Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Oct. 6, 2024, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
191951	7.5	危険	Drupal	-	Drupal の Job Search モジュールにおける SQL インジェクションの脆弱性	-	CVE-2006-4107	2012-06-26 15:37	2006-08-7	Show	GitHub Exploit DB Packet Storm

191952	4.3	警告	blursoft	-	blursoft blur6ex におけるクロスサイトスクリプティングの脆弱性	-	CVE-2006-4106	2012-06-26 15:37	2006-08-14	Show	GitHub Exploit DB Packet Storm

191953	4.3	警告	fill threads database	-	FTD におけるクロスサイトスクリプティングの脆弱性	-	CVE-2006-4105	2012-06-26 15:37	2006-08-14	Show	GitHub Exploit DB Packet Storm

191954	7.5	危険	falko timme and till brehm	-	Falko Timme および Till Brehm SQLiteWebAdmin の tpl.inc.php における PHP リモートファイルインクルージョンの脆弱性	-	CVE-2006-4102	2012-06-26 15:37	2006-08-14	Show	GitHub Exploit DB Packet Storm

191955	7.5	危険	ビジネスオブジェクツ	-	Business Objects Crystal Enterprise における他のユーザのセッションをハイジャックされる脆弱性	-	CVE-2006-4099	2012-06-26 15:37	2006-11-29	Show	GitHub Exploit DB Packet Storm

191956	4.3	警告	archangelmgt	-	Archangel Management Archangel Weblog におけるクロスサイトスクリプティングの脆弱性	-	CVE-2006-4091	2012-06-26 15:37	2006-08-11	Show	GitHub Exploit DB Packet Storm

191957	5	警告	andy lo-a-foe	-	Andy Lo-A-Foe AlsaPlayer におけるバッファオーバーフローの脆弱性	-	CVE-2006-4089	2012-06-26 15:37	2006-08-11	Show	GitHub Exploit DB Packet Storm

191958	4.3	警告	civicspace	-	CivicSpace におけるクロスサイトスクリプティングの脆弱性	-	CVE-2006-4088	2012-06-26 15:37	2006-08-11	Show	GitHub Exploit DB Packet Storm

191959	10	危険	david walker	-	phpAMA における詳細不明な脆弱性	-	CVE-2006-4084	2012-06-26 15:37	2006-08-2	Show	GitHub Exploit DB Packet Storm

191960	7.2	危険	バラクーダネットワークス	-	BSF における権限を取得される脆弱性	-	CVE-2006-4082	2012-06-26 15:37	2006-08-11	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:Oct. 7, 2024, 5:11 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1111	2.7	LOW Network	formtools	form_tools	A vulnerability, which was classified as problematic, was found in formtools.org Form Tools 3.1.1. Affected is the function curl_exec of the file /admin/forms/option_lists/edit.php of the component I…	NVD-CWE-Other	CVE-2024-6937	2024-10-2 01:51	2024-07-21	Show	GitHub Exploit DB Packet Storm

1112	6.5	MEDIUM Network	devolutions	devolutions_server	Authorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users with permissions to approve their own requests, bypassing inte…	CWE-863 Incorrect Authorization	CVE-2024-6512	2024-10-2 01:36	2024-09-25	Show	GitHub Exploit DB Packet Storm

1113	6.1	MEDIUM Network	collne	welcart	The Welcart e-Commerce WordPress plugin before 2.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used ag…	CWE-79 Cross-site Scripting	CVE-2023-5951	2024-10-2 01:35	2023-12-5	Show	GitHub Exploit DB Packet Storm

1114	5.4	MEDIUM Network	uploading_svg\ _webp_and_ico_files_project	uploading_svg\ _webp_and_ico_files	The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XS…	CWE-79 Cross-site Scripting	CVE-2023-4460	2024-10-2 01:35	2023-12-5	Show	GitHub Exploit DB Packet Storm

1115	5.3	MEDIUM Network	microsoft	windows_server_2012 windows_server_2016 windows_server_2019 windows_server_2022	DHCP Server Service Information Disclosure Vulnerability	CWE-668 Exposure of Resource to Wrong Sphere	CVE-2023-29355	2024-10-2 01:35	2023-06-14	Show	GitHub Exploit DB Packet Storm

1116	5.3	MEDIUM Network	atlassian	confluence_data_center confluence_server	Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Informa…	NVD-CWE-noinfo	CVE-2023-22503	2024-10-2 01:35	2023-05-2	Show	GitHub Exploit DB Packet Storm

1117	5.4	MEDIUM Network	strangerstudios	paid_memberships_pro	The Paid Memberships Pro WordPress plugin before 2.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as lo…	CWE-79 Cross-site Scripting	CVE-2022-4830	2024-10-2 01:35	2023-02-14	Show	GitHub Exploit DB Packet Storm

1118	5.4	MEDIUM Network	3dflipbook	3d_flipbook	The 3D FlipBook WordPress plugin through 1.13.2 does not validate or escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as Con…	CWE-79 Cross-site Scripting	CVE-2022-4453	2024-10-2 01:35	2023-01-17	Show	GitHub Exploit DB Packet Storm

1119	9.8	CRITICAL Network	doverfuelingsolutions	progauge_maglink_lx_console_firmware progauge_maglink_lx4_console_firmware	An attacker can directly request the ProGauge MAGLINK LX CONSOLE resource sub page with full privileges by requesting the URL directly.	NVD-CWE-Other	CVE-2024-43692	2024-10-2 01:22	2024-09-25	Show	GitHub Exploit DB Packet Storm

1120	9.8	CRITICAL Network	doverfuelingsolutions	progauge_maglink_lx_console_firmware progauge_maglink_lx4_console_firmware	A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands.	CWE-77 Command Injection	CVE-2024-45066	2024-10-2 01:18	2024-09-25	Show	GitHub Exploit DB Packet Storm