Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Oct. 30, 2024, 2:02 p.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show
Exploit
PoC
Search
189501 2.6 注意 glFusion - glFusion の lib-comment.php の 匿名のコメント機能 におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2009-0455 2012-06-26 16:10 2009-02-10 Show GitHub Exploit DB Packet Storm
189502 7.5 危険 DMXReady - DMXReady Online Notebook Manager における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2009-0454 2012-06-26 16:10 2009-02-10 Show GitHub Exploit DB Packet Storm
189503 9.3 危険 blazevideo - BlazeVideo HDTV Player におけるスタックベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー
CVE-2009-0450 2012-06-26 16:10 2009-02-10 Show GitHub Exploit DB Packet Storm
189504 7.5 危険 ASP indir - MyDesign Sayac の default.asp における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2009-0447 2012-06-26 16:10 2009-02-10 Show GitHub Exploit DB Packet Storm
189505 7.5 危険 dreampics - Dreampics Gallery Builder の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2009-0445 2012-06-26 16:10 2009-02-10 Show GitHub Exploit DB Packet Storm
189506 9.3 危険 elecard - Elecard AVC HD PLAYER におけるスタックベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー
CVE-2009-0443 2012-06-26 16:10 2009-02-10 Show GitHub Exploit DB Packet Storm
189507 7.5 危険 codefixer - LinksPro Standard Edition の Default.asp における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2009-0431 2012-06-26 16:10 2009-02-4 Show GitHub Exploit DB Packet Storm
189508 4.3 警告 Activewebsoftwares - Active Bids におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2009-0430 2012-06-26 16:10 2009-02-4 Show GitHub Exploit DB Packet Storm
189509 7.5 危険 Activewebsoftwares - Active Bids における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2009-0429 2012-06-26 16:10 2009-02-4 Show GitHub Exploit DB Packet Storm
189510 7.5 危険 DMXReady - DMXReady Secure Document Library の CategoryManager/upload_image_category.asp における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2009-0428 2012-06-26 16:10 2009-02-4 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:Oct. 30, 2024, 12:32 p.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
131 5.4 MEDIUM
Network
nayrathemes clever_fox The Clever Fox – One Click Website Importer by Nayra Themes plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clever-fox-activate-theme… Update CWE-862
 Missing Authorization
CVE-2023-6876 2024-10-30 04:50 2024-06-7 Show GitHub Exploit DB Packet Storm
132 5.4 MEDIUM
Network
lightpress lightbox The WP jQuery Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘title’ attribute in all versions up to, and including, 1.5.4 due to insufficient input sanitization a… Update CWE-79
Cross-site Scripting
CVE-2024-5425 2024-10-30 04:49 2024-06-7 Show GitHub Exploit DB Packet Storm
133 5.3 MEDIUM
Network
themefarmer woocommerce_tools The WooCommerce Tools plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woocommerce_tool_toggle_module() function in all versions up to,… Update CWE-862
 Missing Authorization
CVE-2024-1689 2024-10-30 04:49 2024-06-7 Show GitHub Exploit DB Packet Storm
134 5.4 MEDIUM
Network
nayrathemes clever_fox The Clever Fox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's info box block in all versions up to, and including, 25.2.0 due to insufficient input sanitization an… Update CWE-79
Cross-site Scripting
CVE-2024-1768 2024-10-30 04:44 2024-06-7 Show GitHub Exploit DB Packet Storm
135 - - - An authorized RCE vulnerability exists in the DrayTek Vigor2960 router version 1.4.4, where an attacker can place a malicious command into the table parameter of the doPPPoE function in the cgi-bin/m… New - CVE-2024-48074 2024-10-30 04:35 2024-10-28 Show GitHub Exploit DB Packet Storm
136 - - - An issue was discovered in WTCMS 1.0. In the plupload method in \AssetController.class.php, the app parameters aren't processed, resulting in Cross Site Scripting (XSS). Update - CVE-2024-48239 2024-10-30 04:35 2024-10-26 Show GitHub Exploit DB Packet Storm
137 - - - WTCMS 1.0 is vulnerable to SQL Injection in the edit_post method of /Admin\Controller\NavControl.class.php via the parentid parameter. Update - CVE-2024-48238 2024-10-30 04:35 2024-10-26 Show GitHub Exploit DB Packet Storm
138 - - - An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the FileOutputStream function in the write String method of the ofcms-admin\src\main\java\com\ofsoft\cms\core\uitle\File… Update - CVE-2024-48236 2024-10-30 04:35 2024-10-26 Show GitHub Exploit DB Packet Storm
139 - - - An issue in ofcms 1.1.2 allows a remote attacker to execute arbitrary code via the save method of the TemplateController.java file. Update - CVE-2024-48235 2024-10-30 04:35 2024-10-26 Show GitHub Exploit DB Packet Storm
140 - - - An issue was discovered in mipjz 5.0.5. In the push method of app\tag\controller\ApiAdminTag.php the value of the postAddress parameter is not processed and is directly passed into curl_exec executio… Update - CVE-2024-48234 2024-10-30 04:35 2024-10-26 Show GitHub Exploit DB Packet Storm