NVD Vulnerability Information Top

Show Search Menu

Vendor Name
プロダクト・サービス名
Title
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
In descending order of publication date
In descending order of update date
Number of items displayed

NVD Vulnerability Information Top

You can search the list of vulnerabilities managed by the NVD (National Vulnerability Database).
Since vulnerability information is often updated before JVN (Japan Vulnerability Note), vulnerabilities that are not listed in JVN may be updated.

If there is a vulnerability related to JVN (Japan Vulnerability Note), the information will be displayed on the detail page.

To search by CWE, please refer to the CWE Overview and check the CWE number.

CRITICAL
HIGH
MEDIUM
LOW

Update Date:June 22, 2026, 4 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
320001	-	-	-	-	There exists a use after free vulnerability in Reverb. Reverb supports the VARIANT datatype, which is supposed to represent an arbitrary object in C++. When a tensor proto of type VARIANT is unpacked…	-	CVE-2024-8375	2024-09-20 21:30	2024-09-20	Show	GitHub Exploit DB Packet Storm

320002	-	-	-	-	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ece Software Electronic Ticket System allows Reflected XSS, Cross-Site Scripting (XSS).Thi…	CWE-79 Cross-site Scripting	CVE-2024-7785	2024-09-20 21:30	2024-09-19	Show	GitHub Exploit DB Packet Storm

320003	-	-	-	-	The grafana plugin SDK bundles build metadata into the binaries it compiles; this metadata includes the repository URI for the plugin being built, as retrieved by running `git remote get-url origin`.…	-	CVE-2024-8986	2024-09-20 21:30	2024-09-19	Show	GitHub Exploit DB Packet Storm

320004	-	-	-	-	langchain_experimental (aka LangChain Experimental) 0.1.17 through 0.3.0 for LangChain allows attackers to execute arbitrary code through sympy.sympify (which uses eval) in LLMSymbolicMathChain. LLMS…	-	CVE-2024-46946	2024-09-20 21:30	2024-09-19	Show	GitHub Exploit DB Packet Storm

320005	-	-	-	-	Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing …	-	CVE-2024-7254	2024-09-20 21:30	2024-09-19	Show	GitHub Exploit DB Packet Storm

320006	-	-	-	-	In Brave Android prior to v1.67.116, domains in the Brave Shields popup are elided from the right instead of the left, which may lead to domain confusion.	-	CVE-2024-37406	2024-09-20 21:30	2024-09-19	Show	GitHub Exploit DB Packet Storm

320007	-	-	-	-	Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the save_settings() function of the file rental/admin_class.php.	-	CVE-2024-46377	2024-09-20 21:30	2024-09-19	Show	GitHub Exploit DB Packet Storm

320008	-	-	-	-	Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the update_account() function of the file rental/admin_class.php.	-	CVE-2024-46376	2024-09-20 21:30	2024-09-19	Show	GitHub Exploit DB Packet Storm

320009	-	-	-	-	Best House Rental Management System 1.0 contains an arbitrary file upload vulnerability in the signup() function of the file rental/admin_class.php.	-	CVE-2024-46375	2024-09-20 21:30	2024-09-19	Show	GitHub Exploit DB Packet Storm

320010	-	-	-	-	Best House Rental Management System 1.0 contains a SQL injection vulnerability in the delete_category() function of the file rental/admin_class.php.	-	CVE-2024-46374	2024-09-20 21:30	2024-09-19	Show	GitHub Exploit DB Packet Storm

320011	-	-	-	-	Dedecms V5.7.115 contains an arbitrary code execution via file upload vulnerability in the backend.	-	CVE-2024-46373	2024-09-20 21:30	2024-09-19	Show	GitHub Exploit DB Packet Storm

320012	-	-	-	-	Buffer Overflow vulnerability in btstack mesh commit before v.864e2f2b6b7878c8fab3cf5ee84ae566e3380c58 allows a remote attacker to execute arbitrary code via the pb_adv_handle_tranaction_cont functio…	-	CVE-2024-40568	2024-09-20 21:30	2024-09-19	Show	GitHub Exploit DB Packet Storm

320013	-	-	-	-	CoreDNS through 1.10.1 enables attackers to achieve DNS cache poisoning and inject fake responses via a birthday attack.	-	CVE-2023-30464	2024-09-20 21:30	2024-09-19	Show	GitHub Exploit DB Packet Storm

320014	-	-	-	-	Stack overflow vulnerability in the Login function in the HNAP service in D-Link DCS-960L with firmware 1.09 allows attackers to execute of arbitrary code.	-	CVE-2024-44589	2024-09-20 21:30	2024-09-19	Show	GitHub Exploit DB Packet Storm

320015	-	-	-	-	spicedb is an Open Source, Google Zanzibar-inspired permissions database to enable fine-grained authorization for customer applications. Multiple caveats over the same indirect subject type on the sa…	CWE-269 Improper Privilege Management	CVE-2024-46989	2024-09-20 21:30	2024-09-19	Show	GitHub Exploit DB Packet Storm

320016	-	-	-	-	Mesop is a Python-based UI framework designed for rapid web apps development. A vulnerability has been discovered and fixed in Mesop that could potentially allow unauthorized access to files on the s…	-	CVE-2024-45601	2024-09-20 21:30	2024-09-19	Show	GitHub Exploit DB Packet Storm

320017	-	-	-	-	UNSUPPORTED WHEN ASSIGNED An issue was discovered in BMC Remedy Mid Tier 7.6.04. An unauthenticated remote attacker is able to access any user account without using any password. NOTE: This vulne…	-	CVE-2024-34399	2024-09-20 21:30	2024-09-19	Show	GitHub Exploit DB Packet Storm

320018	-	-	-	-	XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to get access to notification filters of any user by using a URL such as `<hostn…	CWE-200 CWE-359 Information Exposure Exposure of Private Personal Information to an Unauthorized Actor	CVE-2024-46979	2024-09-20 21:30	2024-09-19	Show	GitHub Exploit DB Packet Storm

320019	-	-	-	-	XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible for any user knowing the ID of a notification filter preference of another user,…	CWE-648 Incorrect Use of Privileged APIs	CVE-2024-46978	2024-09-20 21:30	2024-09-19	Show	GitHub Exploit DB Packet Storm

320020	-	-	-	-	Victure PC420 1.1.39 was discovered to contain a hardcoded root password which is stored in plaintext.	-	CVE-2023-41610	2024-09-20 21:30	2024-09-19	Show	GitHub Exploit DB Packet Storm

320021	-	-	-	-	Directus is a real-time API and App dashboard for managing SQL database content. When relying on blocking access to localhost using the default `0.0.0.0` filter a user may bypass this block by using …	CWE-284 Improper Access Control	CVE-2024-46990	2024-09-20 21:30	2024-09-19	Show	GitHub Exploit DB Packet Storm

320022	-	-	-	-	find-my-way is a fast, open source HTTP router, internally using a Radix Tree (aka compact Prefix Tree), supports route params, wildcards, and it's framework independent. A bad regular expression is …	CWE-1333 Inefficient Regular Expression Complexity	CVE-2024-45813	2024-09-20 21:30	2024-09-19	Show	GitHub Exploit DB Packet Storm

320023	-	-	-	-	Wiki.js is an open source wiki app built on Node.js. A disabled user can still gain access to a wiki by abusing the password reset function. While setting up SMTP e-mail's on my server, I tested said…	CWE-670 Always-Incorrect Control Flow Implementation	CVE-2024-45298	2024-09-20 21:30	2024-09-19	Show	GitHub Exploit DB Packet Storm

320024	-	-	-	-	exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication.	-	CVE-2023-47105	2024-09-20 21:30	2024-09-19	Show	GitHub Exploit DB Packet Storm

320025	-	-	-	-	An arbitrary code execution vulnerability exists in versions 0.2.9 up to 0.5.10 of the Guardrails AI Guardrails framework because of the way it validates XML files. If a victim user loads a malicious…	-	CVE-2024-45858	2024-09-20 21:30	2024-09-19	Show	GitHub Exploit DB Packet Storm

320026	-	-	-	-	SQL Injection vulnerability in todesk v.1.1 allows a remote attacker to execute arbitrary code via the /todesk.com/news.html parameter.	-	CVE-2024-44542	2024-09-20 21:30	2024-09-19	Show	GitHub Exploit DB Packet Storm

320027	-	-	-	-	Insecure deserialization in sqlitedict up to v2.1.0 allows attackers to execute arbitrary code.	-	CVE-2024-35515	2024-09-20 21:30	2024-09-19	Show	GitHub Exploit DB Packet Storm

320028	-	-	-	-	Technitium 11.5.3 allows remote attackers to cause a denial of service (bandwidth amplification) because the DNSBomb manipulation causes accumulation of low-rate DNS queries such that there is a larg…	-	CVE-2023-49203	2024-09-20 21:30	2024-09-19	Show	GitHub Exploit DB Packet Storm

320029	-	-	-	-	An issue was discovered in Technitium through 11.0.3. It enables attackers to conduct a DNS cache poisoning attack and inject fake responses within 1 second, which is impactful.	-	CVE-2023-28457	2024-09-20 21:30	2024-09-19	Show	GitHub Exploit DB Packet Storm

320030	-	-	-	-	An issue was discovered in Technitium through 11.0.2. It enables attackers to launch amplification attacks (3 times more than other "golden model" software like BIND) and cause potential DoS.	-	CVE-2023-28456	2024-09-20 21:30	2024-09-19	Show	GitHub Exploit DB Packet Storm

320031	-	-	-	-	An issue was discovered in Technitium through 11.0.2. The forwarding mode enables attackers to create a query loop using Technitium resolvers, launching amplification attacks and causing potential Do…	-	CVE-2023-28455	2024-09-20 21:30	2024-09-19	Show	GitHub Exploit DB Packet Storm

320032	-	-	-	-	An issue was discovered in Technitium 11.0.2. There is a vulnerability (called BadDNS) in DNS resolving software, which triggers a resolver to ignore valid responses, thus causing DoS (denial of serv…	-	CVE-2023-28451	2024-09-20 21:30	2024-09-19	Show	GitHub Exploit DB Packet Storm

320033	-	-	-	-	ImpactThe default .htaccess file has some restrictions in the access to PHP files to only allow specific PHP files to be executed in the root of the application. This logic isn't correct, as the reg…	-	CVE-2022-25769	2024-09-20 21:30	2024-09-19	Show	GitHub Exploit DB Packet Storm

320034	-	-	-	-	Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of10::Port:unpack. This issue af…	-	CVE-2024-31198	2024-09-20 21:30	2024-09-18	Show	GitHub Exploit DB Packet Storm

320035	-	-	-	-	Improper Null Termination vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of10::Port:unpack. This i…	-	CVE-2024-31197	2024-09-20 21:30	2024-09-18	Show	GitHub Exploit DB Packet Storm

320036	-	-	-	-	Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::A…	-	CVE-2024-31196	2024-09-20 21:30	2024-09-18	Show	GitHub Exploit DB Packet Storm

320037	-	-	-	-	Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::MultipartReplyTable::unpack…	-	CVE-2024-31195	2024-09-20 21:30	2024-09-18	Show	GitHub Exploit DB Packet Storm

320038	-	-	-	-	Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::MultipartReplyPortStats::un…	-	CVE-2024-31194	2024-09-20 21:30	2024-09-18	Show	GitHub Exploit DB Packet Storm

320039	-	-	-	-	Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::MultipartReplyGroup::unpack…	-	CVE-2024-31193	2024-09-20 21:30	2024-09-18	Show	GitHub Exploit DB Packet Storm

320040	-	-	-	-	Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::MultipartReplyGroupDesc::un…	-	CVE-2024-31192	2024-09-20 21:30	2024-09-18	Show	GitHub Exploit DB Packet Storm

320041	-	-	-	-	Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::MultipartReplyMeter::unpack…	-	CVE-2024-31191	2024-09-20 21:30	2024-09-18	Show	GitHub Exploit DB Packet Storm

320042	-	-	-	-	Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::MultipartReplyMeterConfig::…	-	CVE-2024-31190	2024-09-20 21:30	2024-09-18	Show	GitHub Exploit DB Packet Storm

320043	-	-	-	-	Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::MultipartRequestTableFeatur…	-	CVE-2024-31189	2024-09-20 21:30	2024-09-18	Show	GitHub Exploit DB Packet Storm

320044	-	-	-	-	Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::MultipartReplyTableFeatures…	-	CVE-2024-31188	2024-09-20 21:30	2024-09-18	Show	GitHub Exploit DB Packet Storm

320045	-	-	-	-	Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::MultipartReplyPortDescripti…	-	CVE-2024-31187	2024-09-20 21:30	2024-09-18	Show	GitHub Exploit DB Packet Storm

320046	-	-	-	-	Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::QueueGetConfigReply::unpack…	-	CVE-2024-31186	2024-09-20 21:30	2024-09-18	Show	GitHub Exploit DB Packet Storm

320047	-	-	-	-	Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::o…	-	CVE-2024-31185	2024-09-20 21:30	2024-09-18	Show	GitHub Exploit DB Packet Storm

320048	-	-	-	-	Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::MeterStats::unpack. This i…	-	CVE-2024-31184	2024-09-20 21:30	2024-09-18	Show	GitHub Exploit DB Packet Storm

320049	-	-	-	-	Out-of-bounds Read vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::of13::Hello::unpack. This issue …	-	CVE-2024-31183	2024-09-20 21:30	2024-09-18	Show	GitHub Exploit DB Packet Storm

320050	-	-	-	-	Unchecked Return Value to NULL Pointer Dereference vulnerability in Open Networking Foundation (ONF) libfluid (libfluid_msg module). This vulnerability is associated with program routine fluid_msg::Q…	-	CVE-2024-31182	2024-09-20 21:30	2024-09-18	Show	GitHub Exploit DB Packet Storm