Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Oct. 5, 2024, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
191081 7.5 危険 ASP indir - Hazir Site の giris_yap.asp における SQL インジェクションの脆弱性 - CVE-2006-7161 2012-06-26 15:38 2007-03-7 Show GitHub Exploit DB Packet Storm
191082 4.9 警告 Agnitum - Outpost Firewall PRO の sandbox.sys ドライバにおけるサービス運用妨害 (DoS) の脆弱性 CWE-20
不適切な入力確認 		CVE-2006-7160 2012-06-26 15:38 2007-03-7 Show GitHub Exploit DB Packet Storm
191083 6.4 警告 bti-tracker - BTI-Tracker の include/prune_torrents.php におけるディレクトリトラバーサルの脆弱性 - CVE-2006-7159 2012-06-26 15:38 2007-03-7 Show GitHub Exploit DB Packet Storm
191084 7.1 危険 Google - Google Earth におけるバッファオーバーフローの脆弱性 - CVE-2006-7157 2012-06-26 15:38 2007-03-7 Show GitHub Exploit DB Packet Storm
191085 8.5 危険 asp-nuke - ASP-Nuke Community の default.asp における権限を取得される脆弱性 - CVE-2006-7152 2012-06-26 15:38 2007-03-7 Show GitHub Exploit DB Packet Storm
191086 7.8 危険 Apache Software Foundation - Apache Tomca の AJP コネクタにおける重要なメモリの一部を読まれる脆弱性 - CVE-2006-7197 2012-06-26 15:38 2006-03-5 Show GitHub Exploit DB Packet Storm
191087 5.5 警告 call-center-software - Call Center Software の edit_user.php における重要な情報を取得される脆弱性 - CVE-2006-7145 2012-06-26 15:38 2007-03-7 Show GitHub Exploit DB Packet Storm
191088 7.5 危険 call-center-software - Call Center Software における SQL インジェクションの脆弱性 - CVE-2006-7144 2012-06-26 15:38 2007-03-7 Show GitHub Exploit DB Packet Storm
191089 5.8 警告 call-center-software - Call Center Software におけるクロスサイトスクリプティングの脆弱性 - CVE-2006-7143 2012-06-26 15:38 2007-03-7 Show GitHub Exploit DB Packet Storm
191090 10 危険 cynux softwares - PHPMyDesk の pmd-config.php におけるディレクトリトラバーサルの脆弱性 - CVE-2006-7132 2012-06-26 15:38 2007-03-5 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:Oct. 5, 2024, 8:11 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
851 9.8 CRITICAL
Network 		artbees jupiter_x_core The Jupiter X Core plugin for WordPress is vulnerable to arbitrary file uploads due to a mishandled file type validation in the 'validate' function in all versions up to, and including, 4.6.5. This m… Update CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2024-7772 2024-10-3 01:10 2024-09-26 Show GitHub Exploit DB Packet Storm
852 6.5 MEDIUM
Network 		mmrs151 daily_prayer_time The Daily Prayer Time plugin for WordPress is vulnerable to SQL Injection via the 'max_word' attribute of the 'quran_verse' shortcode in all versions up to, and including, 2024.08.26 due to insuffici… Update CWE-89
SQL Injection 		CVE-2024-8621 2024-10-3 01:10 2024-09-25 Show GitHub Exploit DB Packet Storm
853 6.1 MEDIUM
Network 		xtendify simple_calendar The Simple Calendar – Google Calendar Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versio… Update CWE-79
Cross-site Scripting 		CVE-2024-8549 2024-10-3 01:04 2024-09-25 Show GitHub Exploit DB Packet Storm
854 6.1 MEDIUM
Network 		itpathsolutions contact_form_to_any_api The Contact Form to Any API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Contact Form 7 form fields in all versions up to, and including, 1.2.2 due to insufficient input sani… Update CWE-79
Cross-site Scripting 		CVE-2024-7617 2024-10-3 01:02 2024-09-25 Show GitHub Exploit DB Packet Storm
855 6.1 MEDIUM
Network 		ellevo ellevo A reflected cross-site scripting (XSS) vulnerability in Ellevo 6.2.0.38160 allows attackers to execute arbitrary code in the context of a user's browser via a crafted payload or URL. Update CWE-79
Cross-site Scripting 		CVE-2024-46655 2024-10-3 00:40 2024-09-26 Show GitHub Exploit DB Packet Storm
856 7.5 HIGH
Network 		nokia service_router_linux
service_router_operating_system 		Nokia Service Router Operating System (SR OS) 22.10 and SR Linux, when error-handling update-fault-tolerance is not enabled, mishandle BGP path attributes. Update NVD-CWE-noinfo
CVE-2023-41376 2024-10-3 00:35 2023-08-30 Show GitHub Exploit DB Packet Storm
857 7.8 HIGH
Local 		pagekit pagekit An issue in Pagekit pagekit v.1.0.18 alows a remote attacker to execute arbitrary code via thedownloadAction and updateAction functions in UpdateController.php Update NVD-CWE-noinfo
CVE-2023-41005 2024-10-3 00:35 2023-08-29 Show GitHub Exploit DB Packet Storm
858 9.8 CRITICAL
Network 		atlassian crowd Affected versions of Atlassian Crowd allow an attacker to authenticate as the crowd application via security misconfiguration and subsequent ability to call privileged endpoints in Crowd's REST API u… Update NVD-CWE-noinfo
CVE-2022-43782 2024-10-3 00:35 2022-11-17 Show GitHub Exploit DB Packet Storm
859 9.8 CRITICAL
Network 		atlassian bitbucket There is a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to control their username can exploit this issue to execute arb… Update CWE-77
Command Injection 		CVE-2022-43781 2024-10-3 00:35 2022-11-17 Show GitHub Exploit DB Packet Storm
860 8.8 HIGH
Network 		atlassian jira_align The MasterUserEdit API in Atlassian Jira Align Server before version 10.109.2 allows An authenticated attacker with the People role permission to use the MasterUserEdit API to modify any users role t… Update CWE-276
Incorrect Default Permissions  		CVE-2022-36803 2024-10-3 00:35 2022-10-14 Show GitHub Exploit DB Packet Storm