Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Oct. 13, 2024, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
194641 7.5 危険 Cake Software Foundation - CakePHP の _validatePost 関数における内部 Cake キャッシュを変更される脆弱性 CWE-20
不適切な入力確認 		CVE-2010-4335 2012-03-27 18:42 2011-01-14 Show GitHub Exploit DB Packet Storm
194642 4 警告 io-socket-ssl - IO::Socket::SSL モジュールにおける証明書の制限を回避される脆弱性 CWE-310
暗号の問題 		CVE-2010-4334 2012-03-27 18:42 2011-01-13 Show GitHub Exploit DB Packet Storm
194643 7.5 危険 Laurent Destailleur - AWStats における任意のコマンドを実行される脆弱性 CWE-94
コード・インジェクション 		CVE-2010-4367 2012-03-27 18:42 2010-12-2 Show GitHub Exploit DB Packet Storm
194644 4.3 警告 abk-soft - Chameleon Social Networking の forum_new_topic.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2010-4366 2012-03-27 18:42 2010-12-1 Show GitHub Exploit DB Packet Storm
194645 7.5 危険 Joomla!
Jextensions		 - Joomla! のJE Ajax Event Calendar コンポーネントにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2010-4365 2012-03-27 18:42 2010-12-1 Show GitHub Exploit DB Packet Storm
194646 4.3 警告 dadabik - DaDaBIK における保護メカニズムを回避される脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2010-4364 2012-03-27 18:42 2010-12-1 Show GitHub Exploit DB Packet Storm
194647 6.8 警告 mrcgiguy - MCG FreeTicket の contact.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2010-4363 2012-03-27 18:42 2010-12-1 Show GitHub Exploit DB Packet Storm
194648 7.5 危険 Micronetsoft - MicroNetsoft RV Dealer Website における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2010-4362 2012-03-27 18:42 2010-12-1 Show GitHub Exploit DB Packet Storm
194649 4.3 警告 jurpo - Jurpopage の url-gateway.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2010-4361 2012-03-27 18:42 2010-12-1 Show GitHub Exploit DB Packet Storm
194650 7.5 危険 jurpo - Jurpopage の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2010-4360 2012-03-27 18:42 2010-12-1 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:Oct. 10, 2024, 8:13 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
91 5.3 MEDIUM
Network 		apache openmeetings Attacker can access arbitrary recording/room Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.0.0 before 7.1.0 Update CWE-697
 Incorrect Comparison 		CVE-2023-28936 2024-10-12 06:35 2023-05-12 Show GitHub Exploit DB Packet Storm
92 9.8 CRITICAL
Network 		apache airflow Privilege Context Switching Error vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.6.0. Update NVD-CWE-noinfo
CVE-2023-25754 2024-10-12 06:35 2023-05-8 Show GitHub Exploit DB Packet Storm
93 8.1 HIGH
Network 		apache ranger An Incorrect Permission Assignment for Critical Resource vulnerability was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownership of the table in… Update CWE-732
 Incorrect Permission Assignment for Critical Resource 		CVE-2021-40331 2024-10-12 06:35 2023-05-5 Show GitHub Exploit DB Packet Storm
94 4.3 MEDIUM
Network 		google chrome Insufficient policy enforcement in Intents in Google Chrome on Android prior to 111.0.5563.64 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security s… Update NVD-CWE-noinfo
CVE-2023-1228 2024-10-12 06:35 2023-03-8 Show GitHub Exploit DB Packet Storm
95 8.8 HIGH
Network 		google chrome Use after free in Core in Google Chrome on Lacros prior to 111.0.5563.64 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via… Update CWE-416
 Use After Free 		CVE-2023-1227 2024-10-12 06:35 2023-03-8 Show GitHub Exploit DB Packet Storm
96 8.8 HIGH
Network 		google chrome Heap buffer overflow in Web Audio API in Google Chrome prior to 111.0.5563.64 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Me… Update CWE-787
 Out-of-bounds Write 		CVE-2023-1222 2024-10-12 06:35 2023-03-8 Show GitHub Exploit DB Packet Storm
97 5.3 MEDIUM
Network 		atlassian jira
jira_software_data_center
jira_server
jira_data_center 		Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a Broken Access Control vulnerability (BAC) vulnerability. The affe… Update NVD-CWE-Other
CVE-2021-39127 2024-10-12 06:35 2021-10-21 Show GitHub Exploit DB Packet Storm
98 7.2 HIGH
Network 		atlassian jira_server
jira_data_center 		Affected versions of Atlassian Jira Server or Data Center using the Jira Service Management addon allow remote attackers with JIRA Administrators access to execute arbitrary Java code via a server-si… Update CWE-94
Code Injection 		CVE-2021-39128 2024-10-12 06:35 2021-09-16 Show GitHub Exploit DB Packet Storm
99 5.3 MEDIUM
Network 		atlassian data_center
jira 		Affected versions of Atlassian Jira Server and Data Center allow users who have watched an issue to continue receiving updates on the issue even after their Jira account is revoked, via a Broken Acce… Update CWE-863
 Incorrect Authorization 		CVE-2021-39119 2024-10-12 06:35 2021-09-2 Show GitHub Exploit DB Packet Storm
100 7.2 HIGH
Network 		atlassian jira_service_desk
jira_service_management 		Affected versions of Atlassian Jira Service Management Server and Data Center allow remote attackers with "Jira Administrators" access to execute arbitrary Java code or run arbitrary system commands … Update CWE-94
Code Injection 		CVE-2021-39115 2024-10-12 06:35 2021-09-2 Show GitHub Exploit DB Packet Storm