Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Jan. 31, 2025, 4:03 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
1031	9.8	緊急 Network	SolarWinds	security event manager	SolarWinds の security event manager における信頼できないデータのデシリアライゼーションに関する脆弱性	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2024-0692	2025-01-22 15:07	2024-03-1	Show	GitHub Exploit DB Packet Storm

1032	5.4	警告 Network	bdthemes	element pack	bdthemes の WordPress 用 element pack におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2024-1426	2025-01-22 15:07	2024-04-18	Show	GitHub Exploit DB Packet Storm

1033	5.4	警告 Network	exclusiveaddons	exclusive addons for elementor	exclusiveaddons の WordPress 用 exclusive addons for elementor におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2024-3489	2025-01-22 14:42	2024-05-2	Show	GitHub Exploit DB Packet Storm

1034	5.4	警告 Network	Themeisle	otter blocks	ThemeIsle の WordPress 用 otter blocks におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2024-3725	2025-01-22 14:42	2024-05-2	Show	GitHub Exploit DB Packet Storm

1035	7.1	重要 Network	cvat	computer vision annotation tool	cvat の computer vision annotation tool におけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 CWE-352	CVE-2024-37306	2025-01-22 14:42	2024-06-13	Show	GitHub Exploit DB Packet Storm

1036	8.8	重要 Network	Shenzhen Tenda Technology Co.,Ltd.	ac500 ファームウェア	Shenzhen Tenda Technology Co.,Ltd. の ac500 ファームウェアにおける境界外書き込みに関する脆弱性	CWE-121 CWE-787	CVE-2024-3905	2025-01-22 14:42	2024-04-17	Show	GitHub Exploit DB Packet Storm

1037	8.8	重要 Network	Shenzhen Tenda Technology Co.,Ltd.	ac500 ファームウェア	Shenzhen Tenda Technology Co.,Ltd. の ac500 ファームウェアにおける境界外書き込みに関する脆弱性	CWE-121 CWE-787	CVE-2024-3910	2025-01-22 14:42	2024-04-17	Show	GitHub Exploit DB Packet Storm

1038	5.4	警告 Network	StylemixThemes	MasterStudy LMS	StylemixThemes の WordPress 用 MasterStudy LMS における認証の欠如に関する脆弱性	CWE-862 認証の欠如	CVE-2024-3942	2025-01-22 14:42	2024-05-2	Show	GitHub Exploit DB Packet Storm

1039	7.5	重要 Network	マイクロフォーカス株式会社	imanager	マイクロフォーカス株式会社の imanager におけるサーバサイドのリクエストフォージェリの脆弱性	CWE-918 CWE-918	CVE-2024-3970	2025-01-22 14:42	2024-05-15	Show	GitHub Exploit DB Packet Storm

1040	8.8	重要 Network	Shenzhen Tenda Technology Co.,Ltd.	AC8 ファームウェア	Shenzhen Tenda Technology Co.,Ltd. の AC8 ファームウェアにおける境界外書き込みに関する脆弱性	CWE-121 CWE-787	CVE-2024-4066	2025-01-22 14:42	2024-04-23	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:Feb. 1, 2025, 4:12 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
261	-		-	-	The Bulk Me Now! WordPress plugin through 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow … New	-	CVE-2024-12708	2025-01-31 01:15	2025-01-30	Show	GitHub Exploit DB Packet Storm

262	-		-	-	The Bulk Me Now! WordPress plugin through 2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against h… New	-	CVE-2024-12638	2025-01-31 01:15	2025-01-30	Show	GitHub Exploit DB Packet Storm

263	-		-	-	The tourmaster WordPress plugin before 5.3.5 does not escape generated URLs before outputting them in attributes, leading to Reflected Cross-Site Scripting. New	-	CVE-2024-12400	2025-01-31 01:15	2025-01-30	Show	GitHub Exploit DB Packet Storm

264	-		-	-	The goodlayers-core WordPress plugin before 2.1.3 allows users with a subscriber role and above to upload SVGs containing malicious payloads. New	-	CVE-2024-12163	2025-01-31 01:15	2025-01-30	Show	GitHub Exploit DB Packet Storm

265	6.5	MEDIUM Network	-	-	A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user w… New	CWE-284 Improper Access Control	CVE-2025-23367	2025-01-31 00:15	2025-01-31	Show	GitHub Exploit DB Packet Storm

266	-		-	-	VMware Aria Operations for Logs contains an information disclosure vulnerability. A malicious actor with View Only Admin permissions may be able to read the credentials of a VMware product integrated… New	-	CVE-2025-22218	2025-01-31 00:15	2025-01-31	Show	GitHub Exploit DB Packet Storm

267	3.5	LOW Network	-	-	A vulnerability classified as problematic has been found in Maybecms 1.2. This affects an unknown part of the file /mb/admin/index.php?u=article-edit of the component Add Article. The manipulation of… New	CWE-79 CWE-94 Cross-site Scripting Code Injection	CVE-2025-0871	2025-01-31 00:15	2025-01-31	Show	GitHub Exploit DB Packet Storm

268	-		-	-	DevDojo Voyager through version 1.8.0 is vulnerable to bypassing the file type verification when an authenticated user uploads a file via /admin/media/upload. An authenticated user can upload a web s… New	-	CVE-2024-55417	2025-01-31 00:15	2025-01-31	Show	GitHub Exploit DB Packet Storm

269	-		-	-	DevDojo Voyager through version 1.8.0 is vulnerable to reflected XSS via /admin/compass. By manipulating an authenticated user to click on a link, arbitrary Javascript can be executed. New	-	CVE-2024-55416	2025-01-31 00:15	2025-01-31	Show	GitHub Exploit DB Packet Storm

270	-		-	-	DevDojo Voyager through 1.8.0 is vulnerable to path traversal at the /admin/compass. New	-	CVE-2024-55415	2025-01-31 00:15	2025-01-31	Show	GitHub Exploit DB Packet Storm