Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Feb. 3, 2025, 1:14 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
141	7.5	重要 Network	WP eCommerce	WP eCommerce	WordPress 用 WP eCommerce における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2024-1514	2025-01-30 12:03	2024-02-28	Show	GitHub Exploit DB Packet Storm

142	7.5	重要 Network	CE21, LLC	CE21 Suite	CE21, LLC の WordPress 用 CE21 Suite における脆弱性	CWE-200 CWE-noinfo	CVE-2024-10285	2025-01-30 12:01	2024-11-9	Show	GitHub Exploit DB Packet Storm

143	7.8	重要 Local	アップル	iOS tvOS iPadOS watchOS visionos	複数のアップル製品における解放済みメモリの使用に関する脆弱性	CWE-416 CWE-416	CVE-2025-24085	2025-01-30 12:01	2025-01-27	Show	GitHub Exploit DB Packet Storm

144	9.8	緊急 Network	netentsec	application security gateway	netentsec の application security gateway における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2024-5773	2025-01-30 11:55	2024-06-9	Show	GitHub Exploit DB Packet Storm

145	5.4	警告 Network	bdthemes	element pack	bdthemes の WordPress 用 element pack におけるクロスサイトスクリプティングの脆弱性	CWE-79 CWE-79	CVE-2024-7247	2025-01-30 11:55	2024-08-13	Show	GitHub Exploit DB Packet Storm

146	5.4	警告 Network	codeless	cowidgets elementor addons	codeless の WordPress 用 cowidgets elementor addons におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2024-8960	2025-01-30 11:55	2024-11-9	Show	GitHub Exploit DB Packet Storm

147	4.3	警告 Network	WPMU DEV	forminator forms	WPMU DEV の WordPress 用 forminator forms におけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2024-9352	2025-01-30 11:55	2024-10-17	Show	GitHub Exploit DB Packet Storm

148	6.5	警告 Network	インターネット技術タスクフォース (IETF)	IPv6	インターネット技術タスクフォース (IETF) の IPv6 における脆弱性	CWE-940 CWE-Other	CVE-2025-23019	2025-01-30 11:55	2025-01-14	Show	GitHub Exploit DB Packet Storm

149	5.4	警告 Network	nsqua	simply schedule appointments	nsqua の WordPress 用 simply schedule appointments におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2024-4288	2025-01-30 11:48	2024-05-16	Show	GitHub Exploit DB Packet Storm

150	5.4	警告 Network	bdthemes	element pack	bdthemes の WordPress 用 element pack におけるクロスサイトスクリプティングの脆弱性	CWE-79 CWE-79	CVE-2024-4360	2025-01-30 11:48	2024-08-12	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:Feb. 13, 2025, 4:12 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1201	-		-	-	Polycom RealPresence Group 500 <=20 has Insecure Permissions due to automatically loaded cookies. This allows for the use of administrator functions, resulting in the leakage of sensitive user inform…	-	CVE-2025-22918	2025-02-5 00:15	2025-02-4	Show	GitHub Exploit DB Packet Storm

1202	-		-	-	A Cross-Site Request Forgery (CSRF) in Geovision GV-ASWeb with the version 6.1.1.0 or less allows attackers to execute arbitrary operations via supplying a crafted HTTP request.	-	CVE-2024-56903	2025-02-5 00:15	2025-02-4	Show	GitHub Exploit DB Packet Storm

1203	-		-	-	An issue in Geovision GV-ASWeb with version 6.1.0.0 or less allows unauthorized attackers with low-level privileges to be able to request information about other accounts via a crafted HTTP request.	-	CVE-2024-56902	2025-02-5 00:15	2025-02-4	Show	GitHub Exploit DB Packet Storm

1204	-		-	-	A race condition could have led to private browsing tabs being opened in normal browsing windows. This could have resulted in a potential privacy leak. This vulnerability affects Firefox < 135, Firef…	-	CVE-2025-1013	2025-02-4 23:15	2025-02-4	Show	GitHub Exploit DB Packet Storm

1205	-		-	-	Authentik project is vulnerable to Stored XSS attacks through uploading crafted SVG files that are used as application icons. This action could only be performed by an authenticated admin user. The …	-	CVE-2024-11623	2025-02-4 23:15	2025-02-4	Show	GitHub Exploit DB Packet Storm

1206	-		-	-	Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and…	-	CVE-2024-56161	2025-02-4 21:15	2025-02-4	Show	GitHub Exploit DB Packet Storm

1207	9.8	CRITICAL Network	-	-	UNSUPPORTED WHEN ASSIGNED Insecure default credentials for the Telnet function in the legacy DSL CPE Zyxel VMG4325-B10A firmware version 1.00(AAFR.4)C0_20170615 could allow an attacker to log in …	CWE-287 Improper Authentication	CVE-2025-0890	2025-02-4 20:15	2025-02-4	Show	GitHub Exploit DB Packet Storm

1208	6.4	MEDIUM Network	-	-	The SKT Blocks – Gutenberg based Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's skt-blocks/post-carousel block in all versions up to, and including, 1…	CWE-79 Cross-site Scripting	CVE-2024-13733	2025-02-4 19:15	2025-02-4	Show	GitHub Exploit DB Packet Storm

1209	6.5	MEDIUM Network	-	-	The SocialV - Social Network and Community BuddyPress Theme theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'socialv_send_download_file' func…	CWE-862 Missing Authorization	CVE-2024-13529	2025-02-4 19:15	2025-02-4	Show	GitHub Exploit DB Packet Storm

1210	6.1	MEDIUM Network	-	-	The ShopSite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.10. This is due to missing or incorrect nonce validation on a function. This ma…	CWE-352 Origin Validation Error	CVE-2024-13510	2025-02-4 19:15	2025-02-4	Show	GitHub Exploit DB Packet Storm