Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Feb. 3, 2025, 1:14 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
1	9.8	緊急 Network	icontrolwp	iControlWP	icontrolwp の WordPress 用 iControlWP における信頼できないデータのデシリアライゼーションに関する脆弱性	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2024-13742	2025-01-31 17:40	2025-01-30	Show	GitHub Exploit DB Packet Storm

2	5.4	警告 Network	ilghera	MailUp Auto Subscription	ilghera の WordPress 用 MailUp Auto Subscription におけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2024-13521	2025-01-31 17:37	2025-01-28	Show	GitHub Exploit DB Packet Storm

3	6.5	警告 Network	アップル	visionos Safari iPadOS	複数のアップル製品における脆弱性	CWE-noinfo 情報不足	CVE-2025-24143	2025-01-31 17:31	2025-01-27	Show	GitHub Exploit DB Packet Storm

4	5.5	警告 Local		-	アップルの macOS における脆弱性	CWE-noinfo 情報不足	CVE-2025-24096	2025-01-31 17:29	2025-01-27	Show	GitHub Exploit DB Packet Storm

5	5.5	警告 Local		-	アップルの macOS における脆弱性	CWE-noinfo 情報不足	CVE-2024-54549	2025-01-31 17:27	2024-12-11	Show	GitHub Exploit DB Packet Storm

6	8.8	重要 Network	アップル	watchOS visionos Safari iPadOS iOS tvOS	複数のアップル製品における境界外書き込みに関する脆弱性	CWE-787 境界外書き込み	CVE-2024-54543	2025-01-31 17:26	2024-12-11	Show	GitHub Exploit DB Packet Storm

7	9.1	緊急 Network	アップル	watchOS iPadOS iOS	複数のアップル製品における脆弱性	CWE-noinfo 情報不足	CVE-2024-54512	2025-01-31 17:23	2024-12-11	Show	GitHub Exploit DB Packet Storm

8	5.5	警告 Local	アップル	iOS visionos iPadOS watchOS tvOS	複数のアップル製品における脆弱性	CWE-noinfo 情報不足	CVE-2025-24086	2025-01-31 17:21	2025-01-27	Show	GitHub Exploit DB Packet Storm

9	6.7	警告 Local	デル	Latitude 5414 Rugged ファームウェア Latitude 5280 ファームウェア Embedded Box PC 5000 ファームウェア Latitude 5400 ファームウェア Latitude 3189 ファームウェ…	複数のデル製品における脆弱性	CWE-20 CWE-noinfo	CVE-2024-22429	2025-01-31 16:37	2024-05-17	Show	GitHub Exploit DB Packet Storm

10	5.4	警告 Network	Philantro Inc.	Philantro - Donations and Donor Management	Philantro Inc. の WordPress 用 Philantro - Donations and Donor Management におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2024-13527	2025-01-31 16:37	2025-01-28	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:Feb. 22, 2025, 4:08 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1171	7.2	HIGH Network	-	-	The Welcart e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘name’ parameter in all versions up to, and including, 2.11.9 due to insufficient input sanitization a…	CWE-79 Cross-site Scripting	CVE-2025-0511	2025-02-12 21:15	2025-02-12	Show	GitHub Exploit DB Packet Storm

1172	-		-	-	Stored Cross-Site Scripting (XSS) vulnerability in Prestashop 8.1.7, due to the lack of proper validation of user input through ‘/<admin_directory>/index.php’, affecting the ‘link’ parameter. This vu…	CWE-79 Cross-site Scripting	CVE-2025-1230	2025-02-12 20:15	2025-02-12	Show	GitHub Exploit DB Packet Storm

1173	-		-	-	SQL Injection vulnerability in various API endpoints - offices, dashboards, etc. Apache Fineract versions 1.9 and before have a vulnerability that allows an authenticated attacker to inject malicious…	CWE-89 SQL Injection	CVE-2024-32838	2025-02-12 19:15	2025-02-12	Show	GitHub Exploit DB Packet Storm

1174	6.4	MEDIUM Network	-	-	The Easy Quiz Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wqt-question' shortcode in all versions up to, and including, 2.0 due to insufficient input san…	CWE-79 Cross-site Scripting	CVE-2024-13456	2025-02-12 19:15	2025-02-12	Show	GitHub Exploit DB Packet Storm

1175	4.3	MEDIUM Network	-	-	The Book a Room plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9. This is due to missing or incorrect nonce validation on the 'bookaroom_Sett…	CWE-352 Origin Validation Error	CVE-2024-13437	2025-02-12 19:15	2025-02-12	Show	GitHub Exploit DB Packet Storm

1176	-		-	-	Cacti through 1.2.29 allows SQL injection in the template function in host_templates.php via the graph_template parameter. NOTE: this issue exists because of an incomplete fix for CVE-2024-54146.	-	CVE-2025-26520	2025-02-12 16:15	2025-02-12	Show	GitHub Exploit DB Packet Storm

1177	8.8	HIGH Network	-	-	The All-Images.ai – IA Image Bank and Custom Image creation plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the '_get_image_by_url' function in all…	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2024-13714	2025-02-12 15:15	2025-02-12	Show	GitHub Exploit DB Packet Storm

1178	7.5	HIGH Network	-	-	The Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.5 via the 'm…	CWE-200 Information Exposure	CVE-2024-13600	2025-02-12 15:15	2025-02-12	Show	GitHub Exploit DB Packet Storm

1179	4.3	MEDIUM Network	-	-	The WP Table Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on thewptm_getFolders AJAX action in all versions up to, and including, 4.1.3. This ma…	CWE-862 Missing Authorization	CVE-2024-13374	2025-02-12 15:15	2025-02-12	Show	GitHub Exploit DB Packet Storm

1180	8.1	HIGH Network	-	-	The ConvertPlus plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cp_dismiss_notice' AJAX endpoint…	CWE-862 Missing Authorization	CVE-2024-13800	2025-02-12 14:15	2025-02-12	Show	GitHub Exploit DB Packet Storm