Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Jan. 13, 2025, 4 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
341 4.3 警告
Network 		envothemes envo's elementor templates & widgets for woocommerce envothemes の WordPress 用 envo's elementor templates & widgets for woocommerce におけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2024-0767 2025-01-9 10:10 2024-02-28 Show GitHub Exploit DB Packet Storm
342 4.7 警告
Network 		Esri Portal for ArcGIS Esri の Portal for ArcGIS におけるクロスサイトスクリプティングの脆弱性 CWE-79
CWE-80
CVE-2024-25690 2025-01-9 10:10 2024-04-4 Show GitHub Exploit DB Packet Storm
343 2.3
Local 		デル EMC PowerScale OneFS デルの EMC PowerScale OneFS における脆弱性 CWE-778
CWE-Other
CVE-2024-24901 2025-01-9 10:10 2024-03-4 Show GitHub Exploit DB Packet Storm
344 8.8 重要
Network 		leevio happy addons for elementor leevio の WordPress 用 happy addons for elementor における認証の欠如に関する脆弱性 CWE-862
認証の欠如 		CVE-2024-24833 2025-01-9 10:10 2024-05-8 Show GitHub Exploit DB Packet Storm
345 8.8 重要
Network 		ThimPress LearnPress ThimPress の WordPress 用 LearnPress におけるクロスサイトリクエストフォージェリの脆弱性 CWE-352
同一生成元ポリシー違反 		CVE-2024-2115 2025-01-9 10:10 2024-04-5 Show GitHub Exploit DB Packet Storm
346 6.4 警告
Network 		WPDeveloper Essential Addons for Elementor WPDeveloper の WordPress 用 Essential Addons for Elementor におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2024-2650 2025-01-9 10:10 2024-04-9 Show GitHub Exploit DB Packet Storm
347 5.4 警告
Network 		IBM IBM Security Guardium IBM の IBM Security Guardium におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2023-47710 2025-01-9 10:05 2023-11-9 Show GitHub Exploit DB Packet Storm
348 5.4 警告
Network 		IBM IBM Aspera Console IBM の IBM Aspera Console におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2022-43575 2025-01-9 10:01 2022-10-20 Show GitHub Exploit DB Packet Storm
349 5.4 警告
Network 		IBM IBM Aspera Console IBM の IBM Aspera Console におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2022-43384 2025-01-9 09:55 2022-10-17 Show GitHub Exploit DB Packet Storm
350 9.8 緊急
Network 		Multilaser RE160 ファームウェア
RE163V ファームウェア
RE160V ファームウェア 		複数の Multilaser 製品における脆弱性 CWE-284
CWE-noinfo
CVE-2023-38945 2025-01-9 09:48 2023-07-25 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:Jan. 13, 2025, 4:09 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
91 4.3 MEDIUM
Network 		- - The RRAddons for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.0 via the Popup block due to insufficient restrictions on which posts c… New CWE-639
 Authorization Bypass Through User-Controlled Key 		CVE-2024-11915 2025-01-11 17:15 2025-01-11 Show GitHub Exploit DB Packet Storm
92 6.4 MEDIUM
Network 		- - The Accordion Slider Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'accordion_slider' shortcode in all versions up to, and including, 1.5.1 due to insufficie… New CWE-79
Cross-site Scripting 		CVE-2024-11892 2025-01-11 17:15 2025-01-11 Show GitHub Exploit DB Packet Storm
93 6.4 MEDIUM
Network 		- - The Grid Accordion Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'grid_accordion' shortcode in all versions up to, and including, 1.5.1 due to insufficient i… New CWE-79
Cross-site Scripting 		CVE-2024-11874 2025-01-11 17:15 2025-01-11 Show GitHub Exploit DB Packet Storm
94 6.4 MEDIUM
Network 		- - The WP SPID Italia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and ou… New CWE-79
Cross-site Scripting 		CVE-2024-11758 2025-01-11 17:15 2025-01-11 Show GitHub Exploit DB Packet Storm
95 6.4 MEDIUM
Network 		- - The GatorMail SmartForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gatormailsmartform' shortcode in all versions up to, and including, 1.1.0 due to insuffici… New CWE-79
Cross-site Scripting 		CVE-2024-11386 2025-01-11 17:15 2025-01-11 Show GitHub Exploit DB Packet Storm
96 9.8 CRITICAL
Network 		- - The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.2 via deserialization of untrusted input fr… New CWE-502
 Deserialization of Untrusted Data 		CVE-2024-12877 2025-01-11 17:15 2025-01-11 Show GitHub Exploit DB Packet Storm
97 - - - HCL MyXalytics is affected by username enumeration vulnerability. This allows a malicious user to perform enumeration of application users, and therefore compile a list of valid usernames. New - CVE-2024-42174 2025-01-11 16:15 2025-01-11 Show GitHub Exploit DB Packet Storm
98 - - - HCL MyXalytics is affected by an improper password policy implementation vulnerability. Weak passwords and lack of account lockout policies allow attackers to guess or brute-force passwords if the u… New - CVE-2024-42173 2025-01-11 16:15 2025-01-11 Show GitHub Exploit DB Packet Storm
99 - - - HCL MyXalytics is affected by broken authentication. It allows attackers to compromise keys, passwords, and session tokens, potentially leading to identity theft and system control. This vulnerabil… New - CVE-2024-42172 2025-01-11 16:15 2025-01-11 Show GitHub Exploit DB Packet Storm
100 - - - HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this by sending crafted URLs with a session token to access the victim's login session. New - CVE-2024-42171 2025-01-11 16:15 2025-01-11 Show GitHub Exploit DB Packet Storm