Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 3, 2025, 1:14 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
190661 4.3 警告 idevSpot - IDevSpot PhpLinkExchange の index.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-3679 2012-09-25 17:17 2008-08-14 Show GitHub Exploit DB Packet Storm
190662 6.8 警告 openfreeway - Freeway の includes/events_application_top.php におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2008-3677 2012-09-25 17:17 2008-08-14 Show GitHub Exploit DB Packet Storm
190663 4.3 警告 hmailserver - hMailServer の IMAP サーバにおけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認 		CVE-2008-3676 2012-09-25 17:17 2008-08-14 Show GitHub Exploit DB Packet Storm
190664 4.3 警告 marcello brandao - XOOPS 用の Yogurt Social Network モジュールにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2008-3668 2012-09-25 17:17 2008-08-13 Show GitHub Exploit DB Packet Storm
190665 6.8 警告 Maxthon - Maxthon Browser におけるスタックベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2008-3667 2012-09-25 17:17 2008-08-13 Show GitHub Exploit DB Packet Storm
190666 9 危険 Horde - Horde Groupware Webmail における脆弱性 CWE-noinfo
情報不足 		CVE-2008-3650 2012-09-25 17:17 2008-06-4 Show GitHub Exploit DB Packet Storm
190667 9.3 危険 マイクロソフト - Microsoft Windows XP SP2 の nslookup.exe における任意のコードを実行される脆弱性 CWE-94
コード・インジェクション 		CVE-2008-3648 2012-09-25 17:17 2008-08-12 Show GitHub Exploit DB Packet Storm
190668 5 警告 noticeware - NoticeWare Email Server NG の IMAP サーバにおけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認 		CVE-2008-3607 2012-09-25 17:17 2008-08-12 Show GitHub Exploit DB Packet Storm
190669 6.8 警告 マカフィー - McAfee Encrypted USB Manager におけるオフライン総当たり攻撃を実行される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2008-3605 2012-09-25 17:17 2008-08-12 Show GitHub Exploit DB Packet Storm
190670 6.8 警告 Bharat Mediratta - Gallery の contrib/phpBB2/modules.php におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル 		CVE-2008-3600 2012-09-25 17:17 2008-08-5 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:Feb. 6, 2025, 4:09 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1181 4.8 MEDIUM
Network 		- - IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get … CWE-614
 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute 		CVE-2024-28771 2025-01-27 11:15 2025-01-27 Show GitHub Exploit DB Packet Storm
1182 4.8 MEDIUM
Network 		- - IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get … CWE-614
 Sensitive Cookie in HTTPS Session Without 'Secure' Attribute 		CVE-2024-28770 2025-01-27 11:15 2025-01-27 Show GitHub Exploit DB Packet Storm
1183 2.4 LOW
Adjacent 		- - IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could disclose sensitive information about directory contents that could aid in further attacks against the… CWE-548
 Exposure of Information Through Directory Listing 		CVE-2024-28766 2025-01-27 11:15 2025-01-27 Show GitHub Exploit DB Packet Storm
1184 5.4 MEDIUM
Network 		- - IBM InfoSphere Master Data Management 11.6, 12.0, and 14.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering… CWE-79
Cross-site Scripting 		CVE-2023-46187 2025-01-27 11:15 2025-01-27 Show GitHub Exploit DB Packet Storm
1185 4.7 MEDIUM
Network 		- - A vulnerability classified as critical was found in needyamin image_gallery 1.0. This vulnerability affects unknown code of the file /admin/gallery.php of the component Cover Image Handler. The manip… CWE-284
CWE-434
Improper Access Control
 Unrestricted Upload of File with Dangerous Type  		CVE-2025-0722 2025-01-27 09:15 2025-01-27 Show GitHub Exploit DB Packet Storm
1186 4.3 MEDIUM
Network 		- - A vulnerability classified as problematic has been found in needyamin image_gallery 1.0. This affects the function image_gallery of the file /view.php. The manipulation of the argument username leads… CWE-79
CWE-94
Cross-site Scripting
Code Injection 		CVE-2025-0721 2025-01-27 09:15 2025-01-27 Show GitHub Exploit DB Packet Storm
1187 3.3 LOW
Local 		- - A vulnerability was found in Microword eScan Antivirus 7.0.32 on Linux. It has been rated as problematic. Affected by this issue is the function removeExtraSlashes of the file /opt/MicroWorld/sbin/rt… CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error') 
Stack-based Buffer Overflow 		CVE-2025-0720 2025-01-27 08:15 2025-01-27 Show GitHub Exploit DB Packet Storm
1188 6.5 MEDIUM
Network 		- - IBM Common Licensing 9.0 could allow an authenticated user to modify a configuration file that they should not have access to due to a broken authorization mechanism. CWE-863
 Incorrect Authorization 		CVE-2023-50946 2025-01-27 01:15 2025-01-27 Show GitHub Exploit DB Packet Storm
1189 6.2 MEDIUM
Local 		- - IBM Common Licensing 9.0 stores user credentials in plain clear text which can be read by a local user. CWE-256
Plaintext Storage of a Password  		CVE-2023-50945 2025-01-27 01:15 2025-01-27 Show GitHub Exploit DB Packet Storm
1190 4.2 MEDIUM
Physics 		- - IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning. CWE-295
Improper Certificate Validation  		CVE-2023-38009 2025-01-27 01:15 2025-01-27 Show GitHub Exploit DB Packet Storm