Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Oct. 10, 2024, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
201121	9.3	危険	マイクロソフト	-	Microsoft Office Excel および Open XML File Format Converter における BIFF レコードの処理に関する任意のコードを実行される脆弱性	CWE-119 バッファエラー	CVE-2009-3130	2010-01-5 16:18	2009-11-10	Show	GitHub Exploit DB Packet Storm

201122	9.3	危険	マイクロソフト	-	複数の Microsoft 製品におけるエクセルファイルのフォーマットの処理に関する任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2009-3134	2010-01-5 16:18	2009-11-10	Show	GitHub Exploit DB Packet Storm

201123	9.3	危険	マイクロソフト	-	複数の Microsoft 製品における計算式を含むスプレッドシートの処理に関する任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2009-3132	2010-01-5 16:18	2009-11-10	Show	GitHub Exploit DB Packet Storm

201124	9.3	危険	マイクロソフト	-	複数の Microsoft 製品におけるセルに含まれる計算式の処理に関する任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2009-3131	2010-01-5 16:17	2009-11-10	Show	GitHub Exploit DB Packet Storm

201125	9.3	危険	マイクロソフト	-	Microsoft Office Excel における任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2009-3128	2010-01-5 16:17	2009-11-10	Show	GitHub Exploit DB Packet Storm

201126	9.3	危険	マイクロソフト	-	Microsoft Office および Open XML File Format Converter における任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2009-3127	2010-01-5 16:16	2009-11-10	Show	GitHub Exploit DB Packet Storm

201127	6.8	警告	アップルサイバートラスト株式会社サン・マイクロシステムズターボリナックスヒューレット・パッカード OpenSSL Project レッドハット	-	OpenSSL の SSL_get_shared_ciphers() 関数における一つずれエラーの脆弱性	CWE-189 数値処理の問題	CVE-2007-5135	2010-01-5 13:31	2007-10-12	Show	GitHub Exploit DB Packet Storm

201128	7.8	危険	マイクロソフト	-	Microsoft Windows で稼働している Active Directory の LDAP サービスにおけるサービス運用妨害 (DoS) の脆弱性	CWE-399 リソース管理の問題	CVE-2009-1928	2010-01-4 15:24	2009-11-10	Show	GitHub Exploit DB Packet Storm

201129	9.3	危険	マイクロソフト	-	Microsoft Windows の kernel における任意のコードを実行される脆弱性	CWE-94 コード・インジェクション	CVE-2009-2514	2010-01-4 15:24	2009-11-10	Show	GitHub Exploit DB Packet Storm

201130	6.8	警告	マイクロソフト	-	Microsoft Windows の kernel の Graphics Device Interface (GDI) における権限を取得される脆弱性	CWE-20 不適切な入力確認	CVE-2009-2513	2010-01-4 15:24	2009-11-10	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:Oct. 10, 2024, 8:13 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
191	-		-	-	InDesign Desktop versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution. An attacker could ex… New	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2024-45137	2024-10-10 00:15	2024-10-10	Show	GitHub Exploit DB Packet Storm

192	7.8	HIGH Local	-	-	InCopy versions 19.4, 18.5.3 and earlier are affected by an Unrestricted Upload of File with Dangerous Type vulnerability that could result in arbitrary code execution by an attacker. An attacker cou… New	CWE-434 Unrestricted Upload of File with Dangerous Type	CVE-2024-45136	2024-10-10 00:15	2024-10-10	Show	GitHub Exploit DB Packet Storm

193	7.8	HIGH Local	authenticator	authenticator	Authenticator is a browser extension that generates two-step verification codes. In versions 7.0.0 and below, encryption keys for user data were stored encrypted at-rest using only AES-256 and the EV… Update	CWE-326 CWE-327 Inadequate Encryption Strength Use of a Broken or Risky Cryptographic Algorithm	CVE-2024-45394	2024-10-10 00:15	2024-09-4	Show	GitHub Exploit DB Packet Storm

194	9.8	CRITICAL Network	fedorindutny	ip	The ip package before 1.1.9 for Node.js might allow SSRF because some IP addresses (such as 0x7f.1) are improperly categorized as globally routable via isPublic. Update	CWE-918 Server-Side Request Forgery (SSRF)	CVE-2023-42282	2024-10-10 00:14	2024-02-9	Show	GitHub Exploit DB Packet Storm

195	4.8	MEDIUM Network	tri	gigpress	The GigPress WordPress plugin through 2.3.29 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks eve… Update	CWE-79 Cross-site Scripting	CVE-2023-7233	2024-10-10 00:13	2024-02-13	Show	GitHub Exploit DB Packet Storm

196	6.1	MEDIUM Network	sulu	suluformbundle	The SuluFormBundle adds support for creating dynamic forms in Sulu Admin. The TokenController get parameter formName is not sanitized in the returned input field which leads to XSS. This vulnerabilit… Update	CWE-79 Cross-site Scripting	CVE-2024-37156	2024-10-10 00:08	2024-06-7	Show	GitHub Exploit DB Packet Storm

197	4.7	MEDIUM Local	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: vfs: Don't evict inode under the inode lru traversing context The inode reclaiming process(See function prune_icache_sb) collects… Update	CWE-667 Improper Locking	CVE-2024-45003	2024-10-10 00:07	2024-09-5	Show	GitHub Exploit DB Packet Storm

198	5.9	MEDIUM Network	opensc_project redhat	opensc enterprise_linux enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions enterprise_linux_for_arm_64 enterprise_linux_for_ibm_z_systems enterprise_linu…	A vulnerability was found in OpenSC where PKCS#1 encryption padding removal is not implemented as side-channel resistant. This issue may result in the potential leak of private data. Update	CWE-203 Information Exposure Through Discrepancy	CVE-2023-5992	2024-10-10 00:07	2024-01-31	Show	GitHub Exploit DB Packet Storm

199	9.8	CRITICAL Network	lightningai	pytorch_lightning	A remote code execution (RCE) vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attribut… Update	CWE-913 Improper Control of Dynamically-Managed Code Resources	CVE-2024-5452	2024-10-9 23:57	2024-06-7	Show	GitHub Exploit DB Packet Storm

200	5.4	MEDIUM Network	chartjs_project	chartjs	The chartjs WordPress plugin through 2023.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even… Update	CWE-79 Cross-site Scripting	CVE-2023-6082	2024-10-9 23:57	2024-02-13	Show	GitHub Exploit DB Packet Storm