Vulnerability Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Oct. 7, 2024, 10:02 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
200011	4.3	警告	アップル	-	Apple Mac OS X のヘルプビューアにおけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2010-1373	2010-07-8 18:27	2010-06-15	Show	GitHub Exploit DB Packet Storm

200012	3.3	注意	アップル	-	Apple Mac OS X の Folder Manager における任意のフォルダを削除される脆弱性	CWE-59 リンク解釈の問題	CVE-2010-0546	2010-07-8 18:27	2010-06-15	Show	GitHub Exploit DB Packet Storm

200013	4.4	警告	アップル	-	Apple Mac OS X の DesktopServices におけるアクセス制限を回避される脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2010-0545	2010-07-8 18:26	2010-06-15	Show	GitHub Exploit DB Packet Storm

200014	10	危険	ヒューレット・パッカード SGI IBM	-	rpc.pcnfsd の _msgout 関数における任意のコードを実行される脆弱性	CWE-noinfo 情報不足	CVE-2010-1039	2010-07-8 18:03	2010-05-18	Show	GitHub Exploit DB Packet Storm

200015	1.2	注意	IBM OpenBSD	-	OpenSSH における X11 転送ポートをハイジャックされる脆弱性	CWE-200 情報漏えい	CVE-2008-3259	2010-07-7 16:40	2008-07-22	Show	GitHub Exploit DB Packet Storm

200016	4.3	警告	アップルサイバートラスト株式会社レッドハット SquirrelMail Project	-	SquirrelMail におけるユーザインターフェースを偽装される脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-1581	2010-07-6 19:19	2009-05-12	Show	GitHub Exploit DB Packet Storm

200017	6.8	警告	アップル SquirrelMail Project	-	SquirrelMail におけるセッション固定の脆弱性	CWE-287 不適切な認証	CVE-2009-1580	2010-07-6 19:18	2009-05-11	Show	GitHub Exploit DB Packet Storm

200018	6.8	警告	アップルサイバートラスト株式会社レッドハット SquirrelMail Project	-	SquirrelMail における任意のコマンドを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2009-1579	2010-07-6 19:18	2009-05-10	Show	GitHub Exploit DB Packet Storm

200019	4.3	警告	アップルサイバートラスト株式会社レッドハット SquirrelMail Project	-	SquirrelMail におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2009-1578	2010-07-6 19:18	2009-05-8	Show	GitHub Exploit DB Packet Storm

200020	8.5	危険	マイクロソフト	-	Microsoft IIS における任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2010-1256	2010-07-5 17:52	2010-06-8	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:Oct. 7, 2024, 5:11 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
1131	-		-	-	The Cost Calculator Builder WordPress plugin before 3.2.29 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a…	-	CVE-2024-8379	2024-10-2 00:35	2024-09-30	Show	GitHub Exploit DB Packet Storm

1132	4.8	MEDIUM Network	codepeople	contact_form_email	The Contact Form Email WordPress plugin before 1.3.44 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting at…	CWE-79 Cross-site Scripting	CVE-2023-5955	2024-10-2 00:35	2023-12-12	Show	GitHub Exploit DB Packet Storm

1133	5.3	MEDIUM Network	wpbrigade	simple_social_buttons	The Simple Social Media Share Buttons WordPress plugin before 5.1.1 leaks password-protected post content to unauthenticated visitors in some meta tags	NVD-CWE-noinfo	CVE-2023-5845	2024-10-2 00:35	2023-11-28	Show	GitHub Exploit DB Packet Storm

1134	4.3	MEDIUM Network	limitloginattempts	limit_login_attempts_reloaded	The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the `toggle_auto_update` AJAX action, allowing any user with a valid nonce to toggle the auto-update stat…	CWE-862 Missing Authorization	CVE-2023-5525	2024-10-2 00:35	2023-11-28	Show	GitHub Exploit DB Packet Storm

1135	5.4	MEDIUM Network	thimpress	wp_hotel_booking	The WP Hotel Booking WordPress plugin before 2.0.8 does not have authorisation and CSRF checks, as well as does not ensure that the package to be deleted is a package, allowing any authenticated user…	CWE-732 Incorrect Permission Assignment for Critical Resource	CVE-2023-5651	2024-10-2 00:35	2023-11-21	Show	GitHub Exploit DB Packet Storm

1136	9.1	CRITICAL Network	atlassian	jira_service_management	An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management inst…	CWE-287 Improper Authentication	CVE-2023-22501	2024-10-2 00:35	2023-02-2	Show	GitHub Exploit DB Packet Storm

1137	7.8	HIGH Local	microsoft git_for_windows_project	visual_studio_2022 visual_studio_2017 visual_studio_2019 git_for_windows	GitHub: Git for Windows' uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account.	CWE-427 Uncontrolled Search Path Element	CVE-2022-24767	2024-10-2 00:35	2022-04-13	Show	GitHub Exploit DB Packet Storm

1138	7.8	HIGH Local	amazon	freertos	FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming t…	NVD-CWE-Other	CVE-2024-28115	2024-10-2 00:31	2024-03-8	Show	GitHub Exploit DB Packet Storm

1139	5.4	MEDIUM Network	jellyfin	jellyfin	Jellyfin is an open source self hosted media server. The Jellyfin user profile image upload accepts SVG files, allowing for a stored XSS attack against an admin user via a specially crafted malicious…	NVD-CWE-noinfo	CVE-2024-43801	2024-10-2 00:25	2024-09-3	Show	GitHub Exploit DB Packet Storm

1140	5.5	MEDIUM Local	vim	vim	Vim is an open source, command line text editor. Patch v9.1.0038 optimized how the cursor position is calculated and removed a loop, that verified that the cursor position always points inside a line…	CWE-787 Out-of-bounds Write	CVE-2024-45306	2024-10-2 00:20	2024-09-3	Show	GitHub Exploit DB Packet Storm

Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed