Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 3, 2025, 1:14 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
188751 6.5 警告 OpenTTD - OpenTTD におけるサービス運用妨害 (DoS) の脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2010-0401 2012-09-25 17:38 2010-05-5 Show GitHub Exploit DB Packet Storm
188752 7.5 危険 Mahara - mahara の lib/user.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2010-0400 2012-09-25 17:38 2010-04-7 Show GitHub Exploit DB Packet Storm
188753 6.8 警告 nanosleep - Trac Git プラグインの PyGIT.py における任意のコマンドを実行される脆弱性 CWE-20
不適切な入力確認 		CVE-2010-0394 2012-09-25 17:38 2010-02-3 Show GitHub Exploit DB Packet Storm
188754 5 警告 JCE-Tech.com - JCE-Tech PHP Calendars の install.php におけるアクセス制限を回避する脆弱性 CWE-16
CWE-264
CVE-2010-0380 2012-09-25 17:38 2010-01-22 Show GitHub Exploit DB Packet Storm
188755 4.3 警告 JCE-Tech.com - JCE-Tech PHP Calendars の product_list.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2010-0376 2012-09-25 17:38 2010-01-21 Show GitHub Exploit DB Packet Storm
188756 7.5 危険 JCE-Tech.com - JCE-Tech PHP Calendars の product_list.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2010-0375 2012-09-25 17:38 2010-01-21 Show GitHub Exploit DB Packet Storm
188757 7.5 危険 Joomla! - Joomla! 用の libros コンポーネントにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2010-0373 2012-09-25 17:38 2010-01-21 Show GitHub Exploit DB Packet Storm
188758 7.5 危険 hong chuyen - Joomla! の articlemanager コンポーネントにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2010-0372 2012-09-25 17:38 2010-01-21 Show GitHub Exploit DB Packet Storm
188759 4.3 警告 hitmaaan - Hitmaaan Gallery の index.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2010-0371 2012-09-25 17:38 2010-01-21 Show GitHub Exploit DB Packet Storm
188760 7.5 危険 matthias graubner - Helpdesk エクステンションにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2010-0333 2012-09-25 17:38 2010-01-15 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:Feb. 12, 2025, 4:14 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1321 3.3 LOW
Local 		apple macos
ipados
iphone_os 		A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.3, iOS 18.3 and iPadOS 18.3. An app may be able to view a contact's phone n… CWE-532
 Inclusion of Sensitive Information in Log Files 		CVE-2025-24145 2025-01-31 03:04 2025-01-28 Show GitHub Exploit DB Packet Storm
1322 7.5 HIGH
Network 		jyothisjoy eventer The Eventer plugin for WordPress is vulnerable to SQL Injection via the 'event' parameter in the 'eventer_get_attendees' function in all versions up to, and including, 3.9.8 due to insufficient escap… CWE-89
SQL Injection 		CVE-2024-11135 2025-01-31 03:03 2025-01-28 Show GitHub Exploit DB Packet Storm
1323 6.5 MEDIUM
Network 		apple macos
ipados
safari
visionos 		The issue was addressed with improved access restrictions to the file system. This issue is fixed in macOS Sequoia 15.3, Safari 18.3, iOS 18.3 and iPadOS 18.3, visionOS 2.3. A maliciously crafted web… NVD-CWE-noinfo
CVE-2025-24143 2025-01-31 03:03 2025-01-28 Show GitHub Exploit DB Packet Storm
1324 3.3 LOW
Local 		apple ipados
iphone_os 		An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.3 and iPadOS 18.3. An attacker with physical access to an unlocked device may be able to access Pho… NVD-CWE-noinfo
CVE-2025-24141 2025-01-31 03:03 2025-01-28 Show GitHub Exploit DB Packet Storm
1325 9.8 CRITICAL
Network 		themerex addons The ThemeREX Addons plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'trx_addons_uploads_save_data' function in all versions up to, and includin… CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2024-13448 2025-01-31 03:01 2025-01-28 Show GitHub Exploit DB Packet Storm
1326 4.4 MEDIUM
Local 		apple macos This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Ventura 13.7.3, macOS Sequoia 15.3, macOS Sonoma 14.7.3. A malicious app may be able to create symlinks to … CWE-59
Link Following 		CVE-2025-24136 2025-01-31 03:00 2025-01-28 Show GitHub Exploit DB Packet Storm
1327 6.5 MEDIUM
Network 		apple macos
ipados
iphone_os
visionos
watchos
tvos 		The issue was addressed with improved memory handling. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. An attacker in a privileged position… NVD-CWE-noinfo
CVE-2025-24131 2025-01-31 02:58 2025-01-28 Show GitHub Exploit DB Packet Storm
1328 6.1 MEDIUM
Network 		westguardsolutions ws_form The WS Form LITE – Drag & Drop Contact Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url parameter in all versions up to, and including, 1.10.13… CWE-79
Cross-site Scripting 		CVE-2024-13509 2025-01-31 02:56 2025-01-28 Show GitHub Exploit DB Packet Storm
1329 5.4 MEDIUM
Network 		ilghera mailup_auto_subscription The MailUp Auto Subscription plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the … CWE-352
 Origin Validation Error 		CVE-2024-13521 2025-01-31 02:41 2025-01-28 Show GitHub Exploit DB Packet Storm
1330 5.4 MEDIUM
Network 		wpmet elementskit The ElementsKit Pro plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 3.7.8 due to insufficient input sanitizat… CWE-79
Cross-site Scripting 		CVE-2025-0321 2025-01-31 02:39 2025-01-28 Show GitHub Exploit DB Packet Storm