Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Oct. 3, 2024, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
195891 6 警告 Fabrik - Joomla! 用 Fabrik コンポーネントの models/importcsv.php における任意のコードを実行される脆弱性 CWE-Other
その他 		CVE-2011-5004 2011-12-28 14:28 2011-09-23 Show GitHub Exploit DB Packet Storm
195892 10 危険 Avid Technology - Avid Media Composer の Phonetic Indexer におけるスタックベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2011-5003 2011-12-28 14:27 2011-12-25 Show GitHub Exploit DB Packet Storm
195893 10 危険 Final Draft - Final Draft におけるスタックベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2011-5002 2011-12-28 14:24 2011-12-25 Show GitHub Exploit DB Packet Storm
195894 10 危険 Attachmate - Reflection FTP クライアントにおけるヒープベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2011-5012 2011-12-28 11:44 2011-12-25 Show GitHub Exploit DB Packet Storm
195895 4.3 警告 xt:Commerce - xt:Commerce におけるクロスサイトリクエストフォージェリの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2011-5011 2011-12-28 11:41 2011-12-25 Show GitHub Exploit DB Packet Storm
195896 10 危険 Ctek, Inc. - Ctek SkyRouter の apps/a3/cfg_ethping.cgi における任意のコマンドを実行される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2011-5010 2011-12-28 11:40 2011-12-25 Show GitHub Exploit DB Packet Storm
195897 5 警告 3S-Smart Software Solutions - 3S CoDeSys におけるサービス運用妨害 (NULL ポインタデリファレンス) の脆弱性 CWE-Other
その他 		CVE-2011-5009 2011-12-28 11:36 2011-12-25 Show GitHub Exploit DB Packet Storm
195898 7.5 危険 3S-Smart Software Solutions - 3S CoDeSys の GatewayService コンポーネントにおける整数オーバーフローの脆弱性 CWE-189
数値処理の問題 		CVE-2011-5008 2011-12-28 11:35 2011-12-25 Show GitHub Exploit DB Packet Storm
195899 10 危険 3S-Smart Software Solutions - 3S CoDeSys におけるスタックベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2011-5007 2011-12-28 11:34 2011-12-25 Show GitHub Exploit DB Packet Storm
195900 7.5 危険 Wuzly - Wuzly の管理機能における認証を回避される脆弱性 CWE-264
認可・権限・アクセス制御 		CVE-2011-3839 2011-12-28 11:31 2011-12-24 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:Oct. 3, 2024, 8:12 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
441 6.5 MEDIUM
Network 		devolutions devolutions_server Authorization bypass in the PAM access request approval mechanism in Devolutions Server 2024.2.10 and earlier allows authenticated users with permissions to approve their own requests, bypassing inte… Update CWE-863
 Incorrect Authorization 		CVE-2024-6512 2024-10-2 01:36 2024-09-25 Show GitHub Exploit DB Packet Storm
442 6.1 MEDIUM
Network 		collne welcart The Welcart e-Commerce WordPress plugin before 2.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used ag… Update CWE-79
Cross-site Scripting 		CVE-2023-5951 2024-10-2 01:35 2023-12-5 Show GitHub Exploit DB Packet Storm
443 5.4 MEDIUM
Network 		uploading_svg\
_webp_and_ico_files_project 		uploading_svg\
_webp_and_ico_files 		The Uploading SVG, WEBP and ICO files WordPress plugin through 1.2.1 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XS… Update CWE-79
Cross-site Scripting 		CVE-2023-4460 2024-10-2 01:35 2023-12-5 Show GitHub Exploit DB Packet Storm
444 5.3 MEDIUM
Network 		microsoft windows_server_2012
windows_server_2016
windows_server_2019
windows_server_2022 		DHCP Server Service Information Disclosure Vulnerability Update CWE-668
 Exposure of Resource to Wrong Sphere 		CVE-2023-29355 2024-10-2 01:35 2023-06-14 Show GitHub Exploit DB Packet Storm
445 5.3 MEDIUM
Network 		atlassian confluence_data_center
confluence_server 		Affected versions of Atlassian Confluence Server and Data Center allow anonymous remote attackers to view the names of attachments and labels in a private Confluence space. This occurs via an Informa… Update NVD-CWE-noinfo
CVE-2023-22503 2024-10-2 01:35 2023-05-2 Show GitHub Exploit DB Packet Storm
446 5.4 MEDIUM
Network 		strangerstudios paid_memberships_pro The Paid Memberships Pro WordPress plugin before 2.9.9 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as lo… Update CWE-79
Cross-site Scripting 		CVE-2022-4830 2024-10-2 01:35 2023-02-14 Show GitHub Exploit DB Packet Storm
447 5.4 MEDIUM
Network 		3dflipbook 3d_flipbook The 3D FlipBook WordPress plugin through 1.13.2 does not validate or escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as Con… Update CWE-79
Cross-site Scripting 		CVE-2022-4453 2024-10-2 01:35 2023-01-17 Show GitHub Exploit DB Packet Storm
448 9.8 CRITICAL
Network 		doverfuelingsolutions progauge_maglink_lx_console_firmware
progauge_maglink_lx4_console_firmware 		An attacker can directly request the ProGauge MAGLINK LX CONSOLE resource sub page with full privileges by requesting the URL directly. Update NVD-CWE-Other
CVE-2024-43692 2024-10-2 01:22 2024-09-25 Show GitHub Exploit DB Packet Storm
449 9.8 CRITICAL
Network 		doverfuelingsolutions progauge_maglink_lx_console_firmware
progauge_maglink_lx4_console_firmware 		A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands. Update CWE-77
Command Injection 		CVE-2024-45066 2024-10-2 01:18 2024-09-25 Show GitHub Exploit DB Packet Storm
450 - - - A website configured to initiate a specially crafted WebTransport session could crash the Firefox process leading to a denial of service condition. This vulnerability affects Firefox < 131, Firefox E… New - CVE-2024-9399 2024-10-2 01:15 2024-10-2 Show GitHub Exploit DB Packet Storm