Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Nov. 17, 2024, noon

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
198871	7.5	危険	DrBenHur	-	DBHcms の index.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2010-4869	2012-02-9 11:10	2011-10-5	Show	GitHub Exploit DB Packet Storm

198872	4.3	警告	W-Agora	-	W-Agora の search.php3 におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-4868	2012-02-9 11:10	2011-10-5	Show	GitHub Exploit DB Packet Storm

198873	7.5	危険	W-Agora	-	W-Agora の search.php3 におけるディレクトリトラバーサルの脆弱性	CWE-22 パス・トラバーサル	CVE-2010-4867	2012-02-9 11:10	2011-10-5	Show	GitHub Exploit DB Packet Storm

198874	7.5	危険	Chipmunk Scripts	-	Chipmunk Board の index.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2010-4866	2012-02-9 11:09	2011-10-5	Show	GitHub Exploit DB Packet Storm

198875	7.5	危険	Jextensions	-	Joomla! 用 JE Guestbook (com_jeguestbook) コンポーネントにおける SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2010-4865	2012-02-9 11:08	2011-10-5	Show	GitHub Exploit DB Packet Storm

198876	7.5	危険	Daniel James Scott	-	Joomla! 用 Club Manager (com_clubmanager) コンポーネントにおける SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2010-4864	2012-02-9 11:08	2011-10-5	Show	GitHub Exploit DB Packet Storm

198877	4.3	警告	The GetSimple Team	-	GetSimple CMS の admin/changedata.php におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-4863	2012-02-9 11:07	2011-10-5	Show	GitHub Exploit DB Packet Storm

198878	7.5	危険	Joomla! Jextensions	-	Joomla! 用 JExtensions JE Director コンポーネントにおける SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2010-4862	2012-02-9 11:07	2011-10-5	Show	GitHub Exploit DB Packet Storm

198879	7.5	危険	webSPELL	-	webSPELL の asearch.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2010-4861	2012-02-9 11:06	2011-10-5	Show	GitHub Exploit DB Packet Storm

198880	7.5	危険	Galaxyscriptz	-	MyPhpAuction の product_desc.php における SQL インジェクションの脆弱性	CWE-89 SQLインジェクション	CVE-2010-4860	2012-02-9 11:05	2011-10-5	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:Nov. 17, 2024, 12:17 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1071	5.3	MEDIUM Network	level1	wbr-6012_firmware	The LevelOne WBR-6012 router contains a vulnerability within its web application that allows unauthenticated disclosure of sensitive information, such as the WiFi WPS PIN, through a hidden page acces…	NVD-CWE-noinfo	CVE-2024-33626	2024-11-14 03:43	2024-10-30	Show	GitHub Exploit DB Packet Storm

1072	7.5	HIGH Network	level1	wbr-6012_firmware	A denial of service vulnerability exists in the Web Application functionality of LevelOne WBR-6012 R0.40e6. A specially crafted HTTP request can lead to a reboot. An attacker can send an HTTP request…	CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')	CVE-2024-33623	2024-11-14 03:43	2024-10-30	Show	GitHub Exploit DB Packet Storm

1073	7.5	HIGH Network	opensourcelabs	skyscraper	SkyScrape is a GUI Dashboard for AWS Infrastructure and Managing Resources and Usage Costs. SkyScrape's API requests are currently unsecured HTTP requests, leading to potential vulnerabilities for t…	CWE-319 Cleartext Transmission of Sensitive Information	CVE-2024-37163	2024-11-14 03:42	2024-06-8	Show	GitHub Exploit DB Packet Storm

1074	7.1	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Fix KASAN reported stack out-of-bounds read in tb_retimer_scan() KASAN reported following issue: BUG: KASAN: stack…	CWE-125 Out-of-bounds Read	CVE-2024-50227	2024-11-14 03:39	2024-11-9	Show	GitHub Exploit DB Packet Storm

1075	5.3	MEDIUM Network	level1	wbr-6012_firmware	The LevelOne WBR-6012 router has an information disclosure vulnerability in its web application, which allows unauthenticated users to access a verbose system log page and obtain sensitive data, such…	NVD-CWE-noinfo	CVE-2024-33603	2024-11-14 03:39	2024-10-30	Show	GitHub Exploit DB Packet Storm

1076	5.9	MEDIUM Network	level1	wbr-6012_firmware	A vulnerability in the LevelOne WBR-6012 router's firmware version R0.40e6 allows sensitive information to be transmitted in cleartext via Web and FTP services, exposing it to network sniffing attack…	CWE-319 Cleartext Transmission of Sensitive Information	CVE-2024-32946	2024-11-14 03:39	2024-10-30	Show	GitHub Exploit DB Packet Storm

1077	7.0	HIGH Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: mm: shmem: fix data-race in shmem_getattr() I got the following KCSAN report during syzbot testing: ============================…	CWE-362 Race Condition	CVE-2024-50228	2024-11-14 03:38	2024-11-9	Show	GitHub Exploit DB Packet Storm

1078	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential deadlock with newly created symlinks Syzbot reported that page_symlink(), called by nilfs_symlink(), trigge…	CWE-667 Improper Locking	CVE-2024-50229	2024-11-14 03:35	2024-11-9	Show	GitHub Exploit DB Packet Storm

1079	-		-	-	vditor v.3.9.8 and before is vulnerable to Arbitrary file read via a crafted data packet.	-	CVE-2024-39150	2024-11-14 03:35	2024-07-6	Show	GitHub Exploit DB Packet Storm

1080	-		-	-	A SQL injection vulnerability in /model/get_events.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the event_id parameter.	-	CVE-2024-33403	2024-11-14 03:35	2024-05-7	Show	GitHub Exploit DB Packet Storm