Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Jan. 26, 2025, 2 p.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show
Exploit
PoC
Search
207001 3.5 注意 アップル
GNU Project
ターボリナックス
サイバートラスト株式会社
レッドハット
- GNU Mailman におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2010-3089 2011-06-3 08:56 2011-03-1 Show GitHub Exploit DB Packet Storm
207002 4.3 警告 アップル
GNU Project
ターボリナックス
サイバートラスト株式会社
レッドハット
- Mailman における複数のクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2008-0564 2011-06-3 08:55 2008-02-5 Show GitHub Exploit DB Packet Storm
207003 10 危険 7-Technologies - 7-Technologies Interactive Graphical SCADA System の IGSSdataServer.exe におけるスタックベースのオーバーフロー脆弱性 CWE-119
バッファエラー
CVE-2011-1567 2011-06-2 09:51 2011-04-5 Show GitHub Exploit DB Packet Storm
207004 10 危険 7-Technologies - 7-Technologies Interactive Graphical SCADA System の dc.exe におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル
CVE-2011-1566 2011-06-2 09:50 2011-04-5 Show GitHub Exploit DB Packet Storm
207005 10 危険 7-Technologies - 7-Technologies Interactive Graphical SCADA System の IGSSdataServer.exe におけるディレクトリトラバーサルの脆弱性 CWE-22
パス・トラバーサル
CVE-2011-1565 2011-06-2 09:48 2011-04-5 Show GitHub Exploit DB Packet Storm
207006 10 危険 RealFlex Technologies - DATAC RealFlex RealWin の HMI アプリケーションにおける整数オーバーフローの脆弱性 CWE-189
数値処理の問題
CVE-2011-1564 2011-06-2 09:47 2011-04-5 Show GitHub Exploit DB Packet Storm
207007 10 危険 RealFlex Technologies - DATAC RealFlex RealWin の HMI アプリケーションにおけるスタックベースのバッファオーバーフローの脆弱性 CWE-119
バッファエラー
CVE-2011-1563 2011-06-2 09:46 2011-04-5 Show GitHub Exploit DB Packet Storm
207008 4.7 警告 レッドハット
Richard W.M. Jones
- virt-v2v および virt-inspector などの製品に使用される libguestfs におけるホスト OS 上のファイルを読まれる脆弱性 CWE-200
情報漏えい
CVE-2010-3851 2011-06-1 10:25 2010-11-4 Show GitHub Exploit DB Packet Storm
207009 4.4 警告 Todd C. Miller
レッドハット
- sudo の check.c における認証要求を回避される脆弱性 CWE-264
認可・権限・アクセス制御
CVE-2011-0010 2011-05-31 11:41 2011-01-18 Show GitHub Exploit DB Packet Storm
207010 - - SmarterTools Inc. - SmarterTools 製ウェブサーバに複数の脆弱性 - - 2011-05-31 11:40 2011-05-19 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:Jan. 26, 2025, 4:08 a.m.

No CVSS Level
Attach Vector
Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
3191 7.5 HIGH
Network
- - The Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress is vulnerable to SQL Injection via the 'woomotiv_seen_products_.*' cookie in all versions up to, and including, 3.6.1 due t… CWE-89
SQL Injection
CVE-2024-12416 2025-01-7 13:15 2025-01-7 Show GitHub Exploit DB Packet Storm
3192 9.8 CRITICAL
Network
- - The Themes Coder – Create Android & iOS Apps For Your Woocommerce Site plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.4. Thi… CWE-288
Authentication Bypass Using an Alternate Path or Channel
CVE-2024-12402 2025-01-7 13:15 2025-01-7 Show GitHub Exploit DB Packet Storm
3193 6.1 MEDIUM
Network
- - The ARS Affiliate Page Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'utm_keyword' parameter in all versions up to, and including, 2.0.2 due to insufficient inpu… CWE-79
Cross-site Scripting
CVE-2024-12098 2025-01-7 13:15 2025-01-7 Show GitHub Exploit DB Packet Storm
3194 5.3 MEDIUM
Network
- - The WP Menu Image plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wmi_delete_img_menu' function in all versions up to, and including,… CWE-862
 Missing Authorization
CVE-2024-12022 2025-01-7 13:15 2025-01-7 Show GitHub Exploit DB Packet Storm
3195 6.4 MEDIUM
Network
- - The Formaloo Form Maker & Customer Analytics for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘address’ parameter in all versions up to, and inclu… CWE-79
Cross-site Scripting
CVE-2024-11934 2025-01-7 13:15 2025-01-7 Show GitHub Exploit DB Packet Storm
3196 6.4 MEDIUM
Network
- - The Slider Pro Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sliderpro' shortcode in all versions up to, and including, 1.4.1 due to insufficient input sani… CWE-79
Cross-site Scripting
CVE-2024-11899 2025-01-7 13:15 2025-01-7 Show GitHub Exploit DB Packet Storm
3197 6.4 MEDIUM
Network
- - The Sell Media plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sell_media_search_form_gutenberg' shortcode in all versions up to, and including, 2.5.8.5 due to ins… CWE-79
Cross-site Scripting
CVE-2024-11777 2025-01-7 13:15 2025-01-7 Show GitHub Exploit DB Packet Storm
3198 4.9 MEDIUM
Network
- - The Timeline Designer plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in all versions up to, and including, 1.4 due to insufficient escaping on the user supplied parameter a… CWE-89
SQL Injection
CVE-2024-11437 2025-01-7 13:15 2025-01-7 Show GitHub Exploit DB Packet Storm
3199 - - - Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading… CWE-280
Improper Handling of Insufficient Permissions or Privileges 
CVE-2025-22395 2025-01-7 12:15 2025-01-7 Show GitHub Exploit DB Packet Storm
3200 - - - Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. When you send a request with the Authorization header to one domain, and the response asks to redirect to a different d… CWE-200
Information Exposure
CVE-2025-21620 2025-01-7 08:15 2025-01-7 Show GitHub Exploit DB Packet Storm