NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年4月29日20:06

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
51	-	-	-	-	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AA-Team WZone allows Reflected XSS.This issue affects WZone: from n/a through 14.0.10. New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2024-33548	2024-04-29 15:15	2024-04-29	表示	GitHub Exploit DB Packet Storm

52	-	-	-	-	Authorization Bypass Through User-Controlled Key vulnerability in Fabio Rinaldi Crelly Slider.This issue affects Crelly Slider: from n/a through 1.4.5. New	CWE-639 ユーザ制御の鍵による認証回避	CVE-2024-33542	2024-04-29 15:15	2024-04-29	表示	GitHub Exploit DB Packet Storm

53	-	-	-	-	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeGrill ColorNews allows Stored XSS.This issue affects ColorNews: from n/a through 1.2.6. New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2024-33540	2024-04-29 15:15	2024-04-29	表示	GitHub Exploit DB Packet Storm

54	-	-	-	-	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM WPZOOM Addons for Elementor (Templates, Widgets) allows Stored XSS.This issue affects WPZO… New	-	CVE-2024-33539	2024-04-29 15:15	2024-04-29	表示	GitHub Exploit DB Packet Storm

55	-	-	-	-	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Theme Horse WP Portfolio allows Stored XSS.This issue affects WP Portfolio: from n/a through 2.4.… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2024-33537	2024-04-29 15:15	2024-04-29	表示	GitHub Exploit DB Packet Storm

56	-	-	-	-	The GamiPress WordPress plugin before 6.8.9's access control mechanism fails to properly restrict access to its settings, permitting Authors to manipulate requests and extend access to lower privile… New	-	CVE-2024-2505	2024-04-29 15:15	2024-04-29	表示	GitHub Exploit DB Packet Storm

57	-	-	-	-	The Smart Forms WordPress plugin before 2.6.96 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks … New	-	CVE-2024-1905	2024-04-29 15:15	2024-04-29	表示	GitHub Exploit DB Packet Storm

58	-	-	-	-	In KDE libksieve before 23.03.80, kmanagesieve/session.cpp places a cleartext password in server logs because a username variable is accidentally given a password value. New	-	CVE-2023-52723	2024-04-29 15:15	2024-04-29	表示	GitHub Exploit DB Packet Storm

59	-	-	-	-	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpOpal Opal Widgets For Elementor allows Stored XSS.This issue affects Opal Widgets For Elementor… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2024-33649	2024-04-29 14:15	2024-04-29	表示	GitHub Exploit DB Packet Storm

60	-	-	-	-	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wzy Media Recencio Book Reviews allows Stored XSS.This issue affects Recencio Book Reviews: from … New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2024-33648	2024-04-29 14:15	2024-04-29	表示	GitHub Exploit DB Packet Storm

61	-	-	-	-	Cross-Site Request Forgery (CSRF) vulnerability in Toast Plugins Sticky Anything allows Cross-Site Scripting (XSS).This issue affects Sticky Anything: from n/a through 2.1.5. New	CWE-352 同一生成元ポリシー違反	CVE-2024-33646	2024-04-29 14:15	2024-04-29	表示	GitHub Exploit DB Packet Storm

62	-	-	-	-	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eftakhairul Islam & Sirajus Salayhin Easy Set Favicon allows Reflected XSS.This issue affects Eas… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2024-33645	2024-04-29 14:15	2024-04-29	表示	GitHub Exploit DB Packet Storm

63	-	-	-	-	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kailey Lampert Advanced Most Recent Posts Mod allows Stored XSS.This issue affects Advanced Most … New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2024-33643	2024-04-29 14:15	2024-04-29	表示	GitHub Exploit DB Packet Storm

64	-	-	-	-	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LBell Pretty Google Calendar allows Stored XSS.This issue affects Pretty Google Calendar: from n/… New	-	CVE-2024-33640	2024-04-29 14:15	2024-04-29	表示	GitHub Exploit DB Packet Storm

65	-	-	-	-	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor Pro allows Reflected XSS.This issue affects Piotnet Addons F… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2024-33633	2024-04-29 14:15	2024-04-29	表示	GitHub Exploit DB Packet Storm

66	-	-	-	-	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. New	-	CVE-2024-33339	2024-04-29 14:15	2024-04-29	表示	GitHub Exploit DB Packet Storm

67	8.8	HIGH ネットワーク	-	-	N-Reporter and N-Cloud, products of the N-Partner, have an OS Command Injection vulnerability. Remote attackers with normal user privilege can execute arbitrary system commands by manipulating user i… New	CWE-78 OSコマンド・インジェクション	CVE-2024-4301	2024-04-29 13:15	2024-04-29	表示	GitHub Exploit DB Packet Storm

68	9.8	CRITICAL ネットワーク	-	-	E-WEBInformationCo. FS-EZViewer(Web) exposes sensitive information in the service. A remote attacker can obtain the database configuration file path through the webpage source code without login. Acc… New	CWE-200 情報漏えい	CVE-2024-4300	2024-04-29 13:15	2024-04-29	表示	GitHub Exploit DB Packet Storm

69	7.2	HIGH ネットワーク	-	-	The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers… New	CWE-78 OSコマンド・インジェクション	CVE-2024-4299	2024-04-29 13:15	2024-04-29	表示	GitHub Exploit DB Packet Storm

70	-	-	-	-	In PHP version 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, if a password stored with password_hash() starts with a null byte (\x00), testing a blank string as the password via pass… New	-	CVE-2024-3096	2024-04-29 13:15	2024-04-29	表示	GitHub Exploit DB Packet Storm

71	-	-	-	-	In PHP 8.3.* before 8.3.5, function mb_encode_mimeheader() runs endlessly for some inputs that contain long strings of non-space characters followed by a space. This could lead to a potential DoS att… New	-	CVE-2024-2757	2024-04-29 13:15	2024-04-29	表示	GitHub Exploit DB Packet Storm

72	-	-	-	-	Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is tre… New	-	CVE-2024-2756	2024-04-29 13:15	2024-04-29	表示	GitHub Exploit DB Packet Storm

73	-	-	-	-	In PHP versions 8.1.* before 8.1.28, 8.2.* before 8.2.18, 8.3.* before 8.3.5, when using proc_open() command with array syntax, due to insufficient escaping, if the arguments of the executed command … New	-	CVE-2024-1874	2024-04-29 13:15	2024-04-29	表示	GitHub Exploit DB Packet Storm

74	-	-	-	-	The email search interface of HGiga iSherlock (including MailSherlock, SpamSherock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers with ad… New	-	CVE-2024-4298	2024-04-29 12:15	2024-04-29	表示	GitHub Exploit DB Packet Storm

75	4.9	MEDIUM ネットワーク	-	-	The system configuration interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attacker… New	CWE-22 パス・トラバーサル	CVE-2024-4297	2024-04-29 12:15	2024-04-29	表示	GitHub Exploit DB Packet Storm

76	4.6	MEDIUM 物理	gnu redhat	grub2 enterprise_linux	An out-of-bounds read flaw was found on grub2's NTFS filesystem driver. This issue may allow a physically present attacker to present a specially crafted NTFS file system image to read arbitrary memo… Update	CWE-125 境界外読み取り	CVE-2023-4693	2024-04-29 12:15	2023-10-26	表示	GitHub Exploit DB Packet Storm

77	7.8	HIGH ローカル	gnu redhat	grub2 enterprise_linux	An out-of-bounds write flaw was found in grub2's NTFS filesystem driver. This issue may allow an attacker to present a specially crafted NTFS filesystem image, leading to grub's heap metadata corrupt… Update	CWE-787 境界外書き込み	CVE-2023-4692	2024-04-29 12:15	2023-10-26	表示	GitHub Exploit DB Packet Storm

78	4.9	MEDIUM ネットワーク	-	-	The account management interface of HGiga iSherlock (including MailSherlock, SpamSherlock, AuditSherlock) fails to filter special characters in certain function parameters, allowing remote attackers … New	CWE-22 パス・トラバーサル	CVE-2024-4296	2024-04-29 11:15	2024-04-29	表示	GitHub Exploit DB Packet Storm

79	-	-	-	-	In CARLA through 0.9.15.2, the collision sensor mishandles some situations involving pedestrians or bicycles, in part because the collision sensor function is not exposed to the Blueprint library. New	-	CVE-2024-33903	2024-04-29 10:15	2024-04-29	表示	GitHub Exploit DB Packet Storm

80	-	-	-	-	RARLAB WinRAR before 7.00, on Linux and UNIX platforms, allows attackers to spoof the screen output, or cause a denial of service, via ANSI escape sequences. New	-	CVE-2024-33899	2024-04-29 09:15	2024-04-29	表示	GitHub Exploit DB Packet Storm

81	-	-	-	-	Delinea Secret Server before 11.7.000001 allows attackers to bypass authentication via the SOAP API in SecretServer/webservices/SSWebService.asmx. This is related to a hardcoded key, the use of the i… New	-	CVE-2024-33891	2024-04-29 08:15	2024-04-29	表示	GitHub Exploit DB Packet Storm

82	-	-	-	-	Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-33891. Reason: This candidate is a reservation duplicate of CVE-2024-33891. Notes: All CVE users should reference CVE-2024-3389… New	-	CVE-2024-33331	2024-04-29 08:15	2024-04-29	表示	GitHub Exploit DB Packet Storm

83	-	-	-	-	HTTP/2 CONTINUATION DoS attack can cause Apache Traffic Server to consume more resources on the server. Version from 8.0.0 through 8.1.9, from 9.0.0 through 9.2.3 are affected. Users can set a new … Update	CWE-20 不適切な入力確認	CVE-2024-31309	2024-04-29 07:15	2024-04-10	表示	GitHub Exploit DB Packet Storm

84	5.4	MEDIUM ネットワーク	zabbix	zabbix	The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section. Update	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2024-22119	2024-04-29 05:15	2024-02-9	表示	GitHub Exploit DB Packet Storm

85	-	-	-	-	The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection. New	-	CVE-2024-33883	2024-04-29 01:15	2024-04-29	表示	GitHub Exploit DB Packet Storm

86	-	-	-	-	IBM i 7.2, 7.3, 7.4, 7.5 and IBM Rational Development Studio for i 7.2, 7.3, 7.4, 7.5 networking and compiler infrastructure could allow a local user to gain elevated privileges due to an unqualified… New	CWE-427 制御されていない検索パスの要素	CVE-2024-25050	2024-04-28 22:15	2024-04-28	表示	GitHub Exploit DB Packet Storm

87	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: smb3: fix temporary data corruption in collapse range collapse range doesn't discard the affected cached region so can risk tempo… New	-	CVE-2022-48668	2024-04-28 22:15	2024-04-28	表示	GitHub Exploit DB Packet Storm

88	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: smb3: fix temporary data corruption in insert range insert range doesn't discard the affected cached region so can risk temporari… New	-	CVE-2022-48667	2024-04-28 22:15	2024-04-28	表示	GitHub Exploit DB Packet Storm

89	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: exfat: fix overflow for large capacity partition Using int type for sector index, there will be overflow in a large capacity part… New	-	CVE-2022-48665	2024-04-28 22:15	2024-04-28	表示	GitHub Exploit DB Packet Storm

90	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: gpio: mockup: fix NULL pointer dereference when removing debugfs We now remove the device's debugfs entries when unbinding the dr… New	-	CVE-2022-48663	2024-04-28 22:15	2024-04-28	表示	GitHub Exploit DB Packet Storm

91	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix a use-after-free There are two .exit_cmd_priv implementations. Both implementations use resources associated with… New	-	CVE-2022-48666	2024-04-28 22:15	2024-04-28	表示	GitHub Exploit DB Packet Storm

92	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: btrfs: fix hang during unmount when stopping a space reclaim worker Often when running generic/562 from fstests we can hang durin… New	-	CVE-2022-48664	2024-04-28 22:15	2024-04-28	表示	GitHub Exploit DB Packet Storm

93	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: gpio: mockup: Fix potential resource leakage when register a chip If creation of software node fails, the locally allocated strin… New	-	CVE-2022-48661	2024-04-28 22:15	2024-04-28	表示	GitHub Exploit DB Packet Storm

94	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: arm64: topology: fix possible overflow in amu_fie_setup() cpufreq_get_hw_max_freq() returns max frequency in kHz as *unsigned int… New	-	CVE-2022-48657	2024-04-28 22:15	2024-04-28	表示	GitHub Exploit DB Packet Storm

95	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-private: Fix refcount leak bug in of_xudma_dev_get() We should call of_node_put() for the reference return… New	-	CVE-2022-48656	2024-04-28 22:15	2024-04-28	表示	GitHub Exploit DB Packet Storm

96	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Harden accesses to the reset domains Accessing reset domains descriptors by the index upon the SCMI drivers r… New	-	CVE-2022-48655	2024-04-28 22:15	2024-04-28	表示	GitHub Exploit DB Packet Storm

97	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: drm/i915/gem: Really move i915_gem_context.link under ref protection i915_perf assumes that it can use the i915_gem_context refer… New	-	CVE-2022-48662	2024-04-28 22:15	2024-04-28	表示	GitHub Exploit DB Packet Storm

98	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: Set lineevent_state::irq after IRQ register successfully When running gpio test on nxp-ls1028 platform with below … New	-	CVE-2022-48660	2024-04-28 22:15	2024-04-28	表示	GitHub Exploit DB Packet Storm

99	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() nf_osf_find() incorrectly returns true on mismatch, this lead… New	-	CVE-2022-48654	2024-04-28 22:15	2024-04-28	表示	GitHub Exploit DB Packet Storm

100	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() Commit 8f394da36a36 ("scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_T… New	-	CVE-2022-48650	2024-04-28 22:15	2024-04-28	表示	GitHub Exploit DB Packet Storm