NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2024年12月7日4:06

No CVSS レベル
攻撃区分
ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
1 - -
- - Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. New - CVE-2024-54750 2024-12-7 01:15 2024-12-7 表示 GitHub Exploit DB Packet Storm
2 - -
- - WAVLINK WN531P3 202383 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. New - CVE-2024-54747 2024-12-7 01:15 2024-12-7 表示 GitHub Exploit DB Packet Storm
3 - -
- - WAVLINK WN701AE M01AE_V240305 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. New - CVE-2024-54745 2024-12-7 01:15 2024-12-7 表示 GitHub Exploit DB Packet Storm
4 - -
- - liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A correctness error has been identified in the reference implementation of the HQC … New CWE-200
情報漏えい
CVE-2024-54137 2024-12-7 01:15 2024-12-7 表示 GitHub Exploit DB Packet Storm
5 - -
- - ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 5.5.1 Revision 199 and below is vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/up… New CWE-502
信頼性のないデータのデシリアライゼーション
CVE-2024-54136 2024-12-7 01:15 2024-12-7 表示 GitHub Exploit DB Packet Storm
6 - -
- - ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 2.0 to Version 5.5.1 Revision 199 are vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upl… New CWE-502
信頼性のないデータのデシリアライゼーション
CVE-2024-54135 2024-12-7 01:15 2024-12-7 表示 GitHub Exploit DB Packet Storm
7 - -
- - A cross-site scripting (XSS) vulnerability in OroPlatform CMS v5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter. New - CVE-2024-50677 2024-12-7 01:15 2024-12-7 表示 GitHub Exploit DB Packet Storm
8 - -
- - The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would cause the request to be sent to a completely different domain/IP a… New - CVE-2024-30129 2024-12-7 01:15 2024-12-7 表示 GitHub Exploit DB Packet Storm
9 - -
- - Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines() method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reache… New - CVE-2024-12254 2024-12-7 01:15 2024-12-7 表示 GitHub Exploit DB Packet Storm
10 - -
- - The Sticky Social Icons WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting a… New - CVE-2024-10551 2024-12-7 01:15 2024-12-6 表示 GitHub Exploit DB Packet Storm
11 - -
- - The 3DPrint Lite WordPress plugin before 2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. New - CVE-2024-10480 2024-12-7 01:15 2024-12-6 表示 GitHub Exploit DB Packet Storm
12 - -
- - phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database (ie postgreSQL) server's credential when connectio… New CWE-209
エラーメッセージによる情報漏えい
CVE-2024-54141 2024-12-7 00:15 2024-12-7 表示 GitHub Exploit DB Packet Storm
13 - -
- - HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs. New - CVE-2024-42196 2024-12-7 00:15 2024-12-7 表示 GitHub Exploit DB Packet Storm
14 5.3 MEDIUM
ネットワーク
- - A flaw was found in Rustls 0.23.13 and related APIs. This vulnerability allows denial of service (panic) via a fragmented TLS ClientHello message. New CWE-248
キャッチされない例外
CVE-2024-11738 2024-12-7 00:15 2024-12-7 表示 GitHub Exploit DB Packet Storm
15 - -
- - CyberPanel (aka Cyber Panel) before 6778ad1 does not require the FilemanagerAdmin capability for restartMySQL actions. New - CVE-2024-54679 2024-12-7 00:15 2024-12-5 表示 GitHub Exploit DB Packet Storm
16 - -
- - Path Traversal vulnerability in NotFound ARForms allows Path Traversal.This issue affects ARForms: from n/a through 6.4.1. New CWE-35
パストラバーサル
CVE-2024-54216 2024-12-6 23:15 2024-12-6 表示 GitHub Exploit DB Packet Storm
17 - -
- - Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Revy allows Upload a Web Shell to a Web Server.This issue affects Revy: from n/a through 1.18. New CWE-434
危険なタイプのファイルの無制限アップロード
CVE-2024-54214 2024-12-6 23:15 2024-12-6 表示 GitHub Exploit DB Packet Storm
18 - -
- - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zionbuilder.io WordPress Page Builder – Zion Builder allows Stored XSS.This issue affects WordPre… New CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2024-54213 2024-12-6 23:15 2024-12-6 表示 GitHub Exploit DB Packet Storm
19 - -
- - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For El… New CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2024-54212 2024-12-6 23:15 2024-12-6 表示 GitHub Exploit DB Packet Storm
20 - -
- - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visualmodo Borderless allows Cross-Site Scripting (XSS).This issue affects Borderless: from n/a t… New CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2024-54211 2024-12-6 23:15 2024-12-6 表示 GitHub Exploit DB Packet Storm
21 - -
- - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexShaper Advanced Element Bucket Addons for Elementor allows Stored XSS.This issue affects Adv… New CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2024-54210 2024-12-6 23:15 2024-12-6 表示 GitHub Exploit DB Packet Storm
22 - -
- - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Awesome Shortcodes allows Reflected XSS.This issue affects Awesome Shortcodes: from n/a… New CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2024-54209 2024-12-6 23:15 2024-12-6 表示 GitHub Exploit DB Packet Storm
23 - -
- - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joni Halabi Block Controller allows Reflected XSS.This issue affects Block Controller: from n/a t… New CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2024-54208 2024-12-6 23:15 2024-12-6 表示 GitHub Exploit DB Packet Storm
24 - -
- - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Owen Cutajar & Hyder Jaffari WordPress Auction Plugin allows Stored XSS.This issue affects WordPr… New CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2024-54207 2024-12-6 23:15 2024-12-6 表示 GitHub Exploit DB Packet Storm
25 - -
- - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in URBAN BASE Z-Downloads allows Stored XSS.This issue affects Z-Downloads: from n/a through 1.11.7. New CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2024-54206 2024-12-6 23:15 2024-12-6 表示 GitHub Exploit DB Packet Storm
26 - -
- - Cross-Site Request Forgery (CSRF) vulnerability in Paloma Paloma Widget allows Cross Site Request Forgery.This issue affects Paloma Widget: from n/a through 1.14. New CWE-352
同一生成元ポリシー違反
CVE-2024-54205 2024-12-6 23:15 2024-12-6 表示 GitHub Exploit DB Packet Storm
27 - -
- - Missing Authorization vulnerability in WPSight WPCasa allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPCasa: from n/a through 1.2.13. New - CVE-2024-53826 2024-12-6 23:15 2024-12-6 表示 GitHub Exploit DB Packet Storm
28 - -
- - Missing Authorization vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through 6.3.2. New CWE-862
認証の欠如
CVE-2024-53825 2024-12-6 23:15 2024-12-6 表示 GitHub Exploit DB Packet Storm
29 - -
- - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AREOI All Bootstrap Blocks allows PHP Local File Inclusion.This issue affects … New - CVE-2024-53824 2024-12-6 23:15 2024-12-6 表示 GitHub Exploit DB Packet Storm
30 - -
- - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows DOM-Based XSS.This issue affects … New CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2024-53823 2024-12-6 23:15 2024-12-6 表示 GitHub Exploit DB Packet Storm
31 - -
- - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Pie Register Premium allows Reflected XSS.This issue affects Pie Register Premium: from … New CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2024-53821 2024-12-6 23:15 2024-12-6 表示 GitHub Exploit DB Packet Storm
32 - -
- - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Captivate Audio Ltd Captivate Sync allows Stored XSS.This issue affects Captivate Sync: from n/a … New CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2024-53820 2024-12-6 23:15 2024-12-6 表示 GitHub Exploit DB Packet Storm
33 - -
- - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Acowebs Product Labels For Woocommerce allows Blind SQL Injection.This issue affects Product Labe… New CWE-89
SQLインジェクション
CVE-2024-53817 2024-12-6 23:15 2024-12-6 表示 GitHub Exploit DB Packet Storm
34 - -
- - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Blind SQL Injection.This issue affects Pinpoint Boo… New - CVE-2024-53815 2024-12-6 23:15 2024-12-6 表示 GitHub Exploit DB Packet Storm
35 - -
- - Missing Authorization vulnerability in WP Travel WP Travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through 9.6.0. New CWE-862
認証の欠如
CVE-2024-53813 2024-12-6 23:15 2024-12-6 表示 GitHub Exploit DB Packet Storm
36 - -
- - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jacques Malgrange WP GeoNames allows Reflected XSS.This issue affects WP GeoNames: from n/a throu… New CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2024-53812 2024-12-6 23:15 2024-12-6 表示 GitHub Exploit DB Packet Storm
37 - -
- - Unrestricted Upload of File with Dangerous Type vulnerability in POSIMYTH WDesignkit allows Upload a Web Shell to a Web Server.This issue affects WDesignkit: from n/a through 1.0.40. New CWE-434
危険なタイプのファイルの無制限アップロード
CVE-2024-53811 2024-12-6 23:15 2024-12-6 表示 GitHub Exploit DB Packet Storm
38 - -
- - Missing Authorization vulnerability in Najeeb Ahmad Simple User Registration allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Simple User Registration: from n/a thro… New - CVE-2024-53810 2024-12-6 23:15 2024-12-6 表示 GitHub Exploit DB Packet Storm
39 - -
- - Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Namaste! LMS allows Cross Site Request Forgery.This issue affects Namaste! LMS: from n/a through 2.6.4.1. New CWE-352
同一生成元ポリシー違反
CVE-2024-53809 2024-12-6 23:15 2024-12-6 表示 GitHub Exploit DB Packet Storm
40 - -
- - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms – Ultimate Form Builder allows SQL Injection.This issue affects NEX-Forms – Ultim… New CWE-89
SQLインジェクション
CVE-2024-53808 2024-12-6 23:15 2024-12-6 表示 GitHub Exploit DB Packet Storm
41 - -
- - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in brandtoss WP Mailster allows Blind SQL Injection.This issue affects WP Mailster: from n/a through… New CWE-89
SQLインジェクション
CVE-2024-53807 2024-12-6 23:15 2024-12-6 表示 GitHub Exploit DB Packet Storm
42 - -
- - Missing Authorization vulnerability in WpMaspik Maspik – Spam blacklist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Maspik – Spam blacklist: from n/a th… New CWE-862
認証の欠如
CVE-2024-53806 2024-12-6 23:15 2024-12-6 表示 GitHub Exploit DB Packet Storm
43 - -
- - Missing Authorization vulnerability in brandtoss WP Mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through 1.8.16.0. New - CVE-2024-53805 2024-12-6 23:15 2024-12-6 表示 GitHub Exploit DB Packet Storm
44 - -
- - Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through 1.8.16.0. New - CVE-2024-53804 2024-12-6 23:15 2024-12-6 表示 GitHub Exploit DB Packet Storm
45 - -
- - Missing Authorization vulnerability in brandtoss WP Mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through 1.8.16.0. New CWE-862
認証の欠如
CVE-2024-53803 2024-12-6 23:15 2024-12-6 表示 GitHub Exploit DB Packet Storm
46 - -
- - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FuturioWP Futurio Extra allows Stored XSS.This issue affects Futurio Extra: from n/a through 2.0.… New CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2024-53802 2024-12-6 23:15 2024-12-6 表示 GitHub Exploit DB Packet Storm
47 - -
- - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a thr… New CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2024-53801 2024-12-6 23:15 2024-12-6 表示 GitHub Exploit DB Packet Storm
48 - -
- - Missing Authorization vulnerability in BAKKBONE Australia FloristPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FloristPress: from n/a through 7.3.0. New CWE-862
認証の欠如
CVE-2024-53799 2024-12-6 23:15 2024-12-6 表示 GitHub Exploit DB Packet Storm
49 - -
- - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder allows Stored XSS.This issue affects Beaver Builder: from … New CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2024-53797 2024-12-6 23:15 2024-12-6 表示 GitHub Exploit DB Packet Storm
50 - -
- - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesflat Themesflat Addons For Elementor allows DOM-Based XSS.This issue affects Themesflat Add… New CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2024-53796 2024-12-6 23:15 2024-12-6 表示 GitHub Exploit DB Packet Storm