NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:May 11, 2026, 4:09 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
312851	8.1	HIGH Network	haloservicesolutions	haloitsm	HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability. Poisoned password reset links can be sent to existing HaloITSM users (given their email address is known). Wh…	CWE-640 Weak Password Recovery Mechanism for Forgotten Password	CVE-2024-6203	2024-08-30 02:46	2024-08-6	Show	GitHub Exploit DB Packet Storm

312852	6.1	MEDIUM Network	mozilla	firefox firefox_esr	Firefox adds web-compatibility shims in place of some tracking scripts blocked by Enhanced Tracking Protection. On a site protected by Content Security Policy in "strict-dynamic" mode, an attacker a…	CWE-79 Cross-site Scripting	CVE-2024-7524	2024-08-30 02:35	2024-08-6	Show	GitHub Exploit DB Packet Storm

312853	6.1	MEDIUM Network	insurance_management_system_project	insurance_management_system	A vulnerability has been found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file editCl…	CWE-79 Cross-site Scripting	CVE-2024-8208	2024-08-30 02:27	2024-08-28	Show	GitHub Exploit DB Packet Storm

312854	6.1	MEDIUM Network	insurance_management_system_project	insurance_management_system	A vulnerability was found in nafisulbari/itsourcecode Insurance Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file addClient.php. Th…	CWE-79 Cross-site Scripting	CVE-2024-8209	2024-08-30 02:23	2024-08-28	Show	GitHub Exploit DB Packet Storm

312855	4.3	MEDIUM Network	ibm	infosphere_information_server	IBM InfoSphere Information Server 11.7 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be use…	CWE-209 Information Exposure Through an Error Message	CVE-2024-39751	2024-08-30 01:56	2024-08-7	Show	GitHub Exploit DB Packet Storm

312856	6.1	MEDIUM Network	mozilla	firefox	Long pressing on a download link could potentially allow Javascript commands to be executed within the browser This vulnerability affects Firefox for iOS < 129.	CWE-79 Cross-site Scripting	CVE-2024-43111	2024-08-30 01:53	2024-08-7	Show	GitHub Exploit DB Packet Storm

312857	6.1	MEDIUM Network	mozilla	firefox	The contextual menu for links could provide an opportunity for cross-site scripting attacks This vulnerability affects Firefox for iOS < 129.	CWE-79 Cross-site Scripting	CVE-2024-43113	2024-08-30 01:51	2024-08-7	Show	GitHub Exploit DB Packet Storm

312858	6.1	MEDIUM Network	mozilla	firefox	Long pressing on a download link could potentially provide a means for cross-site scripting This vulnerability affects Firefox for iOS < 129.	CWE-79 Cross-site Scripting	CVE-2024-43112	2024-08-30 01:51	2024-08-7	Show	GitHub Exploit DB Packet Storm

312859	5.5	MEDIUM Local	samsung	email	Use of implicit intent for sensitive communication in Samsung Email prior to version 6.1.94.2 allows local attackers to get sensitive information.	NVD-CWE-Other	CVE-2024-34636	2024-08-30 01:47	2024-08-7	Show	GitHub Exploit DB Packet Storm

312860	10.0	CRITICAL Network	openhab	openhab_web_interface	openHAB, a provider of open-source home automation software, has add-ons including the visualization add-on CometVisu. Prior to version 4.2.1, the proxy endpoint of openHAB's CometVisu add-on can be …	NVD-CWE-noinfo	CVE-2024-42467	2024-08-30 01:26	2024-08-12	Show	GitHub Exploit DB Packet Storm

312861	9.8	CRITICAL Network	dlink	dns-315l_firmware dns-320lw_firmware dns-1550-04_firmware dns-1200-05_firmware dns-1100-4_firmware dns-726-4_firmware dns-345_firmware dns-343_firmware dns-340l_firmware dn…	A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, …	CWE-78 OS Command	CVE-2024-8210	2024-08-30 01:04	2024-08-28	Show	GitHub Exploit DB Packet Storm

312862	8.8	HIGH Network	g5plus	ultimate_bootstrap_elements_for_elementor	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in G5Theme Ultimate Bootstrap Elements for Elementor allows PHP Local File Inclusion.This issue affects Ul…	CWE-22 Path Traversal	CVE-2024-43140	2024-08-30 01:04	2024-08-13	Show	GitHub Exploit DB Packet Storm

312863	8.1	HIGH Network	gitlab	gitlab	A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to…	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2024-3035	2024-08-30 00:55	2024-08-8	Show	GitHub Exploit DB Packet Storm

312864	9.8	CRITICAL Network	dlink	dns-315l_firmware dns-320lw_firmware dns-1550-04_firmware dns-1200-05_firmware dns-1100-4_firmware dns-726-4_firmware dns-345_firmware dns-343_firmware dns-340l_firmware dn…	A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, …	CWE-78 OS Command	CVE-2024-8211	2024-08-30 00:54	2024-08-28	Show	GitHub Exploit DB Packet Storm

312865	9.8	CRITICAL Network	dlink	dns-315l_firmware dns-320lw_firmware dns-1550-04_firmware dns-1200-05_firmware dns-1100-4_firmware dns-726-4_firmware dns-345_firmware dns-343_firmware dns-340l_firmware dn…	A vulnerability was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, …	CWE-77 Command Injection	CVE-2024-8212	2024-08-30 00:53	2024-08-28	Show	GitHub Exploit DB Packet Storm

312866	9.8	CRITICAL Network	dlink	dns-315l_firmware dns-320lw_firmware dns-1550-04_firmware dns-1200-05_firmware dns-1100-4_firmware dns-726-4_firmware dns-345_firmware dns-343_firmware dns-340l_firmware dn…	A vulnerability classified as critical has been found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, D…	CWE-78 OS Command	CVE-2024-8213	2024-08-30 00:51	2024-08-28	Show	GitHub Exploit DB Packet Storm

312867	6.5	MEDIUM Network	gitlab	gitlab	An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. An issue was found that allows someone to abuse a discrepancy betwe…	CWE-94 Code Injection	CVE-2024-3958	2024-08-30 00:50	2024-08-8	Show	GitHub Exploit DB Packet Storm

312868	6.5	MEDIUM Network	gitlab	gitlab	A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 15.9 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an …	NVD-CWE-noinfo	CVE-2024-7610	2024-08-30 00:45	2024-08-8	Show	GitHub Exploit DB Packet Storm

312869	9.8	CRITICAL Network	dlink	dns-315l_firmware dns-320lw_firmware dns-1550-04_firmware dns-1200-05_firmware dns-1100-4_firmware dns-726-4_firmware dns-345_firmware dns-343_firmware dns-340l_firmware dn…	A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-34…	CWE-78 OS Command	CVE-2024-8214	2024-08-30 00:44	2024-08-28	Show	GitHub Exploit DB Packet Storm

312870	6.5	MEDIUM Network	gitlab	gitlab	An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.0.6, all versions starting from 17.1 before 17.1.4, all versions starting from 17.2 before 17.2.2. Und…	NVD-CWE-noinfo	CVE-2024-7554	2024-08-30 00:42	2024-08-8	Show	GitHub Exploit DB Packet Storm

312871	5.4	MEDIUM Network	insurance_management_system_project	insurance_management_system	A vulnerability, which was classified as critical, has been found in nafisulbari/itsourcecode Insurance Management System 1.0. Affected by this issue is some unknown functionality of the file editPay…	NVD-CWE-noinfo	CVE-2024-8216	2024-08-30 00:41	2024-08-28	Show	GitHub Exploit DB Packet Storm

312872	6.5	MEDIUM Network	gitlab	gitlab	Multiple Denial of Service (DoS) conditions has been discovered in GitLab CE/EE affecting all versions starting from 1.0 prior to 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 pr…	NVD-CWE-noinfo	CVE-2024-5423	2024-08-30 00:41	2024-08-8	Show	GitHub Exploit DB Packet Storm

312873	9.8	CRITICAL Network	donbermoy	e-commerce_website	A vulnerability has been found in SourceCodester E-Commerce Website 1.0 and classified as critical. This vulnerability affects unknown code of the file /Admin/registration.php. The manipulation of th…	CWE-89 SQL Injection	CVE-2024-8217	2024-08-30 00:39	2024-08-28	Show	GitHub Exploit DB Packet Storm

312874	9.8	CRITICAL Network	fabianros	online_quiz_site	A vulnerability was found in code-projects Online Quiz Site 1.0 and classified as critical. This issue affects some unknown processing of the file index.php. The manipulation of the argument loginid …	CWE-89 SQL Injection	CVE-2024-8218	2024-08-30 00:38	2024-08-28	Show	GitHub Exploit DB Packet Storm

312875	9.8	CRITICAL Network	fabianros	responsive_hotel_site	A vulnerability was found in code-projects Responsive Hotel Site 1.0. It has been classified as critical. Affected is an unknown function of the file index.php. The manipulation of the argument name/…	CWE-89 SQL Injection	CVE-2024-8219	2024-08-30 00:35	2024-08-28	Show	GitHub Exploit DB Packet Storm

312876	9.8	CRITICAL Network	oretnom23	music_gallery_site	A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/categories/manage_category.p…	CWE-89 SQL Injection	CVE-2024-8221	2024-08-30 00:32	2024-08-28	Show	GitHub Exploit DB Packet Storm

312877	7.2	HIGH Network	fiware	keyrock	The function "generate_app_certificates" in controllers/saml2/saml2.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly. This allows an authenticated user …	CWE-78 OS Command	CVE-2024-42167	2024-08-30 00:24	2024-08-12	Show	GitHub Exploit DB Packet Storm

312878	5.4	MEDIUM Network	oretnom23	yoga_class_registration_system	A vulnerability was found in SourceCodester Yoga Class Registration System 1.0 and classified as problematic. This issue affects some unknown processing of the file /admin/inquiries/view_inquiry.php.…	CWE-79 Cross-site Scripting	CVE-2024-7852	2024-08-30 00:23	2024-08-16	Show	GitHub Exploit DB Packet Storm

312879	7.2	HIGH Network	fiware	keyrock	The function "generate_app_certificates" in lib/app_certificates.js of FIWARE Keyrock <= 8.4 does not neutralize special elements used in an OS Command properly. This allows an authenticated user wit…	CWE-78 OS Command	CVE-2024-42166	2024-08-30 00:23	2024-08-12	Show	GitHub Exploit DB Packet Storm

312880	8.8	HIGH Network	oretnom23	yoga_class_registration_system	A vulnerability was found in SourceCodester Yoga Class Registration System up to 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/?page=categories/view_cate…	CWE-89 SQL Injection	CVE-2024-7853	2024-08-30 00:22	2024-08-16	Show	GitHub Exploit DB Packet Storm

312881	9.8	CRITICAL Network	oretnom23	yoga_class_registration_system	A vulnerability has been found in SourceCodester Yoga Class Registration System 1.0 and classified as critical. This vulnerability affects unknown code of the file /classes/Users.php?f=save of the co…	NVD-CWE-noinfo	CVE-2024-7851	2024-08-30 00:22	2024-08-16	Show	GitHub Exploit DB Packet Storm

312882	5.4	MEDIUM Network	fiware	keyrock	Insufficiently random values for generating activation token in FIWARE Keyrock <= 8.4 allow attackers to activate accounts of any user by predicting the token for the activation link.	CWE-330 Use of Insufficiently Random Values	CVE-2024-42165	2024-08-30 00:21	2024-08-12	Show	GitHub Exploit DB Packet Storm

312883	4.3	MEDIUM Network	fiware	keyrock	Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to disable two factor authorization of any user by predicting the token for the disable_2fa l…	CWE-330 Use of Insufficiently Random Values	CVE-2024-42164	2024-08-30 00:19	2024-08-12	Show	GitHub Exploit DB Packet Storm

312884	8.1	HIGH Network	fiware	keyrock	Insufficiently random values for generating password reset token in FIWARE Keyrock <= 8.4 allow attackers to take over the account of any user by predicting the token for the password reset link.	CWE-326 Inadequate Encryption Strength	CVE-2024-42163	2024-08-30 00:17	2024-08-12	Show	GitHub Exploit DB Packet Storm

312885	9.8	CRITICAL Network	oretnom23	music_gallery_site	A vulnerability classified as critical has been found in SourceCodester Music Gallery Site 1.0. This affects an unknown part of the file /admin/?page=musics/manage_music. The manipulation of the argu…	CWE-89 SQL Injection	CVE-2024-8222	2024-08-30 00:13	2024-08-28	Show	GitHub Exploit DB Packet Storm

312886	9.8	CRITICAL Network	oretnom23	music_gallery_site	A vulnerability classified as critical was found in SourceCodester Music Gallery Site 1.0. This vulnerability affects unknown code of the file /classes/Master.php?f=delete_category. The manipulation …	CWE-89 SQL Injection	CVE-2024-8223	2024-08-30 00:11	2024-08-28	Show	GitHub Exploit DB Packet Storm

312887	9.8	CRITICAL Network	angeljudesuarez	tailoring_management_system	A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file staffedit.php. The …	CWE-89 SQL Injection	CVE-2024-8220	2024-08-29 23:49	2024-08-28	Show	GitHub Exploit DB Packet Storm

312888	9.0	CRITICAL Network	microsoft	edge_chromium	Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability	CWE-843 Type Confusion	CVE-2024-38219	2024-08-29 23:45	2024-08-12	Show	GitHub Exploit DB Packet Storm

312889	5.4	MEDIUM Network	ibm	aspera_shares	IBM Aspera Shares 1.10.0 PL2 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 260574.	CWE-384 Session Fixation	CVE-2023-38018	2024-08-29 23:36	2024-08-12	Show	GitHub Exploit DB Packet Storm

312890	7.2	HIGH Network	abinitio	authorization_gateway metadata_hub	An issue discovered in import host feature in Ab Initio Metadata Hub and Authorization Gateway before 4.3.1.1 allows attackers to run arbitrary code via crafted modification of server configuration.	CWE-94 Code Injection	CVE-2024-37382	2024-08-29 23:29	2024-08-9	Show	GitHub Exploit DB Packet Storm

312891	5.3	MEDIUM Network	dorsettcontrols	infoscan	Dorsett Controls InfoScan is vulnerable due to a leak of possible sensitive information through the response headers and the rendered JavaScript prior to user login.	NVD-CWE-noinfo	CVE-2024-42493	2024-08-29 23:24	2024-08-9	Show	GitHub Exploit DB Packet Storm

312892	7.5	HIGH Network	dorsettcontrols	infoscan	Dorsett Controls Central Server update server has potential information leaks with an unprotected file that contains passwords and API keys.	NVD-CWE-noinfo	CVE-2024-39287	2024-08-29 23:23	2024-08-9	Show	GitHub Exploit DB Packet Storm

312893	3.7	LOW Network	dorsettcontrols	infoscan	The InfoScan client download page can be intercepted with a proxy, to expose filenames located on the system, which could lead to additional information exposure.	CWE-22 Path Traversal	CVE-2024-42408	2024-08-29 23:22	2024-08-9	Show	GitHub Exploit DB Packet Storm

312894	9.0	CRITICAL Network	vrcx-team	vrcx	VRCX is an assistant/companion application for VRChat. In versions prior to 2024.03.23, a CefSharp browser with over-permission and cross-site scripting via overlay notification can be combined to re…	CWE-79 Cross-site Scripting	CVE-2024-42366	2024-08-29 23:04	2024-08-9	Show	GitHub Exploit DB Packet Storm

312895	4.8	MEDIUM Network	concretecms	concrete_cms	Concrete CMS versions 9 through 9.3.2 and below 8.5.18 are vulnerable to Stored XSS in getAttributeSetName(). A rogue administrator could inject malicious code. The Concrete CMS team gave this a CVS…	CWE-79 Cross-site Scripting	CVE-2024-7394	2024-08-29 22:41	2024-08-9	Show	GitHub Exploit DB Packet Storm

312896	9.8	CRITICAL Network	havocframework	havoc	An Unauthenticated Server-Side Request Forgery (SSRF) in demon callback handling in Havoc 2 0.7 allows attackers to send arbitrary network traffic originating from the team server.	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2024-41570	2024-08-29 22:32	2024-08-12	Show	GitHub Exploit DB Packet Storm

312897	-	-	-	-	Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Access of Memory Location After End of Buffer vulnerability. A low privileged attacker with local access could potentia…	CWE-788 Access of Memory Location After End of Buffer	CVE-2024-38304	2024-08-29 22:25	2024-08-29	Show	GitHub Exploit DB Packet Storm

312898	-	-	-	-	Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Improper Input Validation vulnerability. A high privileged attacker with local access could potentially exploit this vu…	CWE-20 Improper Input Validation	CVE-2024-38303	2024-08-29 22:25	2024-08-29	Show	GitHub Exploit DB Packet Storm

312899	7.2	HIGH Network	-	-	The Theme Editor plugin for WordPress is vulnerable to deserialization of untrusted input via the 'images_array' parameter in versions up to, and including 2.8. This makes it possible for authenticat…	CWE-502 Deserialization of Untrusted Data	CVE-2022-2440	2024-08-29 22:25	2024-08-29	Show	GitHub Exploit DB Packet Storm

312900	-	-	-	-	The OpenTelemetry Collector module AWS firehose receiver is for ingesting AWS Kinesis Data Firehose delivery stream messages and parsing the records received based on the configured record type. `aws…	-	CVE-2024-45043	2024-08-29 22:25	2024-08-29	Show	GitHub Exploit DB Packet Storm