Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Oct. 6, 2024, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
196431 9.3 危険 シスコシステムズ - Cisco TelePresence Recording Server 上の XML-RPC の実装におけるファイルを上書きされる脆弱性 CWE-94
コード・インジェクション 		CVE-2011-0386 2011-11-29 10:30 2011-02-23 Show GitHub Exploit DB Packet Storm
196432 10 危険 シスコシステムズ - Cisco TelePresence Recording Server および Cisco TelePresence Multipoint Switch における脆弱性 CWE-Other
その他 		CVE-2011-0385 2011-11-29 10:29 2011-02-23 Show GitHub Exploit DB Packet Storm
196433 10 危険 シスコシステムズ - Cisco TelePresence Multipoint Switch における任意のコードを実行される脆弱性 CWE-287
不適切な認証 		CVE-2011-0384 2011-11-29 10:28 2011-02-23 Show GitHub Exploit DB Packet Storm
196434 10 危険 シスコシステムズ - Cisco TelePresence Recording Server および Cisco TelePresence Multipoint Switch における脆弱性 CWE-287
不適切な認証 		CVE-2011-0383 2011-11-29 10:27 2011-02-23 Show GitHub Exploit DB Packet Storm
196435 10 危険 シスコシステムズ - Cisco TelePresence Recording Server における任意のコードを実行される脆弱性 CWE-78
OSコマンド・インジェクション 		CVE-2011-0382 2011-11-29 09:55 2011-02-23 Show GitHub Exploit DB Packet Storm
196436 10 危険 シスコシステムズ - Cisco TelePresence Manager における任意のコードを実行される脆弱性 CWE-78
OSコマンド・インジェクション 		CVE-2011-0381 2011-11-29 09:55 2011-02-23 Show GitHub Exploit DB Packet Storm
196437 7.5 危険 シスコシステムズ - Cisco TelePresence Manager における認証を回避される脆弱性 CWE-287
不適切な認証 		CVE-2011-0380 2011-11-29 09:54 2011-02-23 Show GitHub Exploit DB Packet Storm
196438 7.9 危険 シスコシステムズ - 複数の Cisco 製品におけるバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2011-0379 2011-11-29 09:53 2011-02-23 Show GitHub Exploit DB Packet Storm
196439 8.3 危険 シスコシステムズ - Cisco TelePresence エンドポイントデバイスの XML-RPC 実装における任意のコマンドを実行される脆弱性 CWE-78
OSコマンド・インジェクション 		CVE-2011-0378 2011-11-29 09:53 2011-02-23 Show GitHub Exploit DB Packet Storm
196440 7.8 危険 シスコシステムズ - Cisco TelePresence エンドポイントデバイスにおけるサービス運用妨害 (DoS) の脆弱性 CWE-399
リソース管理の問題 		CVE-2011-0377 2011-11-29 09:52 2011-02-23 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:Oct. 7, 2024, 5:11 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
961 7.5 HIGH
Network 		wpexpertsio change_wp_admin_login The Change WP Admin Login WordPress plugin before 1.1.4 discloses the URL of the hidden login page when accessing a crafted URL, bypassing the protection offered. - CVE-2023-3604 2024-10-3 03:35 2023-08-22 Show GitHub Exploit DB Packet Storm
962 9.8 CRITICAL
Network 		apache eventmesh CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh (incubating) V1.7.0\V1.8.0 on windows\linux\mac os e.g. platforms allows attackers to send contro… CWE-502
 Deserialization of Untrusted Data 		CVE-2023-26512 2024-10-3 03:35 2023-07-17 Show GitHub Exploit DB Packet Storm
963 6.1 MEDIUM
Network 		ninjaforms ninja_forms The Ninja Forms Contact Form plugin for WordPress is vulnerable to Reflected Self-Based Cross-Site Scripting via the 'Referer' header in all versions up to, and including, 3.8.15 due to insufficient … CWE-79
Cross-site Scripting 		CVE-2024-3866 2024-10-3 03:26 2024-09-25 Show GitHub Exploit DB Packet Storm
964 8.8 HIGH
Network 		wclovers frontend_manager_for_woocommerce_along_with_bookings_subscription_listings_compatible The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and incl… CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2024-8290 2024-10-3 03:23 2024-09-25 Show GitHub Exploit DB Packet Storm
965 5.4 MEDIUM
Network 		braginteractive material_design_icons The Material Design Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mdi-icon shortcode in all versions up to, and including, 0.0.5 due to insufficient input s… CWE-79
Cross-site Scripting 		CVE-2024-9024 2024-10-3 03:02 2024-09-25 Show GitHub Exploit DB Packet Storm
966 7.3 HIGH
Network 		blogcoding special_text_boxes The The Special Text Boxes plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 6.2.2. This is due to the plugin adding the filter add_filter('com… CWE-94
Code Injection 		CVE-2024-8481 2024-10-3 02:59 2024-09-25 Show GitHub Exploit DB Packet Storm
967 7.5 HIGH
Network 		jianbo rest_api_to_miniprogram The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to… CWE-89
SQL Injection 		CVE-2024-8484 2024-10-3 02:44 2024-09-25 Show GitHub Exploit DB Packet Storm
968 4.8 MEDIUM
Network 		technowich wp_ulike The WP ULike WordPress plugin before 4.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even… CWE-79
Cross-site Scripting 		CVE-2024-6094 2024-10-3 02:44 2024-07-24 Show GitHub Exploit DB Packet Storm
969 5.4 MEDIUM
Network 		technowich wp_ulike Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in TechnoWich WP ULike – Most Advanced WordPress Marketing Toolkit plugin <= 4.6.8 versions. CWE-79
Cross-site Scripting 		CVE-2023-45640 2024-10-3 02:44 2023-10-26 Show GitHub Exploit DB Packet Storm
970 4.8 MEDIUM
Network 		technowich wp_ulike The WP ULike WordPress plugin before 4.7.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even… CWE-79
Cross-site Scripting 		CVE-2024-7878 2024-10-3 02:41 2024-09-25 Show GitHub Exploit DB Packet Storm