Vulnerability Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Sept. 20, 2024, 6:01 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
193761	6.8	警告	Webfolio CMS	-	Webfolio CMS におけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2012-1498	2012-03-22 17:25	2012-03-19	Show	GitHub Exploit DB Packet Storm

193762	4.3	警告	NetMechanica	-	NetMechanica NetDecision の HTTP Server におけるスタックベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2012-1465	2012-03-22 17:22	2012-03-19	Show	GitHub Exploit DB Packet Storm

193763	5	警告	NetMechanica	-	NetMechanica NetDecision の Dashboard Server におけるインストールパスを取得される脆弱性	CWE-200 情報漏えい	CVE-2012-1464	2012-03-22 17:22	2012-03-19	Show	GitHub Exploit DB Packet Storm

193764	6.8	警告	Contao	-	Contao の main.php におけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2012-1297	2012-03-22 17:18	2012-03-19	Show	GitHub Exploit DB Packet Storm

193765	4.3	警告	tskynet	-	Kongreg8 におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-1789	2012-03-22 17:16	2012-03-19	Show	GitHub Exploit DB Packet Storm

193766	7.5	危険	Dotclear	-	Dotclear の inc/swf/swfupload.swf における任意のコードを実行される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2011-5083	2012-03-22 17:15	2012-03-19	Show	GitHub Exploit DB Packet Storm

193767	4.3	警告	WonderDesk	-	WonderDesk SQL の wonderdesk.cgi におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-1788	2012-03-22 16:59	2012-03-19	Show	GitHub Exploit DB Packet Storm

193768	4.3	警告	s2Member	-	WordPress 用 s2Member Pro プラグインにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-5082	2012-03-22 16:55	2012-03-19	Show	GitHub Exploit DB Packet Storm

193769	5	警告	Bitweaver	-	Bitweaver の wiki/rankings.php におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2010-5086	2012-03-22 16:54	2012-03-19	Show	GitHub Exploit DB Packet Storm

193770	4.3	警告	Webglimpse	-	Webglimpse の wgarcmin.cgi におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-1787	2012-03-22 16:48	2012-03-19	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:Sept. 20, 2024, 8:16 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
111	8.8	HIGH Network	adobe suse opensuse redhat	flash_player linux_enterprise_desktop opensuse enterprise_linux_server_aus enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_eus	Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and… Update	NVD-CWE-noinfo	CVE-2013-0648	2024-09-20 04:51	2013-02-27	Show	GitHub Exploit DB Packet Storm

112	8.8	HIGH Network	adobe redhat suse opensuse	flash_player enterprise_linux_server_aus enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation enterprise_linux_eus linux_enterprise_desktop opensuse	The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x before 11.2.202.273 on Linux, does not properly rest… Update	NVD-CWE-noinfo	CVE-2013-0643	2024-09-20 04:48	2013-02-27	Show	GitHub Exploit DB Packet Storm

113	4.3	MEDIUM Network	lunary	lunary	A broken access control vulnerability exists in the latest version of lunary-ai/lunary. The `saml.ts` file allows a user from one organization to update the Identity Provider (IDP) settings and view … Update	CWE-306 Missing Authentication for Critical Function	CVE-2024-6582	2024-09-20 04:45	2024-09-14	Show	GitHub Exploit DB Packet Storm

114	-		-	-	Best House Rental Management System 1.0 contains a SQL injection vulnerability in the delete_category() function of the file rental/admin_class.php. New	-	CVE-2024-46374	2024-09-20 04:35	2024-09-19	Show	GitHub Exploit DB Packet Storm

115	-		-	-	Dedecms V5.7.115 contains an arbitrary code execution via file upload vulnerability in the backend. New	-	CVE-2024-46373	2024-09-20 04:35	2024-09-19	Show	GitHub Exploit DB Packet Storm

116	-		-	-	Buffer Overflow vulnerability in btstack mesh commit before v.864e2f2b6b7878c8fab3cf5ee84ae566e3380c58 allows a remote attacker to execute arbitrary code via the pb_adv_handle_tranaction_cont functio… New	-	CVE-2024-40568	2024-09-20 04:35	2024-09-19	Show	GitHub Exploit DB Packet Storm

117	-		-	-	CoreDNS through 1.10.1 enables attackers to achieve DNS cache poisoning and inject fake responses via a birthday attack. New	-	CVE-2023-30464	2024-09-20 04:35	2024-09-19	Show	GitHub Exploit DB Packet Storm

118	8.8	HIGH Network	thingsboard	thingsboard	ThingsBoard before 3.5 allows Server-Side Template Injection if users are allowed to modify an email template, because Apache FreeMarker supports freemarker.template.utility.Execute (for content sent… Update	CWE-74 Injection	CVE-2023-45303	2024-09-20 04:35	2023-10-7	Show	GitHub Exploit DB Packet Storm

119	7.5	HIGH Network	nasa	openmct	In NASA Open MCT (aka openmct) before 3.1.0, prototype pollution can occur via an import action. Update	CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')	CVE-2023-45282	2024-09-20 04:35	2023-10-7	Show	GitHub Exploit DB Packet Storm

120	9.8	CRITICAL Network	presto-changeo	attribute_grid	Presto Changeo attributegrid up to 2.0.3 was discovered to contain a SQL injection vulnerability via the component disable_json.php. Update	CWE-89 SQL Injection	CVE-2023-43983	2024-09-20 04:35	2023-10-6	Show	GitHub Exploit DB Packet Storm

Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed