Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 3, 2025, 1:14 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
1041 9.8 緊急
Network 		SolarWinds security event manager SolarWinds の security event manager における信頼できないデータのデシリアライゼーションに関する脆弱性 CWE-502
信頼性のないデータのデシリアライゼーション 		CVE-2024-0692 2025-01-22 15:07 2024-03-1 Show GitHub Exploit DB Packet Storm
1042 5.4 警告
Network 		bdthemes element pack bdthemes の WordPress 用 element pack におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2024-1426 2025-01-22 15:07 2024-04-18 Show GitHub Exploit DB Packet Storm
1043 5.4 警告
Network 		exclusiveaddons exclusive addons for elementor exclusiveaddons の WordPress 用 exclusive addons for elementor におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2024-3489 2025-01-22 14:42 2024-05-2 Show GitHub Exploit DB Packet Storm
1044 5.4 警告
Network 		Themeisle otter blocks ThemeIsle の WordPress 用 otter blocks におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2024-3725 2025-01-22 14:42 2024-05-2 Show GitHub Exploit DB Packet Storm
1045 7.1 重要
Network 		cvat computer vision annotation tool cvat の computer vision annotation tool におけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
CWE-352
CVE-2024-37306 2025-01-22 14:42 2024-06-13 Show GitHub Exploit DB Packet Storm
1046 8.8 重要
Network 		Shenzhen Tenda Technology Co.,Ltd. ac500 ファームウェア Shenzhen Tenda Technology Co.,Ltd. の ac500 ファームウェアにおける境界外書き込みに関する脆弱性 CWE-121
CWE-787
CVE-2024-3905 2025-01-22 14:42 2024-04-17 Show GitHub Exploit DB Packet Storm
1047 8.8 重要
Network 		Shenzhen Tenda Technology Co.,Ltd. ac500 ファームウェア Shenzhen Tenda Technology Co.,Ltd. の ac500 ファームウェアにおける境界外書き込みに関する脆弱性 CWE-121
CWE-787
CVE-2024-3910 2025-01-22 14:42 2024-04-17 Show GitHub Exploit DB Packet Storm
1048 5.4 警告
Network 		StylemixThemes MasterStudy LMS StylemixThemes の WordPress 用 MasterStudy LMS における認証の欠如に関する脆弱性 CWE-862
認証の欠如 		CVE-2024-3942 2025-01-22 14:42 2024-05-2 Show GitHub Exploit DB Packet Storm
1049 7.5 重要
Network 		マイクロフォーカス株式会社 imanager マイクロフォーカス株式会社の imanager におけるサーバサイドのリクエストフォージェリの脆弱性 CWE-918
CWE-918
CVE-2024-3970 2025-01-22 14:42 2024-05-15 Show GitHub Exploit DB Packet Storm
1050 8.8 重要
Network 		Shenzhen Tenda Technology Co.,Ltd. AC8 ファームウェア Shenzhen Tenda Technology Co.,Ltd. の AC8 ファームウェアにおける境界外書き込みに関する脆弱性 CWE-121
CWE-787
CVE-2024-4066 2025-01-22 14:42 2024-04-23 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:Feb. 3, 2025, 4:07 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
391 - - - An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain chat messages belonging to other users by changing th… CWE-284
Improper Access Control 		CVE-2025-0740 2025-01-30 20:15 2025-01-30 Show GitHub Exploit DB Packet Storm
392 - - - An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to show subscription's information of others users by changing th… CWE-284
Improper Access Control 		CVE-2025-0739 2025-01-30 20:15 2025-01-30 Show GitHub Exploit DB Packet Storm
393 6.4 MEDIUM
Network 		- - The Clinked Client Portal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'clinked-login-button' shortcode in all versions up to, and including, 1.9 due to insuffic… CWE-79
Cross-site Scripting 		CVE-2024-12524 2025-01-30 20:15 2025-01-30 Show GitHub Exploit DB Packet Storm
394 - - - Dell NetWorker, version(s) prior to 19.11.0.3, all versions of 19.10 & prior versions contain(s) an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could po… CWE-428
 Unquoted Search Path or Element 		CVE-2025-21107 2025-01-30 19:15 2025-01-30 Show GitHub Exploit DB Packet Storm
395 - - - Privilege escalation vulnerability has been found in Wondershare Dr.Fone version 13.5.21. This vulnerability could allow an attacker to escalate privileges by replacing the binary ‘C:\ProgramData\Won… CWE-269
 Improper Privilege Management 		CVE-2025-0834 2025-01-30 18:15 2025-01-30 Show GitHub Exploit DB Packet Storm
396 7.5 HIGH
Network 		- - The WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and incl… CWE-285
Improper Authorization 		CVE-2024-13694 2025-01-30 18:15 2025-01-30 Show GitHub Exploit DB Packet Storm
397 6.4 MEDIUM
Network 		- - The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.8.2… CWE-79
Cross-site Scripting 		CVE-2024-13470 2025-01-30 17:15 2025-01-30 Show GitHub Exploit DB Packet Storm
398 6.4 MEDIUM
Network 		- - The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Hotspot widget in all versions up to, and including, 1.4.7 due to insufficient… CWE-79
Cross-site Scripting 		CVE-2024-13642 2025-01-30 16:15 2025-01-30 Show GitHub Exploit DB Packet Storm
399 5.3 MEDIUM
Network 		- - The Event Tickets and Registration plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.18.1 via the tc-order-id parameter due to missing val… CWE-284
Improper Access Control 		CVE-2024-13457 2025-01-30 16:15 2025-01-30 Show GitHub Exploit DB Packet Storm
400 6.4 MEDIUM
Network 		- - The EthereumICO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ethereum-ico shortcode in all versions up to, and including, 2.4.6 due to insufficient input sanitiz… CWE-79
Cross-site Scripting 		CVE-2024-12921 2025-01-30 15:15 2025-01-30 Show GitHub Exploit DB Packet Storm