Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Jan. 22, 2025, 4:03 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
431 8.8 重要
Network 		Google Google Chrome Google の Google Chrome における境界外読み取りに関する脆弱性 CWE-125
境界外読み取り 		CVE-2025-0437 2025-01-17 19:41 2025-01-14 Show GitHub Exploit DB Packet Storm
432 9.8 緊急
Network 		Apache Software Foundation hertzbeat Apache Software Foundation の hertzbeat における信頼できないデータのデシリアライゼーションに関する脆弱性 CWE-502
CWE-502
CVE-2023-51389 2025-01-17 19:41 2023-12-18 Show GitHub Exploit DB Packet Storm
433 8.5 重要
Network 		BoldGrid W3 Total Cache BoldGrid の WordPress 用 W3 Total Cache における認証の欠如に関する脆弱性 CWE-862
認証の欠如 		CVE-2024-12365 2025-01-17 19:41 2024-12-9 Show GitHub Exploit DB Packet Storm
434 9.8 緊急
Network 		Ivanti Avalanche Ivanti の Avalanche におけるパストラバーサルの脆弱性 CWE-22
CWE-22
CWE-288
CVE-2024-13181 2025-01-17 19:41 2025-01-14 Show GitHub Exploit DB Packet Storm
435 6.4 警告
Network 		s-sols seraphinite accelerator s-sols の WordPress 用 seraphinite accelerator におけるサーバサイドのリクエストフォージェリの脆弱性 CWE-918
サーバサイドリクエストフォージェリ 		CVE-2024-1568 2025-01-17 19:41 2024-02-28 Show GitHub Exploit DB Packet Storm
436 7.2 重要
Network 		zestard admin side data storage for contact form 7 zestard の WordPress 用 admin side data storage for contact form 7 における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2024-1776 2025-01-17 19:41 2024-02-23 Show GitHub Exploit DB Packet Storm
437 8.8 重要
Network 		Progress Software Corporation telerik reporting Progress Software Corporation の telerik reporting における信頼できないデータのデシリアライゼーションに関する脆弱性 CWE-502
CWE-502
CVE-2024-1856 2025-01-17 19:40 2024-03-20 Show GitHub Exploit DB Packet Storm
438 9.1 緊急
Network 		WPvivid Migration
 Backup
 Staging 		WPvivid の WordPress 用 Migration, Backup, Staging における SQL インジェクションの脆弱性 CWE-89
SQLインジェクション 		CVE-2024-1981 2025-01-17 19:40 2024-02-29 Show GitHub Exploit DB Packet Storm
439 4.8 警告
Network 		shopfiles ebook store shopfiles の WordPress 用 ebook store におけるクロスサイトスクリプティングの脆弱性 CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2024-23501 2025-01-17 19:40 2024-02-29 Show GitHub Exploit DB Packet Storm
440 6.5 警告
Network 		axiosys bento4 axiosys の bento4 における有効期限後のメモリの解放の欠如に関する脆弱性 CWE-401
CWE-401
CVE-2024-24155 2025-01-17 19:40 2024-02-29 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:Jan. 22, 2025, 4:11 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
531 - - - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Volkov Chatter allows Stored XSS. This issue affects Chatter: from n/a through 1.0.1. CWE-79
Cross-site Scripting 		CVE-2025-23760 2025-01-17 06:15 2025-01-17 Show GitHub Exploit DB Packet Storm
532 - - - Tenda AC18 V15.03.05.19 was discovered to contain a command injection vulnerability via the usbName parameter in the formSetSambaConf function. - CVE-2024-57583 2025-01-17 06:15 2025-01-17 Show GitHub Exploit DB Packet Storm
533 - - - Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function. - CVE-2024-57575 2025-01-17 06:15 2025-01-17 Show GitHub Exploit DB Packet Storm
534 - - - An issue in the bind_col_exp component of MonetDB Server v11.47.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. - CVE-2024-57618 2025-01-17 06:15 2025-01-14 Show GitHub Exploit DB Packet Storm
535 6.2 MEDIUM
Local 		freetype freetype FreeType 2.8.1 has a signed integer overflow in cf2_doFlex in cff/cf2intrp.c. CWE-190
 Integer Overflow or Wraparound 		CVE-2025-23022 2025-01-17 06:12 2025-01-11 Show GitHub Exploit DB Packet Storm
536 5.4 MEDIUM
Network 		vanderbilt redcap A stored cross-site scripting (XSS) vulnerability in survey titles of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the Survey Title field or Survey Instructions. When a u… CWE-79
Cross-site Scripting 		CVE-2024-56377 2025-01-17 06:10 2025-01-10 Show GitHub Exploit DB Packet Storm
537 5.4 MEDIUM
Network 		vanderbilt redcap A stored cross-site scripting (XSS) vulnerability in the built-in messenger of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the message field. When a user click on the re… CWE-79
Cross-site Scripting 		CVE-2024-56376 2025-01-17 06:10 2025-01-10 Show GitHub Exploit DB Packet Storm
538 9.8 CRITICAL
Network 		ivanti avalanche Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresses incomplete fixes from CVE-2024-47010. CWE-22
Path Traversal 		CVE-2024-13181 2025-01-17 06:02 2025-01-15 Show GitHub Exploit DB Packet Storm
539 7.5 HIGH
Network 		ivanti avalanche Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information. This CVE addresses incomplete fixes from CVE-2024-47011. CWE-22
Path Traversal 		CVE-2024-13180 2025-01-17 06:01 2025-01-15 Show GitHub Exploit DB Packet Storm
540 9.8 CRITICAL
Network 		ivanti avalanche Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. CWE-22
Path Traversal 		CVE-2024-13179 2025-01-17 06:01 2025-01-15 Show GitHub Exploit DB Packet Storm