Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Oct. 14, 2024, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
194901	7.5	危険	レッドハット	-	Red Hat JBoss Enterprise Application Platform および JBoss Enterprise SOA Platform の JBoss Drools における任意のコードを実行される脆弱性	CWE-20 不適切な入力確認	CVE-2010-3708	2012-03-27 18:42	2010-12-1	Show	GitHub Exploit DB Packet Storm

194902	4	警告	レッドハット	-	Red Hat Enterprise MRG の lib/MessageStoreImpl.cpp におけるサービス運用妨害 (DoS) の脆弱性	CWE-399 リソース管理の問題	CVE-2010-3701	2012-03-27 18:42	2010-10-7	Show	GitHub Exploit DB Packet Storm

194903	5	警告	VMware IBM acegisecurity	-	VMware SpringSource Spring Security および IBM WAS で使用される Acegi Security におけるセキュリティ制約条件を回避される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2010-3700	2012-03-27 18:42	2010-10-27	Show	GitHub Exploit DB Packet Storm

194904	4.3	警告	FreeRADIUS	-	FreeRADIUS の wait_for_child_to_die 関数におけるサービス運用妨害 (DoS) の脆弱性	CWE-399 リソース管理の問題	CVE-2010-3697	2012-03-27 18:42	2010-09-28	Show	GitHub Exploit DB Packet Storm

194905	4.3	警告	FreeRADIUS	-	FreeRADIUS の fr_dhcp_decode 関数におけるサービス運用妨害 (DoS) の脆弱性	CWE-399 リソース管理の問題	CVE-2010-3696	2012-03-27 18:42	2010-09-28	Show	GitHub Exploit DB Packet Storm

194906	4.3	警告	Horde	-	Horde IMP および Horde Groupware Webmail Edition の fetchmailprefs.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-3695	2012-03-27 18:42	2011-03-31	Show	GitHub Exploit DB Packet Storm

194907	4.3	警告	Horde	-	Horde DIMP および Horde Groupware Webmail Edition におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-3693	2012-03-27 18:42	2011-04-4	Show	GitHub Exploit DB Packet Storm

194908	6.8	警告	Horde	-	Horde Application Framework におけるクロスサイトリクエストフォージェリの脆弱性	CWE-352 同一生成元ポリシー違反	CVE-2010-3694	2012-03-27 18:42	2010-11-9	Show	GitHub Exploit DB Packet Storm

194909	6.4	警告	Jasig	-	phpCAS の callback 関数におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2010-3692	2012-03-27 18:42	2010-10-7	Show	GitHub Exploit DB Packet Storm

194910	3.3	注意	Jasig	-	phpCAS の PGTStorage/pgt-file.php における任意のファイルを上書きされる脆弱性	CWE-59 リンク解釈の問題	CVE-2010-3691	2012-03-27 18:42	2010-10-7	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:Oct. 10, 2024, 8:13 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
451	-		-	-	Improper authorization in the report management and creation module of BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users to read and make unauthorized changes to any reports available w…	-	CVE-2024-1604	2024-10-11 01:15	2024-03-18	Show	GitHub Exploit DB Packet Storm

452	-		-	-	Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote code execution (RCE) attack via an improper input validation in a file_upload.php file which serves a…	-	CVE-2024-0864	2024-10-11 01:15	2024-02-29	Show	GitHub Exploit DB Packet Storm

453	-		-	-	Comarch ERP XL client is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This is…	-	CVE-2023-4537	2024-10-11 01:15	2024-02-15	Show	GitHub Exploit DB Packet Storm

454	5.4	MEDIUM Network	megabip smod	megabip smodbip	Improper Input Validation vulnerability in MegaBIP and already unsupported SmodBIP software allows for Stored XSS.This issue affects SmodBIP in all versions and MegaBIP in versions up to 4.36.2. Meg…	CWE-79 Cross-site Scripting	CVE-2023-5378	2024-10-11 01:15	2024-01-29	Show	GitHub Exploit DB Packet Storm

455	7.6	HIGH Physics	paxtechnology	paydroid	PAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is correctly checked and only bootloader signed by PAX can be used. The attacker must have physica…	CWE-74 Injection	CVE-2023-4818	2024-10-11 01:15	2024-01-15	Show	GitHub Exploit DB Packet Storm

456	7.8	HIGH Local	paxtechnology	paydroid	PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow for command execution with high privileges by using malicious symlinks. The attacker must have…	CWE-59 Link Following	CVE-2023-42137	2024-10-11 01:15	2024-01-15	Show	GitHub Exploit DB Packet Storm

457	7.8	HIGH Local	paxtechnology	paydroid	PAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow the execution of arbitrary commands with system account privilege by shell injection starting with…	CWE-74 Injection	CVE-2023-42136	2024-10-11 01:15	2024-01-15	Show	GitHub Exploit DB Packet Storm

458	6.8	MEDIUM Physics	paxtechnology	paydroid	PAX A920Pro/A50 devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow local code execution via parameter injection by bypassing the input validation when flashing a specific …	CWE-74 Injection	CVE-2023-42135	2024-10-11 01:15	2024-01-15	Show	GitHub Exploit DB Packet Storm

459	9.8	CRITICAL Network	hongdian	h8951-4g-esp_firmware	The authentication mechanism can be bypassed by overflowing the value of the Cookie "authentication" field, provided there is an active user session.	CWE-287 Improper Authentication	CVE-2023-49262	2024-10-11 01:15	2024-01-13	Show	GitHub Exploit DB Packet Storm

460	7.5	HIGH Network	hongdian	h8951-4g-esp_firmware	The "tokenKey" value used in user authorization is visible in the HTML source of the login page.	NVD-CWE-noinfo	CVE-2023-49261	2024-10-11 01:15	2024-01-13	Show	GitHub Exploit DB Packet Storm