Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Oct. 1, 2024, 10:01 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
199581	10	危険	サイバートラスト株式会社 Mozilla Foundation レッドハット	-	Windows 7 上で稼働する Mozilla Firefox における任意のコードを実行される脆弱性	CWE-noinfo 情報不足	CVE-2010-1121	2010-07-15 17:21	2010-03-25	Show	GitHub Exploit DB Packet Storm

199582	2.1	注意	サイバートラスト株式会社 Mozilla Foundation レッドハット	-	Mozilla Firefox の JavaScript インプリメンテーションにおける偽装したポップアップメッセージに従って行動させられる脆弱性	CWE-Other その他	CVE-2008-5913	2010-07-15 17:20	2009-01-20	Show	GitHub Exploit DB Packet Storm

199583	7.4	危険	日本電気サイバートラスト株式会社 MIT Kerberos サン・マイクロシステムズターボリナックスヒューレット・パッカードレッドハット	-	MIT Kerberos 5 の rename_principal_2_svc() 関数におけるバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2007-2798	2010-07-15 17:20	2007-06-26	Show	GitHub Exploit DB Packet Storm

199584	7.9	危険	日本電気サイバートラスト株式会社 MIT Kerberos ヒューレット・パッカードターボリナックスレッドハット	-	MIT Kerberos 5 RPC ライブラリの gssrpc_svcauth_unix() 関数における任意のコードを実行される脆弱性	-	CVE-2007-2443	2010-07-15 17:19	2007-06-26	Show	GitHub Exploit DB Packet Storm

199585	9.3	危険	日本電気サイバートラスト株式会社 MIT Kerberos サン・マイクロシステムズターボリナックスヒューレット・パッカードレッドハット	-	MIT Kerberos 5 RPC ライブラリの gssrpc__svcauth_gssapi() 関数における不正なメモリ領域が解放される脆弱性	-	CVE-2007-2442	2010-07-15 17:19	2007-06-26	Show	GitHub Exploit DB Packet Storm

199586	4.3	警告	VMware	-	複数の VMware 製品の WebAccess におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-2277	2010-07-14 17:27	2010-03-29	Show	GitHub Exploit DB Packet Storm

199587	6.9	警告	VMware	-	複数の VMware 製品の USB サービスにおける権限昇格の脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2010-1140	2010-07-14 17:27	2010-04-9	Show	GitHub Exploit DB Packet Storm

199588	9.3	危険	シマンテック	-	Symantec Workspace Streaming (旧 Symantec AppStream) に脆弱性	CWE-287 不適切な認証	CVE-2008-4389	2010-07-14 17:26	2010-06-22	Show	GitHub Exploit DB Packet Storm

199589	5.8	警告	アップル	-	Apple iOS の設定アプリケーションにおけるユーザを追跡可能な脆弱性	CWE-DesignError	CVE-2010-1756	2010-07-14 17:26	2010-06-22	Show	GitHub Exploit DB Packet Storm

199590	4.3	警告	アップル	-	Apple iOS の Safari におけるリモートの Web サーバがユーザを追跡可能な脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2010-1755	2010-07-14 17:25	2010-06-22	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:Oct. 1, 2024, 5:51 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
611	8.8	HIGH Network	wpml	wpml	The WPML plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.6.12 via the Twig Server-Side Template Injection. This is due to missing input validation …	CWE-94 Code Injection	CVE-2024-6386	2024-09-27 22:25	2024-08-22	Show	GitHub Exploit DB Packet Storm

612	8.8	HIGH Network	acymailing	acymailing	The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the …	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2024-7384	2024-09-27 22:15	2024-08-22	Show	GitHub Exploit DB Packet Storm

613	6.6	MEDIUM Local	linux fedoraproject redhat	linux_kernel fedora enterprise_linux	A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each itera…	NVD-CWE-Other	CVE-2024-0607	2024-09-27 22:15	2024-01-19	Show	GitHub Exploit DB Packet Storm

614	8.8	HIGH Network	wpmarketingrobot	woocommerce_google_feed_manager	The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'wppfm_removeFeedFile' function in all versions up to, and…	CWE-862 Missing Authorization	CVE-2024-7258	2024-09-27 22:05	2024-08-23	Show	GitHub Exploit DB Packet Storm

615	4.3	MEDIUM Network	webba-booking	webba_booking	The Appointment & Event Booking Calendar Plugin – Webba Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_appearance() func…	CWE-862 Missing Authorization	CVE-2024-8432	2024-09-27 21:58	2024-09-24	Show	GitHub Exploit DB Packet Storm

616	6.1	MEDIUM Network	fatcatapps	pixel_cat	The Pixel Cat – Conversion Pixel Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions u…	CWE-79 Cross-site Scripting	CVE-2024-8544	2024-09-27 21:57	2024-09-24	Show	GitHub Exploit DB Packet Storm

617	5.4	MEDIUM Network	ggnome	garden_gnome_package	The Garden Gnome Package plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ggpkg shortcode in all versions up to, and including, 2.2.9 due to insufficient input sanit…	CWE-79 Cross-site Scripting	CVE-2024-8657	2024-09-27 21:56	2024-09-24	Show	GitHub Exploit DB Packet Storm

618	6.1	MEDIUM Network	ibericode	koko_analytics	The Koko Analytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1…	CWE-79 Cross-site Scripting	CVE-2024-8662	2024-09-27 21:54	2024-09-24	Show	GitHub Exploit DB Packet Storm

619	4.3	MEDIUM Network	themify	themify_builder	The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the duplicate_page_ajaxify function in all versions up to, and including, 7.6.1. This …	CWE-863 Incorrect Authorization	CVE-2024-7836	2024-09-27 21:53	2024-08-22	Show	GitHub Exploit DB Packet Storm

620	7.2	HIGH Network	presstigers	simple_job_board	The Simple Job Board plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.12.3 via deserialization of untrusted input when editing job applications. This…	CWE-502 Deserialization of Untrusted Data	CVE-2024-7351	2024-09-27 21:48	2024-08-24	Show	GitHub Exploit DB Packet Storm