Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Feb. 3, 2025, 1:14 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
1951	5.5	警告 Local	Huawei	EMUI HarmonyOS	Huawei の EMUI および HarmonyOS における古典的バッファオーバーフローの脆弱性	CWE-120 CWE-120	CVE-2024-56450	2025-01-15 15:00	2024-12-26	Show	GitHub Exploit DB Packet Storm

1952	8.1	重要 Network	マイクロソフト	Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 2025 Microsoft Windows Server 2022	Windows リモートデスクトップサービスのリモートでコードが実行される脆弱性	CWE-362 CWE-416 CWE-591	CVE-2024-49106	2025-01-15 14:52	2024-12-10	Show	GitHub Exploit DB Packet Storm

1953	7	重要 Local	マイクロソフト	Microsoft Windows Server 2019 Microsoft Windows 11 Microsoft Windows Server 2022 Microsoft Windows 10 Microsoft Windows Server&…	Windows PrintWorkflowUserSvc の特権昇格の脆弱性	CWE-362 CWE-415 CWE-591	CVE-2024-49095	2025-01-15 14:48	2024-12-10	Show	GitHub Exploit DB Packet Storm

1954	7.8	重要 Local	マイクロソフト	Microsoft Windows Server 2019 Microsoft Windows 11 Microsoft Windows 10 Microsoft Windows Server 2022 Microsoft Windows Server&…	Windows 共通ログファイルシステムドライバーの特権の昇格の脆弱性	CWE-822 CWE-noinfo	CVE-2024-49090	2025-01-15 14:44	2024-12-10	Show	GitHub Exploit DB Packet Storm

1955	5.5	警告 Local	オムロン株式会社	NB-Designer	オムロン製 NB-Designer における XML 外部エンティティ参照（XXE）の不適切な制限の脆弱性	CWE-611 XML 外部エンティティ参照の不適切な制限	CVE-2024-12298	2025-01-15 14:40	2025-01-14	Show	GitHub Exploit DB Packet Storm

1956	7	重要 Local	マイクロソフト	Microsoft Windows Server 2019 Microsoft Windows 11 Microsoft Windows 10 Microsoft Windows Server 2022 Microsoft Windows Server&…	Windows カーネルの特権の昇格の脆弱性	CWE-362 競合状態	CVE-2024-49084	2025-01-15 14:40	2024-12-10	Show	GitHub Exploit DB Packet Storm

1957	6.8	警告 Network	マイクロソフト	Microsoft Windows Server 2019 Microsoft Windows 11 Microsoft Windows 10 Microsoft Windows Server 2022 Microsoft Windows Server&…	Windows エクスプローラーの情報漏えいの脆弱性	CWE-22 CWE-noinfo	CVE-2024-49082	2025-01-15 14:36	2024-12-10	Show	GitHub Exploit DB Packet Storm

1958	7.8	重要 Local	マイクロソフト	Microsoft Windows Server 2019 Microsoft Windows 11 Microsoft Windows 10 Microsoft Windows Server 2022 Microsoft Windows Server&…	入力方式エディター (IME) のリモートでコードが実行される脆弱性	CWE-416 CWE-noinfo	CVE-2024-49079	2025-01-15 14:31	2024-12-10	Show	GitHub Exploit DB Packet Storm

1959	7.5	重要 Network	マイクロソフト	Microsoft Windows Server 2019 Microsoft Windows 11 Microsoft Windows Server 2022 Microsoft Windows 10 Microsoft Windows Server&…	Windows リモートデスクトップサービスのサービス拒否の脆弱性	CWE-400 CWE-noinfo	CVE-2024-49075	2025-01-15 14:22	2024-12-10	Show	GitHub Exploit DB Packet Storm

1960	6.5	警告 Network	マイクロソフト	Microsoft Windows Server 2019 Microsoft Windows Server 2022 Microsoft Windows Server 2008 Microsoft Windows Server 2012 Microso…	Windows 展開サービスの情報漏えいの脆弱性	CWE-41 CWE-noinfo	CVE-2024-30036	2025-01-15 14:22	2024-05-14	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:Feb. 23, 2025, 4:07 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
121	-		-	-	Cross Site Scripting vulnerabilities in phpcmsv9 v.9.6.3 allows a remote attacker to escalate privileges via a crafted script. New	-	CVE-2025-25958	2025-02-22 01:15	2025-02-21	Show	GitHub Exploit DB Packet Storm

122	-		-	-	An issue in trenoncourt AutoQueryable v.1.7.0 allows a remote attacker to obtain sensitive information via the Unselectable function. New	-	CVE-2024-57716	2025-02-22 01:15	2025-02-21	Show	GitHub Exploit DB Packet Storm

123	-		-	-	PHPJabbers Car Park Booking System v3.0 is vulnerable to Multiple HTML Injection in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key, title" parameters. New	-	CVE-2023-51308	2025-02-22 01:15	2025-02-21	Show	GitHub Exploit DB Packet Storm

124	5.9	MEDIUM Network	1clickmigration	1_click_migration	The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1 via the class-ocm-… Update	NVD-CWE-noinfo	CVE-2024-13609	2025-02-22 01:06	2025-02-18	Show	GitHub Exploit DB Packet Storm

125	7.5	HIGH Network	imaginate-solutions	file_uploads_addon_for_woocommerce	The File Uploads Addon for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the 'uploads' directory. This makes it poss… Update	NVD-CWE-noinfo	CVE-2024-13622	2025-02-22 01:05	2025-02-18	Show	GitHub Exploit DB Packet Storm

126	8.8	HIGH Network	istmoplugins	get_bookings_wp	The GetBookingsWP – Appointments Booking Calendar Plugin For WordPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.27. Th… Update	CWE-862 Missing Authorization	CVE-2024-13677	2025-02-22 01:03	2025-02-18	Show	GitHub Exploit DB Packet Storm

127	4.3	MEDIUM Network	webdevocean	team_builder	The Team Builder – Meet the Team plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_team_builder_options() function in all versions … Update	CWE-862 Missing Authorization	CVE-2024-13687	2025-02-22 01:00	2025-02-18	Show	GitHub Exploit DB Packet Storm

128	8.1	HIGH Network	smartzminds	reset	The Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the reset_db_page() funct… Update	CWE-352 Origin Validation Error	CVE-2024-13684	2025-02-22 00:57	2025-02-18	Show	GitHub Exploit DB Packet Storm

129	9.8	CRITICAL Network	keap	keap_official_opt_in_forms	The Keap Official Opt-in Forms plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.1 via the service parameter. This makes it possible for unauthentic… Update	CWE-22 Path Traversal	CVE-2024-13725	2025-02-22 00:56	2025-02-18	Show	GitHub Exploit DB Packet Storm

130	4.8	MEDIUM Network	jakob42	reaction_buttons	The Reaction Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output… Update	CWE-79 Cross-site Scripting	CVE-2024-13848	2025-02-22 00:51	2025-02-18	Show	GitHub Exploit DB Packet Storm