Vulnerability Search Top

Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

Vulnerability Information Search Top

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

Urgent
Important
Warning
Low

JVN Vulnerability Information

Update Date":Jan. 23, 2025, 6:01 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Impact Show	Exploit PoC Search
61	5.4	警告 Network	Jegtheme	Jeg Elementor Kit	Jegtheme の WordPress 用 Jeg Elementor Kit におけるクロスサイトスクリプティングの脆弱性 New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2024-32721	2025-01-23 11:43	2024-04-24	Show	GitHub Exploit DB Packet Storm

62	8.8	重要 Network	Themeum	Tutor LMS	Themeum の WordPress 用 Tutor LMS における認証の欠如に関する脆弱性 New	CWE-862 認証の欠如	CVE-2024-4352	2025-01-23 11:43	2024-05-16	Show	GitHub Exploit DB Packet Storm

63	9.8	緊急 Network	Shenzhen Tenda Technology Co.,Ltd.	AC18 ファームウェア	Shenzhen Tenda Technology Co.,Ltd. の AC18 ファームウェアにおける境界外書き込みに関する脆弱性 New	CWE-787 境界外書き込み	CVE-2024-57575	2025-01-23 11:43	2025-01-16	Show	GitHub Exploit DB Packet Storm

64	8.8	重要 Network	jfinaloa project	jfinaloa	jfinaloa project の jfinaloa における SQL インジェクションの脆弱性 New	CWE-89 SQLインジェクション	CVE-2024-57775	2025-01-23 11:43	2025-01-16	Show	GitHub Exploit DB Packet Storm

65	4.3	警告 Network	Shenzhen Tenda Technology Co.,Ltd.	AC18 ファームウェア	Shenzhen Tenda Technology Co.,Ltd. の AC18 ファームウェアにおけるクロスサイトリクエストフォージェリの脆弱性 New	CWE-352 同一生成元ポリシー違反	CVE-2024-2560	2025-01-23 11:42	2024-03-17	Show	GitHub Exploit DB Packet Storm

66	8.8	重要 Network	Shenzhen Tenda Technology Co.,Ltd.	AC7 ファームウェア	Shenzhen Tenda Technology Co.,Ltd. の AC7 ファームウェアにおける境界外書き込みに関する脆弱性 New	CWE-121 CWE-787	CVE-2024-2893	2025-01-23 11:42	2024-03-26	Show	GitHub Exploit DB Packet Storm

67	8.8	重要 Network	Shenzhen Tenda Technology Co.,Ltd.	AC7 ファームウェア	Shenzhen Tenda Technology Co.,Ltd. の AC7 ファームウェアにおける境界外書き込みに関する脆弱性 New	CWE-121 CWE-787	CVE-2024-2898	2025-01-23 11:42	2024-03-26	Show	GitHub Exploit DB Packet Storm

68	7.8	重要 Local	GLPI-PROJECT.ORG	glpi agent	GLPI-PROJECT.ORG の glpi agent における脆弱性 New	CWE-20 CWE-noinfo	CVE-2024-28240	2025-01-23 11:42	2024-04-25	Show	GitHub Exploit DB Packet Storm

69	9.8	緊急 Network	code-projects	Online Shoe Store	code-projects の Online Shoe Store における SQL インジェクションの脆弱性 New	CWE-74 CWE-89 CWE-89	CVE-2025-0205	2025-01-23 11:39	2025-01-4	Show	GitHub Exploit DB Packet Storm

70	7.2	重要 Network	Basixonline	NEX-Forms	Basixonline の WordPress 用 NEX-Forms における SQL インジェクションの脆弱性 New	CWE-89 SQLインジェクション	CVE-2024-53808	2025-01-23 11:38	2024-12-6	Show	GitHub Exploit DB Packet Storm

NVD Vulnerability Information

Update Date:Jan. 24, 2025, 4:45 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date	Show Affected	Exploit PoC Search
631	5.9	MEDIUM Network	-	-	IBM DevOps Velocity 5.0.0 and IBM UrbanCode Velocity 4.0.0 through 4.0. 25 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. New	CWE-327 Use of a Broken or Risky Cryptographic Algorithm	CVE-2024-22347	2025-01-21 03:15	2025-01-21	Show	GitHub Exploit DB Packet Storm

632	-		-	-	Fedify is a TypeScript library for building federated server apps powered by ActivityPub and other standards. This vulnerability allows a user to maneuver the Webfinger mechanism to perform a GET req… New	CWE-918 CWE-835 Server-Side Request Forgery (SSRF) Loop with Unreachable Exit Condition ('Infinite Loop')	CVE-2025-23221	2025-01-21 02:15	2025-01-21	Show	GitHub Exploit DB Packet Storm

633	-		-	-	CodeIgniter is a PHP full-stack web framework. Prior to 4.5.8, CodeIgniter lacked proper header validation for its name and value. The potential attacker can construct deliberately malformed headers … New	CWE-436 Interpretation Conflict	CVE-2025-24013	2025-01-21 01:15	2025-01-21	Show	GitHub Exploit DB Packet Storm

634	-		-	-	Vite is a frontend tooling framework for javascript. Vite allowed any websites to send any requests to the development server and read the response due to default CORS settings and lack of validation… New	CWE-346 CWE-350 CWE-1385 Origin Validation Error Reliance on Reverse DNS Resolution for a Security-Critical Action Missing Origin Validation in WebSockets	CVE-2025-24010	2025-01-21 01:15	2025-01-21	Show	GitHub Exploit DB Packet Storm

635	-		-	-	PwnDoc is a penetration test report generator. There is no CSRF protection in pwndoc, allowing attackers to send requests on a logged-in user's behalf. This includes GET and POST requests due to the … New	CWE-352 Origin Validation Error	CVE-2025-23044	2025-01-21 01:15	2025-01-21	Show	GitHub Exploit DB Packet Storm

636	-		-	-	gitoxide is an implementation of git written in Rust. Prior to 0.17.0, gix-worktree-state specifies 0777 permissions when checking out executable files, intending that the umask will restrict them ap… New	CWE-281 CWE-687 Improper Preservation of Permissions Function Call With Incorrectly Specified Argument Value	CVE-2025-22620	2025-01-21 01:15	2025-01-21	Show	GitHub Exploit DB Packet Storm

637	-		-	-	PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Cross-Site Scripting (XSS) vulnerability in the code which translates the XLSX file into a HTML representation and displays … New	CWE-79 Cross-site Scripting	CVE-2025-22131	2025-01-21 01:15	2025-01-21	Show	GitHub Exploit DB Packet Storm

638	-		-	-	Sunshine is a self-hosted game stream host for Moonlight. In 0.23.1 and earlier, Sunshine's pairing protocol implementation does not validate request order and is thereby vulnerable to a MITM attack,… New	CWE-476 CWE-305 CWE-841 NULL Pointer Dereference Authentication Bypass by Primary Weakness Improper Enforcement of Behavioral Workflow	CVE-2024-51738	2025-01-21 01:15	2025-01-21	Show	GitHub Exploit DB Packet Storm

639	5.6	MEDIUM Network	-	-	IBM Security Verify Access 10.0.0 through 10.0.8 and IBM Security Verify Access Docker 10.0.0 through 10.0.8 could allow could an unverified user to change the password of an expired user without pri… New	CWE-620 Unverified Password Change	CVE-2024-45647	2025-01-21 00:15	2025-01-21	Show	GitHub Exploit DB Packet Storm

640	-		-	-	WriteFreely through 0.15.1, when MySQL is used, allows local users to discover credentials by reading config.ini.	-	CVE-2025-24337	2025-01-20 23:15	2025-01-20	Show	GitHub Exploit DB Packet Storm