Vulnerability Search Top
Show Search Menu
Vendor Name
プロダクト・サービス名
Title
Urgent
Important
Warning
Warning
CVE
CWE
公開-検索開始年
公開-検索開始月
公開-検索開始日
公開-検索終了年
公開-検索終了月
公開-検索終了日
脅威度ソート
In descending order of publication date
In descending order of update date
Number of items displayed

You can search for vulnerabilities managed by JVN (Japan Vulnerability Note) and NVD (National Vulnerability Database).
Search keywords must be entered in English otherwise will not be searched in both JVN and NVD.

To search by CWE, please refer to the CWE Overview and check the CWE number.

  • Urgent
  • Important
  • Warning
  • Low
JVN Vulnerability Information

Update Date":Feb. 3, 2025, 1:14 p.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Impact
Show		 Exploit
PoC
Search
721 7.8 重要
Local 		PHOENIX CONTACT charx sec-3150 ファームウェア
charx sec-3100 ファームウェア
charx sec-3000 ファームウェア
charx sec-3050 ファームウェア 		複数の PHOENIX CONTACT 製品における入力確認に関する脆弱性 CWE-20
不適切な入力確認 		CVE-2024-25999 2025-01-24 11:54 2024-03-12 Show GitHub Exploit DB Packet Storm
722 7.5 重要
Network 		PHOENIX CONTACT charx sec-3150 ファームウェア
charx sec-3100 ファームウェア
charx sec-3000 ファームウェア
charx sec-3050 ファームウェア 		複数の PHOENIX CONTACT 製品における初期化されていないポインタのアクセスに関する脆弱性 CWE-824
初期化されていないポインタのアクセス 		CVE-2024-26004 2025-01-24 11:54 2024-03-12 Show GitHub Exploit DB Packet Storm
723 8.5 重要
Network 		Pterodactyl Wings Pterodactyl の Wings におけるパストラバーサルの脆弱性 CWE-22
CWE-22
CWE-362
CWE-362
CWE-363
CVE-2024-27102 2025-01-24 11:54 2024-03-13 Show GitHub Exploit DB Packet Storm
724 7 重要
Network 		PHOENIX CONTACT charx sec-3150 ファームウェア
charx sec-3100 ファームウェア
charx sec-3000 ファームウェア
charx sec-3050 ファームウェア 		複数の PHOENIX CONTACT 製品における重要な情報の平文での送信に関する脆弱性 CWE-319
重要な情報の平文での送信 		CVE-2024-28134 2025-01-24 11:54 2024-05-14 Show GitHub Exploit DB Packet Storm
725 7.8 重要
Local 		PHOENIX CONTACT charx sec-3150 ファームウェア
charx sec-3100 ファームウェア
charx sec-3000 ファームウェア
charx sec-3050 ファームウェア 		複数の PHOENIX CONTACT 製品における Time-of-check Time-of-use (TOCTOU) 競合状態の脆弱性 CWE-367
Time-of-check Time-of-use (TOCTOU) 競合状態 		CVE-2024-28137 2025-01-24 11:54 2024-05-14 Show GitHub Exploit DB Packet Storm
726 5.4 警告
Network 		themelooks enter addons themelooks の WordPress 用 enter addons におけるクロスサイトスクリプティングの脆弱性 CWE-79
CWE-79
CVE-2024-47625 2025-01-24 11:54 2024-10-5 Show GitHub Exploit DB Packet Storm
727 7.2 重要
Network 		GLPI-PROJECT.ORG GLPI GLPI-PROJECT.ORG の GLPI における認証に関する脆弱性 CWE-287
不適切な認証 		CVE-2024-47761 2025-01-24 11:54 2024-12-11 Show GitHub Exploit DB Packet Storm
728 9.8 緊急
Network 		Aviatrix Controller Aviatrix の Controller における OS コマンドインジェクションの脆弱性 CWE-78
CWE-78
CVE-2024-50603 2025-01-24 11:54 2024-10-27 Show GitHub Exploit DB Packet Storm
729 9.8 緊急
Network 		ZyXEL NAS 326 ファームウェア
NAS 542 ファームウェア 		ZyXEL の NAS 326 ファームウェアおよび NAS 542 ファームウェアにおける OS コマンドインジェクションの脆弱性 CWE-78
OSコマンド・インジェクション 		CVE-2024-6342 2025-01-24 11:54 2024-09-10 Show GitHub Exploit DB Packet Storm
730 7.8 重要
Local 		インテル graphics performance analyzers インテルの graphics performance analyzers における制御されていない検索パスの要素に関する脆弱性 CWE-427
CWE-427
CVE-2023-41961 2025-01-24 11:54 2023-10-12 Show GitHub Exploit DB Packet Storm
NVD Vulnerability Information

Update Date:Feb. 4, 2025, 4:08 a.m.

No CVSS Level
Attach Vector		 Vendor Name Project Name Title CWE CVE Update Date Publication Date Show Affected Exploit
PoC
Search
921 4.3 MEDIUM
Network 		- - A vulnerability classified as problematic has been found in needyamin image_gallery 1.0. This affects the function image_gallery of the file /view.php. The manipulation of the argument username leads… CWE-79
CWE-94
Cross-site Scripting
Code Injection 		CVE-2025-0721 2025-01-27 09:15 2025-01-27 Show GitHub Exploit DB Packet Storm
922 3.3 LOW
Local 		- - A vulnerability was found in Microword eScan Antivirus 7.0.32 on Linux. It has been rated as problematic. Affected by this issue is the function removeExtraSlashes of the file /opt/MicroWorld/sbin/rt… CWE-119
CWE-121
Incorrect Access of Indexable Resource ('Range Error') 
Stack-based Buffer Overflow 		CVE-2025-0720 2025-01-27 08:15 2025-01-27 Show GitHub Exploit DB Packet Storm
923 6.5 MEDIUM
Network 		- - IBM Common Licensing 9.0 could allow an authenticated user to modify a configuration file that they should not have access to due to a broken authorization mechanism. CWE-863
 Incorrect Authorization 		CVE-2023-50946 2025-01-27 01:15 2025-01-27 Show GitHub Exploit DB Packet Storm
924 6.2 MEDIUM
Local 		- - IBM Common Licensing 9.0 stores user credentials in plain clear text which can be read by a local user. CWE-256
Plaintext Storage of a Password  		CVE-2023-50945 2025-01-27 01:15 2025-01-27 Show GitHub Exploit DB Packet Storm
925 4.2 MEDIUM
Physics 		- - IBM Cognos Mobile Client 1.1 iOS may be vulnerable to information disclosure through man in the middle techniques due to the lack of certificate pinning. CWE-295
Improper Certificate Validation  		CVE-2023-38009 2025-01-27 01:15 2025-01-27 Show GitHub Exploit DB Packet Storm
926 6.2 MEDIUM
Local 		- - IBM Automation Decision Services 23.0.2 allows web pages to be stored locally which can be read by another user on the system. CWE-525
 Use of Web Browser Cache Containing Sensitive Information 		CVE-2024-31906 2025-01-27 00:15 2025-01-27 Show GitHub Exploit DB Packet Storm
927 5.5 MEDIUM
Network 		- - The Survey Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ays_sections[5][questions][8][title]’ parameter in all versions up to, and including, 5.1.3.3 due to insuff… CWE-79
Cross-site Scripting 		CVE-2024-13505 2025-01-26 21:15 2025-01-26 Show GitHub Exploit DB Packet Storm
928 6.1 MEDIUM
Network 		- - The WC Affiliate – A Complete WooCommerce Affiliate Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via any parameter in all versions up to, and including, 2.4 due to insu… CWE-79
Cross-site Scripting 		CVE-2024-12334 2025-01-26 21:15 2025-01-26 Show GitHub Exploit DB Packet Storm
929 8.8 HIGH
Network 		- - The Zox News theme for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'backup_options' and 'restore_option… CWE-862
 Missing Authorization 		CVE-2024-11936 2025-01-26 21:15 2025-01-26 Show GitHub Exploit DB Packet Storm
930 8.8 HIGH
Network 		- - The VikBooking Hotel Booking Engine & PMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.2. This is due to missing or incorrect nonce valid… CWE-352
 Origin Validation Error 		CVE-2024-11641 2025-01-26 21:15 2025-01-26 Show GitHub Exploit DB Packet Storm