Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Jan. 10, 2025, 12:03 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
198821	7.5	危険	exophpdesk	-	Exophpdesk の pipe.php における PHP リモートファイルインクルージョンの脆弱性	-	CVE-2006-5951	2012-06-26 15:37	2006-11-16	Show	GitHub Exploit DB Packet Storm

198822	5	警告	altools	-	ALTools ALFTP FTP Server におけるインストールパスを取得される脆弱性	-	CVE-2006-5950	2012-06-26 15:37	2006-11-16	Show	GitHub Exploit DB Packet Storm

198823	5	警告	altools	-	ALTools ALFTP FTP Server におけるディレクトリトラバーサルの脆弱性	-	CVE-2006-5949	2012-06-26 15:37	2006-11-16	Show	GitHub Exploit DB Packet Storm

198824	5	警告	conxint	-	Conxint FTP Server におけるディレクトリトラバーサルの脆弱性	-	CVE-2006-5947	2012-06-26 15:37	2006-11-16	Show	GitHub Exploit DB Packet Storm

198825	7.5	危険	funkyasp	-	FunkyASP Glossary の demo/glossary/glossary.asp における SQL インジェクションの脆弱性	-	CVE-2006-5946	2012-06-26 15:37	2006-11-16	Show	GitHub Exploit DB Packet Storm

198826	10	危険	grisoft	-	Grisoft AVG Anti-Virus における詳細不明の脆弱性	-	CVE-2006-5940	2012-06-26 15:37	2006-11-15	Show	GitHub Exploit DB Packet Storm

198827	7.8	危険	grisoft	-	Grisoft AVG Anti-Virus におけるサービス運用妨害 (DoS) の脆弱性	-	CVE-2006-5939	2012-06-26 15:37	2006-11-15	Show	GitHub Exploit DB Packet Storm

198828	10	危険	grisoft	-	Grisoft AVG Anti-Virus における詳細不明の脆弱性	-	CVE-2006-5938	2012-06-26 15:37	2006-11-15	Show	GitHub Exploit DB Packet Storm

198829	7.5	危険	grisoft	-	Grisoft AVG Anti-Virus における整数バッファオーバーフローの脆弱性	-	CVE-2006-5937	2012-06-26 15:37	2006-11-15	Show	GitHub Exploit DB Packet Storm

198830	5.1	警告	aigaion	-	Aigaion Web ベースのバイオグラフィ管理システムにおける PHP リモートファイルインクルージョンの脆弱性	-	CVE-2006-5931	2012-06-26 15:37	2006-11-15	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:Jan. 10, 2025, 4:11 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
721	-		-	-	A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file e…	-	CVE-2023-6601	2025-01-7 02:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

722	-		-	-	An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The app…	-	CVE-2025-22390	2025-01-7 02:15	2025-01-4	Show	GitHub Exploit DB Packet Storm

723	-		-	-	An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue exists in requests for resources where the session token is submitted as a URL parameter. This expos…	-	CVE-2025-22387	2025-01-7 02:15	2025-01-4	Show	GitHub Exploit DB Packet Storm

724	-		-	-	An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue concerning business logic exists in the Commerce B2B application, which allows storefront visitors t…	-	CVE-2025-22384	2025-01-7 02:15	2025-01-4	Show	GitHub Exploit DB Packet Storm

725	8.8	HIGH Network	-	-	The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions from 1.23.8 to 1.24.11 via deserialization of untrusted input in the 'recursiv…	-	CVE-2024-10957	2025-01-7 02:15	2025-01-4	Show	GitHub Exploit DB Packet Storm

726	-		-	-	In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execut…	-	CVE-2024-53833	2025-01-7 02:15	2025-01-3	Show	GitHub Exploit DB Packet Storm

727	7.5	HIGH Network	progress	whatsup_gold	In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings.	CWE-306 Missing Authentication for Critical Function	CVE-2024-12106	2025-01-7 01:54	2024-12-31	Show	GitHub Exploit DB Packet Storm

728	9.6	CRITICAL Network	progress	whatsup_gold	In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API.	CWE-290 Authentication Bypass by Spoofing	CVE-2024-12108	2025-01-7 01:51	2024-12-31	Show	GitHub Exploit DB Packet Storm

729	-		-	-	TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn't escape the user-supplied page name when outputting, so an XSS payload as the page…	CWE-79 CWE-80 Cross-site Scripting Basic XSS	CVE-2025-21612	2025-01-7 01:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

730	-		-	-	tgstation-server is a production scale tool for BYOND server management. Prior to 6.12.3, roles used to authorize API methods were incorrectly OR'd instead of AND'ed with the role used to determine i…	CWE-285 Improper Authorization	CVE-2025-21611	2025-01-7 01:15	2025-01-7	Show	GitHub Exploit DB Packet Storm