Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Nov. 5, 2024, 12:04 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
198631 7.5 危険 esoftpro - esoftpro Online Photo Pro の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2010-4999 2011-12-9 14:21 2011-11-1 Show GitHub Exploit DB Packet Storm
198632 7.5 危険 esoftpro - esoftpro Online Contact Manager の view.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2010-5001 2011-12-9 14:21 2011-11-1 Show GitHub Exploit DB Packet Storm
198633 4.3 警告 Exponent CMS project - Exponent CMS におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2010-5002 2011-12-9 14:20 2011-11-1 Show GitHub Exploit DB Packet Storm
198634 7.5 危険 Autartica - Joomla! 用 の AutarTimonial コンポーネントにおける SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2010-5003 2011-12-9 14:20 2011-11-1 Show GitHub Exploit DB Packet Storm
198635 4.3 警告 VideoWhisper.com - VideoWhisper PHP 2 Way Video Chat コンポーネントにおけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2010-4971 2011-12-9 14:19 2011-11-2 Show GitHub Exploit DB Packet Storm
198636 7.5 危険 OlyKit - OlyKit Swoopo Clone 2010 の index.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2010-4997 2011-12-9 14:18 2011-11-2 Show GitHub Exploit DB Packet Storm
198637 7.5 危険 Maulana Al Matien - ardeaCore PHP Framework におけるリモートファイルインクルージョンの脆弱性 CWE-94
コード・インジェクション 		CVE-2010-4998 2011-12-9 14:18 2011-11-2 Show GitHub Exploit DB Packet Storm
198638 7.5 危険 Joe Pieruccini - MCLogin System の login/login_index.php におけるSQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2010-5000 2011-12-9 14:17 2011-11-2 Show GitHub Exploit DB Packet Storm
198639 7.5 危険 2daybiz - 2daybiz Polls Script の searchvote.php における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2010-5004 2011-12-9 14:16 2011-11-2 Show GitHub Exploit DB Packet Storm
198640 4.3 警告 Rayzz - Rayzz Photoz の members/profileCommentsResponse.php におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2010-5005 2011-12-9 14:15 2011-11-2 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:Nov. 5, 2024, 12:17 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
511 - - - In constraint_check of fvp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. Use… - CVE-2024-22007 2024-11-2 05:35 2024-03-12 Show GitHub Exploit DB Packet Storm
512 - - - Numbas editor before 7.3 mishandles editing of themes and extensions. - CVE-2024-27612 2024-11-2 05:35 2024-03-8 Show GitHub Exploit DB Packet Storm
513 - - - This issue was addressed by removing additional entitlements. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive data. - CVE-2024-23260 2024-11-2 05:35 2024-03-8 Show GitHub Exploit DB Packet Storm
514 - - - VMware Workstation and Fusion contain an out-of-bounds read vulnerability in the USB CCID (chip card interface device). A malicious actor with local administrative privileges on a virtual machine may… - CVE-2024-22251 2024-11-2 05:35 2024-02-29 Show GitHub Exploit DB Packet Storm
515 - - - This issue was addressed with improved state management. This issue is fixed in iOS 17.1 and iPadOS 17.1. An attacker with physical access may be able to silently persist an Apple ID on an erased dev… - CVE-2023-42855 2024-11-2 05:35 2024-02-21 Show GitHub Exploit DB Packet Storm
516 7.1 HIGH
Network 		lollms lollms_web_ui A CORS misconfiguration in parisneo/lollms-webui prior to version 10 allows attackers to steal sensitive information such as logs, browser sessions, and settings containing private API keys from othe… CWE-346
 Origin Validation Error 		CVE-2024-6674 2024-11-2 05:34 2024-10-29 Show GitHub Exploit DB Packet Storm
517 5.4 MEDIUM
Network 		chartscss coub Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Rami Yushuvaev Coub allows Stored XSS.This issue affects Coub: from n/a through 1.4. CWE-79
Cross-site Scripting 		CVE-2024-49659 2024-11-2 05:25 2024-10-29 Show GitHub Exploit DB Packet Storm
518 - - - Yealink Meeting Server before V26.0.0.67 allows attackers to obtain static key information from a front-end JS file and decrypt the plaintext passwords based on the obtained key information. - CVE-2024-48353 2024-11-2 05:24 2024-11-2 Show GitHub Exploit DB Packet Storm
519 6.1 MEDIUM
Network 		abdullahirfan documentpress Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Abdullah Irfan DocumentPress allows Reflected XSS.This issue affects DocumentPress: from n… CWE-79
Cross-site Scripting 		CVE-2024-49656 2024-11-2 05:24 2024-10-29 Show GitHub Exploit DB Packet Storm
520 6.1 MEDIUM
Network 		marianheddesheimer extra_privacy_for_elementor Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Marian Heddesheimer Extra Privacy for Elementor allows Reflected XSS.This issue affects Ex… CWE-79
Cross-site Scripting 		CVE-2024-49654 2024-11-2 05:24 2024-10-29 Show GitHub Exploit DB Packet Storm