Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Nov. 18, 2024, 6:03 p.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show
Exploit
PoC
Search
193411 5 警告 datadynamics - Data Dynamics ActiveReport ActiveX コントロールにおける絶対パストラバーサルの脆弱性 - CVE-2007-3982 2012-06-26 15:54 2007-07-25 Show GitHub Exploit DB Packet Storm
193412 4.3 警告 bwired - bwired におけるセッションをハイジャックされる脆弱性 CWE-255
証明書・パスワード管理
CVE-2007-3978 2012-06-26 15:54 2007-07-25 Show GitHub Exploit DB Packet Storm
193413 4.3 警告 bwired - bwired におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2007-3977 2012-06-26 15:54 2007-07-25 Show GitHub Exploit DB Packet Storm
193414 7.5 危険 bwired - bwired の index.php における SQL インジェクションの脆弱性 - CVE-2007-3976 2012-06-26 15:54 2007-07-25 Show GitHub Exploit DB Packet Storm
193415 4.3 警告 elite forum - Elite Forum の index.php におけるクロスサイトスクリプティングの脆弱性 - CVE-2007-3975 2012-06-26 15:54 2007-07-25 Show GitHub Exploit DB Packet Storm
193416 5 警告 ESET - ESET NOD32 Antivirus におけるサービス運用妨害 (DoS) の脆弱性 - CVE-2007-3972 2012-06-26 15:54 2007-07-25 Show GitHub Exploit DB Packet Storm
193417 5 警告 ESET - ESET NOD32 Antivirus における整数オーバーフローの脆弱性 - CVE-2007-3971 2012-06-26 15:54 2007-07-25 Show GitHub Exploit DB Packet Storm
193418 5 警告 ESET - ESET NOD32 Antivirus における任意のコードを実行される脆弱性 - CVE-2007-3970 2012-06-26 15:54 2007-07-25 Show GitHub Exploit DB Packet Storm
193419 5 警告 dirlist - dirLIST の index.php における除外フォルダのコンテンツを一覧にされる脆弱性 CWE-264
認可・権限・アクセス制御
CVE-2007-3968 2012-06-26 15:54 2007-07-25 Show GitHub Exploit DB Packet Storm
193420 5 警告 dirlist - PHP dirLIST の index.php におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル
CVE-2007-3967 2012-06-26 15:54 2007-07-25 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:Nov. 19, 2024, 5:15 a.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
421 - - - In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists where account recovery hashes of users are inadvertently exposed to unauthorized actors. This is… Update CWE-200
Information Exposure
CVE-2024-3502 2024-11-19 01:35 2024-11-15 Show GitHub Exploit DB Packet Storm
422 - - - In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists due to the inclusion of single-use tokens in the responses of `GET /v1/users/me` and `GET /v1/us… Update CWE-200
Information Exposure
CVE-2024-3501 2024-11-19 01:35 2024-11-15 Show GitHub Exploit DB Packet Storm
423 - - - In lunary-ai/lunary versions 1.2.2 through 1.2.6, an incorrect authorization vulnerability allows unprivileged users to re-generate the private key for projects they do not have access to. Specifical… Update - CVE-2024-3379 2024-11-19 01:35 2024-11-15 Show GitHub Exploit DB Packet Storm
424 4.8 MEDIUM
Network
ibm websphere_application_server IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the inte… Update CWE-79
Cross-site Scripting
CVE-2024-45087 2024-11-19 01:34 2024-11-12 Show GitHub Exploit DB Packet Storm
425 5.4 MEDIUM
Network
ibm maximo_asset_management IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the inte… Update CWE-79
Cross-site Scripting
CVE-2024-45088 2024-11-19 01:33 2024-11-12 Show GitHub Exploit DB Packet Storm
426 7.8 HIGH
Local
ivanti endpoint_manager SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction … Update CWE-89
SQL Injection
CVE-2024-50323 2024-11-19 01:32 2024-11-13 Show GitHub Exploit DB Packet Storm
427 7.8 HIGH
Local
ivanti endpoint_manager Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction… Update CWE-22
Path Traversal
CVE-2024-50322 2024-11-19 01:30 2024-11-13 Show GitHub Exploit DB Packet Storm
428 - - - An XSS issue was discovered in MDaemon Email Server before version 24.5.1c. An attacker can send an HTML e-mail message with JavaScript in an img tag. This could allow a remote attacker to load… New - CVE-2024-11182 2024-11-19 00:35 2024-11-15 Show GitHub Exploit DB Packet Storm
429 - - - An improper restriction of external entities (XXE) vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery (SSRF) and deserialization attacks. This issue affects all versio… New CWE-611
XXE
CVE-2021-3902 2024-11-19 00:35 2024-11-15 Show GitHub Exploit DB Packet Storm
430 - - - DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the file_get_contents() function. An attacker who can upload files o… New CWE-502
 Deserialization of Untrusted Data
CVE-2021-3838 2024-11-19 00:35 2024-11-15 Show GitHub Exploit DB Packet Storm