Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 3, 2025, 1:14 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
251 8.1 重要
Network 		Mozilla Foundation Mozilla Firefox Focus Mozilla Foundation の iPhone OS 用 Mozilla Firefox Focus における Time-of-check Time-of-use (TOCTOU) 競合状態の脆弱性 CWE-367
Time-of-check Time-of-use (TOCTOU) 競合状態 		CVE-2024-1563 2025-01-29 13:46 2024-02-22 Show GitHub Exploit DB Packet Storm
252 5.4 警告
Network 		HasThemes HT Mega - Absolute Addons For Elementor HasThemes の WordPress 用 HT Mega - Absolute Addons For Elementor におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2024-2084 2025-01-29 13:46 2024-05-2 Show GitHub Exploit DB Packet Storm
253 5.4 警告
Network 		master-addons master addons master-addons の WordPress 用 master addons におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2024-2139 2025-01-29 13:46 2024-03-27 Show GitHub Exploit DB Packet Storm
254 6.1 警告
Network 		Liferay Liferay Portal
Digital Experience Platform 		Liferay の Liferay Portal および Digital Experience Platform におけるクロスサイトスクリプティングの脆弱性 CWE-79
CWE-79
CVE-2024-25147 2025-01-29 13:46 2024-02-21 Show GitHub Exploit DB Packet Storm
255 8.8 重要
Network 		PropertyHive PropertyHive WordPress 用 PropertyHive における信頼できないデータのデシリアライゼーションに関する脆弱性 CWE-502
信頼性のないデータのデシリアライゼーション 		CVE-2024-27985 2025-01-29 13:46 2024-04-11 Show GitHub Exploit DB Packet Storm
256 4.3 警告
Network 		Extend Themes colibri page builder Extend Themes の WordPress 用 colibri page builder における認証の欠如に関する脆弱性 CWE-862
認証の欠如 		CVE-2024-28004 2025-01-29 13:46 2024-03-28 Show GitHub Exploit DB Packet Storm
257 5.4 警告
Network 		Extend Themes colibri page builder Extend Themes の WordPress 用 colibri page builder におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2024-3338 2025-01-29 13:46 2024-05-2 Show GitHub Exploit DB Packet Storm
258 5.4 警告
Network 		wpthemespace magical addons for elementor wpthemespace の WordPress 用 magical addons for elementor におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2024-34547 2025-01-29 13:46 2024-05-8 Show GitHub Exploit DB Packet Storm
259 7.2 重要
Network 		mayurik advocate office management system mayurik の advocate office management system における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2024-3618 2025-01-29 13:46 2024-04-11 Show GitHub Exploit DB Packet Storm
260 6.7 警告
Local 		Telerik Telerik UI for WinForms Telerik の Telerik UI for WinForms における脆弱性 CWE-94
CWE-noinfo
CVE-2024-3892 2025-01-29 13:46 2024-05-15 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:Feb. 11, 2025, 4:06 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
1131 - - - Dell NetWorker, version(s) prior to 19.11.0.3, all versions of 19.10 & prior versions contain(s) an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could po… CWE-428
 Unquoted Search Path or Element 		CVE-2025-21107 2025-01-30 19:15 2025-01-30 Show GitHub Exploit DB Packet Storm
1132 - - - Privilege escalation vulnerability has been found in Wondershare Dr.Fone version 13.5.21. This vulnerability could allow an attacker to escalate privileges by replacing the binary ‘C:\ProgramData\Won… CWE-269
 Improper Privilege Management 		CVE-2025-0834 2025-01-30 18:15 2025-01-30 Show GitHub Exploit DB Packet Storm
1133 6.4 MEDIUM
Network 		- - The EthereumICO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ethereum-ico shortcode in all versions up to, and including, 2.4.6 due to insufficient input sanitiz… CWE-79
Cross-site Scripting 		CVE-2024-12921 2025-01-30 15:15 2025-01-30 Show GitHub Exploit DB Packet Storm
1134 - - - The Tracking Code Manager WordPress plugin before 2.4.0 does not sanitise and escape some of its metabox settings when outputing them in the page, which could allow users with a role as low as Contri… - CVE-2024-10309 2025-01-30 15:15 2025-01-30 Show GitHub Exploit DB Packet Storm
1135 - - - Dell Networking Switches running Enterprise SONiC OS, version(s) prior to 4.4.1 and 4.2.3, contain(s) an Insertion of Sensitive Information into Log File vulnerability. A high privileged attacker wit… CWE-532
 Inclusion of Sensitive Information in Log Files 		CVE-2025-23374 2025-01-30 14:15 2025-01-30 Show GitHub Exploit DB Packet Storm
1136 6.5 MEDIUM
Network 		- - A vulnerability was found in Tenda A18 up to 15.13.07.09. It has been rated as critical. This issue affects the function SetCmdlineRun of the file /goform/SetCmdlineRun of the component HTTP POST Req… CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error') 
Stack-based Buffer Overflow 		CVE-2025-0848 2025-01-30 11:15 2025-01-30 Show GitHub Exploit DB Packet Storm
1137 7.8 HIGH
Local 		apple macos
ipados
iphone_os
visionos
watchos
tvos 		A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, watchOS 11.3, tvOS 18.3. A malicious applicati… CWE-416
 Use After Free 		CVE-2025-24085 2025-01-30 11:00 2025-01-28 Show GitHub Exploit DB Packet Storm
1138 9.9 CRITICAL
Network 		- - Authentication bypass by spoofing in Azure AI Face Service allows an authorized attacker to elevate privileges over a network. CWE-290
 Authentication Bypass by Spoofing 		CVE-2025-21415 2025-01-30 08:15 2025-01-30 Show GitHub Exploit DB Packet Storm
1139 7.5 HIGH
Network 		- - Missing authorization in Microsoft Account allows an unauthorized attacker to elevate privileges over a network. CWE-862
 Missing Authorization 		CVE-2025-21396 2025-01-30 08:15 2025-01-30 Show GitHub Exploit DB Packet Storm
1140 5.4 MEDIUM
Network 		- - User Interface (UI) Misrepresentation of Critical Information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network - CVE-2025-21262 2025-01-30 08:15 2025-01-25 Show GitHub Exploit DB Packet Storm