Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Jan. 9, 2025, 6:02 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
198831	7.5	危険	faq administrator	-	Faq Administrator の faq_reply.php における PHP リモートファイルインクルージョンの脆弱性	-	CVE-2006-5637	2012-06-26 15:37	2006-10-31	Show	GitHub Exploit DB Packet Storm

198832	7.5	危険	ee tool	-	EE Tool の ip.inc.php における PHP リモートファイルインクルージョンの脆弱性	-	CVE-2006-5623	2012-06-26 15:37	2006-10-31	Show	GitHub Exploit DB Packet Storm

198833	7.5	危険	Coppermine Photo Gallery	-	Coppermine Photo Gallery の picmgr.php における SQL インジェクションの脆弱性	-	CVE-2006-5622	2012-06-26 15:37	2006-10-31	Show	GitHub Exploit DB Packet Storm

198834	7.5	危険	ask rave	-	ask_rave の end.php における PHP リモートファイルインクルージョンの脆弱性	CWE-94 コード・インジェクション	CVE-2006-5621	2012-06-26 15:37	2006-10-31	Show	GitHub Exploit DB Packet Storm

198835	7.5	危険	fully modded phpbb	-	Teake Nutma Foing の player/includeds/common.php における PHP リモートファイルインクルージョンの脆弱性	-	CVE-2006-5610	2012-06-26 15:37	2006-10-30	Show	GitHub Exploit DB Packet Storm

198836	7.5	危険	Drupal	-	Drupal 用の xtracker における SQL インジェクションの脆弱性	-	CVE-2006-5608	2012-06-26 15:37	2006-10-26	Show	GitHub Exploit DB Packet Storm

198837	7.5	危険	bytesfall explorer	-	bfExplorer における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2006-5606	2012-06-26 15:37	2006-10-31	Show	GitHub Exploit DB Packet Storm

198838	2.1	注意	axalto	-	Axalto Protiva における権限を取得される脆弱性	-	CVE-2006-5600	2012-06-26 15:37	2006-10-27	Show	GitHub Exploit DB Packet Storm

198839	7.5	危険	aep networks	-	AEP Smartgate の SSL サーバにおけるディレクトリトラバーサルの脆弱性	-	CVE-2006-5596	2012-06-26 15:37	2006-10-27	Show	GitHub Exploit DB Packet Storm

198840	7.5	危険	articlebeach	-	ArticleBeach Script の index.php における PHP リモートファイルインクルージョンの脆弱性	-	CVE-2006-5590	2012-06-26 15:37	2006-10-27	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:Jan. 10, 2025, 4:11 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
721	-		-	-	A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file e… New	-	CVE-2023-6601	2025-01-7 02:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

722	-		-	-	An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The app… Update	-	CVE-2025-22390	2025-01-7 02:15	2025-01-4	Show	GitHub Exploit DB Packet Storm

723	-		-	-	An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue exists in requests for resources where the session token is submitted as a URL parameter. This expos… Update	-	CVE-2025-22387	2025-01-7 02:15	2025-01-4	Show	GitHub Exploit DB Packet Storm

724	-		-	-	An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue concerning business logic exists in the Commerce B2B application, which allows storefront visitors t… Update	-	CVE-2025-22384	2025-01-7 02:15	2025-01-4	Show	GitHub Exploit DB Packet Storm

725	8.8	HIGH Network	-	-	The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions from 1.23.8 to 1.24.11 via deserialization of untrusted input in the 'recursiv… Update	-	CVE-2024-10957	2025-01-7 02:15	2025-01-4	Show	GitHub Exploit DB Packet Storm

726	-		-	-	In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execut… Update	-	CVE-2024-53833	2025-01-7 02:15	2025-01-3	Show	GitHub Exploit DB Packet Storm

727	7.5	HIGH Network	progress	whatsup_gold	In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings. Update	CWE-306 Missing Authentication for Critical Function	CVE-2024-12106	2025-01-7 01:54	2024-12-31	Show	GitHub Exploit DB Packet Storm

728	9.6	CRITICAL Network	progress	whatsup_gold	In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API. Update	CWE-290 Authentication Bypass by Spoofing	CVE-2024-12108	2025-01-7 01:51	2024-12-31	Show	GitHub Exploit DB Packet Storm

729	-		-	-	TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn't escape the user-supplied page name when outputting, so an XSS payload as the page… New	CWE-79 CWE-80 Cross-site Scripting Basic XSS	CVE-2025-21612	2025-01-7 01:15	2025-01-7	Show	GitHub Exploit DB Packet Storm

730	-		-	-	tgstation-server is a production scale tool for BYOND server management. Prior to 6.12.3, roles used to authorize API methods were incorrectly OR'd instead of AND'ed with the role used to determine i… New	CWE-285 Improper Authorization	CVE-2025-21611	2025-01-7 01:15	2025-01-7	Show	GitHub Exploit DB Packet Storm