Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 3, 2025, 1:14 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
1261 - - Howyar Technologies Inc. UEFI アプリケーション 「Reloader」 Howyar 製 UEFI アプリケーション「Reloader」における署名されていないソフトウェアを実行する脆弱性 - CVE-2024-7344 2025-01-20 15:02 2024-08-29 Show GitHub Exploit DB Packet Storm
1262 5.4 警告
Network 		WebTechStreet Elementor Addon Elements WebTechStreet の WordPress 用 Elementor Addon Elements におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2024-1422 2025-01-20 15:02 2024-03-13 Show GitHub Exploit DB Packet Storm
1263 5.4 警告
Network 		Livemesh Livemesh Addons for Elementor Livemesh の WordPress 用 Livemesh Addons for Elementor におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2024-1458 2025-01-20 15:02 2024-04-9 Show GitHub Exploit DB Packet Storm
1264 5.4 警告
Network 		Livemesh Livemesh Addons for Elementor Livemesh の WordPress 用 Livemesh Addons for Elementor におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2024-1465 2025-01-20 15:02 2024-04-9 Show GitHub Exploit DB Packet Storm
1265 4.3 警告
Network 		StylemixThemes MasterStudy LMS StylemixThemes の WordPress 用 MasterStudy LMS における認証の欠如に関する脆弱性 CWE-862
認証の欠如 		CVE-2024-1904 2025-01-20 15:02 2024-04-9 Show GitHub Exploit DB Packet Storm
1266 5.4 警告
Network 		Livemesh Livemesh Addons for Elementor Livemesh の WordPress 用 Livemesh Addons for Elementor におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2024-2539 2025-01-20 15:02 2024-04-10 Show GitHub Exploit DB Packet Storm
1267 8.8 重要
Network 		Apache Software Foundation Apache Pulsar Apache Software Foundation の Apache Pulsar における入力確認に関する脆弱性 CWE-20
CWE-552
CVE-2024-27894 2025-01-20 15:02 2024-03-12 Show GitHub Exploit DB Packet Storm
1268 5.4 警告
Network 		Apache Software Foundation Apache Pulsar Apache Software Foundation の Apache Pulsar における不正な認証に関する脆弱性 CWE-863
不正な認証 		CVE-2024-28098 2025-01-20 15:02 2024-03-12 Show GitHub Exploit DB Packet Storm
1269 7.5 重要
Network 		Sonaar Music mp3 audio player for music
 radio & podcast 		Sonaar Music の WordPress 用 mp3 audio player for music, radio & podcast における認証の欠如に関する脆弱性 CWE-862
認証の欠如 		CVE-2024-31343 2025-01-20 15:02 2024-04-10 Show GitHub Exploit DB Packet Storm
1270 8.8 重要
Network 		マイクロソフト Microsoft Windows 10
Microsoft Windows Server 2022
Microsoft Windows Server 2012
Microsoft Windows Server 2008
Microsoft Window… 		Windows ルーティングとリモート アクセス サービス (RRAS) のリモートでコードが実行される脆弱性 CWE-197
CWE-noinfo
CVE-2024-30009 2025-01-20 15:01 2024-05-14 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:Feb. 13, 2025, 4:12 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
981 - - - When URL categorization is configured on a virtual server, undisclosed requests can cause TMM to terminate.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluat… CWE-125
Out-of-bounds Read 		CVE-2025-24497 2025-02-6 03:15 2025-02-6 Show GitHub Exploit DB Packet Storm
982 - - - When BIG-IP Advanced WAF/ASM Behavioral DoS (BADoS) TLS Signatures feature is configured, undisclosed traffic can case an increase in memory resource utilization. Note: Software versions which h… CWE-787
 Out-of-bounds Write 		CVE-2025-24326 2025-02-6 03:15 2025-02-6 Show GitHub Exploit DB Packet Storm
983 - - - A stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to run JavaScript in the context of the currently logged-in… CWE-79
Cross-site Scripting 		CVE-2025-24320 2025-02-6 03:15 2025-02-6 Show GitHub Exploit DB Packet Storm
984 - - - When BIG-IP Next Central Manager is running, undisclosed requests to the BIG-IP Next Central Manager API can cause the BIG-IP Next Central Manager Node's Kubernetes service to terminate. Note:… CWE-20
 Improper Input Validation  		CVE-2025-24319 2025-02-6 03:15 2025-02-6 Show GitHub Exploit DB Packet Storm
985 - - - When BIG-IP AFM is provisioned with IPS module enabled and protocol inspection profile is configured on a virtual server or firewall rule or policy, undisclosed traffic can cause an increase in CPU r… CWE-770
 Allocation of Resources Without Limits or Throttling 		CVE-2025-24312 2025-02-6 03:15 2025-02-6 Show GitHub Exploit DB Packet Storm
986 - - - An insufficient verification of data authenticity vulnerability exists in BIG-IP APM Access Policy endpoint inspection that may allow an attacker to bypass endpoint inspection checks for VPN connecti… CWE-345
 Insufficient Verification of Data Authenticity 		CVE-2025-23415 2025-02-6 03:15 2025-02-6 Show GitHub Exploit DB Packet Storm
987 - - - When users log in through the webUI or API using local authentication, BIG-IP Next Central Manager may log sensitive information in the pgaudit log files. Note: Software versions which have reache… CWE-532
 Inclusion of Sensitive Information in Log Files 		CVE-2025-23413 2025-02-6 03:15 2025-02-6 Show GitHub Exploit DB Packet Storm
988 - - - When BIG-IP APM Access Profile is configured on a virtual server, undisclosed request can cause TMM to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are… CWE-120
Classic Buffer Overflow 		CVE-2025-23412 2025-02-6 03:15 2025-02-6 Show GitHub Exploit DB Packet Storm
989 - - - When running in Appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint. A successful exploit can allow the attacker to cross a securit… CWE-77
Command Injection 		CVE-2025-23239 2025-02-6 03:15 2025-02-6 Show GitHub Exploit DB Packet Storm
990 - - - When BIG-IP PEM Control Plane listener Virtual Server is configured with Diameter Endpoint profile, undisclosed traffic can cause the Virtual Server to stop processing new client connections and an i… CWE-772
 Missing Release of Resource after Effective Lifetime 		CVE-2025-22891 2025-02-6 03:15 2025-02-6 Show GitHub Exploit DB Packet Storm