NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2024年5月17日20:35

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
101	-	-	-	-	Missing Authorization vulnerability in Sparkle WP Editorialmag editorialmag.This issue affects Editorialmag: from n/a through 1.1.9. New	CWE-862 認証の欠如	CVE-2023-32129	2024-05-17 16:15	2024-05-17	表示	GitHub Exploit DB Packet Storm

102	-	-	-	-	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in artbees JupiterX allows PHP Local File Inclusion.This issue affects JupiterX: from n/a through 3.0.0. New	CWE-22 パス・トラバーサル	CVE-2023-32110	2024-05-17 16:15	2024-05-17	表示	GitHub Exploit DB Packet Storm

103	-	-	-	-	Improper Privilege Management vulnerability in Favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 2.7.1. New	CWE-269 不適切な権限管理	CVE-2023-26540	2024-05-17 16:15	2024-05-17	表示	GitHub Exploit DB Packet Storm

104	-	-	-	-	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Nota-Info Bookly allows Path Traversal, Manipulating Web Input to File System Calls.This issue affects … New	CWE-22 パス・トラバーサル	CVE-2023-26526	2024-05-17 16:15	2024-05-17	表示	GitHub Exploit DB Packet Storm

105	-	-	-	-	Improper Privilege Management vulnerability in favethemes Houzez Login Register allows Privilege Escalation.This issue affects Houzez Login Register: from n/a through 2.6.3. New	CWE-269 不適切な権限管理	CVE-2023-26009	2024-05-17 16:15	2024-05-17	表示	GitHub Exploit DB Packet Storm

106	-	-	-	-	Improper Privilege Management vulnerability in WhatArmy WatchTowerHQ allows Privilege Escalation.This issue affects WatchTowerHQ: from n/a through 3.6.16. New	CWE-269 不適切な権限管理	CVE-2023-25701	2024-05-17 16:15	2024-05-17	表示	GitHub Exploit DB Packet Storm

107	-	-	-	-	Unrestricted Upload of File with Dangerous Type vulnerability in JS Help Desk JS Help Desk – Best Help Desk & Support Plugin allows Using Malicious Files.This issue affects JS Help Desk – Best Help D… New	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2023-25444	2024-05-17 16:15	2024-05-17	表示	GitHub Exploit DB Packet Storm

108	-	-	-	-	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vova Anokhin Shortcodes Ultimate allows Absolute Path Traversal.This issue affects Shortcodes Ultimate:… New	CWE-22 パス・トラバーサル	CVE-2023-25050	2024-05-17 16:15	2024-05-17	表示	GitHub Exploit DB Packet Storm

109	-	-	-	-	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Web-Settler Landing Page Builder – Free Landing Page Templates allows Path Traversal.This issue affects… New	CWE-22 パス・トラバーサル	CVE-2023-24379	2024-05-17 16:15	2024-05-17	表示	GitHub Exploit DB Packet Storm

110	-	-	-	-	Improper Privilege Management vulnerability in Qube One Ltd. Redirection for Contact Form 7 wpcf7-redirect allows Privilege Escalation.This issue affects Redirection for Contact Form 7: from n/a thro… New	CWE-269 不適切な権限管理	CVE-2023-23990	2024-05-17 16:15	2024-05-17	表示	GitHub Exploit DB Packet Storm

111	-	-	-	-	Missing Authorization vulnerability in Joseph C Dolson My Tickets.This issue affects My Tickets: from n/a through 1.9.11. New	CWE-862 認証の欠如	CVE-2023-23988	2024-05-17 16:15	2024-05-17	表示	GitHub Exploit DB Packet Storm

112	-	-	-	-	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rank Math Rank Math SEO allows Path Traversal.This issue affects Rank Math SEO: from n/a through 1.0.10… New	CWE-22 パス・トラバーサル	CVE-2023-23888	2024-05-17 16:15	2024-05-17	表示	GitHub Exploit DB Packet Storm

113	-	-	-	-	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in German Mesky GMAce allows Path Traversal.This issue affects GMAce: from n/a through 1.5.2. New	CWE-22 パス・トラバーサル	CVE-2023-23872	2024-05-17 16:15	2024-05-17	表示	GitHub Exploit DB Packet Storm

114	-	-	-	-	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OceanWP allows PHP Local File Inclusion.This issue affects OceanWP: from n/a through 3.4.1. New	-	CVE-2023-23700	2024-05-17 16:15	2024-05-17	表示	GitHub Exploit DB Packet Storm

115	-	-	-	-	Improper Control of Generation of Code ('Code Injection') vulnerability in MainWP MainWP Code Snippets Extension allows Code Injection.This issue affects MainWP Code Snippets Extension: from n/a thro… New	CWE-94 コード・インジェクション	CVE-2023-23645	2024-05-17 16:15	2024-05-17	表示	GitHub Exploit DB Packet Storm

116	-	-	-	-	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in YARPP allows PHP Local File Inclusion.This issue affects YARPP: from n/a through 5.30.4. New	CWE-22 パス・トラバーサル	CVE-2022-45374	2024-05-17 16:15	2024-05-17	表示	GitHub Exploit DB Packet Storm

117	-	-	-	-	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Lenderd 1003 Mortgage Application allows Relative Path Traversal.This issue affects 1003 Mortgage Appli… New	CWE-22 パス・トラバーサル	CVE-2022-45368	2024-05-17 16:15	2024-05-17	表示	GitHub Exploit DB Packet Storm

118	-	-	-	-	Missing Authorization vulnerability in FmeAddons Conditional Checkout Fields for WooCommerce.This issue affects Conditional Checkout Fields for WooCommerce: from n/a through 1.2.3. New	CWE-862 認証の欠如	CVE-2022-45070	2024-05-17 16:15	2024-05-17	表示	GitHub Exploit DB Packet Storm

119	-	-	-	-	Insecure Storage of Sensitive Information vulnerability in WPMU DEV Defender Security allows : Screen Temporary Files for Sensitive Information.This issue affects Defender Security: from n/a through … New	CWE-922 重要な情報のセキュアでない格納	CVE-2022-44581	2024-05-17 16:15	2024-05-17	表示	GitHub Exploit DB Packet Storm

120	-	-	-	-	Improper Privilege Management vulnerability in Teplitsa of social technologies Leyka allows Privilege Escalation.This issue affects Leyka: from n/a through 3.30.2. New	CWE-269 不適切な権限管理	CVE-2023-33327	2024-05-17 16:15	2024-05-15	表示	GitHub Exploit DB Packet Storm

121	-	-	-	-	Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.1.4. Update	CWE-862 認証の欠如	CVE-2022-40218	2024-05-17 16:15	2024-05-8	表示	GitHub Exploit DB Packet Storm

122	-	-	-	-	The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some of its settings, which could allow high privilege users such as Editor to perform Stored Cross-Site Scripting attacks … New	-	CVE-2024-3580	2024-05-17 15:15	2024-05-17	表示	GitHub Exploit DB Packet Storm

123	-	-	-	-	The Popup4Phone WordPress plugin through 1.3.2 does not sanitise and escape some parameters, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins. New	-	CVE-2024-3231	2024-05-17 15:15	2024-05-17	表示	GitHub Exploit DB Packet Storm

124	-	-	-	-	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Visualmodo Borderless – Widgets, Elements, Templates and Toolkit for Elementor & Gutenberg… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2024-34757	2024-05-17 15:15	2024-05-17	表示	GitHub Exploit DB Packet Storm

125	-	-	-	-	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in PluginOps Landing Page Builder allows Reflected XSS.This issue affects Landing Page Builde… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2024-34752	2024-05-17 15:15	2024-05-17	表示	GitHub Exploit DB Packet Storm

126	-	-	-	-	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in deTheme DethemeKit For Elementor allows Stored XSS.This issue affects DethemeKit For Eleme… New	-	CVE-2024-34575	2024-05-17 15:15	2024-05-17	表示	GitHub Exploit DB Packet Storm

127	-	-	-	-	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in GhozyLab, Inc. Popup Builder allows Stored XSS.This issue affects Popup Builder: from n/a … New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2024-34567	2024-05-17 15:15	2024-05-17	表示	GitHub Exploit DB Packet Storm

128	-	-	-	-	Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Felix Moira Popup More Popups allows Stored XSS.This issue affects Popup More Popups: from… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2024-32800	2024-05-17 15:15	2024-05-17	表示	GitHub Exploit DB Packet Storm

129	-	-	-	-	The NextGEN Gallery WordPress plugin before 3.59.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks eve… New	-	CVE-2024-2744	2024-05-17 15:15	2024-05-17	表示	GitHub Exploit DB Packet Storm

130	-	-	-	-	The socialdriver-framework WordPress plugin before 2024.0.0 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role … New	-	CVE-2024-2697	2024-05-17 15:15	2024-05-17	表示	GitHub Exploit DB Packet Storm

131	9.8	CRITICAL ネットワーク	-	-	The Penci Soledad Data Migrator plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.0 via the 'data' parameter. This makes it possible for unauthentic… New	-	CVE-2024-3551	2024-05-17 12:15	2024-05-17	表示	GitHub Exploit DB Packet Storm

132	-	-	-	-	A vulnerability, which was classified as problematic, has been found in code-projects Simple Chat System 1.0. This issue affects some unknown processing of the component Message Handler. The manipula… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2024-4975	2024-05-17 11:40	2024-05-16	表示	GitHub Exploit DB Packet Storm

133	-	-	-	-	A vulnerability, which was classified as problematic, was found in code-projects Simple Chat System 1.0. Affected is an unknown function of the file /register.php. The manipulation of the argument na… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2024-4974	2024-05-17 11:40	2024-05-16	表示	GitHub Exploit DB Packet Storm

134	-	-	-	-	A vulnerability classified as critical was found in code-projects Simple Chat System 1.0. This vulnerability affects unknown code of the file /register.php. The manipulation of the argument name/numb… New	-	CVE-2024-4973	2024-05-17 11:40	2024-05-16	表示	GitHub Exploit DB Packet Storm

135	-	-	-	-	A vulnerability classified as critical has been found in code-projects Simple Chat System 1.0. This affects an unknown part of the file /login.php. The manipulation of the argument email/password lea… New	CWE-89 SQLインジェクション	CVE-2024-4972	2024-05-17 11:40	2024-05-16	表示	GitHub Exploit DB Packet Storm

136	-	-	-	-	A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file Marker Name of the comp… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2024-4968	2024-05-17 11:40	2024-05-16	表示	GitHub Exploit DB Packet Storm

137	-	-	-	-	A vulnerability was found in SourceCodester Interactive Map with Marker 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /endpoint/delete-… New	CWE-89 SQLインジェクション	CVE-2024-4967	2024-05-17 11:40	2024-05-16	表示	GitHub Exploit DB Packet Storm

138	-	-	-	-	A vulnerability was found in SourceCodester SchoolWebTech 1.0. It has been classified as critical. Affected is an unknown function of the file /improve/home.php. The manipulation of the argument imag… New	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2024-4966	2024-05-17 11:40	2024-05-16	表示	GitHub Exploit DB Packet Storm

139	-	-	-	-	UNSUPPORTED WHEN ASSIGNED A vulnerability was found in D-Link DAR-7000-40 V31R02B1413C and classified as critical. This issue affects some unknown processing of the file /useratte/resmanage.php… New	CWE-78 OSコマンド・インジェクション	CVE-2024-4965	2024-05-17 11:40	2024-05-16	表示	GitHub Exploit DB Packet Storm

140	-	-	-	-	UNSUPPORTED WHEN ASSIGNED A vulnerability has been found in D-Link DAR-7000-40 V31R02B1413C and classified as critical. This vulnerability affects unknown code of the file /firewall/urlblist.ph… New	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2024-4964	2024-05-17 11:40	2024-05-16	表示	GitHub Exploit DB Packet Storm

141	-	-	-	-	UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in D-Link DAR-7000-40 V31R02B1413C. This affects an unknown part of the file /url/url.php. The manipulatio… New	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2024-4963	2024-05-17 11:40	2024-05-16	表示	GitHub Exploit DB Packet Storm

142	-	-	-	-	UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, has been found in D-Link DAR-7000-40 V31R02B1413C. Affected by this issue is some unknown functionality of the file … New	-	CVE-2024-4962	2024-05-17 11:40	2024-05-16	表示	GitHub Exploit DB Packet Storm

143	-	-	-	-	UNSUPPORTED WHEN ASSIGNED A vulnerability classified as critical was found in D-Link DAR-7000-40 V31R02B1413C. Affected by this vulnerability is an unknown functionality of the file /user/onlin… New	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2024-4961	2024-05-17 11:40	2024-05-16	表示	GitHub Exploit DB Packet Storm

144	-	-	-	-	UNSUPPORTED WHEN ASSIGNED A vulnerability classified as critical has been found in D-Link DAR-7000-40 V31R02B1413C. Affected is an unknown function of the file interface/sysmanage/licenseauthor… New	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2024-4960	2024-05-17 11:40	2024-05-16	表示	GitHub Exploit DB Packet Storm

145	-	-	-	-	A vulnerability was found in SourceCodester Online Art Gallery Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file admin/ad… New	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2024-4946	2024-05-17 11:40	2024-05-16	表示	GitHub Exploit DB Packet Storm

146	-	-	-	-	A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file view_parcel.php. The manipulation of… New	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2024-4945	2024-05-17 11:40	2024-05-16	表示	GitHub Exploit DB Packet Storm

147	-	-	-	-	A vulnerability has been found in SourceCodester Simple Online Bidding System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /simple-online-bid… New	CWE-89 SQLインジェクション	CVE-2024-4933	2024-05-17 11:40	2024-05-16	表示	GitHub Exploit DB Packet Storm

148	-	-	-	-	A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Bidding System 1.0. Affected is an unknown function of the file /simple-online-bidding-system/admin/index.… New	CWE-89 SQLインジェクション	CVE-2024-4932	2024-05-17 11:40	2024-05-16	表示	GitHub Exploit DB Packet Storm

149	-	-	-	-	A vulnerability, which was classified as critical, has been found in SourceCodester Simple Online Bidding System 1.0. This issue affects some unknown processing of the file /simple-online-bidding-sys… New	CWE-89 SQLインジェクション	CVE-2024-4931	2024-05-17 11:40	2024-05-16	表示	GitHub Exploit DB Packet Storm

150	-	-	-	-	A vulnerability classified as critical was found in SourceCodester Simple Online Bidding System 1.0. This vulnerability affects unknown code of the file /simple-online-bidding-system/index.php?page=v… New	CWE-89 SQLインジェクション	CVE-2024-4930	2024-05-17 11:40	2024-05-16	表示	GitHub Exploit DB Packet Storm