Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Jan. 10, 2025, 6:04 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
189611 6.5 警告 Layton Technology - Layton HelpBox における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2007-5402 2012-09-25 16:59 2008-01-9 Show GitHub Exploit DB Packet Storm
189612 6.5 警告 Layton Technology - Layton HelpBox の uploadrequest.asp における任意の ASP ファイルを実行される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2007-5401 2012-09-25 16:59 2008-01-9 Show GitHub Exploit DB Packet Storm
189613 4.3 警告 Nucleus - Nucleus の index.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2007-5429 2012-09-25 16:59 2007-10-12 Show GitHub Exploit DB Packet Storm
189614 4.3 警告 Joomla! - Joomla! 用の com_search コンポーネントにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2007-5427 2012-09-25 16:59 2007-10-12 Show GitHub Exploit DB Packet Storm
189615 4.3 警告 interspire - ActiveKB NX におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2007-5426 2012-09-25 16:59 2007-10-12 Show GitHub Exploit DB Packet Storm
189616 6.4 警告 interspire - Interspire ActiveKB の admin/index.php における SQL インジェクションの脆弱性 CWE-94
コード・インジェクション 		CVE-2007-5425 2012-09-25 16:59 2007-10-12 Show GitHub Exploit DB Packet Storm
189617 7.5 危険 The PHP Group - PHP の disable_functions 関数における制限を回避される脆弱性 CWE-DesignError
CVE-2007-5424 2012-09-25 16:59 2007-10-12 Show GitHub Exploit DB Packet Storm
189618 4.3 警告 Mozilla Foundation - Mozilla Firefox におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2007-5415 2012-09-25 16:59 2007-10-12 Show GitHub Exploit DB Packet Storm
189619 2.6 注意 Mozilla Foundation - Mozilla Firefox におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2007-5414 2012-09-25 16:59 2007-10-12 Show GitHub Exploit DB Packet Storm
189620 7.8 危険 ヒューレット・パッカード - HP OpenView CM Infrastructure における任意のファイルを読まれる脆弱性 CWE-200
情報漏えい 		CVE-2007-5413 2012-09-25 16:59 2007-10-23 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:Jan. 10, 2025, 4:11 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
171 - - - A vulnerability, which was classified as critical, was found in wander-chu SpringBoot-Blog 1.0. This affects the function preHandle of the file src/main/java/com/my/blog/website/interceptor/BaseInter… New CWE-284
CWE-266
Improper Access Control
 Incorrect Privilege Assignment 		CVE-2024-13200 2025-01-9 12:15 2025-01-9 Show GitHub Exploit DB Packet Storm
172 - - - A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remo… New CWE-121
Stack-based Buffer Overflow 		CVE-2025-0282 2025-01-9 11:00 2025-01-9 Show GitHub Exploit DB Packet Storm
173 - - - The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases. New - CVE-2024-37372 2025-01-9 10:15 2025-01-9 Show GitHub Exploit DB Packet Storm
174 - - - Due to the improper handling of batch files in child_process.spawn / child_process.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the sh… New - CVE-2024-27980 2025-01-9 10:15 2025-01-9 Show GitHub Exploit DB Packet Storm
175 - - - A vulnerability classified as problematic was found in langhsu Mblog Blog System 3.5.0. Affected by this vulnerability is an unknown functionality of the file /search of the component Search Bar. The… New CWE-79
CWE-94
Cross-site Scripting
Code Injection 		CVE-2024-13199 2025-01-9 10:15 2025-01-9 Show GitHub Exploit DB Packet Storm
176 - - - A vulnerability classified as problematic has been found in langhsu Mblog Blog System 3.5.0. Affected is an unknown function of the file /login. The manipulation leads to observable response discrepa… New CWE-203
CWE-204
 Information Exposure Through Discrepancy
 Response Discrepancy Information Exposure 		CVE-2024-13198 2025-01-9 10:15 2025-01-9 Show GitHub Exploit DB Packet Storm
177 - - - ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current `umask` settings, meaning that it's po… New - CVE-2023-38037 2025-01-9 10:15 2025-01-9 Show GitHub Exploit DB Packet Storm
178 - - - The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compl… New - CVE-2023-28362 2025-01-9 10:15 2025-01-9 Show GitHub Exploit DB Packet Storm
179 - - - There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. New - CVE-2023-28120 2025-01-9 10:15 2025-01-9 Show GitHub Exploit DB Packet Storm
180 - - - There is a denial of service vulnerability in the header parsing component of Rack. New - CVE-2023-27539 2025-01-9 10:15 2025-01-9 Show GitHub Exploit DB Packet Storm