Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Oct. 31, 2024, 2:01 p.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show
Exploit
PoC
Search
189161 7.3 危険 シスコシステムズ - Cisco Aironet Lightweight Access Point などの OTAP 機能におけるサービス運用妨害 (DoS) の脆弱性 CWE-Other
その他
CVE-2009-2861 2012-06-26 16:10 2009-08-25 Show GitHub Exploit DB Packet Storm
189162 4.3 警告 classifiedphpscript - PHP Open Classifieds Script におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2009-2785 2012-06-26 16:10 2009-08-17 Show GitHub Exploit DB Packet Storm
189163 7.5 危険 garagesalesjunkie - GarageSales Script の visitor/view.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2009-2777 2012-06-26 16:10 2009-08-14 Show GitHub Exploit DB Packet Storm
189164 4.3 警告 freearcadescript - Free Arcade Script におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2009-2771 2012-06-26 16:10 2009-08-14 Show GitHub Exploit DB Packet Storm
189165 7.5 危険 dd-wrt - DD-WRT 24 sp1 の管理 GUI の httpd の httpd.c における設定を変更される脆弱性 CWE-264
認可・権限・アクセス制御
CVE-2009-2766 2012-06-26 16:10 2009-07-20 Show GitHub Exploit DB Packet Storm
189166 8.3 危険 dd-wrt - DD-WRT 24 sp1 の管理 GUI の httpd の httpd.c における任意のコマンドを実行される脆弱性 CWE-20
不適切な入力確認
CVE-2009-2765 2012-06-26 16:10 2009-07-20 Show GitHub Exploit DB Packet Storm
189167 7.2 危険 Avira - 複数の Avira 製品で使用されるスケジューラにおける権限を取得される脆弱性 CWE-Other
その他
CVE-2009-2761 2012-06-26 16:10 2009-08-13 Show GitHub Exploit DB Packet Storm
189168 7.5 危険 Achievo - Achievo の get_employee 関数における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2009-2734 2012-06-26 16:10 2009-10-11 Show GitHub Exploit DB Packet Storm
189169 4.3 警告 Achievo - Achievo におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2009-2733 2012-06-26 16:10 2009-10-11 Show GitHub Exploit DB Packet Storm
189170 7.8 危険 Digium - 複数の Asterisk 製品における SIP チャネルドライバにおけるサービス運用妨害 (DoS) の脆弱性 CWE-399
リソース管理の問題
CVE-2009-2726 2012-06-26 16:10 2009-08-12 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:Oct. 31, 2024, 1:08 p.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
61 9.8 CRITICAL
Network
motopress timetable_and_event_schedule The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_route_url() function called via a nopriv AJAX… Update CWE-862
 Missing Authorization
CVE-2020-36840 2024-10-31 06:06 2024-10-16 Show GitHub Exploit DB Packet Storm
62 8.8 HIGH
Network
wpvivid migration\
_backup\
_staging
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the wpvivid_upload_import_files and wpvivid_upload_files AJA… Update CWE-434
 Unrestricted Upload of File with Dangerous Type 
CVE-2020-36842 2024-10-31 06:03 2024-10-16 Show GitHub Exploit DB Packet Storm
63 5.3 MEDIUM
Network
strategy11 formidable_form_builder The Formidable Form Builder plugin for WordPress is vulnerable to Sensitive Data Exposure in versions up to, and including, 2.05.03 via the frm_forms_preview AJAX action. This makes it possible for u… Update NVD-CWE-noinfo
CVE-2017-20194 2024-10-31 06:00 2024-10-16 Show GitHub Exploit DB Packet Storm
64 6.1 MEDIUM
Network
solarwinds solarwinds_platform The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements. Update CWE-79
Cross-site Scripting
CVE-2024-45715 2024-10-31 05:59 2024-10-16 Show GitHub Exploit DB Packet Storm
65 5.4 MEDIUM
Network
gtranslate google_language_translator The Google Language Translator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in versions up to, and including, 6.0.9 due to insufficient input sanitizat… Update CWE-79
Cross-site Scripting
CVE-2021-4452 2024-10-31 05:57 2024-10-16 Show GitHub Exploit DB Packet Storm
66 4.3 MEDIUM
Network
sinaextra sina_extension_for_elementor The Sina Extension for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.7 via the render function in widgets/advanced/sina-moda… Update CWE-200
Information Exposure
CVE-2024-9540 2024-10-31 05:56 2024-10-16 Show GitHub Exploit DB Packet Storm
67 6.1 MEDIUM
Network
woo product_vendors The Product Vendors is vulnerable to Reflected Cross-Site Scripting via the 'vendor_description' parameter in versions up to, and including, 2.0.35 due to insufficient input sanitization and output e… Update CWE-79
Cross-site Scripting
CVE-2017-20193 2024-10-31 05:46 2024-10-16 Show GitHub Exploit DB Packet Storm
68 4.3 MEDIUM
Network
agnai agnai Agnai is an artificial-intelligence-agnostic multi-user, mult-bot roleplaying chat system. A vulnerability in versions prior to 1.0.330 permits attackers to upload image files at attacker-chosen loca… Update CWE-22
Path Traversal
CVE-2024-47171 2024-10-31 05:46 2024-09-27 Show GitHub Exploit DB Packet Storm
69 4.8 MEDIUM
Network
netgate pfsense A cross-site scripting (XSS) vulnerability in pfsense v2.5.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at interfaces_groups_e… Update CWE-79
Cross-site Scripting
CVE-2024-46538 2024-10-31 05:45 2024-10-23 Show GitHub Exploit DB Packet Storm
70 - - - Cross Site Scripting vulnerability in TeslaLogger Admin Panel before v.1.59.6 allows a remote attacker to execute arbitrary code via the New Journey field. New - CVE-2024-48461 2024-10-31 05:35 2024-10-30 Show GitHub Exploit DB Packet Storm