Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Nov. 17, 2024, 6 p.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show
Exploit
PoC
Search
198611 7.5 危険 Yegnold - A-Blog の sources/search.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2010-4917 2012-02-28 10:52 2011-10-8 Show GitHub Exploit DB Packet Storm
198612 7.5 危険 ColdGen - ColdGen ColdUserGroup の index.cfm における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2010-4916 2012-02-28 10:50 2011-10-8 Show GitHub Exploit DB Packet Storm
198613 7.5 危険 ColdGen - ColdGen ColdBookmarks の index.cfm における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2010-4915 2012-02-28 10:47 2011-10-8 Show GitHub Exploit DB Packet Storm
198614 7.5 危険 DeltaScripts - PHP Classifieds の tools/phpmailer/class.phpmailer.php における任意の PHP コードを実行される脆弱性 CWE-94
コード・インジェクション
CVE-2010-4914 2012-02-28 10:43 2011-10-8 Show GitHub Exploit DB Packet Storm
198615 4.3 警告 ColdGen - ColdGen ColdUserGroup の search 機能におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-4913 2012-02-28 10:41 2011-10-8 Show GitHub Exploit DB Packet Storm
198616 7.5 危険 Discuz - UCenter Home の shop.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2010-4912 2012-02-28 10:40 2011-10-8 Show GitHub Exploit DB Packet Storm
198617 7.5 危険 Sell@Site - PHP Classifieds Ads の classi/detail.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2010-4911 2012-02-28 10:39 2011-10-8 Show GitHub Exploit DB Packet Storm
198618 7.5 危険 ColdGen - ColdGen ColdCalendar の index.cfm におけるSQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2010-4910 2012-02-28 10:37 2011-10-8 Show GitHub Exploit DB Packet Storm
198619 4.3 警告 Mechbunny - PaysiteReviewCMS におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-4909 2012-02-28 10:36 2011-10-8 Show GitHub Exploit DB Packet Storm
198620 7.5 危険 Virtue Netz - Virtue Shopping Mall の detail.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション
CVE-2010-4908 2012-02-28 10:35 2011-10-8 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:Nov. 17, 2024, 4:13 p.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1121 - - - FileManager provides a Backpack admin interface for files and folder. Prior to 3.0.9, deserialization of untrusted data from the mimes parameter could lead to remote code execution. This vulnerabilit… CWE-502
 Deserialization of Untrusted Data
CVE-2024-52306 2024-11-14 02:01 2024-11-14 Show GitHub Exploit DB Packet Storm
1122 - - - UnoPim is an open-source Product Information Management (PIM) system built on the Laravel framework. A vulnerability exists in the Create User process, allowing the creation of a new admin account wi… CWE-616
CWE-692
 Incomplete Denylist to Cross-Site Scripting
CVE-2024-52305 2024-11-14 02:01 2024-11-14 Show GitHub Exploit DB Packet Storm
1123 - - - macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The width parameter of the PDF viewer macro isn't properly escaped, allowing XSS for any user who can edit a page. XSS can impact… CWE-80
Basic XSS
CVE-2024-52300 2024-11-14 02:01 2024-11-14 Show GitHub Exploit DB Packet Storm
1124 - - - macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Any user with view right on XWiki.PDFViewerService can access any attachment stored in the wiki as the "key" that is passed to pr… CWE-340
 Generation of Predictable Numbers or Identifiers
CVE-2024-52299 2024-11-14 02:01 2024-11-14 Show GitHub Exploit DB Packet Storm
1125 - - - DataEase is an open source data visualization analysis tool. Prior to 2.10.2, DataEase allows attackers to forge jwt and take over services. The JWT secret is hardcoded in the code, and the UID and O… CWE-798
 Use of Hard-coded Credentials
CVE-2024-52295 2024-11-14 02:01 2024-11-14 Show GitHub Exploit DB Packet Storm
1126 - - - Craft is a content management system (CMS). Prior to 4.12.2 and 5.4.3, Craft is missing normalizePath in the function FileHelper::absolutePath could lead to Remote Code Execution on the server via tw… CWE-22
Path Traversal
CVE-2024-52293 2024-11-14 02:01 2024-11-14 Show GitHub Exploit DB Packet Storm
1127 - - - macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The PDF Viewer macro allows an attacker to view any attachment using the "Delegate my view right" feature as long as the attacker… CWE-615
CVE-2024-52298 2024-11-14 02:01 2024-11-14 Show GitHub Exploit DB Packet Storm
1128 - - - In Progress Telerik UI for WinForms versions prior to 2024 Q4 (2024.4.1113), a code execution attack is possible through an insecure deserialization vulnerability. CWE-502
 Deserialization of Untrusted Data
CVE-2024-10013 2024-11-14 02:01 2024-11-14 Show GitHub Exploit DB Packet Storm
1129 - - - In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1111), a code execution attack is possible through an insecure deserialization vulnerability. CWE-502
 Deserialization of Untrusted Data
CVE-2024-10012 2024-11-14 02:01 2024-11-14 Show GitHub Exploit DB Packet Storm
1130 - - - Insecure creation of temporary files allows local users on systems with non-default configurations to cause denial of service or set the encryption key for a filesystem CWE-377
 Insecure Temporary File
CVE-2024-49506 2024-11-14 02:01 2024-11-14 Show GitHub Exploit DB Packet Storm