Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Jan. 28, 2025, 6:03 p.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show
Exploit
PoC
Search
181 6.6 警告
Physics
マイクロソフト Microsoft Windows Server 2016
Microsoft Windows 11
Microsoft Windows Server 2008
Microsoft Windows Server 2019
Microsoft Window…
Windows デジタル メディアの特権昇格の脆弱性 New CWE-125
CWE-noinfo
CVE-2025-21310 2025-01-27 17:45 2025-01-14 Show GitHub Exploit DB Packet Storm
182 7.5 重要
Network
マイクロソフト Microsoft Windows Server 2016
Microsoft Windows 11
Microsoft Windows Server 2008
Microsoft Windows Server 2019
Microsoft Window…
Windows upnphost.dll のサービス拒否の脆弱性 New CWE-400
CWE-noinfo
CVE-2025-21300 2025-01-27 17:42 2025-01-14 Show GitHub Exploit DB Packet Storm
183 5.4 警告
Network
ThemeNcode TNC PDF viewer ThemeNcode の WordPress 用 TNC PDF viewer におけるクロスサイトスクリプティングの脆弱性 New CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2024-25097 2025-01-27 17:39 2024-03-13 Show GitHub Exploit DB Packet Storm
184 8.1 重要
Network
マイクロソフト Microsoft Windows Server 2016
Microsoft Windows 11
Microsoft Windows Server 2008
Microsoft Windows Server 2019
Microsoft Window…
SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability New CWE-416
CWE-noinfo
CVE-2025-21295 2025-01-27 17:38 2025-01-14 Show GitHub Exploit DB Packet Storm
185 9.8 緊急
Network
マイクロソフト Microsoft Windows Server 2016
Microsoft Windows 11
Microsoft Windows Server 2008
Microsoft Windows Server 2019
Microsoft Window…
Windows OLE のリモートでコードが実行される脆弱性 New CWE-416
CWE-noinfo
CVE-2025-21298 2025-01-27 17:34 2025-01-14 Show GitHub Exploit DB Packet Storm
186 5.4 警告
Network
AyeCode Ltd Ketchup Shortcodes AyeCode Ltd の WordPress 用 Ketchup Shortcodes におけるクロスサイトスクリプティングの脆弱性 New CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2024-13590 2025-01-27 17:29 2025-01-22 Show GitHub Exploit DB Packet Storm
187 8.1 重要
Network
マイクロソフト Microsoft Windows Server 2016
Microsoft Windows Server 2019
Microsoft Windows Server 2012
Microsoft Windows Server 2022
Microso…
Windows リモート デスクトップ サービスのリモートでコードが実行される脆弱性 New CWE-591
CWE-noinfo
CVE-2025-21309 2025-01-27 17:26 2025-01-14 Show GitHub Exploit DB Packet Storm
188 8.8 重要
Network
マイクロソフト Microsoft Windows Server 2022
Microsoft Windows 10
Microsoft Windows 11
Microsoft Windows Server 2019
Windows Direct Show リモートでコードが実行される脆弱性 New CWE-415
CWE-noinfo
CVE-2025-21291 2025-01-27 17:22 2025-01-14 Show GitHub Exploit DB Packet Storm
189 7.8 重要
Local
マイクロソフト Microsoft Windows Server 2016
Microsoft Windows 10
Microsoft Windows Server 2019
Microsoft DWM Core ライブラリの特権の昇格の脆弱性 New CWE-416
CWE-noinfo
CVE-2025-21304 2025-01-27 17:22 2025-01-14 Show GitHub Exploit DB Packet Storm
190 5.9 警告
Network
マイクロソフト Microsoft Windows Server 2016
Microsoft Windows 11
Microsoft Windows Server 2008
Microsoft Windows Server 2019
Microsoft Window…
Windows Kerberos の情報漏えいの脆弱性 New CWE-200
CWE-noinfo
CVE-2025-21242 2025-01-27 17:18 2025-01-14 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:Jan. 28, 2025, 4:08 a.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
381 5.4 MEDIUM
Network
- - The Activity Plus Reloaded for BuddyPress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.1.1 via the 'ajax_preview_link' function. Thi… CWE-918
Server-Side Request Forgery (SSRF) 
CVE-2024-11913 2025-01-24 23:15 2025-01-24 Show GitHub Exploit DB Packet Storm
382 4.3 MEDIUM
Network
- - The RomethemeKit For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.2 via the register_controls function in widgets/offcanvas… CWE-1230
 Exposure of Sensitive Information Through Metadata
CVE-2024-10324 2025-01-24 23:15 2025-01-24 Show GitHub Exploit DB Packet Storm
383 - - - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound FooGallery Captions allows Reflected XSS. This issue affects FooGallery Captions: from n… CWE-79
Cross-site Scripting
CVE-2025-23889 2025-01-24 20:15 2025-01-24 Show GitHub Exploit DB Packet Storm
384 - - - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Custom Page Extensions allows Reflected XSS. This issue affects Custom Page Extensions: … CWE-79
Cross-site Scripting
CVE-2025-23888 2025-01-24 20:15 2025-01-24 Show GitHub Exploit DB Packet Storm
385 - - - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound MJ Contact us allows Reflected XSS. This issue affects MJ Contact us: from n/a through 5… CWE-79
Cross-site Scripting
CVE-2025-23885 2025-01-24 20:15 2025-01-24 Show GitHub Exploit DB Packet Storm
386 - - - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Sticky Button allows Stored XSS. This issue affects Sticky Button: from n/a through 1.0. CWE-79
Cross-site Scripting
CVE-2025-23839 2025-01-24 20:15 2025-01-24 Show GitHub Exploit DB Packet Storm
387 - - - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Bauernregeln allows Reflected XSS. This issue affects Bauernregeln: from n/a through 1.0… CWE-79
Cross-site Scripting
CVE-2025-23838 2025-01-24 20:15 2025-01-24 Show GitHub Exploit DB Packet Storm
388 - - - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound One Backend Language allows Reflected XSS. This issue affects One Backend Language: from… CWE-79
Cross-site Scripting
CVE-2025-23837 2025-01-24 20:15 2025-01-24 Show GitHub Exploit DB Packet Storm
389 - - - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Network-Favorites allows Reflected XSS. This issue affects Network-Favorites: from n/a t… CWE-79
Cross-site Scripting
CVE-2025-23737 2025-01-24 20:15 2025-01-24 Show GitHub Exploit DB Packet Storm
390 - - - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Gigaom Sphinx allows Reflected XSS. This issue affects Gigaom Sphinx: from n/a through 0… CWE-79
Cross-site Scripting
CVE-2025-23734 2025-01-24 20:15 2025-01-24 Show GitHub Exploit DB Packet Storm