Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Jan. 29, 2025, 2:01 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
411	9.8	緊急 Network	PHOENIX CONTACT	charx sec-3000 ファームウェア charx sec-3150 ファームウェア charx sec-3050 ファームウェア charx sec-3100 ファームウェア	複数の PHOENIX CONTACT 製品における境界外書き込みに関する脆弱性	CWE-20 CWE-787	CVE-2024-26001	2025-01-24 14:47	2024-03-12	Show	GitHub Exploit DB Packet Storm

412	5.3	警告 Network	Open Knowledge Foundation	CKAN	Open Knowledge Foundation の CKAN におけるログファイルからの情報漏えいに関する脆弱性	CWE-532 CWE-532	CVE-2024-27097	2025-01-24 14:47	2024-03-13	Show	GitHub Exploit DB Packet Storm

413	7.8	重要 Local	PHOENIX CONTACT	charx sec-3000 ファームウェア charx sec-3150 ファームウェア charx sec-3050 ファームウェア charx sec-3100 ファームウェア	複数の PHOENIX CONTACT 製品における信頼できない検索パスに関する脆弱性	CWE-426 信頼性のない検索パス	CVE-2024-28133	2025-01-24 14:47	2024-05-14	Show	GitHub Exploit DB Packet Storm

414	6.1	警告 Network	Basixonline	NEX-Forms	Basixonline の WordPress 用 NEX-Forms におけるクロスサイトスクリプティングの脆弱性	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2024-47389	2025-01-24 14:47	2024-10-5	Show	GitHub Exploit DB Packet Storm

415	5.3	警告 Network	Nextcloud	Nextcloud Server	Nextcloud の Nextcloud Server における脆弱性	CWE-328 CWE-Other	CVE-2024-52521	2025-01-24 14:47	2024-11-15	Show	GitHub Exploit DB Packet Storm

416	7.8	重要 Local	インテル	graphics performance analyzers	インテルの graphics performance analyzers における不適切なデフォルトパーミッションに関する脆弱性	CWE-276 CWE-276	CVE-2023-24460	2025-01-24 14:47	2023-03-2	Show	GitHub Exploit DB Packet Storm

417	5.5	警告 Local	IObit	Protected Folder	IObit の Protected Folder における NULL ポインタデリファレンスに関する脆弱性	CWE-404 CWE-476 CWE-476	CVE-2025-0222	2025-01-24 14:47	2025-01-5	Show	GitHub Exploit DB Packet Storm

418	8.8	重要 Network	truepush	truepush	Truepush の WordPress 用 Truepush - Most Affordable Web Push Notifications における認証の欠如に関する脆弱性	CWE-862 認証の欠如	CVE-2024-44021	2025-01-24 14:42	2024-11-1	Show	GitHub Exploit DB Packet Storm

419	6.5	警告 Network	PHPGurukul	Hostel Management System	surya2developer の Hostel Management System におけるアクセス制御に関する脆弱性	CWE-284 不適切なアクセス制御	CVE-2024-2481	2025-01-24 14:28	2024-03-15	Show	GitHub Exploit DB Packet Storm

420	5.5	警告 Local	IObit	Protected Folder	IObit の Protected Folder における NULL ポインタデリファレンスに関する脆弱性	CWE-404 CWE-476 CWE-476	CVE-2025-0223	2025-01-24 14:27	2025-01-5	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:Jan. 29, 2025, 4:09 a.m.

No	CVSS	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
741	-	-	-	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mohsin khan WP Front-end login and register allows Reflected XSS. This issue affects WP Front-end…	CWE-79 Cross-site Scripting	CVE-2025-23540	2025-01-24 01:15	2025-01-24	Show	GitHub Exploit DB Packet Storm

742	-	-	-	Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Media Library Mime Type allows Stored XSS. This issue affects Rocket Media Library Mime Type: from n/a through 2.1.0.	CWE-352 Origin Validation Error	CVE-2025-22768	2025-01-24 01:15	2025-01-24	Show	GitHub Exploit DB Packet Storm

743	-	-	-	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tarak Patel WP Query Creator allows Reflected XSS. This issue affects WP Query Creator: from n/a …	CWE-79 Cross-site Scripting	CVE-2025-22264	2025-01-24 01:15	2025-01-24	Show	GitHub Exploit DB Packet Storm

744	-	-	-	It has been found that the Beta10 software does not provide for proper authorisation control in multiple areas of the application. This deficiency could allow a malicious actor, without authenticatio…	CWE-287 Improper Authentication	CVE-2025-0637	2025-01-24 01:15	2025-01-24	Show	GitHub Exploit DB Packet Storm

745	-	-	-	SQL Injection vulnerability in the default configuration of the Logitime WebClock application <= 5.43.0 allows an unauthenticated user to run arbitrary code on the backend database server.	-	CVE-2024-55971	2025-01-24 01:15	2025-01-24	Show	GitHub Exploit DB Packet Storm

746	-	-	-	ECOVACS robot lawnmowers and vacuums are vulnerable to command injection via SetNetPin() over an unauthenticated BLE connection.	-	CVE-2024-52325	2025-01-24 01:15	2025-01-24	Show	GitHub Exploit DB Packet Storm

747	-	-	-	The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles whil…	-	CVE-2024-10846	2025-01-24 01:15	2025-01-24	Show	GitHub Exploit DB Packet Storm

748	-	-	-	A missing permission check in Jenkins Azure Service Fabric Plugin 1.6 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of Azure credentials stored in Jenkins.	-	CVE-2025-24403	2025-01-24 01:15	2025-01-23	Show	GitHub Exploit DB Packet Storm

749	-	-	-	A cross-site request forgery (CSRF) vulnerability in Jenkins Azure Service Fabric Plugin 1.6 and earlier allows attackers to connect to a Service Fabric URL using attacker-specified credentials IDs o…	-	CVE-2025-24402	2025-01-24 01:15	2025-01-23	Show	GitHub Exploit DB Packet Storm

750	-	-	-	Jenkins Folder-based Authorization Strategy Plugin 217.vd5b_18537403e and earlier does not verify that permissions configured to be granted are enabled, potentially allowing users formerly granted (t…	-	CVE-2025-24401	2025-01-24 01:15	2025-01-23	Show	GitHub Exploit DB Packet Storm