Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Oct. 30, 2024, 10:01 a.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show
Exploit
PoC
Search
189371 2.6 注意 glFusion - glFusion の lib-comment.php の 匿名のコメント機能 におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2009-0455 2012-06-26 16:10 2009-02-10 Show GitHub Exploit DB Packet Storm
189372 7.5 危険 DMXReady - DMXReady Online Notebook Manager における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2009-0454 2012-06-26 16:10 2009-02-10 Show GitHub Exploit DB Packet Storm
189373 9.3 危険 blazevideo - BlazeVideo HDTV Player におけるスタックベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー
CVE-2009-0450 2012-06-26 16:10 2009-02-10 Show GitHub Exploit DB Packet Storm
189374 7.5 危険 ASP indir - MyDesign Sayac の default.asp における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2009-0447 2012-06-26 16:10 2009-02-10 Show GitHub Exploit DB Packet Storm
189375 7.5 危険 dreampics - Dreampics Gallery Builder の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2009-0445 2012-06-26 16:10 2009-02-10 Show GitHub Exploit DB Packet Storm
189376 9.3 危険 elecard - Elecard AVC HD PLAYER におけるスタックベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー
CVE-2009-0443 2012-06-26 16:10 2009-02-10 Show GitHub Exploit DB Packet Storm
189377 7.5 危険 codefixer - LinksPro Standard Edition の Default.asp における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2009-0431 2012-06-26 16:10 2009-02-4 Show GitHub Exploit DB Packet Storm
189378 4.3 警告 Activewebsoftwares - Active Bids におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2009-0430 2012-06-26 16:10 2009-02-4 Show GitHub Exploit DB Packet Storm
189379 7.5 危険 Activewebsoftwares - Active Bids における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2009-0429 2012-06-26 16:10 2009-02-4 Show GitHub Exploit DB Packet Storm
189380 7.5 危険 DMXReady - DMXReady Secure Document Library の CategoryManager/upload_image_category.asp における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2009-0428 2012-06-26 16:10 2009-02-4 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:Oct. 30, 2024, 6:01 a.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
161 6.1 MEDIUM
Network
themeinwp social_share_with_floating_bar The Social Share With Floating Bar plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, … Update CWE-79
Cross-site Scripting
CVE-2024-8790 2024-10-29 23:44 2024-10-18 Show GitHub Exploit DB Packet Storm
162 5.4 MEDIUM
Network
sukiwp suki_sites_import The Suki Sites Import plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.2.1 due to insufficient input sanitization and out… Update CWE-79
Cross-site Scripting
CVE-2024-8916 2024-10-29 23:37 2024-10-18 Show GitHub Exploit DB Packet Storm
163 - - - A vulnerability in gaizhenbiao/chuanhuchatgpt version 20240628 allows for a Denial of Service (DOS) attack. When uploading a file, if an attacker appends a large number of characters to the end of a … New CWE-400
 Uncontrolled Resource Consumption
CVE-2024-7807 2024-10-29 23:35 2024-10-29 Show GitHub Exploit DB Packet Storm
164 - - - An improper access control vulnerability in lunary-ai/lunary version 1.3.2 allows an attacker to update the SAML configuration without authorization. This vulnerability can lead to manipulation of au… New CWE-284
Improper Access Control
CVE-2024-7475 2024-10-29 23:35 2024-10-29 Show GitHub Exploit DB Packet Storm
165 - - - In version 1.3.2 of lunary-ai/lunary, an Insecure Direct Object Reference (IDOR) vulnerability exists. A user can view or delete external users by manipulating the 'id' parameter in the request URL. … New CWE-284
Improper Access Control
CVE-2024-7474 2024-10-29 23:35 2024-10-29 Show GitHub Exploit DB Packet Storm
166 - - - A path traversal vulnerability exists in the latest version of gaizhenbiao/chuanhuchatgpt. The vulnerability arises from unsanitized input handling in multiple features, including user upload, direct… New CWE-22
Path Traversal
CVE-2024-5982 2024-10-29 23:35 2024-10-29 Show GitHub Exploit DB Packet Storm
167 - - - Focus was incorrectly allowing internal links to utilize the app scheme used for deeplinking, which could result in links potentially circumventing some URL safety checks This vulnerability affects F… New - CVE-2024-10474 2024-10-29 23:35 2024-10-29 Show GitHub Exploit DB Packet Storm
168 - - - In multipart/x-mixed-replace responses, `Content-Disposition: attachment` in the response header was not respected and did not force a download, which could allow XSS attacks. This vulnerability affe… New - CVE-2024-10461 2024-10-29 23:35 2024-10-29 Show GitHub Exploit DB Packet Storm
169 - - - Incorrect access control in the fingerprint authentication mechanism of Phone Cleaner: Boost & Clean v2.2.0 allows attackers to bypass fingerprint authentication due to the use of a deprecated API. Update - CVE-2024-31682 2024-10-29 23:35 2024-06-4 Show GitHub Exploit DB Packet Storm
170 5.5 MEDIUM
Local
linux linux_kernel In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix clobbering of SWERR overflow bit on writeback Current code blindly writes over the SWERR and the OVERFLOW bi… Update NVD-CWE-noinfo
CVE-2021-46920 2024-10-29 23:35 2024-02-27 Show GitHub Exploit DB Packet Storm