Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Nov. 11, 2024, 6:01 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
193781 6.8 警告 free lan intra internet portal - FLIP におけるクロスサイトスクリプティングの脆弱性 - CVE-2007-0696 2012-06-26 15:46 2007-02-3 Show GitHub Exploit DB Packet Storm
193782 7.5 危険 free lan intra internet portal - FLIP における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2007-0695 2012-06-26 15:46 2007-02-3 Show GitHub Exploit DB Packet Storm
193783 4.3 警告 diangemilang - DGNews の footer.php におけるクロスサイトスクリプティングの脆弱性 - CVE-2007-0694 2012-06-26 15:46 2007-05-30 Show GitHub Exploit DB Packet Storm
193784 6.8 警告 diangemilang - DGNews の news.php における SQL インジェクションの脆弱性 - CVE-2007-0693 2012-06-26 15:46 2007-05-30 Show GitHub Exploit DB Packet Storm
193785 5 警告 dgnews - DGNews における重要な情報を取得される脆弱性 - CVE-2007-0692 2012-06-26 15:46 2007-05-30 Show GitHub Exploit DB Packet Storm
193786 7.5 危険 cerulean portal system - Cerulean Portal System の portal.php における PHP リモートファイルインクルージョンの脆弱性 - CVE-2007-0684 2012-06-26 15:46 2007-02-2 Show GitHub Exploit DB Packet Storm
193787 7.5 危険 extcalendar - ExtCalendar の profile.php における任意のパスワードを変更される脆弱性 - CVE-2007-0681 2012-06-26 15:46 2007-02-2 Show GitHub Exploit DB Packet Storm
193788 7.5 危険 fullaspsite - Fullaspsite Asp Hosting Sitesi の windows.asp における SQL インジェクションの脆弱性 - CVE-2007-0678 2012-06-26 15:46 2007-02-2 Show GitHub Exploit DB Packet Storm
193789 7.5 危険 cronosys - Cadre PHP Framework の fw/class.Quick_Config_Browser.php における PHP リモートファイルインクルージョンの脆弱性 - CVE-2007-0677 2012-06-26 15:46 2007-02-2 Show GitHub Exploit DB Packet Storm
193790 6.8 警告 exoscripts - ExoPHPDesk の faq.php における SQL インジェクションの脆弱性 - CVE-2007-0676 2012-06-26 15:46 2007-02-2 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:Nov. 12, 2024, 5:17 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
281 9.8 CRITICAL
Network 		- - The WP Membership plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the user_profile_image_upload() function in all versions up to, and including, 1.… New CWE-434
 Unrestricted Upload of File with Dangerous Type  		CVE-2024-10547 2024-11-9 17:15 2024-11-9 Show GitHub Exploit DB Packet Storm
282 9.8 CRITICAL
Network 		- - The RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6… New CWE-230
CVE-2024-10508 2024-11-9 17:15 2024-11-9 Show GitHub Exploit DB Packet Storm
283 4.9 MEDIUM
Network 		- - The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 5.4.6 due … New CWE-89
SQL Injection 		CVE-2024-9874 2024-11-9 16:15 2024-11-9 Show GitHub Exploit DB Packet Storm
284 6.1 MEDIUM
Network 		- - The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & rem… New CWE-79
Cross-site Scripting 		CVE-2024-10876 2024-11-9 16:15 2024-11-9 Show GitHub Exploit DB Packet Storm
285 4.3 MEDIUM
Network 		- - The Attesa Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.2 via the 'attesa-template' shortcode due to insufficient restrictions on which p… New CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2024-10688 2024-11-9 16:15 2024-11-9 Show GitHub Exploit DB Packet Storm
286 6.1 MEDIUM
Network 		- - The Contact Form 7 – PayPal & Stripe Add-on plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the… New CWE-79
Cross-site Scripting 		CVE-2024-10683 2024-11-9 16:15 2024-11-9 Show GitHub Exploit DB Packet Storm
287 5.3 MEDIUM
Network 		- - The Quform - WordPress Form Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.20.0 via the 'saveUploadedFile' function. This makes i… New CWE-200
Information Exposure 		CVE-2024-8756 2024-11-9 15:15 2024-11-9 Show GitHub Exploit DB Packet Storm
288 9.8 CRITICAL
Network 		- - The WPLMS Learning Management System for WordPress, WordPress LMS theme for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation and permissions checks… New CWE-22
Path Traversal 		CVE-2024-10470 2024-11-9 15:15 2024-11-9 Show GitHub Exploit DB Packet Storm
289 6.4 MEDIUM
Network 		- - The Code Embed plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5 via the ce_get_file() function. This makes it possible for authenticated att… New CWE-918
Server-Side Request Forgery (SSRF)  		CVE-2024-10814 2024-11-9 14:15 2024-11-9 Show GitHub Exploit DB Packet Storm
290 4.3 MEDIUM
Network 		- - The Envo Extra plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.3 via the 'elementor-template' shortcode due to insufficient restrictions on which … New CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2024-10770 2024-11-9 14:15 2024-11-9 Show GitHub Exploit DB Packet Storm