Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Oct. 3, 2024, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
195621	4.3	警告	VMware	-	VMware Zimbra Desktop におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-0903	2012-01-25 10:51	2012-01-20	Show	GitHub Exploit DB Packet Storm

195622	5	警告	AirTies	-	AirTies Air 4450 におけるサービス運用妨害 (リブート) の脆弱性	CWE-noinfo 情報不足	CVE-2012-0902	2012-01-25 10:43	2012-01-20	Show	GitHub Exploit DB Packet Storm

195623	4.3	警告	attenzione	-	WordPress 用 YouSayToo auto-publishing プラグインにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-0901	2012-01-25 10:39	2012-01-20	Show	GitHub Exploit DB Packet Storm

195624	4.3	警告	Beehive Forum	-	Beehive Forum におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-0900	2012-01-25 10:35	2012-01-20	Show	GitHub Exploit DB Packet Storm

195625	4.3	警告	Annuaire PHP	-	Annuaire PHP におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-0899	2012-01-25 10:32	2012-01-20	Show	GitHub Exploit DB Packet Storm

195626	5	警告	camaleo	-	WordPress 用 myEASYbackup プラグインにおけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2012-0898	2012-01-25 10:30	2012-01-20	Show	GitHub Exploit DB Packet Storm

195627	5	警告	Tom Braider	-	WordPress 用 Count Per Day モジュールにおける絶対パストラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2012-0896	2012-01-25 10:23	2012-01-20	Show	GitHub Exploit DB Packet Storm

195628	4.3	警告	Tom Braider	-	WordPress 用 Count Per Day モジュールにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2012-0895	2012-01-25 10:21	2012-01-20	Show	GitHub Exploit DB Packet Storm

195629	9.3	危険	IBM	-	IBM Lotus Symphony の vclmi.dll における整数オーバーフローの脆弱性	CWE-189 数値処理の問題	CVE-2012-0192	2012-01-24 16:45	2012-01-23	Show	GitHub Exploit DB Packet Storm

195630	7.5	危険	アドビシステムズ Linux	-	Linux 上で稼働する Adobe Reader における整数オーバーフローの脆弱性	CWE-189 数値処理の問題	CVE-2011-4374	2012-01-24 16:29	2011-09-13	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:Oct. 4, 2024, 5:52 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
591	5.4	MEDIUM Network	jellyfin	jellyfin	Jellyfin is an open source self hosted media server. The Jellyfin user profile image upload accepts SVG files, allowing for a stored XSS attack against an admin user via a specially crafted malicious… Update	NVD-CWE-noinfo	CVE-2024-43801	2024-10-2 00:25	2024-09-3	Show	GitHub Exploit DB Packet Storm

592	5.5	MEDIUM Local	vim	vim	Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line… Update	CWE-787 Out-of-bounds Write	CVE-2024-45306	2024-10-2 00:20	2024-09-3	Show	GitHub Exploit DB Packet Storm

593	-		-	-	eLabFTW is an open source electronic lab notebook for research labs. An incorrect permission check has been found that could allow an authenticated user to access several kinds of otherwise restricte… New	CWE-284 Improper Access Control	CVE-2024-45408	2024-10-2 00:15	2024-10-2	Show	GitHub Exploit DB Packet Storm

594	-		-	-	Decidim is a participatory democracy framework. The version control feature used in resources is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.27.8. New	CWE-79 Cross-site Scripting	CVE-2024-41673	2024-10-2 00:15	2024-10-2	Show	GitHub Exploit DB Packet Storm

595	-		-	-	Cleartext storage of passwords in Infinera TNMS (Transcend Network Management System) Server 19.10.3 allows attackers (with access to the database or exported configuration files) to obtain SNMP user… New	-	CVE-2024-25658	2024-10-2 00:15	2024-10-2	Show	GitHub Exploit DB Packet Storm

596	-		-	-	eLabFTW is an open source electronic lab notebook for research labs. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigne… New	CWE-266 CWE-842 Incorrect Privilege Assignment Placement of User into Incorrect Group	CVE-2024-25632	2024-10-2 00:15	2024-10-2	Show	GitHub Exploit DB Packet Storm

597	-		-	-	Bluetooth LE and BR/EDR Secure Connections pairing and Secure Simple Pairing using the Passkey entry protocol in Bluetooth Core Specifications 2.1 through 5.3 may permit an unauthenticated man-in-the… New	-	CVE-2021-37577	2024-10-2 00:15	2024-10-2	Show	GitHub Exploit DB Packet Storm

598	6.3	MEDIUM Local	fedirtsapana	simple_http_server_plus simple_http_server	Phlox com.phlox.simpleserver (aka Simple HTTP Server) 1.8 and com.phlox.simpleserver.plus (aka Simple HTTP Server PLUS) 1.8.1-plus have a hardcoded aKySWb2jjrr4dzkYXczKRt7K (AES) encryption key. An a… Update	CWE-798 Use of Hard-coded Credentials	CVE-2023-46919	2024-10-2 00:15	2023-12-28	Show	GitHub Exploit DB Packet Storm

599	8.8	HIGH Local	rust-lang	rust	Rust is a programming language. The fix for CVE-2024-24576, where `std::process::Command` incorrectly escaped arguments when invoking batch files on Windows, was incomplete. Prior to Rust version 1.8… Update	CWE-88 Argument Injection	CVE-2024-43402	2024-10-2 00:12	2024-09-5	Show	GitHub Exploit DB Packet Storm

600	7.5	HIGH Network	google	tensorflow	TensorFlow is an end-to-end open source platform for machine learning. `array_ops.upper_bound` causes a segfault when not given a rank 2 tensor. The fix will be included in TensorFlow 2.13 and will a… Update	CWE-190 Integer Overflow or Wraparound	CVE-2023-33976	2024-10-1 23:41	2024-07-31	Show	GitHub Exploit DB Packet Storm