Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 3, 2025, 1:14 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
1051 8.8 重要
Network 		Shenzhen Tenda Technology Co.,Ltd. 4g300 ファームウェア Shenzhen Tenda Technology Co.,Ltd. の 4g300 ファームウェアにおける境界外書き込みに関する脆弱性 CWE-121
CWE-787
CVE-2024-4167 2025-01-22 14:42 2024-04-25 Show GitHub Exploit DB Packet Storm
1052 5.4 警告
Network 		Autolab project Autolab Autolab project の Autolab におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2024-52585 2025-01-22 14:42 2024-11-18 Show GitHub Exploit DB Packet Storm
1053 9.8 緊急
Network 		Mozilla Foundation Mozilla Firefox
Mozilla Thunderbird 		Mozilla Foundation の Mozilla Firefox および Mozilla Thunderbird における脆弱性 CWE-noinfo
情報不足 		CVE-2024-3863 2025-01-22 14:26 2024-04-16 Show GitHub Exploit DB Packet Storm
1054 7.8 重要
Local 		Linux Linux Kernel Linux の Linux Kernel における解放済みメモリの使用に関する脆弱性 CWE-416
解放済みメモリの使用 		CVE-2024-57887 2025-01-22 14:23 2024-12-20 Show GitHub Exploit DB Packet Storm
1055 7.8 重要
Local 		フォーティネット FortiWan フォーティネットの FortiWan における OS コマンドインジェクションの脆弱性 CWE-78
OSコマンド・インジェクション 		CVE-2021-26115 2025-01-22 14:19 2021-07-7 Show GitHub Exploit DB Packet Storm
1056 7.5 重要
Network 		フォーティネット FortiOS フォーティネットの FortiOS における境界外書き込みに関する脆弱性 CWE-122
CWE-787
CVE-2020-12819 2025-01-22 14:17 2020-09-24 Show GitHub Exploit DB Packet Storm
1057 7.2 重要
Network 		mintplexlabs anythingllm mintplexlabs の anythingllm におけるアクセス制御に関する脆弱性 CWE-284
不適切なアクセス制御 		CVE-2024-0795 2025-01-22 13:39 2024-03-2 Show GitHub Exploit DB Packet Storm
1058 7.3 重要
Local 		Rockwell Automation Arena Rockwell Automation の Arena における境界外書き込みに関する脆弱性 CWE-787
境界外書き込み 		CVE-2024-11157 2025-01-22 13:39 2024-12-19 Show GitHub Exploit DB Packet Storm
1059 5.4 警告
Network 		bdthemes element pack bdthemes の WordPress 用 element pack におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2024-1429 2025-01-22 13:39 2024-04-18 Show GitHub Exploit DB Packet Storm
1060 5.4 警告
Network 		bdthemes prime slider bdthemes の WordPress 用 prime slider におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2024-1507 2025-01-22 13:39 2024-03-13 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:Feb. 3, 2025, 4:07 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
391 - - - An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to obtain chat messages belonging to other users by changing th… CWE-284
Improper Access Control 		CVE-2025-0740 2025-01-30 20:15 2025-01-30 Show GitHub Exploit DB Packet Storm
392 - - - An Improper Access Control vulnerability has been found in EmbedAI 2.1 and below. This vulnerability allows an authenticated attacker to show subscription's information of others users by changing th… CWE-284
Improper Access Control 		CVE-2025-0739 2025-01-30 20:15 2025-01-30 Show GitHub Exploit DB Packet Storm
393 6.4 MEDIUM
Network 		- - The Clinked Client Portal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'clinked-login-button' shortcode in all versions up to, and including, 1.9 due to insuffic… CWE-79
Cross-site Scripting 		CVE-2024-12524 2025-01-30 20:15 2025-01-30 Show GitHub Exploit DB Packet Storm
394 - - - Dell NetWorker, version(s) prior to 19.11.0.3, all versions of 19.10 & prior versions contain(s) an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could po… CWE-428
 Unquoted Search Path or Element 		CVE-2025-21107 2025-01-30 19:15 2025-01-30 Show GitHub Exploit DB Packet Storm
395 - - - Privilege escalation vulnerability has been found in Wondershare Dr.Fone version 13.5.21. This vulnerability could allow an attacker to escalate privileges by replacing the binary ‘C:\ProgramData\Won… CWE-269
 Improper Privilege Management 		CVE-2025-0834 2025-01-30 18:15 2025-01-30 Show GitHub Exploit DB Packet Storm
396 7.5 HIGH
Network 		- - The WooCommerce Wishlist (High customization, fast setup,Free Elementor Wishlist, most features) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and incl… CWE-285
Improper Authorization 		CVE-2024-13694 2025-01-30 18:15 2025-01-30 Show GitHub Exploit DB Packet Storm
397 6.4 MEDIUM
Network 		- - The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 3.8.2… CWE-79
Cross-site Scripting 		CVE-2024-13470 2025-01-30 17:15 2025-01-30 Show GitHub Exploit DB Packet Storm
398 6.4 MEDIUM
Network 		- - The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Image Hotspot widget in all versions up to, and including, 1.4.7 due to insufficient… CWE-79
Cross-site Scripting 		CVE-2024-13642 2025-01-30 16:15 2025-01-30 Show GitHub Exploit DB Packet Storm
399 5.3 MEDIUM
Network 		- - The Event Tickets and Registration plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.18.1 via the tc-order-id parameter due to missing val… CWE-284
Improper Access Control 		CVE-2024-13457 2025-01-30 16:15 2025-01-30 Show GitHub Exploit DB Packet Storm
400 6.4 MEDIUM
Network 		- - The EthereumICO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ethereum-ico shortcode in all versions up to, and including, 2.4.6 due to insufficient input sanitiz… CWE-79
Cross-site Scripting 		CVE-2024-12921 2025-01-30 15:15 2025-01-30 Show GitHub Exploit DB Packet Storm