Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Oct. 7, 2024, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
196301	5	警告	Virtual Vertex	-	Virtual Vertex Muster におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2011-4714	2011-12-13 15:02	2011-12-8	Show	GitHub Exploit DB Packet Storm

196302	5	警告	osCSS	-	osCSS の catalog/content.php におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2011-4713	2011-12-13 15:01	2011-11-8	Show	GitHub Exploit DB Packet Storm

196303	5	警告	monoxide0184	-	Oxide WebServer におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2011-4712	2011-12-13 14:59	2011-12-8	Show	GitHub Exploit DB Packet Storm

196304	5	警告	Namazu Project	-	Namazu の namazu.cgi におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2011-4711	2011-12-13 14:57	2011-12-8	Show	GitHub Exploit DB Packet Storm

196305	7.5	危険	Lucid Crew	-	Pixie CMS における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2011-4710	2011-12-13 14:53	2011-12-8	Show	GitHub Exploit DB Packet Storm

196306	4.3	警告	Hotaru CMS	-	Hotaru CMS の Search プラグイン内にある Hotaru.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-4709	2011-12-13 14:52	2011-12-8	Show	GitHub Exploit DB Packet Storm

196307	4.3	警告	IBM	-	IBM Rational Asset Manager におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-4708	2011-12-13 14:51	2011-05-5	Show	GitHub Exploit DB Packet Storm

196308	4.3	警告	SAP	-	SAP Netweaver の Virus Scan Interface におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-4707	2011-12-13 14:50	2011-12-8	Show	GitHub Exploit DB Packet Storm

196309	5	警告	Igor Sysoev	-	nginx におけるヒープベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2011-4315	2011-12-13 14:49	2011-11-15	Show	GitHub Exploit DB Packet Storm

196310	7.5	危険	Mambo Foundation	-	Mambo CMS の administrator/index2.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2011-2917	2011-12-13 14:41	2011-12-8	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:Oct. 7, 2024, 8:10 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1151	4.2	MEDIUM Adjacent	jktyre	smart_tyre_car_\&_bike	An issue in SMART TYRE CAR & BIKE v4.2.0 allows attackers to perform a man-in-the-middle attack via Bluetooth communications.	CWE-294 Authentication Bypass by Capture-replay	CVE-2024-39081	2024-10-2 00:51	2024-09-18	Show	GitHub Exploit DB Packet Storm

1152	8.8	HIGH Adjacent	circutor	q-smt_firmware	An attacker with access to the network where the CIRCUTOR Q-SMT is located in its firmware version 1.0.4, could obtain legitimate credentials or steal sessions due to the fact that the device only im…	NVD-CWE-Other	CVE-2024-8890	2024-10-2 00:46	2024-09-18	Show	GitHub Exploit DB Packet Storm

1153	9.8	CRITICAL Network	doverfuelingsolutions	progauge_maglink_lx_console_firmware progauge_maglink_lx4_console_firmware	The web application for ProGauge MAGLINK LX4 CONSOLE contains an administrative-level user account with a password that cannot be changed.	CWE-798 Use of Hard-coded Credentials	CVE-2024-43423	2024-10-2 00:41	2024-09-25	Show	GitHub Exploit DB Packet Storm

1154	7.8	HIGH Local	projectdiscovery	nuclei	Nuclei is a vulnerability scanner powered by YAML based templates. Starting in version 3.0.0 and prior to version 3.3.2, a vulnerability in Nuclei's template signature verification system could allow…	CWE-78 OS Command	CVE-2024-43405	2024-10-2 00:37	2024-09-5	Show	GitHub Exploit DB Packet Storm

1155	-		-	-	The Cost Calculator Builder WordPress plugin before 3.2.29 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a…	-	CVE-2024-8379	2024-10-2 00:35	2024-09-30	Show	GitHub Exploit DB Packet Storm

1156	4.8	MEDIUM Network	codepeople	contact_form_email	The Contact Form Email WordPress plugin before 1.3.44 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting at…	CWE-79 Cross-site Scripting	CVE-2023-5955	2024-10-2 00:35	2023-12-12	Show	GitHub Exploit DB Packet Storm

1157	5.3	MEDIUM Network	wpbrigade	simple_social_buttons	The Simple Social Media Share Buttons WordPress plugin before 5.1.1 leaks password-protected post content to unauthenticated visitors in some meta tags	NVD-CWE-noinfo	CVE-2023-5845	2024-10-2 00:35	2023-11-28	Show	GitHub Exploit DB Packet Storm

1158	4.3	MEDIUM Network	limitloginattempts	limit_login_attempts_reloaded	The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the `toggle_auto_update` AJAX action, allowing any user with a valid nonce to toggle the auto-update stat…	CWE-862 Missing Authorization	CVE-2023-5525	2024-10-2 00:35	2023-11-28	Show	GitHub Exploit DB Packet Storm

1159	5.4	MEDIUM Network	thimpress	wp_hotel_booking	The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated user…	CWE-732 Incorrect Permission Assignment for Critical Resource	CVE-2023-5651	2024-10-2 00:35	2023-11-21	Show	GitHub Exploit DB Packet Storm

1160	9.1	CRITICAL Network	atlassian	jira_service_management	An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management inst…	CWE-287 Improper Authentication	CVE-2023-22501	2024-10-2 00:35	2023-02-2	Show	GitHub Exploit DB Packet Storm