Vulnerability Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Oct. 10, 2024, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
201101	6.8	警告	アップルサイバートラスト株式会社 Python Software Foundation サン・マイクロシステムズレッドハット	-	Python の imageop.c における整数オーバーフローの脆弱性	CWE-189 数値処理の問題	CVE-2008-1679	2010-01-19 15:48	2008-04-22	Show	GitHub Exploit DB Packet Storm

201102	5.8	警告	アップルサイバートラスト株式会社 Python Software Foundation サン・マイクロシステムズレッドハット	-	Python の imageop モジュールにおける複数の整数オーバーフローの脆弱性	CWE-189 数値処理の問題	CVE-2007-4965	2010-01-19 15:47	2007-09-18	Show	GitHub Exploit DB Packet Storm

201103	7.5	危険	アップル	-	Mac OS X 用の Java における任意のコードを実行される脆弱性	CWE-310 暗号の問題	CVE-2009-2843	2010-01-18 12:22	2009-12-3	Show	GitHub Exploit DB Packet Storm

201104	6.8	警告	アップル GNU Project サン・マイクロシステムズサイバートラスト株式会社レッドハット	-	GNU tar の contains_dot_dot() 関数におけるディレクトリトラバーサルの脆弱性	-	CVE-2007-4131	2010-01-18 12:21	2007-08-23	Show	GitHub Exploit DB Packet Storm

201105	4.6	警告	IBM	-	IBM DB2 の dasauto における管理者権限を持たないユーザが実行可能な脆弱性	CWE-264 認可・権限・アクセス制御	CVE-2009-4150	2010-01-15 14:10	2009-12-2	Show	GitHub Exploit DB Packet Storm

201106	2.1	注意	サン・マイクロシステムズ	-	Sun Solaris の ldap_cachemgr におけるサービス運用妨害 (DoS) の脆弱性	CWE-Other その他	CVE-2009-4080	2010-01-15 14:10	2009-11-24	Show	GitHub Exploit DB Packet Storm

201107	5	警告	サン・マイクロシステムズ	-	Sun Solaris の sshd におけるサービス運用妨害 (DoS) の脆弱性	CWE-noinfo 情報不足	CVE-2009-4075	2010-01-15 14:09	2009-11-23	Show	GitHub Exploit DB Packet Storm

201108	2.6	注意	オラクル	-	Oracle Application Server におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	-	2010-01-14 15:01	2010-01-14	Show	GitHub Exploit DB Packet Storm

201109	9.3	危険	マイクロソフト	-	Microsoft Internet Explorer に脆弱性	CWE-94 コード・インジェクション	CVE-2009-3672	2010-01-14 12:08	2009-11-25	Show	GitHub Exploit DB Packet Storm

201110	9.3	危険	サン・マイクロシステムズ VMware	-	Sun Java SE の java.lang パッケージにおける脆弱性	CWE-362 競合状態	CVE-2009-2724	2010-01-14 12:08	2009-08-10	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:Oct. 10, 2024, 8:13 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
151	6.1	MEDIUM Network	dedecms	dedecms	DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the imgstick parameter at selectimages.php. Update	CWE-79 Cross-site Scripting	CVE-2023-49492	2024-10-10 00:35	2023-12-8	Show	GitHub Exploit DB Packet Storm

152	7.5	HIGH Network	dallmann-consulting	open_charge_point_protocol	An issue was discovered in Dalmann OCPP.Core through 1.2.0 for OCPP (Open Charge Point Protocol) for electric vehicles. The server processes mishandle StartTransaction messages containing additional,… Update	CWE-20 Improper Input Validation	CVE-2023-49958	2024-10-10 00:35	2023-12-7	Show	GitHub Exploit DB Packet Storm

153	8.8	HIGH Network	phpjabbers	appointment_scheduler	Appointment Scheduler 3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. Update	CWE-74 Injection	CVE-2023-48841	2024-10-10 00:35	2023-12-7	Show	GitHub Exploit DB Packet Storm

154	6.5	MEDIUM Network	docker	machine	Docker Machine through 0.16.2 allows an attacker, who has control of a worker node, to provide crafted version data, which might potentially trick an administrator into performing an unsafe action (v… Update	NVD-CWE-Other	CVE-2023-40453	2024-10-10 00:35	2023-11-7	Show	GitHub Exploit DB Packet Storm

155	8.8	HIGH Network	apache	streampipes	A REST interface in Apache StreamPipes (versions 0.69.0 to 0.91.0) was not properly restricted to admin-only access. This allowed a non-admin user with valid login credentials to elevate privileges … Update	CWE-269 Improper Privilege Management	CVE-2023-31469	2024-10-10 00:35	2023-06-23	Show	GitHub Exploit DB Packet Storm

156	7.5	HIGH Network	apache	tomcat	A regression in the fix for bug 66512 in Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 meant that, if a response did not include any HTTP headers no AJP SEND_HEADERS messare woudl be sent for th… Update	NVD-CWE-noinfo	CVE-2023-34981	2024-10-10 00:35	2023-06-21	Show	GitHub Exploit DB Packet Storm

157	9.8	CRITICAL Network	apache	accumulo	Improper Authentication vulnerability in Apache Software Foundation Apache Accumulo. This issue affects Apache Accumulo: 2.1.0. Accumulo 2.1.0 contains a defect in the user authentication process th… Update	CWE-287 Improper Authentication	CVE-2023-34340	2024-10-10 00:35	2023-06-21	Show	GitHub Exploit DB Packet Storm

158	5.5	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix validity interception issue when gisa is switched off We might run into a SIE validity if gisa has been disabled e… Update	CWE-908 Use of Uninitialized Resource	CVE-2024-45005	2024-10-10 00:30	2024-09-5	Show	GitHub Exploit DB Packet Storm

159	6.5	MEDIUM Network	lunary	lunary	An improper access control vulnerability exists in lunary-ai/lunary versions up to and including 1.2.2, where an admin can update any organization user to the organization owner. This vulnerability a… Update	NVD-CWE-noinfo	CVE-2024-3504	2024-10-10 00:27	2024-06-7	Show	GitHub Exploit DB Packet Storm

160	7.2	HIGH Network	storeapps	smart_manager	The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users s… Update	CWE-89 SQL Injection	CVE-2024-0566	2024-10-10 00:23	2024-02-13	Show	GitHub Exploit DB Packet Storm

Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed