Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Jan. 31, 2025, 4:03 p.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show
Exploit
PoC
Search
189021 5.8 警告 Mozilla Foundation - Mozilla Firefox における偽造されたドメインアソシエーションで JavaScript メッセージを生成される脆弱性 CWE-362
競合状態
CVE-2009-4129 2012-09-25 17:38 2009-12-14 Show GitHub Exploit DB Packet Storm
189022 6.8 警告 OpenSolution - Quick.CMS および Quick.CMS.Lite におけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反
CVE-2009-4121 2012-09-25 17:38 2009-11-30 Show GitHub Exploit DB Packet Storm
189023 6.8 警告 OpenSolution - Quick.Cart におけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反
CVE-2009-4120 2012-09-25 17:38 2009-11-30 Show GitHub Exploit DB Packet Storm
189024 4.9 警告 カスペルスキー - Kaspersky Anti-Virus の kl1.sys におけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認
CVE-2009-4114 2012-09-25 17:38 2009-11-30 Show GitHub Exploit DB Packet Storm
189025 6.8 警告 PEAR - PEAR の Mail パッケージにおける任意のファイルを読み書きされる脆弱性 CWE-94
コード・インジェクション
CVE-2009-4111 2012-09-25 17:38 2009-05-7 Show GitHub Exploit DB Packet Storm
189026 7.5 危険 ohloh - Agoko CMS の admintools/editpage-2.php における任意の PHP コードを実行される脆弱性 CWE-20
不適切な入力確認
CVE-2009-4106 2012-09-25 17:38 2009-11-29 Show GitHub Exploit DB Packet Storm
189027 7.5 危険 lyften - Joomla! 用の lyftenbloggie コンポーネントにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2009-4104 2012-09-25 17:38 2009-11-29 Show GitHub Exploit DB Packet Storm
189028 6 警告 OpenX - OpenX adserver の banner-edit.php における任意のコードを実行される脆弱性 CWE-20
不適切な入力確認
CVE-2009-4098 2012-09-25 17:38 2009-11-29 Show GitHub Exploit DB Packet Storm
189029 9.3 危険 malsmith - Serenity Audio Player におけるスタックベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー
CVE-2009-4097 2012-09-25 17:38 2009-11-29 Show GitHub Exploit DB Packet Storm
189030 5 警告 javascript - Xerver HTTP Server における CRLF インジェクションの脆弱性 CWE-20
不適切な入力確認
CVE-2009-4086 2012-09-25 17:38 2009-11-29 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:Feb. 2, 2025, 4:09 a.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
861 6.4 MEDIUM
Network
- - The Power Ups for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'magic-button' shortcode in all versions up to, and including, 1.2.2 due to insufficient… CWE-79
Cross-site Scripting
CVE-2024-13548 2025-01-25 17:15 2025-01-25 Show GitHub Exploit DB Packet Storm
862 6.1 MEDIUM
Network
- - The WP Contact Form7 Email Spam Blocker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient i… CWE-79
Cross-site Scripting
CVE-2024-13467 2025-01-25 17:15 2025-01-25 Show GitHub Exploit DB Packet Storm
863 6.4 MEDIUM
Network
- - The WordPress SEO Friendly Accordion FAQ with AI assisted content generation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'noticefaq' shortcode in all versions u… CWE-79
Cross-site Scripting
CVE-2024-13458 2025-01-25 17:15 2025-01-25 Show GitHub Exploit DB Packet Storm
864 6.4 MEDIUM
Network
- - The Bilingual Linker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the bl_otherlang_link_1 parameter in all versions up to, and including, 2.4 due to insufficient input saniti… CWE-79
Cross-site Scripting
CVE-2024-13441 2025-01-25 17:15 2025-01-25 Show GitHub Exploit DB Packet Storm
865 6.5 MEDIUM
Network
- - The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the s… CWE-862
 Missing Authorization
CVE-2024-13370 2025-01-25 17:15 2025-01-25 Show GitHub Exploit DB Packet Storm
866 4.3 MEDIUM
Network
- - The Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the y… CWE-862
 Missing Authorization
CVE-2024-13368 2025-01-25 17:15 2025-01-25 Show GitHub Exploit DB Packet Storm
867 6.5 MEDIUM
Network
- - The Connections Business Directory plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation when deleting a connections image directory in all versi… CWE-22
Path Traversal
CVE-2024-12885 2025-01-25 17:15 2025-01-25 Show GitHub Exploit DB Packet Storm
868 4.3 MEDIUM
Network
- - The GoHero Store Customizer for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wooh_action_settings_save_frontend() funct… CWE-862
 Missing Authorization
CVE-2024-12826 2025-01-25 17:15 2025-01-25 Show GitHub Exploit DB Packet Storm
869 6.4 MEDIUM
Network
- - The Etsy Importer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'product_link' shortcode in all versions up to, and including, 1.4.2 due to insufficient input san… CWE-79
Cross-site Scripting
CVE-2024-12817 2025-01-25 17:15 2025-01-25 Show GitHub Exploit DB Packet Storm
870 6.4 MEDIUM
Network
- - The NOTICE BOARD BY TOWKIR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'notice-board' shortcode in all versions up to, and including, 3.1 due to insufficient in… CWE-79
Cross-site Scripting
CVE-2024-12816 2025-01-25 17:15 2025-01-25 Show GitHub Exploit DB Packet Storm