Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Jan. 7, 2025, 6:02 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
195611	7.5	危険	benjacms	-	Benja CMS の admin/upload.php における任意の PHP ファイルをアップロードされる脆弱性	CWE-20 不適切な入力確認	CVE-2008-2988	2012-06-26 16:02	2008-07-2	Show	GitHub Exploit DB Packet Storm

195612	4.3	警告	benjacms	-	Benja CMS におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-2987	2012-06-26 16:02	2008-07-2	Show	GitHub Exploit DB Packet Storm

195613	6.8	警告	cmreams	-	CMReams CMS の load_language.php におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2008-2985	2012-06-26 16:02	2008-07-2	Show	GitHub Exploit DB Packet Storm

195614	4.3	警告	cmreams	-	CMReams CMS の backend/umleitung.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2008-2984	2012-06-26 16:02	2008-07-2	Show	GitHub Exploit DB Packet Storm

195615	7.5	危険	cwh underground	-	Demo4 CMS Beta 内の index.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-2983	2012-06-26 16:02	2008-07-2	Show	GitHub Exploit DB Packet Storm

195616	7.5	危険	cistyle	-	CiBlog の links-extern.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-2971	2012-06-26 16:02	2008-07-2	Show	GitHub Exploit DB Packet Storm

195617	5	警告	cmsmini	-	CMS Mini の view/index.php におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2008-2961	2012-06-26 16:02	2008-07-2	Show	GitHub Exploit DB Packet Storm

195618	4.4	警告	checkinstall	-	checkinstall における任意のファイルを上書きされる脆弱性	CWE-362 競合状態	CVE-2008-2958	2012-06-26 16:02	2008-07-1	Show	GitHub Exploit DB Packet Storm

195619	7.5	危険	eztechhelp company	-	EZTechhelp EZCMS の index.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2008-2921	2012-06-26 16:02	2008-06-30	Show	GitHub Exploit DB Packet Storm

195620	7.5	危険	ezcms	-	EZTechhelp EZCMS のファイルマネージャにおけるファイル削除される脆弱性	CWE-287 不適切な認証	CVE-2008-2920	2012-06-26 16:02	2008-06-30	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:Jan. 7, 2025, 4:05 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1	6.5	MEDIUM Network	progress	whatsup_gold	In WhatsUp Gold versions released before 2024.0.2, an authenticated user can use a specially crafted HTTP request that can lead to information disclosure. Update	CWE-22 Path Traversal	CVE-2024-12105	2025-01-7 01:55	2024-12-31	Show	GitHub Exploit DB Packet Storm

2	7.5	HIGH Network	progress	whatsup_gold	In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings. Update	CWE-306 Missing Authentication for Critical Function	CVE-2024-12106	2025-01-7 01:54	2024-12-31	Show	GitHub Exploit DB Packet Storm

3	9.6	CRITICAL Network	progress	whatsup_gold	In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API. Update	CWE-290 Authentication Bypass by Spoofing	CVE-2024-12108	2025-01-7 01:51	2024-12-31	Show	GitHub Exploit DB Packet Storm

4	-		-	-	TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn't escape the user-supplied page name when outputting, so an XSS payload as the page… New	CWE-79 CWE-80 Cross-site Scripting Basic XSS	CVE-2025-21612	2025-01-7 01:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

5	-		-	-	tgstation-server is a production scale tool for BYOND server management. Prior to 6.12.3, roles used to authorize API methods were incorrectly OR'd instead of AND'ed with the role used to determine i… New	CWE-285 Improper Authorization	CVE-2025-21611	2025-01-7 01:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

6	-		-	-	LangChain4j-AIDeepin is a Retrieval enhancement generation (RAG) project. Prior to 3.5.0, LangChain4j-AIDeepin uses MD5 to hash files, which may cause file upload conflicts. This issue is fixed in 3.… New	CWE-328 Use of Weak Hash	CVE-2025-21604	2025-01-7 01:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

7	-		-	-	Open Redirect vulnerability in Pnetlab 5.3.11 allows an attacker to manipulate URLs to redirect users to arbitrary external websites via a crafted script New	-	CVE-2024-51112	2025-01-7 01:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

8	-		-	-	Cross-Site Scripting (XSS) vulnerability in Pnetlab 5.3.11 allows an attacker to inject malicious scripts into a web page, which are executed in the context of the victim's browser. New	-	CVE-2024-51111	2025-01-7 01:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

9	6.4	MEDIUM Network	-	-	IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaS… New	CWE-79 Cross-site Scripting	CVE-2024-31914	2025-01-7 01:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

10	5.5	MEDIUM Network	-	-	IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaS… New	CWE-79 Cross-site Scripting	CVE-2024-31913	2025-01-7 01:15	2025-01-7	Show	GitHub Exploit DB Packet Storm