Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Jan. 7, 2025, 6:02 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
131	7.8	重要 Local	nikon	nis-elements viewer	nikon の nis-elements viewer におけるヒープベースのバッファオーバーフローの脆弱性 Update	CWE-122 ヒープオーバーフロー	CVE-2022-40661	2025-01-7 14:49	2022-09-15	Show	GitHub Exploit DB Packet Storm

132	4.7	警告 Network	Outlook.com	Microsoft Edge Chromium	Microsoft Edge (Chromium ベース) Webview2 のなりすましの脆弱性 New	CWE-79 CWE-79	CVE-2024-29049	2025-01-7 14:49	2024-04-4	Show	GitHub Exploit DB Packet Storm

133	7.8	重要 Local	nikon	nis-elements viewer	nikon の nis-elements viewer における境界外読み取りに関する脆弱性 Update	CWE-125 境界外読み取り	CVE-2022-40662	2025-01-7 14:48	2022-09-15	Show	GitHub Exploit DB Packet Storm

134	7.8	重要 Local	nikon	nis-elements viewer	nikon の nis-elements viewer における境界外読み取りに関する脆弱性 Update	CWE-125 境界外読み取り	CVE-2022-40663	2025-01-7 14:47	2022-09-15	Show	GitHub Exploit DB Packet Storm

135	8.8	重要 Network	Santesoft	Sante DICOM Viewer Pro	Santesoft の Sante DICOM Viewer Pro における境界外書き込みに関する脆弱性 New	CWE-787 CWE-787	CVE-2023-34295	2025-01-7 14:41	2023-05-31	Show	GitHub Exploit DB Packet Storm

136	9.8	緊急 Network	Alltena	Allegra	Alltena の Allegra におけるパストラバーサルの脆弱性 New	CWE-22 パス・トラバーサル	CVE-2023-51639	2025-01-7 14:41	2023-12-20	Show	GitHub Exploit DB Packet Storm

137	4.7	警告 Network	Alltena	Allegra	Alltena の Allegra におけるパストラバーサルの脆弱性 New	CWE-22 パス・トラバーサル	CVE-2023-51640	2025-01-7 14:41	2023-12-20	Show	GitHub Exploit DB Packet Storm

138	4.8	警告 Network	bdtask	Bhojon	bdtask の Bhojon におけるクロスサイトスクリプティングの脆弱性 New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2024-1749	2025-01-7 14:41	2024-02-22	Show	GitHub Exploit DB Packet Storm

139	7.8	重要 Local	アップル	GarageBand	アップルの GarageBand における脆弱性 New	CWE-281 CWE-noinfo	CVE-2023-42867	2025-01-7 14:41	2023-11-6	Show	GitHub Exploit DB Packet Storm

140	7.5	重要 Network	アップル	watchOS visionos iOS iPadOS tvOS	複数のアップル製品における脆弱性 New	CWE-770 CWE-noinfo	CVE-2024-54538	2025-01-7 14:41	2024-10-28	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:Jan. 7, 2025, 4:05 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1	6.5	MEDIUM Network	progress	whatsup_gold	In WhatsUp Gold versions released before 2024.0.2, an authenticated user can use a specially crafted HTTP request that can lead to information disclosure. Update	CWE-22 Path Traversal	CVE-2024-12105	2025-01-7 01:55	2024-12-31	Show	GitHub Exploit DB Packet Storm

2	7.5	HIGH Network	progress	whatsup_gold	In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings. Update	CWE-306 Missing Authentication for Critical Function	CVE-2024-12106	2025-01-7 01:54	2024-12-31	Show	GitHub Exploit DB Packet Storm

3	9.6	CRITICAL Network	progress	whatsup_gold	In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API. Update	CWE-290 Authentication Bypass by Spoofing	CVE-2024-12108	2025-01-7 01:51	2024-12-31	Show	GitHub Exploit DB Packet Storm

4	-		-	-	TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn't escape the user-supplied page name when outputting, so an XSS payload as the page… New	CWE-79 CWE-80 Cross-site Scripting Basic XSS	CVE-2025-21612	2025-01-7 01:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

5	-		-	-	tgstation-server is a production scale tool for BYOND server management. Prior to 6.12.3, roles used to authorize API methods were incorrectly OR'd instead of AND'ed with the role used to determine i… New	CWE-285 Improper Authorization	CVE-2025-21611	2025-01-7 01:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

6	-		-	-	LangChain4j-AIDeepin is a Retrieval enhancement generation (RAG) project. Prior to 3.5.0, LangChain4j-AIDeepin uses MD5 to hash files, which may cause file upload conflicts. This issue is fixed in 3.… New	CWE-328 Use of Weak Hash	CVE-2025-21604	2025-01-7 01:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

7	-		-	-	Open Redirect vulnerability in Pnetlab 5.3.11 allows an attacker to manipulate URLs to redirect users to arbitrary external websites via a crafted script New	-	CVE-2024-51112	2025-01-7 01:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

8	-		-	-	Cross-Site Scripting (XSS) vulnerability in Pnetlab 5.3.11 allows an attacker to inject malicious scripts into a web page, which are executed in the context of the victim's browser. New	-	CVE-2024-51111	2025-01-7 01:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

9	6.4	MEDIUM Network	-	-	IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaS… New	CWE-79 Cross-site Scripting	CVE-2024-31914	2025-01-7 01:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

10	5.5	MEDIUM Network	-	-	IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaS… New	CWE-79 Cross-site Scripting	CVE-2024-31913	2025-01-7 01:15	2025-01-7	Show	GitHub Exploit DB Packet Storm