Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Sept. 20, 2024, 12:04 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
192901	4.3	警告	Electric Sheep Fencing	-	pfSense におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-4412	2012-03-27 18:42	2010-12-7	Show	GitHub Exploit DB Packet Storm

192902	4.3	警告	alberto pittoni	-	AlGuest におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-4407	2012-03-27 18:42	2010-12-6	Show	GitHub Exploit DB Packet Storm

192903	6.8	警告	brunetton	-	Brunetton LittlePhpGallery の gallery.php におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2010-4406	2012-03-27 18:42	2010-12-6	Show	GitHub Exploit DB Packet Storm

192904	4.3	警告	anything-digital	-	Joomla! の Yannick Gaultier コンポーネントにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-4405	2012-03-27 18:42	2010-12-6	Show	GitHub Exploit DB Packet Storm

192905	7.5	危険	anything-digital	-	Joomla! の Yannick Gaultier コンポーネントにおける SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2010-4404	2012-03-27 18:42	2010-12-6	Show	GitHub Exploit DB Packet Storm

192906	5	警告	devbits	-	WordPress の Register Plus プラグインにおける重要な情報を取得される脆弱性	CWE-200 情報漏えい	CVE-2010-4403	2012-03-27 18:42	2010-12-6	Show	GitHub Exploit DB Packet Storm

192907	4.3	警告	devbits	-	WordPress の wp-login.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-4402	2012-03-27 18:42	2010-12-6	Show	GitHub Exploit DB Packet Storm

192908	5	警告	dynpg	-	DynPG CMS の languages.inc.php における重要な情報を取得される脆弱性	CWE-200 情報漏えい	CVE-2010-4401	2012-03-27 18:42	2010-12-6	Show	GitHub Exploit DB Packet Storm

192909	7.5	危険	dynpg	-	DynPG CMS の in _rights.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2010-4400	2012-03-27 18:42	2010-12-6	Show	GitHub Exploit DB Packet Storm

192910	4.3	警告	dynpg	-	DynPG CMS の languages.inc.php におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2010-4399	2012-03-27 18:42	2010-12-6	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:Sept. 20, 2024, 5:55 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
31	4.3	MEDIUM Network	-	-	Microsoft Edge (Chromium-based) Spoofing Vulnerability New	CWE-79 Cross-site Scripting	CVE-2024-38221	2024-09-20 06:15	2024-09-20	Show	GitHub Exploit DB Packet Storm

32	7.8	HIGH Local	acronis	cyber_protect_home_office	Local privilege escalation during installation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40278. Update	CWE-610 Externally Controlled Reference to a Resource in Another Sphere	CVE-2022-46869	2024-09-20 06:15	2023-09-1	Show	GitHub Exploit DB Packet Storm

33	5.5	MEDIUM Local	ibm	cloud_pak_for_security qradar_suite	IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 and IBM QRadar Suite Software 1.10.12.0 through 1.10.22.0 stores potentially sensitive information in log files that could be read by a local use… Update	CWE-312 Cleartext Storage of Sensitive Information	CVE-2024-25023	2024-09-20 06:14	2024-07-10	Show	GitHub Exploit DB Packet Storm

34	9.8	CRITICAL Network	pluck-cms	pluck	Pluck CMS 4.7.18 does not restrict failed login attempts, allowing attackers to execute a brute force attack. Update	CWE-307 mproper Restriction of Excessive Authentication Attempts	CVE-2024-43042	2024-09-20 06:01	2024-08-17	Show	GitHub Exploit DB Packet Storm

35	8.8	HIGH Network	churchcrm	churchcrm	ChurchCRM is an open-source church management system. Versions of the application prior to 5.9.2 are vulnerable to an authenticated SQL injection due to an improper sanitization of user input. Authen… Update	CWE-89 SQL Injection	CVE-2024-39304	2024-09-20 05:59	2024-07-27	Show	GitHub Exploit DB Packet Storm

36	8.8	HIGH Network	nuxt	nuxt	Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. Due to the insufficient validation of the `path` parameter in the NuxtTestComponentWrapper, an… Update	CWE-94 Code Injection	CVE-2024-34344	2024-09-20 05:58	2024-08-6	Show	GitHub Exploit DB Packet Storm

37	7.5	HIGH Network	nuxt	nuxt	Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. `nuxt/icon` provides an API to allow client side icon lookup. This endpoint is at `/api/_nuxt_… Update	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2024-42352	2024-09-20 05:55	2024-08-6	Show	GitHub Exploit DB Packet Storm

38	5.4	MEDIUM Network	spiffyplugins	spiffy_calendar	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Spiffy Plugins Spiffy Calendar allows Stored XSS.This issue affects Spiffy Calendar: from … Update	CWE-79 Cross-site Scripting	CVE-2024-45457	2024-09-20 05:53	2024-09-15	Show	GitHub Exploit DB Packet Storm

39	7.8	HIGH Local	mongodb	mongodb c_driver php_driver	Incorrect validation of files loaded from a local untrusted directory may allow local privilege escalation if the underlying operating systems is Windows. This may result in the application executing… Update	NVD-CWE-noinfo	CVE-2024-7553	2024-09-20 05:46	2024-08-7	Show	GitHub Exploit DB Packet Storm

40	4.7	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Patch series "mm: Avoid possible overflows in dirt… Update	CWE-369 Divide By Zero	CVE-2024-42102	2024-09-20 05:38	2024-07-30	Show	GitHub Exploit DB Packet Storm