NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年5月20日20:38

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
1	-	-	-	-	A vulnerability was found in SourceCodester Vehicle Management System up to 1.0 and classified as critical. This issue affects some unknown processing of the file /newdriver.php of the component HTTP… New	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2024-5145	2024-05-21 08:15	2024-05-21	表示	GitHub Exploit DB Packet Storm

2	-	-	-	-	An authentication bypass vulnerability was present in the GitHub Enterprise Server (GHES) when utilizing SAML single sign-on authentication with the optional encrypted assertions feature. This vulner… New	-	CVE-2024-4985	2024-05-21 07:15	2024-05-21	表示	GitHub Exploit DB Packet Storm

3	-	-	-	-	Wiki.js is al wiki app built on Node.js. Client side template injection was discovered, that could allow an attacker to inject malicious JavaScript into the content section of pages that would execut… New	-	CVE-2024-34710	2024-05-21 07:15	2024-05-21	表示	GitHub Exploit DB Packet Storm

4	-	-	-	-	Requests is a HTTP library. Prior to 2.32.0, when making requests through a Requests `Session`, if the first request is made with `verify=False` to disable cert verification, all subsequent requests … New	-	CVE-2024-35195	2024-05-21 06:15	2024-05-21	表示	GitHub Exploit DB Packet Storm

5	-	-	-	-	Minder is a software supply chain security platform. Prior to version 0.0.50, Minder engine is susceptible to a denial of service from memory exhaustion that can be triggered from maliciously created… New	-	CVE-2024-35194	2024-05-21 06:15	2024-05-21	表示	GitHub Exploit DB Packet Storm

6	-	-	-	-	Trivy is a security scanner. Prior to 0.51.2, if a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could result in the leakage of credentials f… New	-	CVE-2024-35192	2024-05-21 06:15	2024-05-21	表示	GitHub Exploit DB Packet Storm

7	-	-	-	-	Formie is a Craft CMS plugin for creating forms. Prior to 2.1.6, users with access to a form's settings can include malicious Twig code into fields that support Twig. These might be the Submission Ti… New	-	CVE-2024-35191	2024-05-21 06:15	2024-05-21	表示	GitHub Exploit DB Packet Storm

8	-	-	-	-	Issue in KeePassXC 2.7.7 allows an attacker to recover some passwords stored in the .kdbx database. New	-	CVE-2024-33901	2024-05-21 06:15	2024-05-21	表示	GitHub Exploit DB Packet Storm

9	-	-	-	-	KeePassXC 2.7.7 allows attackers to recover cleartext credentials. New	-	CVE-2024-33900	2024-05-21 06:15	2024-05-21	表示	GitHub Exploit DB Packet Storm

10	7.9	HIGH 隣接	-	-	The SolarWinds Platform was determined to be affected by a reflected cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit t… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2024-29000	2024-05-21 04:34	2024-05-21	表示	GitHub Exploit DB Packet Storm

11	-	-	-	-	Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stbpvid parameter in the function formSetIptv. New	-	CVE-2024-35580	2024-05-21 04:34	2024-05-21	表示	GitHub Exploit DB Packet Storm

12	-	-	-	-	Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.city.vlan parameter in the function formSetIptv. New	-	CVE-2024-35579	2024-05-21 04:34	2024-05-21	表示	GitHub Exploit DB Packet Storm

13	-	-	-	-	Tenda AX1806 v1.0.0.1 contains a stack overflow via the adv.iptv.stballvlans parameter in the function formSetIptv. New	-	CVE-2024-35578	2024-05-21 04:34	2024-05-21	表示	GitHub Exploit DB Packet Storm

14	-	-	-	-	Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.port parameter in the function formSetIptv. New	-	CVE-2024-35576	2024-05-21 04:34	2024-05-21	表示	GitHub Exploit DB Packet Storm

15	-	-	-	-	Tenda AX1806 v1.0.0.1 contains a stack overflow via the iptv.stb.mode parameter in the function formSetIptv. New	-	CVE-2024-35571	2024-05-21 04:34	2024-05-21	表示	GitHub Exploit DB Packet Storm

16	-	-	-	-	likeshop 2.5.7 is vulnerable to SQL Injection via the getOrderList function. New	-	CVE-2024-34949	2024-05-21 04:34	2024-05-21	表示	GitHub Exploit DB Packet Storm

17	-	-	-	-	smanga 3.2.7 does not filter the file parameter at the PHP/get file flow.php interface, resulting in a path traversal vulnerability that can cause arbitrary file reading. New	-	CVE-2024-34193	2024-05-21 04:34	2024-05-21	表示	GitHub Exploit DB Packet Storm

18	-	-	-	-	Buffer Overflow vulnerability in Waxlab wax v.0.9-3 and before allows an attacker to cause a denial of service via the Lua library component. New	-	CVE-2024-31714	2024-05-21 04:34	2024-05-21	表示	GitHub Exploit DB Packet Storm

19	-	-	-	-	A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the bundle()`, `parse()`, `resolve()`, `dereference() … New	-	CVE-2024-29651	2024-05-21 04:34	2024-05-21	表示	GitHub Exploit DB Packet Storm

20	-	-	-	-	A Prototype Pollution issue in MiguelCastillo @bit/loader v.10.0.3 allows an attacker to execute arbitrary code via the M function e argument in index.js. New	-	CVE-2024-24293	2024-05-21 04:34	2024-05-21	表示	GitHub Exploit DB Packet Storm

21	-	-	-	-	Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server details. New	-	CVE-2023-49335	2024-05-21 04:34	2024-05-21	表示	GitHub Exploit DB Packet Storm

22	-	-	-	-	Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report. New	-	CVE-2023-49334	2024-05-21 04:34	2024-05-21	表示	GitHub Exploit DB Packet Storm

23	-	-	-	-	Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph feature. New	-	CVE-2023-49333	2024-05-21 04:34	2024-05-21	表示	GitHub Exploit DB Packet Storm

24	-	-	-	-	Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares. New	-	CVE-2023-49332	2024-05-21 04:34	2024-05-21	表示	GitHub Exploit DB Packet Storm

25	-	-	-	-	Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search option. New	-	CVE-2023-49331	2024-05-21 04:34	2024-05-21	表示	GitHub Exploit DB Packet Storm

26	-	-	-	-	An issue in Quanxun Huiju Network Technology(Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 allows attackers to cause a Denial of Service (DoS) when attempting to make TCP connections. New	-	CVE-2024-34948	2024-05-21 04:34	2024-05-21	表示	GitHub Exploit DB Packet Storm

27	-	-	-	-	Quanxun Huiju Network Technology (Beijing) Co.,Ltd IK-Q3000 3.7.10 x64 Build202401261655 was discovered to be vulnerable to an ICMP redirect attack. New	-	CVE-2024-34947	2024-05-21 04:34	2024-05-21	表示	GitHub Exploit DB Packet Storm

28	-	-	-	-	A Prototype Pollution issue in Blackprint @blackprint/engine v.0.9.0 allows an attacker to execute arbitrary code via the _utils.setDeepProperty function of engine.min.js. New	-	CVE-2024-24294	2024-05-21 04:34	2024-05-21	表示	GitHub Exploit DB Packet Storm

29	-	-	-	-	ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading a c… New	-	CVE-2024-0401	2024-05-21 04:34	2024-05-21	表示	GitHub Exploit DB Packet Storm

30	-	-	-	-	Tenda O3V2 with firmware versions V1.0.0.10 and V1.0.0.12 was discovered to contain a Blind Command Injection via dest parameter in /goform/getTraceroute. This vulnerability allows attackers to execu… Update	-	CVE-2024-34338	2024-05-21 04:15	2024-05-15	表示	GitHub Exploit DB Packet Storm

31	-	-	-	-	Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report data. New	-	CVE-2023-49330	2024-05-21 03:15	2024-05-20	表示	GitHub Exploit DB Packet Storm

32	-	-	-	-	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Update	-	CVE-2024-4642	2024-05-21 02:15	2024-05-16	表示	GitHub Exploit DB Packet Storm

33	-	-	-	-	An Improper Access Control vulnerability exists in lunary-ai/lunary version 1.2.2, where users can view and update any prompts in any projects due to insufficient access control checks in the handlin… New	CWE-284 不適切なアクセス制御	CVE-2024-4151	2024-05-21 00:17	2024-05-21	表示	GitHub Exploit DB Packet Storm

34	-	-	-	-	A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited. New	-	CVE-2024-3482	2024-05-21 00:17	2024-05-20	表示	GitHub Exploit DB Packet Storm

35	-	-	-	-	An issue in taurusxin ncmdump v1.3.2 allows attackers to cause a Denial of Service (DoS) via memory exhaustion by supplying a crafted .ncm file New	-	CVE-2024-34953	2024-05-21 00:17	2024-05-20	表示	GitHub Exploit DB Packet Storm

36	-	-	-	-	taurusxin ncmdump v1.3.2 was discovered to contain a segmentation violation via the NeteaseCrypt::FixMetadata() function at /src/ncmcrypt.cpp. This vulnerability allows attackers to cause a Denial of… New	-	CVE-2024-34952	2024-05-21 00:17	2024-05-20	表示	GitHub Exploit DB Packet Storm

37	-	-	-	-	A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited. New	-	CVE-2024-2835	2024-05-21 00:17	2024-05-20	表示	GitHub Exploit DB Packet Storm

38	-	-	-	-	In mintplex-labs/anything-llm, a vulnerability exists due to improper input validation in the workspace update process. Specifically, the application fails to validate or format JSON data sent in an … New	CWE-20 不適切な入力確認	CVE-2024-4287	2024-05-21 00:17	2024-05-20	表示	GitHub Exploit DB Packet Storm

39	-	-	-	-	Zoho ManageEngine PAM360 version 6601 is vulnerable to authorization vulnerability which allows a low-privileged user to perform admin actions. Note: This vulnerability affects only the PAM360 6600 v… New	-	CVE-2024-27312	2024-05-21 00:17	2024-05-20	表示	GitHub Exploit DB Packet Storm

40	8.8	HIGH ネットワーク	google	chrome	Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) Update	CWE-787 境界外書き込み	CVE-2024-4761	2024-05-20 23:08	2024-05-15	表示	GitHub Exploit DB Packet Storm

41	-	-	-	-	A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, info… New	-	CVE-2024-4323	2024-05-20 22:00	2024-05-20	表示	GitHub Exploit DB Packet Storm

42	-	-	-	-	A vulnerability classified as problematic was found in PHPGurukul Directory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php of t… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2024-5137	2024-05-20 22:00	2024-05-20	表示	GitHub Exploit DB Packet Storm

43	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: ax25: Fix netdev refcount issue The dev_tracker is added to ax25_cb in ax25_bind(). When the ax25 device is detaching, the dev_tr… New	-	CVE-2024-36009	2024-05-20 22:00	2024-05-20	表示	GitHub Exploit DB Packet Storm

44	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: ipv4: check for NULL idev in ip_route_use_hint() syzbot was able to trigger a NULL deref in fib_validate_source() in an old tree … New	-	CVE-2024-36008	2024-05-20 22:00	2024-05-20	表示	GitHub Exploit DB Packet Storm

45	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix missing hugetlb_lock for resv uncharge There is a recent report on UFFDIO_COPY over hugetlb: https://lore.kernel… New	-	CVE-2024-36000	2024-05-20 22:00	2024-05-20	表示	GitHub Exploit DB Packet Storm

46	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: smb3: missing lock when picking channel Coverity spotted a place where we should have been holding the channel lock when accessin… New	-	CVE-2024-35999	2024-05-20 22:00	2024-05-20	表示	GitHub Exploit DB Packet Storm

47	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: smb3: fix lock ordering potential deadlock in cifs_sync_mid_result Coverity spotted that the cifs_sync_mid_result function could … New	-	CVE-2024-35998	2024-05-20 22:00	2024-05-20	表示	GitHub Exploit DB Packet Storm

48	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix warning during rehash As previously explained, the rehash delayed work migrates filters from one re… New	-	CVE-2024-36007	2024-05-20 22:00	2024-05-20	表示	GitHub Exploit DB Packet Storm

49	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix incorrect list API usage Both the function that migrates all the chunks within a region and the fun… New	-	CVE-2024-36006	2024-05-20 22:00	2024-05-20	表示	GitHub Exploit DB Packet Storm

50	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: honor table dormant flag from netdev release event path Check for table dormant flag otherwise netdev relea… New	-	CVE-2024-36005	2024-05-20 22:00	2024-05-20	表示	GitHub Exploit DB Packet Storm