhenfeng13 My-Blog 1.0. Affected by this vulnerability is the function upload of the file src/main/java/com/site/blog/my/core/controller/admin/uplo…	CWE-284 CWE-434 Improper Access Control Unrestricted Upload of File with Dangerous Type	CVE-2024-13145	2025-01-6 10:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

927	-	-	-	-	A vulnerability classified as critical has been found in zhenfeng13 My-Blog 1.0. Affected is the function uploadFileByEditomd of the file src/main/java/com/site/blog/my/core/controller/admin/BlogCont…	CWE-284 CWE-434 Improper Access Control Unrestricted Upload of File with Dangerous Type	CVE-2024-13144	2025-01-6 09:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

928	-	-	-	-	A vulnerability was found in ZeroWdd studentmanager 1.0. It has been rated as problematic. This issue affects the function submitAddPermission of the file src/main/java/com/zero/system/controller/Per…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2024-13143	2025-01-6 09:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

929	-	-	-	-	A vulnerability was found in Codezips Project Management System 1.0. It has been classified as critical. This affects an unknown part of the file /pages/forms/course.php. The manipulation of the argu…	CWE-89 CWE-74 SQL Injection Injection	CVE-2025-0233	2025-01-6 08:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

930	-	-	-	-	A vulnerability was found in ZeroWdd studentmanager 1.0. It has been declared as problematic. This vulnerability affects the function submitAddRole of the file src/main/java/com/zero/system/controlle…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2024-13142	2025-01-6 08:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

931	-	-	-	-	A vulnerability was found in Codezips Blood Bank Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /successadmin.php. The manipulation…	CWE-89 CWE-74 SQL Injection Injection	CVE-2025-0232	2025-01-6 07:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

932	-	-	-	-	A vulnerability has been found in Codezips Gym Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard/admin/submit_payment…	CWE-89 CWE-74 SQL Injection Injection	CVE-2025-0231	2025-01-6 07:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

933	-	-	-	-	A vulnerability, which was classified as critical, was found in code-projects Responsive Hotel Site 1.0. Affected is an unknown function of the file /admin/print.php. The manipulation of the argument…	CWE-89 CWE-74 SQL Injection Injection	CVE-2025-0230	2025-01-6 06:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

934	-	-	-	-	A vulnerability, which was classified as critical, has been found in code-projects Travel Management System 1.0. This issue affects some unknown processing of the file /enquiry.php. The manipulation …	CWE-89 CWE-74 SQL Injection Injection	CVE-2025-0229	2025-01-6 05:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

935	-	-	-	-	A vulnerability has been found in code-projects Local Storage Todo App 1.0 and classified as problematic. This vulnerability affects unknown code of the file /js-todo-app/index.html. The manipulation…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2025-0228	2025-01-6 04:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

936	-	-	-	-	A vulnerability, which was classified as problematic, was found in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). This affects an unknown part of the file /Logs/Annals/downLoad.html.…	CWE-200 CWE-284 Information Exposure Improper Access Control	CVE-2025-0227	2025-01-6 03:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

937	-	-	-	-	A vulnerability, which was classified as problematic, has been found in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). Affected by this issue is the function download of the file /co…	CWE-200 CWE-284 Information Exposure Improper Access Control	CVE-2025-0226	2025-01-6 03:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

938	-	-	-	-	A vulnerability classified as problematic was found in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). Affected by this vulnerability is an unknown functionality of the file /setting/…	CWE-23 CWE-25 Relative Path Traversal	CVE-2025-0225	2025-01-6 02:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

939	-	-	-	-	A vulnerability was found in Provision-ISR SH-4050A-2, SH-4100A-2L(MM), SH-8100A-2L(MM), SH-16200A-2(1U), SH-16200A-5(1U) and NVR5-8200PX up to 20241220. It has been declared as problematic. Affected…	CWE-200 CWE-284 Information Exposure Improper Access Control	CVE-2025-0224	2025-01-6 02:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

940	-	-	-	-	A vulnerability was found in IObit Protected Folder up to 13.6.0.5. It has been classified as problematic. Affected is the function 0x8001E000/0x8001E00C/0x8001E004/0x8001E010 in the library IURegist…	CWE-476 CWE-404 NULL Pointer Dereference Improper Resource Shutdown or Release	CVE-2025-0223	2025-01-6 01:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

941	-	-	-	-	A vulnerability was found in IObit Protected Folder up to 13.6.0.5 and classified as problematic. This issue affects the function 0x8001E000/0x8001E004 in the library IUProcessFilter.sys of the compo…	CWE-476 CWE-404 NULL Pointer Dereference Improper Resource Shutdown or Release	CVE-2025-0222	2025-01-6 01:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

942	-	-	-	-	A vulnerability has been found in IOBit Protected Folder up to 1.3.0 and classified as problematic. This vulnerability affects the function 0x22200c in the library pffilter.sys of the component IOCTL…	CWE-476 CWE-404 NULL Pointer Dereference Improper Resource Shutdown or Release	CVE-2025-0221	2025-01-6 00:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

943	-	-	-	-	A vulnerability classified as problematic was found in osuuu LightPicture up to 1.2.2. This vulnerability affects unknown code of the file /api/upload of the component SVG File Upload Handler. The ma…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2024-13141	2025-01-6 00:15	2025-01-6	Show	GitHub Exploit DB Packet Storm

944	-	-	-	-	A vulnerability, which was classified as problematic, was found in Trimble SPS851 488.01. This affects an unknown part of the component Ethernet Configuration Menu. The manipulation of the argument H…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2025-0220	2025-01-5 22:15	2025-01-5	Show	GitHub Exploit DB Packet Storm

945	-	-	-	-	A vulnerability classified as problematic has been found in Emlog Pro up to 2.4.3. Affected is an unknown function of the file /admin/article.php?action=upload_cover of the component Cover Upload Han…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2024-13140	2025-01-5 21:15	2025-01-5	Show	GitHub Exploit DB Packet Storm

946	-	-	-	-	A vulnerability was found in wangl1989 mysiteforme 1.0. It has been rated as critical. This issue affects the function doContent of the file src/main/java/com/mysiteform/admin/controller/system/FileC…	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2024-13139	2025-01-5 20:15	2025-01-5	Show	GitHub Exploit DB Packet Storm

947	-	-	-	-	A vulnerability was found in wangl1989 mysiteforme 1.0. It has been declared as critical. This vulnerability affects the function upload of the file src/main/java/com/mysiteform/admin/service/ipl/Loc…	CWE-284 CWE-434 Improper Access Control Unrestricted Upload of File with Dangerous Type	CVE-2024-13138	2025-01-5 20:15	2025-01-5	Show	GitHub Exploit DB Packet Storm

948	-	-	-	-	A vulnerability was found in wangl1989 mysiteforme 1.0. It has been classified as problematic. This affects the function RestResponse of the file src/main/java/com/mysiteforme/admin/controller/system…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2024-13137	2025-01-5 19:15	2025-01-5	Show	GitHub Exploit DB Packet Storm

949	-	-	-	-	A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical. Affected by this issue is the function rememberMeManager of the file src/main/java/com/mysiteforme/admin/config/Shir…	CWE-20 CWE-502 Improper Input Validation Deserialization of Untrusted Data	CVE-2024-13136	2025-01-5 18:15	2025-01-5	Show	GitHub Exploit DB Packet Storm

950	-	-	-	-	A vulnerability has been found in Emlog Pro 2.4.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/twitter.php of the component Subpage Han…	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2024-13135	2025-01-5 18:15	2025-01-5	Show	GitHub Exploit DB Packet Storm