Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Dec. 30, 2024, 6 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
202911 5 警告 PrestaShop - Prestashop の admin/displayImage.php における CRLF インジェクションの脆弱性 CWE-94
コード・インジェクション 		CVE-2011-4545 2011-12-5 16:01 2011-12-2 Show GitHub Exploit DB Packet Storm
202912 4.3 警告 PrestaShop - Prestashop におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2011-4544 2011-12-5 16:00 2011-12-1 Show GitHub Exploit DB Packet Storm
202913 4.3 警告 atmail pty ltd - AtMail Open におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2011-4540 2011-12-5 15:58 2011-12-1 Show GitHub Exploit DB Packet Storm
202914 2.6 注意 CloudBees - CloudBees Jenkins の Jenkins Core におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2011-4344 2011-12-2 15:50 2011-11-8 Show GitHub Exploit DB Packet Storm
202915 4.3 警告 シュナイダーエレクトリック株式会社 (旧社名株式会社エーピーシー・ジャパン) - PowerChute Business Edition におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2011-4263 2011-12-2 12:01 2011-12-2 Show GitHub Exploit DB Packet Storm
202916 4.3 警告 Geeklog - Geeklog におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2011-4647 2011-12-1 16:48 2011-06-23 Show GitHub Exploit DB Packet Storm
202917 6 警告 Lester Chan - WordPress 用 WP-PostRatings プラグインにおける SQL インジェクションの脆弱性 CWE-94
コード・インジェクション 		CVE-2011-4646 2011-12-1 16:47 2011-11-30 Show GitHub Exploit DB Packet Storm
202918 7.5 危険 Hastymail - Hastymail2 における任意のコマンドを実行される脆弱性 CWE-89
SQLインジェクション 		CVE-2011-4542 2011-12-1 16:46 2011-11-30 Show GitHub Exploit DB Packet Storm
202919 7.5 危険 Novell - Novell NetWare の xdrDecodeString 関数におけるスタックベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2011-4191 2011-12-1 16:44 2011-10-5 Show GitHub Exploit DB Packet Storm
202920 7.5 危険 Namazu Project - Namazu におけるスタックベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー 		CVE-2009-5028 2011-12-1 16:42 2011-11-30 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:Dec. 31, 2024, 4:05 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1941 - - - The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks … - CVE-2024-10010 2024-12-13 01:15 2024-12-12 Show GitHub Exploit DB Packet Storm
1942 - - - A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to execute arbitrary code with kernel privil… - CVE-2024-54529 2024-12-13 01:15 2024-12-12 Show GitHub Exploit DB Packet Storm
1943 - - - Improper Authorization vulnerability in Apache Superset. On Postgres analytic databases an attacker with SQLLab access can craft a specially designed SQL DML statement that is Incorrectly identified … CWE-285
Improper Authorization 		CVE-2024-55633 2024-12-13 00:15 2024-12-13 Show GitHub Exploit DB Packet Storm
1944 - - - A SQL injection vulnerability was found in phpgurukul Online Nurse Hiring System v1.0 in /admin/password-recovery.php via the mobileno parameter. - CVE-2024-54842 2024-12-13 00:15 2024-12-13 Show GitHub Exploit DB Packet Storm
1945 - - - ComfyUI-Impact-Pack is vulnerable to Path Traversal. The issue stems from missing validation of the `image.filename` field in a POST request sent to the `/upload/temp` endpoint added by the extension… - CVE-2024-21575 2024-12-13 00:15 2024-12-13 Show GitHub Exploit DB Packet Storm
1946 - - - Exposure of Sensitive Information to an Unauthorized Actor vulnerability was discovered in Open Design Alliance CDE inWEB SDK before 2025.3. Installing CDE Server with default settings allows unautho… - CVE-2024-12564 2024-12-13 00:15 2024-12-12 Show GitHub Exploit DB Packet Storm
1947 - - - The Accept Stripe Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via the cf7sa-info.php file that returns phpinfo()… CWE-200
CWE-732
Information Exposure
 Incorrect Permission Assignment for Critical Resource 		CVE-2024-12255 2024-12-13 00:15 2024-12-12 Show GitHub Exploit DB Packet Storm
1948 - - - From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine. - CVE-2024-42448 2024-12-13 00:15 2024-12-12 Show GitHub Exploit DB Packet Storm
1949 - - - An out-of-bounds read in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unauthenticated attacker to cause a denial of service. - CVE-2024-37401 2024-12-13 00:15 2024-12-12 Show GitHub Exploit DB Packet Storm
1950 - - - A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service. - CVE-2024-37377 2024-12-13 00:15 2024-12-12 Show GitHub Exploit DB Packet Storm