Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Oct. 14, 2024, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
194491	7.5	危険	intendance	-	MySource Matrix の index.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2010-4639	2012-03-27 18:42	2010-12-30	Show	GitHub Exploit DB Packet Storm

194492	6.8	警告	iptechinside	-	JQuarks4s コンポーネントの submitSurvey 関数における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2010-4638	2012-03-27 18:42	2010-12-30	Show	GitHub Exploit DB Packet Storm

194493	4.3	警告	finalcut	-	WordPress の FeedList プラグインにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-4637	2012-03-27 18:42	2010-12-30	Show	GitHub Exploit DB Packet Storm

194494	7.5	危険	site2nite	-	Site2Nite Business e-Listings の detail.asp における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2010-4636	2012-03-27 18:42	2010-12-30	Show	GitHub Exploit DB Packet Storm

194495	7.5	危険	site2nite	-	Site2Nite VRBO Listings の detail.asp における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2010-4635	2012-03-27 18:42	2010-12-30	Show	GitHub Exploit DB Packet Storm

194496	7.5	危険	sumeffect	-	digiSHOP の cart.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2010-4633	2012-03-27 18:42	2010-12-30	Show	GitHub Exploit DB Packet Storm

194497	7.5	危険	PilotCart	-	ASPilot Pilot Cart における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2010-4632	2012-03-27 18:42	2010-12-30	Show	GitHub Exploit DB Packet Storm

194498	4.3	警告	PilotCart	-	ASPilot Pilot Cart におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-4631	2012-03-27 18:42	2010-12-30	Show	GitHub Exploit DB Packet Storm

194499	4.3	警告	fubra	-	WordPress の WP Survey And Quiz Tool プラグインにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-4630	2012-03-27 18:42	2010-12-30	Show	GitHub Exploit DB Packet Storm

194500	5	警告	MyBB Group	-	MyBB におけるサービス運用妨害 (DoS) の脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2010-4629	2012-03-27 18:42	2010-02-1	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:Oct. 10, 2024, 8:13 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
21	9.8	CRITICAL Network	kaifa	webitr_attendance_system	Kaifa Technology WebITR is an online attendance system, it has a vulnerability in using hard-coded encryption key. An unauthenticated remote attacker can generate valid token parameter and exploit th… Update	CWE-321 Use of Hard-coded Cryptographic Key	CVE-2023-48392	2024-10-14 13:15	2023-12-15	Show	GitHub Exploit DB Packet Storm

22	6.5	MEDIUM Network	wisdomgarden	tronclass_ilearn	NCSIST ManageEngine Mobile Device Manager(MDM) APP's special function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication an… Update	CWE-22 Path Traversal	CVE-2023-41356	2024-10-14 13:15	2023-11-3	Show	GitHub Exploit DB Packet Storm

23	9.8	CRITICAL Network	nokia	g-040w-q_firmware	Chunghwa Telecom NOKIA G-040W-Q Firewall function has a vulnerability of input validation for ICMP redirect messages. An unauthenticated remote attacker can exploit this vulnerability by sending a cr… Update	CWE-940 Improper Verification of Source of a Communication Channel	CVE-2023-41355	2024-10-14 13:15	2023-11-3	Show	GitHub Exploit DB Packet Storm

24	9.8	CRITICAL Network	myspotcam	sense_firmware	SpotCam Co., Ltd. SpotCam Sense’s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection at… Update	CWE-78 OS Command	CVE-2023-38027	2024-10-14 13:15	2023-08-28	Show	GitHub Exploit DB Packet Storm

25	9.8	CRITICAL Network	gss	vitals_enterprise_social_platform	Galaxy Software Services Vitals ESP is vulnerable to using a hard-coded encryption key. An unauthenticated remote attacker can generate a valid token parameter and exploit this vulnerability to acces… Update	CWE-321 Use of Hard-coded Cryptographic Key	CVE-2023-37291	2024-10-14 13:15	2023-07-21	Show	GitHub Exploit DB Packet Storm

26	9.8	CRITICAL Network	hitrontech	coda-5310_firmware	Hitron Technologies CODA-5310 Telnet function with the default account and password, and there is no warning or prompt to ask users to change the default password and account. An unauthenticated remo… Update	CWE-1392 Use of Default Credentials	CVE-2023-30603	2024-10-14 13:15	2023-06-2	Show	GitHub Exploit DB Packet Storm

27	7.5	HIGH Network	hitrontech	coda-5310_firmware	Hitron Technologies CODA-5310’s Telnet function transfers sensitive data in plaintext. An unauthenticated remote attacker can exploit this vulnerability to access credentials of normal users and admi… Update	CWE-319 Cleartext Transmission of Sensitive Information	CVE-2023-30602	2024-10-14 13:15	2023-06-2	Show	GitHub Exploit DB Packet Storm

28	8.8	HIGH Adjacent	furbo	dog_camera_firmware	Furbo dog camera has insufficient filtering for special parameter of device log management function. An unauthenticated remote attacker in the Bluetooth network with normal user privileges can exploi… Update	-	CVE-2023-28704	2024-10-14 13:15	2023-06-2	Show	GitHub Exploit DB Packet Storm

29	7.2	HIGH Network	asus	rt-ac86u_firmware	ASUS RT-AC86U’s specific cgi function has a stack-based buffer overflow vulnerability due to insufficient validation for network packet header length. A remote attacker with administrator privileges … Update	CWE-121 Stack-based Buffer Overflow	CVE-2023-28703	2024-10-14 13:15	2023-06-2	Show	GitHub Exploit DB Packet Storm

30	7.5	HIGH Network	-	-	The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. New	CWE-23 Relative Path Traversal	CVE-2024-9922	2024-10-14 12:15	2024-10-14	Show	GitHub Exploit DB Packet Storm