Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Jan. 9, 2025, 4:02 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
195301	5	警告	CMS Made Simple	-	CMS Made Simple の admin/login.php におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2008-5642	2012-06-26 16:03	2008-12-17	Show	GitHub Exploit DB Packet Storm

195302	7.5	危険	Activewebsoftwares	-	Active Photo Gallery の account.asp における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-5641	2012-06-26 16:03	2008-12-17	Show	GitHub Exploit DB Packet Storm

195303	7.5	危険	Activewebsoftwares	-	Active Bids の bidhistory.asp における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-5640	2012-06-26 16:03	2008-12-17	Show	GitHub Exploit DB Packet Storm

195304	7.5	危険	Activewebsoftwares	-	Active Price Comparison における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-5638	2012-06-26 16:03	2008-12-17	Show	GitHub Exploit DB Packet Storm

195305	7.5	危険	Activewebsoftwares	-	Active Membership の account.asp における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-5635	2012-06-26 16:03	2008-12-17	Show	GitHub Exploit DB Packet Storm

195306	7.5	危険	Activewebsoftwares	-	Active Force Matrix の account.asp における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-5634	2012-06-26 16:03	2008-12-17	Show	GitHub Exploit DB Packet Storm

195307	7.5	危険	Activewebsoftwares	-	ActiveVotes の register.asp における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-5633	2012-06-26 16:03	2008-12-17	Show	GitHub Exploit DB Packet Storm

195308	7.5	危険	Activewebsoftwares	-	Active Time Billing の Account.asp における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-5632	2012-06-26 16:03	2008-12-17	Show	GitHub Exploit DB Packet Storm

195309	5	警告	aspapps	-	ASPTicker におけるデータベースをダウンロードされる脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2008-5603	2012-06-26 16:03	2008-12-16	Show	GitHub Exploit DB Packet Storm

195310	5	警告	cold bbs	-	Cold BBS におけるデータベースファイルをダウンロードされる脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2008-5597	2012-06-26 16:03	2008-12-16	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:Jan. 9, 2025, 4:56 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1	-		-	-	Pingvin Share is a self-hosted file sharing platform and an alternative for WeTransfer. This vulnerability allows an authenticated or unauthenticated (if anonymous shares are allowed) user to overwri… New	CWE-20 CWE-434 Improper Input Validation Unrestricted Upload of File with Dangerous Type	CVE-2025-22137	2025-01-9 01:15	2025-01-9	Show	GitHub Exploit DB Packet Storm

2	-		-	-	Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.217 , Tabby enables several high-risk Electron Fuses, including RunAsNode, EnableNodeCliInspectArguments, and Enable… New	CWE-94 Code Injection	CVE-2025-22136	2025-01-9 01:15	2025-01-9	Show	GitHub Exploit DB Packet Storm

3	-		-	-	Soft Serve is a self-hostable Git server for the command line. Prior to 0.8.2 , a path traversal attack allows existing non-admin users to access and take over other user's repositories. A malicious … New	CWE-22 Path Traversal	CVE-2025-22130	2025-01-9 01:15	2025-01-9	Show	GitHub Exploit DB Packet Storm

4	4.8	MEDIUM Network	-	-	A vulnerability in certification validation routines of Cisco ThousandEyes Endpoint Agent for macOS and RoomOS could allow an unauthenticated, remote attacker to intercept or manipulate metrics infor… New	CWE-295 Improper Certificate Validation	CVE-2025-20126	2025-01-9 01:15	2025-01-9	Show	GitHub Exploit DB Packet Storm

5	4.8	MEDIUM Network	-	-	Multiple vulnerabilities in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks agains… New	CWE-79 Cross-site Scripting	CVE-2025-20123	2025-01-9 01:15	2025-01-9	Show	GitHub Exploit DB Packet Storm

6	-		-	-	RedisBloom adds a set of probabilistic data structures to Redis. There is an integer overflow vulnerability in RedisBloom, which is a module used in Redis. The integer overflow vulnerability allows a… New	CWE-190 Integer Overflow or Wraparound	CVE-2024-55656	2025-01-9 01:15	2025-01-9	Show	GitHub Exploit DB Packet Storm

7	-		-	-	An issue was discovered in the Interllect Core Search in Polaris FT Intellect Core Banking 9.5. Input passed through the groupType parameter in /SCGController is mishandled before being used in SQL q… New	-	CVE-2024-55517	2025-01-9 01:15	2025-01-9	Show	GitHub Exploit DB Packet Storm

8	-		-	-	RediSearch is a Redis module that provides querying, secondary indexing, and full-text search for Redis. An authenticated redis user executing FT.SEARCH or FT.AGGREGATE with a specially crafted LIMIT… New	CWE-190 CWE-122 Integer Overflow or Wraparound Heap-based Buffer Overflow	CVE-2024-51737	2025-01-9 01:15	2025-01-9	Show	GitHub Exploit DB Packet Storm

9	-		-	-	RedisTimeSeries is a time-series database (TSDB) module for Redis, by Redis. Executing one of these commands TS.QUERYINDEX, TS.MGET, TS.MRAGE, TS.MREVRANGE by an authenticated user, using specially c… New	CWE-190 CWE-122 Integer Overflow or Wraparound Heap-based Buffer Overflow	CVE-2024-51480	2025-01-9 01:15	2025-01-9	Show	GitHub Exploit DB Packet Storm

10	-		-	-	The Property Hive WordPress plugin before 2.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against… New	-	CVE-2024-12585	2025-01-9 01:15	2025-01-8	Show	GitHub Exploit DB Packet Storm