NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:Dec. 27, 2024, 4:04 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
101	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: hwmon: (nct6775-core) Fix overflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtoul() results in an overflo…	-	CVE-2024-53159	2024-12-24 21:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

102	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() This loop is supposed to break if the frequency returned from cl…	-	CVE-2024-53158	2024-12-24 21:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

103	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: clk: clk-apple-nco: Add NULL check in applnco_probe Add NULL check in applnco_probe, to handle kernel NULL pointer dereference er…	-	CVE-2024-53154	2024-12-24 21:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

104	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: glink: fix off-by-one in connector_status UCSI connector's indices start from 1 up to 3, PMIC_GLINK_MAX_PORTS. …	-	CVE-2024-53149	2024-12-24 21:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

105	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: comedi: Flush partial mappings in error case If some remap_pfn_range() calls succeeded before one failed, we still have buffer pa…	-	CVE-2024-53148	2024-12-24 21:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

106	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: exfat: fix out-of-bounds access of directory entries In the case of the directory size is greater than or equal to the cluster si…	-	CVE-2024-53147	2024-12-24 21:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

107	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent a potential integer overflow If the tag length is >= U32_MAX - 3 then the "length + 4" addition can result in an in…	-	CVE-2024-53146	2024-12-24 21:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

108	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Check the DVFS OPP count returned by the firmware Fix a kernel crash with the below call trace when the SCPI …	-	CVE-2024-53157	2024-12-24 21:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

109	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() I found the following bug in my fuzzer: UBSAN: array-i…	-	CVE-2024-53156	2024-12-24 21:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

110	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix uninitialized value in ocfs2_file_read_iter() Syzbot has reported the following KMSAN splat: BUG: KMSAN: uninit-value…	-	CVE-2024-53155	2024-12-24 21:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

111	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: PCI: qcom-ep: Move controller cleanups to qcom_pcie_perst_deassert() Currently, the endpoint cleanup function dw_pcie_ep_cleanup(…	-	CVE-2024-53153	2024-12-24 21:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

112	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: um: Fix potential integer overflow during physmem setup This issue happens when the real map size is greater than LONG_MAX, which…	-	CVE-2024-53145	2024-12-24 21:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

113	-	-	-	-	Authentication Bypass by Assumed-Immutable Data vulnerability in Apache HugeGraph-Server. This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.5.0. Users are recommended to upgrade to ve…	CWE-302 Authentication Bypass by Assumed-Immutable Data	CVE-2024-43441	2024-12-24 21:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

114	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: PCI: tegra194: Move controller cleanups to pex_ep_event_pex_rst_deassert() Currently, the endpoint cleanup function dw_pcie_ep_cl…	-	CVE-2024-53152	2024-12-24 21:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

115	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: svcrdma: Address an integer overflow Dan Carpenter reports: > Commit 78147ca8b4a9 ("svcrdma: Add a "parsed chunk list" data > str…	-	CVE-2024-53151	2024-12-24 21:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

116	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of ea…	-	CVE-2024-53150	2024-12-24 21:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

117	6.4	MEDIUM Network	-	-	The Responsive Blocks – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'responsive-block-editor-addons/portfolio' block in all versions up to, an…	CWE-79 Cross-site Scripting	CVE-2024-12268	2024-12-24 20:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

118	6.5	MEDIUM Network	-	-	The Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'category' parameter of the 'bookingpress_form' shortcode in a…	CWE-89 SQL Injection	CVE-2024-11726	2024-12-24 20:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

119	6.5	MEDIUM Network	-	-	The Booking Calendar WpDevArt plugin is vulnerable to time-based, blind SQL injection via the `id` parameter in the “wpdevart_booking_calendar” shortcode in versions up to, and including, 3.2.19 due …	CWE-89 SQL Injection	CVE-2024-10856	2024-12-24 20:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

120	5.4	MEDIUM Network	-	-	The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.6.16 d…	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2024-10584	2024-12-24 20:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

121	6.4	MEDIUM Network	-	-	The Tracking Code Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tracking code field in all versions up to, and including, 2.3.0 due to insufficient input sanitizat…	CWE-79 Cross-site Scripting	CVE-2024-8721	2024-12-24 19:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

122	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: x86/xen: don't do PV iret hypercall through hypercall page Instead of jumping to the Xen hypercall page for doing the iret hyperc…	-	CVE-2024-53241	2024-12-24 19:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

123	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: xen/netfront: fix crash when removing device When removing a netfront device directly after a suspend/resume cycle it might happe…	-	CVE-2024-53240	2024-12-24 19:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

124	8.8	HIGH Network	-	-	The PlugVersions – Easily rollback to previous versions of your plugins plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the eos_plugin_reviews_restor…	CWE-862 Missing Authorization	CVE-2024-12881	2024-12-24 19:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

125	4.9	MEDIUM Network	-	-	The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.32 via the database_backup_ajax_do…	CWE-22 Path Traversal	CVE-2024-12850	2024-12-24 19:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

126	5.3	MEDIUM Network	-	-	The Content No Cache: prevent specific content from being cached plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.1.2 via the eos_dyn_get_content act…	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2024-12103	2024-12-24 19:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

127	6.5	MEDIUM Network	-	-	The Advanced Floating Content plugin for WordPress is vulnerable to SQL Injection via the 'floating_content_duplicate_post' function in all versions up to, and including, 3.8.2 due to insufficient es…	CWE-89 SQL Injection	CVE-2024-12031	2024-12-24 19:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

128	6.1	MEDIUM Network	-	-	The WP Datepicker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpdp_get_selected_datepicker' parameter in all versions up to, and including, 2.1.4 due to insufficient…	CWE-79 Cross-site Scripting	CVE-2024-12468	2024-12-24 18:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

129	6.4	MEDIUM Network	-	-	The Text Prompter – Unlimited chatgpt text prompts for openai tasks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'text_prompter' shortcode in all versions up to,…	CWE-79 Cross-site Scripting	CVE-2024-11896	2024-12-24 18:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

130	6.4	MEDIUM Network	-	-	The Loan Comparison plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'loancomparison' shortcode in all versions up to, and including, 2.0 due to insufficient input s…	CWE-79 Cross-site Scripting	CVE-2024-12814	2024-12-24 16:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

131	-	-	-	-	Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker can create an NVR log file in a directory one level higher on the system, which ca…	-	CVE-2024-41887	2024-12-24 15:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

132	-	-	-	-	Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker could inject malformed data into url input parameters to reboot the NVR. The manuf…	-	CVE-2024-41886	2024-12-24 15:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

133	-	-	-	-	Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. The seed string for the encrypt key was hardcoding. The manufacturer has released patch firmwa…	-	CVE-2024-41885	2024-12-24 15:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

134	-	-	-	-	Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. If an attacker does not enter any value for a specific URL parameter, NULL pointer references …	-	CVE-2024-41884	2024-12-24 15:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

135	-	-	-	-	Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR . An attacker enters a special value for a specific URL parameter, resulting in a NULL point…	-	CVE-2024-41883	2024-12-24 15:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

136	-	-	-	-	Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker can cause a stack overflow by entering large data into URL parameters, which will …	-	CVE-2024-41882	2024-12-24 15:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

137	6.4	MEDIUM Network	-	-	The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_cart_button' and 'wp_cart_display_product' shortcodes in all versions up to, …	CWE-79 Cross-site Scripting	CVE-2024-12622	2024-12-24 15:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

138	8.8	HIGH Network	-	-	The Custom Login Page Styler – Login Protected Private Site , Change wp-admin login url , WordPress login logo , Temporary admin login access , Rename login , Login customizer, Hide wp-login – Limit …	CWE-862 Missing Authorization	CVE-2024-12594	2024-12-24 15:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

139	6.1	MEDIUM Network	-	-	The Export Customers Data plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 't' parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization…	CWE-79 Cross-site Scripting	CVE-2024-12405	2024-12-24 15:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

140	4.3	MEDIUM Network	-	-	The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wcdn_remove_shoplogo' AJAX action …	CWE-862 Missing Authorization	CVE-2024-12210	2024-12-24 15:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

141	6.1	MEDIUM Network	-	-	The Bitcoin Lightning Publisher for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versi…	CWE-79 Cross-site Scripting	CVE-2024-12100	2024-12-24 15:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

142	-	-	-	-	The Exhibit to WP Gallery WordPress plugin through 0.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be use…	-	CVE-2024-12096	2024-12-24 15:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

143	5.3	MEDIUM Network	-	-	The Advanced Google reCAPTCHA plugin for WordPress is vulnerable to IP unblocking in all versions up to, and including, 1.25. This is due to the plugin not utilizing a strong unique key when generati…	CWE-340 Generation of Predictable Numbers or Identifiers	CVE-2024-12034	2024-12-24 15:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

144	6.4	MEDIUM Network	-	-	The NinjaTeam Chat for Telegram plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'njtele_button shortcode in all versions up to, and including, 1.0 due to insufficie…	CWE-79 Cross-site Scripting	CVE-2024-11885	2024-12-24 15:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

145	6.1	MEDIUM Network	-	-	The WP-Appbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 4.5.3 due to insufficient input sanitization and outp…	CWE-79 Cross-site Scripting	CVE-2024-12710	2024-12-24 14:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

146	5.4	MEDIUM Network	-	-	The WC Price History for Omnibus plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 2.1.3. This …	CWE-862 Missing Authorization	CVE-2024-12617	2024-12-24 14:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

147	6.4	MEDIUM Network	-	-	The ShMapper by Teplitsa plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shmMap' shortcode in all versions up to, and including, 1.4.18 due to insufficient input s…	CWE-79 Cross-site Scripting	CVE-2024-12518	2024-12-24 14:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

148	6.4	MEDIUM Network	-	-	The Optio Dentistry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'optio-lightbox' shortcode in all versions up to, and including, 2.1 due to insufficient input s…	CWE-79 Cross-site Scripting	CVE-2024-12507	2024-12-24 14:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

149	6.5	MEDIUM Network	-	-	The ELEX WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the elex_dp_export_rules() and elex_dp_import…	CWE-862 Missing Authorization	CVE-2024-12266	2024-12-24 14:15	2024-12-24	Show	GitHub Exploit DB Packet Storm

150	5.4	MEDIUM Network	-	-	A vulnerability in Koji was found. An unsanitized input allows for an XSS attack. Javascript code from a malicious link could be reflected in the resulting web page. It is not expected to be able to …	CWE-116 Improper Encoding or Escaping of Output	CVE-2024-9427	2024-12-24 13:15	2024-12-24	Show	GitHub Exploit DB Packet Storm