Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Dec. 30, 2024, 6 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
202911	5	警告	PrestaShop	-	Prestashop の admin/displayImage.php における CRLF インジェクションの脆弱性	CWE-94 コード・インジェクション	CVE-2011-4545	2011-12-5 16:01	2011-12-2	Show	GitHub Exploit DB Packet Storm

202912	4.3	警告	PrestaShop	-	Prestashop におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-4544	2011-12-5 16:00	2011-12-1	Show	GitHub Exploit DB Packet Storm

202913	4.3	警告	atmail pty ltd	-	AtMail Open におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-4540	2011-12-5 15:58	2011-12-1	Show	GitHub Exploit DB Packet Storm

202914	2.6	注意	CloudBees	-	CloudBees Jenkins の Jenkins Core におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-4344	2011-12-2 15:50	2011-11-8	Show	GitHub Exploit DB Packet Storm

202915	4.3	警告	シュナイダーエレクトリック株式会社 (旧社名株式会社エーピーシー・ジャパン)	-	PowerChute Business Edition におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-4263	2011-12-2 12:01	2011-12-2	Show	GitHub Exploit DB Packet Storm

202916	4.3	警告	Geeklog	-	Geeklog におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2011-4647	2011-12-1 16:48	2011-06-23	Show	GitHub Exploit DB Packet Storm

202917	6	警告	Lester Chan	-	WordPress 用 WP-PostRatings プラグインにおける SQL インジェクションの脆弱性	CWE-94 コード・インジェクション	CVE-2011-4646	2011-12-1 16:47	2011-11-30	Show	GitHub Exploit DB Packet Storm

202918	7.5	危険	Hastymail	-	Hastymail2 における任意のコマンドを実行される脆弱性	CWE-89 SQLインジェクション	CVE-2011-4542	2011-12-1 16:46	2011-11-30	Show	GitHub Exploit DB Packet Storm

202919	7.5	危険	Novell	-	Novell NetWare の xdrDecodeString 関数におけるスタックベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2011-4191	2011-12-1 16:44	2011-10-5	Show	GitHub Exploit DB Packet Storm

202920	7.5	危険	Namazu Project	-	Namazu におけるスタックベースのバッファオーバーフローの脆弱性	CWE-119 バッファエラー	CVE-2009-5028	2011-12-1 16:42	2011-11-30	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:Dec. 31, 2024, 4:05 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
2001	-		-	-	The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks …	-	CVE-2024-9881	2024-12-12 15:15	2024-12-12	Show	GitHub Exploit DB Packet Storm

2002	-		-	-	The LuckyWP Table of Contents WordPress plugin before 2.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Script…	-	CVE-2024-9641	2024-12-12 15:15	2024-12-12	Show	GitHub Exploit DB Packet Storm

2003	-		-	-	The Popup Builder WordPress plugin before 4.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks…	-	CVE-2024-9428	2024-12-12 15:15	2024-12-12	Show	GitHub Exploit DB Packet Storm

2004	5.3	MEDIUM Network	-	-	The Web3 Crypto Payments by DePay for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/depay/wc/debug REST API endpoint …	CWE-862 Missing Authorization	CVE-2024-12265	2024-12-12 15:15	2024-12-12	Show	GitHub Exploit DB Packet Storm

2005	4.3	MEDIUM Network	-	-	The Child Theme Creator by Orbisius plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cloud_delete() and cloud_update() functions in all…	CWE-862 Missing Authorization	CVE-2024-12263	2024-12-12 15:15	2024-12-12	Show	GitHub Exploit DB Packet Storm

2006	7.5	HIGH Network	-	-	The WP Courses LMS – Online Courses Builder, eLearning Courses, Courses Solution, Education Courses plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the …	CWE-862 Missing Authorization	CVE-2024-12172	2024-12-12 15:15	2024-12-12	Show	GitHub Exploit DB Packet Storm

2007	6.1	MEDIUM Network	-	-	The Analytics Cat – Google Analytics Made Easy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all vers…	CWE-79 Cross-site Scripting	CVE-2024-12072	2024-12-12 15:15	2024-12-12	Show	GitHub Exploit DB Packet Storm

2008	4.3	MEDIUM Network	-	-	The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.1 via the eli_option_value shortcode. This makes…	CWE-639 Authorization Bypass Through User-Controlled Key	CVE-2024-12059	2024-12-12 15:15	2024-12-12	Show	GitHub Exploit DB Packet Storm

2009	8.8	HIGH Network	-	-	The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9.10 via the 'theme' attribute of the `w…	CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')	CVE-2024-12040	2024-12-12 15:15	2024-12-12	Show	GitHub Exploit DB Packet Storm

2010	4.3	MEDIUM Network	-	-	The Snippet Shortcodes plugin for WordPress is vulnerable to unauthorized Shortcode Deletion due to missing authorization in all versions up to, and including, 4.1.6. Note that a nonce is used as aut…	CWE-862 Missing Authorization	CVE-2024-12018	2024-12-12 15:15	2024-12-12	Show	GitHub Exploit DB Packet Storm