Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Jan. 31, 2025, 4:03 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
121 7.5 重要
Network 		Apache Software Foundation
日立		 Hitachi Application Server for Developers
uCosminexus Developer
Hitachi Web Server
uCosminexus Application Server Express
uCosminexus&nbs… 		Apache Software Foundation の Apache HTTP Server 等複数ベンダの製品における NULL ポインタデリファレンスに関する脆弱性 Update CWE-476
NULL ポインタデリファレンス 		CVE-2024-38477 2025-01-30 15:09 2024-07-1 Show GitHub Exploit DB Packet Storm
122 - - OpenSSL Project OpenSSL OpenSSL の関数 SSL_select_next_proto におけるバッファオーバーリードの脆弱性(OpenSSL Security Advisory [27th June 2024]) Update CWE-126
バッファオーバーリード 		CVE-2024-5535 2025-01-30 14:50 2024-07-3 Show GitHub Exploit DB Packet Storm
123 9.8 緊急
Network 		SQLite SQLite SQLite における解放済みメモリの使用に関する脆弱性 Update CWE-416
解放済みメモリの使用 		CVE-2020-11656 2025-01-30 14:08 2020-04-3 Show GitHub Exploit DB Packet Storm
124 - - B&R Industrial Automation Automation Runtime
B&R mapp View 		複数の B&R 製品における非推奨暗号アルゴリズムの使用の脆弱性 New CWE-327
不完全、または危険な暗号アルゴリズムの使用 		CVE-2024-8603 2025-01-30 13:51 2025-01-29 Show GitHub Exploit DB Packet Storm
125 7.5 重要
Network 		マイクロソフト Microsoft Entra ID Microsoft Entra ID の特権昇格の脆弱性 New CWE-284
CWE-Other
CVE-2024-43477 2025-01-30 13:32 2024-08-22 Show GitHub Exploit DB Packet Storm
126 8.8 重要
Network 		マイクロソフト Azure Managed Instance for Apache Cassandra Azure Managed Instance for Apache Cassandra の特権昇格の脆弱性 New CWE-284
CWE-Other
CVE-2024-38175 2025-01-30 12:29 2024-08-20 Show GitHub Exploit DB Packet Storm
127 8.8 重要
Network 		マイクロソフト Microsoft SQL Server Microsoft SQL Server の特権昇格の脆弱性 New CWE-20
CWE-noinfo
CVE-2024-37965 2025-01-30 12:17 2024-09-10 Show GitHub Exploit DB Packet Storm
128 4.3 警告
Network 		Linkz.ai Linkz.ai - Automatic link previews on hover Linkz.ai の WordPress 用 Linkz.ai - Automatic link previews on hover における認証の欠如に関する脆弱性 New CWE-862
認証の欠如 		CVE-2024-9587 2025-01-30 12:12 2024-10-11 Show GitHub Exploit DB Packet Storm
129 7.5 重要
Network 		デル NativeEdge Orchestrator デルの NativeEdge Orchestrator における脆弱性 New CWE-1230
CWE-noinfo
CVE-2024-53291 2025-01-30 12:09 2024-12-25 Show GitHub Exploit DB Packet Storm
130 7.8 重要
Local 		デル NativeEdge Orchestrator デルの NativeEdge Orchestrator における脆弱性 New CWE-250
CWE-noinfo
CVE-2024-47978 2025-01-30 12:08 2024-12-25 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:Feb. 1, 2025, 4:12 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
541 - - - KWHotel 0.47 is vulnerable to CSV Formula Injection in the invoice adding function. - CVE-2023-46401 2025-01-29 02:15 2025-01-24 Show GitHub Exploit DB Packet Storm
542 - - - Hyperbridge is a hyper-scalable coprocessor for verifiable, cross-chain interoperability. A critical vulnerability was discovered in the ismp-grandpa crate, that allowed a malicious prover easily con… CWE-347
CWE-670
 Improper Verification of Cryptographic Signature
 Always-Incorrect Control Flow Implementation 		CVE-2025-24800 2025-01-29 01:15 2025-01-29 Show GitHub Exploit DB Packet Storm
543 - - - In JetBrains ReSharper before 2024.3.4, 2024.2.8, and 2024.1.7, Rider before 2024.3.4, 2024.2.8, and 2024.1.7, dotTrace before 2024.3.4, 2024.2.8, and 2024.1.7, ETW Host Service before 16.43, Local P… CWE-114
 Process Control 		CVE-2025-23385 2025-01-29 01:15 2025-01-29 Show GitHub Exploit DB Packet Storm
544 - - - Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The file upload feature allows to upload arbitrary files, including html and svg. Both can contain… CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2025-23213 2025-01-29 01:15 2025-01-29 Show GitHub Exploit DB Packet Storm
545 - - - Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The external storage feature allows any user to enumerate the name and content of files on the ser… CWE-200
Information Exposure 		CVE-2025-23212 2025-01-29 01:15 2025-01-29 Show GitHub Exploit DB Packet Storm
546 - - - Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the … CWE-1336
 Improper Neutralization of Special Elements Used in a Template Engine 		CVE-2025-23211 2025-01-29 01:15 2025-01-29 Show GitHub Exploit DB Packet Storm
547 - - - Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with an account on an affected CVAT instance is able to run arbitrary code in… CWE-502
 Deserialization of Untrusted Data 		CVE-2025-23045 2025-01-29 01:15 2025-01-29 Show GitHub Exploit DB Packet Storm
548 - - - A path traversal vulnerability exists in the Rockwell Automation DataEdge Platform DataMosaix Private Cloud. By specifying the character sequence in the body of the vulnerable endpoint, it is possibl… - CVE-2025-0659 2025-01-29 01:15 2025-01-29 Show GitHub Exploit DB Packet Storm
549 - - - EWON Flexy 202 transmits user credentials in clear text with no encryption when a user is added, or user credentials are changed via its webpage. CWE-319
Cleartext Transmission of Sensitive Information 		CVE-2025-0432 2025-01-29 01:15 2025-01-29 Show GitHub Exploit DB Packet Storm
550 - - - The Social Share Buttons for WordPress plugin through 2.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scriptin… - CVE-2024-12807 2025-01-29 01:15 2025-01-28 Show GitHub Exploit DB Packet Storm