NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:Dec. 26, 2024, 4:05 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
51	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: exfat: fix out-of-bounds access of directory entries In the case of the directory size is greater than or equal to the cluster si… New	-	CVE-2024-53147	2024-12-24 21:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

52	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent a potential integer overflow If the tag length is >= U32_MAX - 3 then the "length + 4" addition can result in an in… New	-	CVE-2024-53146	2024-12-24 21:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

53	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Check the DVFS OPP count returned by the firmware Fix a kernel crash with the below call trace when the SCPI … New	-	CVE-2024-53157	2024-12-24 21:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

54	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() I found the following bug in my fuzzer: UBSAN: array-i… New	-	CVE-2024-53156	2024-12-24 21:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

55	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix uninitialized value in ocfs2_file_read_iter() Syzbot has reported the following KMSAN splat: BUG: KMSAN: uninit-value… New	-	CVE-2024-53155	2024-12-24 21:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

56	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: PCI: qcom-ep: Move controller cleanups to qcom_pcie_perst_deassert() Currently, the endpoint cleanup function dw_pcie_ep_cleanup(… New	-	CVE-2024-53153	2024-12-24 21:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

57	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: um: Fix potential integer overflow during physmem setup This issue happens when the real map size is greater than LONG_MAX, which… New	-	CVE-2024-53145	2024-12-24 21:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

58	-	-	-	-	Authentication Bypass by Assumed-Immutable Data vulnerability in Apache HugeGraph-Server. This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.5.0. Users are recommended to upgrade to ve… New	CWE-302 Authentication Bypass by Assumed-Immutable Data	CVE-2024-43441	2024-12-24 21:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

59	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: PCI: tegra194: Move controller cleanups to pex_ep_event_pex_rst_deassert() Currently, the endpoint cleanup function dw_pcie_ep_cl… New	-	CVE-2024-53152	2024-12-24 21:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

60	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: svcrdma: Address an integer overflow Dan Carpenter reports: > Commit 78147ca8b4a9 ("svcrdma: Add a "parsed chunk list" data > str… New	-	CVE-2024-53151	2024-12-24 21:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

61	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of ea… New	-	CVE-2024-53150	2024-12-24 21:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

62	6.4	MEDIUM Network	-	-	The Responsive Blocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'responsive-block-editor-addons/portfolio' block in all versions up to, an… New	CWE-79 Cross-site Scripting	CVE-2024-12268	2024-12-24 20:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

63	6.5	MEDIUM Network	-	-	The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'category' parameter of the 'bookingpress_form' shortcode in a… New	CWE-89 SQL Injection	CVE-2024-11726	2024-12-24 20:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

64	6.5	MEDIUM Network	-	-	The Booking Calendar WpDevArt plugin is vulnerable to time-based, blind SQL injection via the `id` parameter in the “wpdevart_booking_calendar” shortcode in versions up to, and including, 3.2.19 due … New	CWE-89 SQL Injection	CVE-2024-10856	2024-12-24 20:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

65	5.4	MEDIUM Network	-	-	The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.6.16 d… New	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2024-10584	2024-12-24 20:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

66	6.4	MEDIUM Network	-	-	The Tracking Code Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tracking code field in all versions up to, and including, 2.3.0 due to insufficient input sanitizat… New	CWE-79 Cross-site Scripting	CVE-2024-8721	2024-12-24 19:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

67	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: x86/xen: don't do PV iret hypercall through hypercall page Instead of jumping to the Xen hypercall page for doing the iret hyperc… New	-	CVE-2024-53241	2024-12-24 19:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

68	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: xen/netfront: fix crash when removing device When removing a netfront device directly after a suspend/resume cycle it might happe… New	-	CVE-2024-53240	2024-12-24 19:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

69	8.8	HIGH Network	-	-	The PlugVersions – Easily rollback to previous versions of your plugins plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the eos_plugin_reviews_restor… New	CWE-862 Missing Authorization	CVE-2024-12881	2024-12-24 19:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

70	4.9	MEDIUM Network	-	-	The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.32 via the database_backup_ajax_do… New	CWE-22 Path Traversal	CVE-2024-12850	2024-12-24 19:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

71	5.3	MEDIUM Network	-	-	The Content No Cache: prevent specific content from being cached plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.1.2 via the eos_dyn_get_content act… New	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2024-12103	2024-12-24 19:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

72	6.5	MEDIUM Network	-	-	The Advanced Floating Content plugin for WordPress is vulnerable to SQL Injection via the 'floating_content_duplicate_post' function in all versions up to, and including, 3.8.2 due to insufficient es… New	CWE-89 SQL Injection	CVE-2024-12031	2024-12-24 19:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

73	6.1	MEDIUM Network	-	-	The WP Datepicker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpdp_get_selected_datepicker' parameter in all versions up to, and including, 2.1.4 due to insufficient… New	CWE-79 Cross-site Scripting	CVE-2024-12468	2024-12-24 18:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

74	6.4	MEDIUM Network	-	-	The Text Prompter – Unlimited chatgpt text prompts for openai tasks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'text_prompter' shortcode in all versions up to,… New	CWE-79 Cross-site Scripting	CVE-2024-11896	2024-12-24 18:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

75	6.4	MEDIUM Network	-	-	The Loan Comparison plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'loancomparison' shortcode in all versions up to, and including, 2.0 due to insufficient input s… New	CWE-79 Cross-site Scripting	CVE-2024-12814	2024-12-24 16:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

76	-	-	-	-	Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker can create an NVR log file in a directory one level higher on the system, which ca… New	-	CVE-2024-41887	2024-12-24 15:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

77	-	-	-	-	Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker could inject malformed data into url input parameters to reboot the NVR. The manuf… New	-	CVE-2024-41886	2024-12-24 15:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

78	-	-	-	-	Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. The seed string for the encrypt key was hardcoding. The manufacturer has released patch firmwa… New	-	CVE-2024-41885	2024-12-24 15:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

79	-	-	-	-	Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. If an attacker does not enter any value for a specific URL parameter, NULL pointer references … New	-	CVE-2024-41884	2024-12-24 15:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

80	-	-	-	-	Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR . An attacker enters a special value for a specific URL parameter, resulting in a NULL point… New	-	CVE-2024-41883	2024-12-24 15:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

81	-	-	-	-	Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker can cause a stack overflow by entering large data into URL parameters, which will … New	-	CVE-2024-41882	2024-12-24 15:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

82	6.4	MEDIUM Network	-	-	The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_cart_button' and 'wp_cart_display_product' shortcodes in all versions up to, … New	CWE-79 Cross-site Scripting	CVE-2024-12622	2024-12-24 15:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

83	8.8	HIGH Network	-	-	The Custom Login Page Styler – Login Protected Private Site , Change wp-admin login url , WordPress login logo , Temporary admin login access , Rename login , Login customizer, Hide wp-login – Limit … New	CWE-862 Missing Authorization	CVE-2024-12594	2024-12-24 15:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

84	6.1	MEDIUM Network	-	-	The Export Customers Data plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 't' parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization… New	CWE-79 Cross-site Scripting	CVE-2024-12405	2024-12-24 15:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

85	4.3	MEDIUM Network	-	-	The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wcdn_remove_shoplogo' AJAX action … New	CWE-862 Missing Authorization	CVE-2024-12210	2024-12-24 15:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

86	6.1	MEDIUM Network	-	-	The Bitcoin Lightning Publisher for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versi… New	CWE-79 Cross-site Scripting	CVE-2024-12100	2024-12-24 15:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

87	-	-	-	-	The Exhibit to WP Gallery WordPress plugin through 0.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be use… New	-	CVE-2024-12096	2024-12-24 15:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

88	5.3	MEDIUM Network	-	-	The Advanced Google reCAPTCHA plugin for WordPress is vulnerable to IP unblocking in all versions up to, and including, 1.25. This is due to the plugin not utilizing a strong unique key when generati… New	CWE-340 Generation of Predictable Numbers or Identifiers	CVE-2024-12034	2024-12-24 15:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

89	6.4	MEDIUM Network	-	-	The NinjaTeam Chat for Telegram plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'njtele_button shortcode in all versions up to, and including, 1.0 due to insufficie… New	CWE-79 Cross-site Scripting	CVE-2024-11885	2024-12-24 15:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

90	6.1	MEDIUM Network	-	-	The WP-Appbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 4.5.3 due to insufficient input sanitization and outp… New	CWE-79 Cross-site Scripting	CVE-2024-12710	2024-12-24 14:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

91	5.4	MEDIUM Network	-	-	The WC Price History for Omnibus plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 2.1.3. This … New	CWE-862 Missing Authorization	CVE-2024-12617	2024-12-24 14:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

92	6.4	MEDIUM Network	-	-	The ShMapper by Teplitsa plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shmMap' shortcode in all versions up to, and including, 1.4.18 due to insufficient input s… New	CWE-79 Cross-site Scripting	CVE-2024-12518	2024-12-24 14:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

93	6.4	MEDIUM Network	-	-	The Optio Dentistry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'optio-lightbox' shortcode in all versions up to, and including, 2.1 due to insufficient input s… New	CWE-79 Cross-site Scripting	CVE-2024-12507	2024-12-24 14:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

94	6.5	MEDIUM Network	-	-	The ELEX WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the elex_dp_export_rules() and elex_dp_import… New	CWE-862 Missing Authorization	CVE-2024-12266	2024-12-24 14:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

95	5.4	MEDIUM Network	-	-	A vulnerability in Koji was found. An unsanitized input allows for an XSS attack. Javascript code from a malicious link could be reflected in the resulting web page. It is not expected to be able to … New	CWE-116 Improper Encoding or Escaping of Output	CVE-2024-9427	2024-12-24 13:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

96	8.1	HIGH Network	-	-	A vulnerability was found in Pagure. Support of symbolic links during repository archiving of repositories allows the disclosure of local files. This flaw allows a malicious user to take advantage of… New	CWE-61 UNIX Symbolic Link (Symlink) Following	CVE-2024-47515	2024-12-24 13:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

97	7.1	HIGH Network	-	-	A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud en… New	CWE-305 Authentication Bypass by Primary Weakness	CVE-2024-12582	2024-12-24 13:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

98	-	-	-	-	In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setti… New	-	CVE-2024-40896	2024-12-24 12:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

99	-	-	-	-	An integer underflow was discovered in Fort 1.6.3 and 1.6.4 before 1.6.5. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a Manifest RPKI object … Update	-	CVE-2024-56375	2024-12-24 12:15	2024-12-23	Show	GitHub Exploit DB Packet Storm

100	-	-	-	-	A stored cross-site scripting (XSS) vulnerability in the Project name of REDCap through 15.0.0 allows authenticated users to inject malicious scripts into the name field of a Project. When a user cli… Update	-	CVE-2024-56314	2024-12-24 12:15	2024-12-23	Show	GitHub Exploit DB Packet Storm