Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Feb. 3, 2025, 1:14 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
1951	5.5	警告 Local	Huawei	EMUI HarmonyOS	Huawei の EMUI および HarmonyOS における古典的バッファオーバーフローの脆弱性	CWE-120 CWE-120	CVE-2024-56450	2025-01-15 15:00	2024-12-26	Show	GitHub Exploit DB Packet Storm

1952	8.1	重要 Network	マイクロソフト	Microsoft Windows Server 2016 Microsoft Windows Server 2019 Microsoft Windows Server 2025 Microsoft Windows Server 2022	Windows リモートデスクトップサービスのリモートでコードが実行される脆弱性	CWE-362 CWE-416 CWE-591	CVE-2024-49106	2025-01-15 14:52	2024-12-10	Show	GitHub Exploit DB Packet Storm

1953	7	重要 Local	マイクロソフト	Microsoft Windows Server 2019 Microsoft Windows 11 Microsoft Windows Server 2022 Microsoft Windows 10 Microsoft Windows Server&…	Windows PrintWorkflowUserSvc の特権昇格の脆弱性	CWE-362 CWE-415 CWE-591	CVE-2024-49095	2025-01-15 14:48	2024-12-10	Show	GitHub Exploit DB Packet Storm

1954	7.8	重要 Local	マイクロソフト	Microsoft Windows Server 2019 Microsoft Windows 11 Microsoft Windows 10 Microsoft Windows Server 2022 Microsoft Windows Server&…	Windows 共通ログファイルシステムドライバーの特権の昇格の脆弱性	CWE-822 CWE-noinfo	CVE-2024-49090	2025-01-15 14:44	2024-12-10	Show	GitHub Exploit DB Packet Storm

1955	5.5	警告 Local	オムロン株式会社	NB-Designer	オムロン製 NB-Designer における XML 外部エンティティ参照（XXE）の不適切な制限の脆弱性	CWE-611 XML 外部エンティティ参照の不適切な制限	CVE-2024-12298	2025-01-15 14:40	2025-01-14	Show	GitHub Exploit DB Packet Storm

1956	7	重要 Local	マイクロソフト	Microsoft Windows Server 2019 Microsoft Windows 11 Microsoft Windows 10 Microsoft Windows Server 2022 Microsoft Windows Server&…	Windows カーネルの特権の昇格の脆弱性	CWE-362 競合状態	CVE-2024-49084	2025-01-15 14:40	2024-12-10	Show	GitHub Exploit DB Packet Storm

1957	6.8	警告 Network	マイクロソフト	Microsoft Windows Server 2019 Microsoft Windows 11 Microsoft Windows 10 Microsoft Windows Server 2022 Microsoft Windows Server&…	Windows エクスプローラーの情報漏えいの脆弱性	CWE-22 CWE-noinfo	CVE-2024-49082	2025-01-15 14:36	2024-12-10	Show	GitHub Exploit DB Packet Storm

1958	7.8	重要 Local	マイクロソフト	Microsoft Windows Server 2019 Microsoft Windows 11 Microsoft Windows 10 Microsoft Windows Server 2022 Microsoft Windows Server&…	入力方式エディター (IME) のリモートでコードが実行される脆弱性	CWE-416 CWE-noinfo	CVE-2024-49079	2025-01-15 14:31	2024-12-10	Show	GitHub Exploit DB Packet Storm

1959	7.5	重要 Network	マイクロソフト	Microsoft Windows Server 2019 Microsoft Windows 11 Microsoft Windows Server 2022 Microsoft Windows 10 Microsoft Windows Server&…	Windows リモートデスクトップサービスのサービス拒否の脆弱性	CWE-400 CWE-noinfo	CVE-2024-49075	2025-01-15 14:22	2024-12-10	Show	GitHub Exploit DB Packet Storm

1960	6.5	警告 Network	マイクロソフト	Microsoft Windows Server 2019 Microsoft Windows Server 2022 Microsoft Windows Server 2008 Microsoft Windows Server 2012 Microso…	Windows 展開サービスの情報漏えいの脆弱性	CWE-41 CWE-noinfo	CVE-2024-30036	2025-01-15 14:22	2024-05-14	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:Feb. 21, 2025, 4:08 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
81	7.5	HIGH Network	-	-	The LTL Freight Quotes – GlobalTranz Edition plugin for WordPress is vulnerable to SQL Injection via the 'engtz_wd_save_dropship' AJAX endpoint in all versions up to, and including, 2.3.11 due to ins… New	CWE-89 SQL Injection	CVE-2024-13476	2025-02-20 19:15	2025-02-20	Show	GitHub Exploit DB Packet Storm

82	6.4	MEDIUM Network	-	-	The Login/Signup Popup ( Inline Form + Woocommerce ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's xoo_el_action shortcode in all versions up to, and including, 2… New	CWE-79 Cross-site Scripting	CVE-2025-1064	2025-02-20 18:15	2025-02-20	Show	GitHub Exploit DB Packet Storm

83	6.4	MEDIUM Network	-	-	The Modal Window – create popup modal window plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode in all versions up to, and including, 6.1.5 due t… New	CWE-79 Cross-site Scripting	CVE-2025-0897	2025-02-20 18:15	2025-02-20	Show	GitHub Exploit DB Packet Storm

84	7.2	HIGH Network	-	-	The WPMobile.App plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 11.56. This is due to insufficient validation on the redirect URL supplied via the 'redirect… New	CWE-601 Open Redirect	CVE-2024-13888	2025-02-20 18:15	2025-02-20	Show	GitHub Exploit DB Packet Storm

85	6.4	MEDIUM Network	-	-	The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Transparent Split Hero widget in all versions up to, and including, 1.5.140 due… New	CWE-79 Cross-site Scripting	CVE-2024-13155	2025-02-20 17:15	2025-02-20	Show	GitHub Exploit DB Packet Storm

86	-		-	-	Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. If an attacker logs in to the affected product … New	CWE-78 OS Command	CVE-2025-26856	2025-02-20 15:15	2025-02-20	Show	GitHub Exploit DB Packet Storm

87	-		-	-	Sitecore Experience Manager (XM) and Experience Platform (XP) 10.4 before KB1002844 allow remote code execution through insecure deserialization. New	-	CVE-2025-27218	2025-02-20 14:15	2025-02-20	Show	GitHub Exploit DB Packet Storm

88	6.4	MEDIUM Network	-	-	The Elementor Website Builder – More Than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the border, margin and gap parameters in all versions up to, and in… New	CWE-79 Cross-site Scripting	CVE-2024-13445	2025-02-20 14:15	2025-02-20	Show	GitHub Exploit DB Packet Storm

89	6.8	MEDIUM Network	-	-	IBM OpenPages with Watson 8.3 and 9.0 could allow a remote attacker to spoof mail server identity when using SSL/TLS security. An attacker could exploit this vulnerability to gain access to sensi… New	CWE-297 Improper Validation of Certificate with Host Mismatch	CVE-2024-49782	2025-02-20 13:15	2025-02-20	Show	GitHub Exploit DB Packet Storm

90	5.3	MEDIUM Network	-	-	IBM OpenPages with Watson 8.3 and 9.0 may write improperly neutralized data to server log files when the tracing is enabled per the System Tracing feature. New	CWE-117 Improper Output Neutralization for Logs	CVE-2024-49355	2025-02-20 13:15	2025-02-20	Show	GitHub Exploit DB Packet Storm