NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年5月12日5:06

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
1	5.5	MEDIUM ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: HID: prodikeys: Check presence of pm->input_ep82 Fake USB devices can send their own report descriptors for which the input_mappi… Update	CWE-476 NULL ポインタデリファレンス	CVE-2026-43251	2026-05-12 03:51	2026-05-6	表示	GitHub Exploit DB Packet Storm

2	5.5	MEDIUM ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: in-kernel: always set ID as avail when rm endp Syzkaller managed to find a combination of actions that was generating … Update	CWE-667 不適切なロック	CVE-2026-43252	2026-05-12 03:49	2026-05-6	表示	GitHub Exploit DB Packet Storm

3	7.5	HIGH ネットワーク	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: iommu/amd: move wait_on_sem() out of spinlock With iommu.strict=1, the existing completion wait path can cause soft lockups under… Update	CWE-667 不適切なロック	CVE-2026-43253	2026-05-12 03:40	2026-05-6	表示	GitHub Exploit DB Packet Storm

4	6.5	MEDIUM 隣接	watchguard	agent	Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulner… Update	CWE-121 スタックオーバーフロー	CVE-2026-41287	2026-05-12 03:36	2026-05-7	表示	GitHub Exploit DB Packet Storm

5	6.5	MEDIUM 隣接	watchguard	agent	Stack-based Buffer Overflow vulnerability in the WatchGuard Agent discovery service on Windows allows Overflow Buffers. An unauthenticated attacker on the same local network could exploit this vulner… Update	CWE-121 スタックオーバーフロー	CVE-2026-41286	2026-05-12 03:36	2026-05-7	表示	GitHub Exploit DB Packet Storm

6	7.8	HIGH ローカル	watchguard	agent	Incorrect permission assignment for a resource in the patch management component of the WatchGuard Agent on Windows allows an authenticated local user to elevate their privileges to NT AUTHORITY\\SYS… Update	CWE-732 重要なリソースに対する不適切なパーミッションの割り当て	CVE-2026-41288	2026-05-12 03:35	2026-05-7	表示	GitHub Exploit DB Packet Storm

7	7.8	HIGH ローカル	watchguard	agent	Use of Hard-coded Cryptographic Key vulnerability in WatchGuard Agent on Windows allows Inclusion of Code in Existing Process.This issue affects WatchGuard Agent: before 1.25.03.0000. Update	CWE-321 ハードコードされた暗号鍵の使用	CVE-2026-6787	2026-05-12 03:33	2026-05-7	表示	GitHub Exploit DB Packet Storm

8	7.8	HIGH ローカル	watchguard	agent	Uncontrolled Search Path Element vulnerability in WatchGuard Agent on Windows allows Using Malicious Files.This issue affects WatchGuard Agent before 1.25.03.0000. Update	CWE-427 制御されていない検索パスの要素	CVE-2026-6788	2026-05-12 03:33	2026-05-7	表示	GitHub Exploit DB Packet Storm

9	7.5	HIGH ネットワーク	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: ovpn: tcp - fix packet extraction from stream When processing TCP stream data in ovpn_tcp_recv, we receive large cloned skbs from… Update	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2026-43254	2026-05-12 03:21	2026-05-6	表示	GitHub Exploit DB Packet Storm

10	5.5	MEDIUM ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix WARNING in usb_tx_block The function usb_tx_block() submits cardp->tx_urb without ensuring that any previous … Update	NVD-CWE-noinfo	CVE-2026-43255	2026-05-12 03:18	2026-05-6	表示	GitHub Exploit DB Packet Storm

11	7.8	HIGH ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: media: qcom: camss: vfe: Fix out-of-bounds access in vfe_isr_reg_update() vfe_isr() iterates using MSM_VFE_IMAGE_MASTERS_NUM(7) a… Update	CWE-125 境界外読み取り	CVE-2026-43256	2026-05-12 03:16	2026-05-6	表示	GitHub Exploit DB Packet Storm

12	7.3	HIGH ネットワーク	-	-	A vulnerability was detected in OpenClaw up to 2026.1.24. The impacted element is the function handleBlueBubblesWebhookRequest of the file extensions/bluebubbles/src/monitor.ts of the component blueb… New	CWE-287 不適切な認証	CVE-2026-8305	2026-05-12 03:16	2026-05-12	表示	GitHub Exploit DB Packet Storm

13	4.6	MEDIUM 隣接	-	-	A vulnerability was determined in Dotouch XproUPF 2.0.0-release-088aa7c4. Affected is an unknown function of the component UPF. This manipulation causes improper access controls. A high degree of com… New	CWE-266 CWE-284 不適切な権限設定不適切なアクセス制御	CVE-2026-8233	2026-05-12 03:16	2026-05-10	表示	GitHub Exploit DB Packet Storm

14	7.5	HIGH ネットワーク	-	-	XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte sequences. A node name ending in the middle of a multi byte UT… New	CWE-125 境界外読み取り	CVE-2026-8177	2026-05-12 03:16	2026-05-11	表示	GitHub Exploit DB Packet Storm

15	4.8	MEDIUM ネットワーク	-	-	Stored cross-site scripting (XSS) vulnerability in pgAdmin 4 Browser Tree and Explain Visualizer modules. User-controlled PostgreSQL object names (database, schema, table, column, etc.) were assigne… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-7814	2026-05-12 03:16	2026-05-12	表示	GitHub Exploit DB Packet Storm

16	9.9	CRITICAL ネットワーク	-	-	Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and Debugger modules. Multiple endpoints fetched user-owned objects witho… New	CWE-284 不適切なアクセス制御	CVE-2026-7813	2026-05-12 03:16	2026-05-12	表示	GitHub Exploit DB Packet Storm

17	-	-	-	-	An authenticated user with upload permission to a hosted repository can store content that causes arbitrary JavaScript to execute in the browser of any user who browses that repository directory via … New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-7308	2026-05-12 03:16	2026-05-12	表示	GitHub Exploit DB Packet Storm

18	-	-	-	-	`xml.parsers.expat` and `xml.etree.ElementTree` use insufficient entropy for Expat hash-flooding protection, which allows a crafted XML document to trigger hash flooding.\r\n\r\nFully mitigating this… New	CWE-331 エントロピー不足	CVE-2026-7210	2026-05-12 03:16	2026-05-12	表示	GitHub Exploit DB Packet Storm

19	-	-	-	-	An arbitrary file write vulnerability exists in Casdoor's Local File System storage provider. Due to insufficient path sanitization, an authenticated attacker with administrative privileges can perfo… New	-	CVE-2026-6815	2026-05-12 03:16	2026-05-12	表示	GitHub Exploit DB Packet Storm

20	7.3	HIGH ネットワーク	-	-	The Custom css-js-php WordPress plugin through 2.0.7 does not properly sanitize user input before using it in a SQL query, and the result is passed to eval(), allowing unauthenticated users to execut… New	-	CVE-2026-6433	2026-05-12 03:16	2026-05-11	表示	GitHub Exploit DB Packet Storm

21	-	-	-	-	Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Echo. This vulnerability is associated with program files includes/Api/ApiEchoNotifications.Php. … New	CWE-200 情報漏えい	CVE-2026-5266	2026-05-12 03:16	2026-05-12	表示	GitHub Exploit DB Packet Storm

22	-	-	-	-	A buffer overflow in dnsmasq’s extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extract_name() to advanc… New	-	CVE-2026-5172	2026-05-12 03:16	2026-05-12	表示	GitHub Exploit DB Packet Storm

23	6.5	MEDIUM ネットワーク	-	-	WebDyne::Session versions through 2.075 for Perl generates the session id insecurely. The session handler generates the session id from an MD5 hash seeded with a call to the built-in rand() function… New	CWE-338 CWE-340 暗号における脆弱な PRNG の使用予測可能な数字や識別子の生成	CVE-2026-5084	2026-05-12 03:16	2026-05-11	表示	GitHub Exploit DB Packet Storm

24	-	-	-	-	An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information. New	-	CVE-2026-4893	2026-05-12 03:16	2026-05-12	表示	GitHub Exploit DB Packet Storm

25	-	-	-	-	A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet. New	-	CVE-2026-4892	2026-05-12 03:16	2026-05-12	表示	GitHub Exploit DB Packet Storm

26	-	-	-	-	A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet. New	-	CVE-2026-4891	2026-05-12 03:16	2026-05-12	表示	GitHub Exploit DB Packet Storm

27	-	-	-	-	A Denial of Service (DoS) vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet. New	-	CVE-2026-4890	2026-05-12 03:16	2026-05-12	表示	GitHub Exploit DB Packet Storm

28	6.5	MEDIUM ネットワーク	-	-	Net::CIDR::Lite versions before 0.24 for Perl does not properly consider extraneous zero characters in CIDR mask values, which may allow IP ACL bypass. Mask forms like "/00" and "/01" pass validatio… New	CWE-1289 安全でない等式による入力の不適切な検証	CVE-2026-45191	2026-05-12 03:16	2026-05-11	表示	GitHub Exploit DB Packet Storm

29	8.8	HIGH ネットワーク	-	-	OpenClaw before 2026.4.23 contains an improper access control vulnerability in the gateway tool's config.apply and config.patch operations that allows compromised models to write unsafe configuration… New	CWE-184 不完全なブラックリスト	CVE-2026-45006	2026-05-12 03:16	2026-05-12	表示	GitHub Exploit DB Packet Storm

30	6.0	MEDIUM ネットワーク	-	-	OpenClaw before 2026.4.23 caches resolved webhook route secrets backed by SecretRef values, allowing stale secrets to remain valid after rotation and reload. Attackers with previously valid webhook r… New	CWE-672 有効期限後または解放後のリソースの操作	CVE-2026-45005	2026-05-12 03:16	2026-05-12	表示	GitHub Exploit DB Packet Storm

31	7.8	HIGH ローカル	-	-	OpenClaw before 2026.4.23 contains an arbitrary code execution vulnerability in the bundled plugin setup resolver that loads setup-api.js from process.cwd() during provider setup metadata resolution.… New	CWE-427 制御されていない検索パスの要素	CVE-2026-45004	2026-05-12 03:16	2026-05-12	表示	GitHub Exploit DB Packet Storm

32	5.0	MEDIUM ローカル	-	-	OpenClaw before 2026.4.22 allows workspace dotenv files to override connector endpoint hosts for Matrix, Mattermost, IRC, and Synology connectors. Attackers with workspace access can redirect runtime… New	CWE-441 フィルタリング回避	CVE-2026-45003	2026-05-12 03:16	2026-05-12	表示	GitHub Exploit DB Packet Storm

33	5.3	MEDIUM ネットワーク	-	-	OpenClaw before 2026.4.20 contains a hook session-key bypass vulnerability that allows attackers to circumvent the hooks.allowRequestSessionKey opt-in restriction. Attackers can render externally inf… New	CWE-863 不正な認証	CVE-2026-45002	2026-05-12 03:16	2026-05-12	表示	GitHub Exploit DB Packet Storm

34	7.1	HIGH ネットワーク	-	-	OpenClaw before 2026.4.20 contains a guard bypass vulnerability in the agent-facing gateway config.patch and config.apply endpoints that fails to protect operator-trusted settings including sandbox p… New	CWE-862 認証の欠如	CVE-2026-45001	2026-05-12 03:16	2026-05-12	表示	GitHub Exploit DB Packet Storm

35	5.0	MEDIUM ネットワーク	-	-	OpenClaw before 2026.4.20 contains a server-side request forgery vulnerability in browser CDP profile creation that skips strict-mode SSRF policy checks. Attackers can create stored profiles pointing… New	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-45000	2026-05-12 03:16	2026-05-12	表示	GitHub Exploit DB Packet Storm

36	5.3	MEDIUM ネットワーク	-	-	OpenClaw before 2026.4.20 fails to properly preserve untrusted labels for isolated cron awareness events, allowing webhook-triggered cron agent output to be recorded as trusted system events. Attacke… New	CWE-345 データの信頼性についての不十分な検証	CVE-2026-44999	2026-05-12 03:16	2026-05-12	表示	GitHub Exploit DB Packet Storm

37	5.4	MEDIUM ネットワーク	-	-	OpenClaw before 2026.4.20 contains a tool policy bypass vulnerability allowing bundled MCP and LSP tools to circumvent configured tool restrictions. Attackers with local agent access can append restr… New	CWE-863 不正な認証	CVE-2026-44998	2026-05-12 03:16	2026-05-12	表示	GitHub Exploit DB Packet Storm

38	4.3	MEDIUM ネットワーク	-	-	OpenClaw before 2026.4.22 contains a security envelope constraint bypass vulnerability allowing restricted subagents to spawn ACP child sessions that fail to inherit depth, child-count limits, contro… New	CWE-266 不適切な権限設定	CVE-2026-44997	2026-05-12 03:16	2026-05-12	表示	GitHub Exploit DB Packet Storm

39	3.7	LOW ネットワーク	-	-	OpenClaw before 2026.4.15 contains an arbitrary local file read vulnerability in the webchat audio embedding helper that fails to apply local media root containment checks. Attackers can influence ag… New	CWE-22 パス・トラバーサル	CVE-2026-44996	2026-05-12 03:16	2026-05-12	表示	GitHub Exploit DB Packet Storm

40	7.3	HIGH ローカル	-	-	OpenClaw before 2026.4.20 contains an improper environment variable validation vulnerability in MCP stdio server configuration that allows attackers to execute arbitrary code. Malicious workspace con… New	CWE-829 信頼性のない制御領域からの機能の組み込み	CVE-2026-44995	2026-05-12 03:16	2026-05-12	表示	GitHub Exploit DB Packet Storm

41	5.3	MEDIUM ネットワーク	-	-	OpenClaw before 2026.4.22 contains an authentication bypass vulnerability in the Control UI bootstrap config endpoint that allows unauthenticated attackers to read sensitive configuration fields. Att… New	CWE-862 認証の欠如	CVE-2026-44994	2026-05-12 03:16	2026-05-12	表示	GitHub Exploit DB Packet Storm

42	5.4	MEDIUM ネットワーク	-	-	OpenClaw before 2026.4.20 contains a message classification vulnerability in Feishu card-action callbacks that misclassifies direct messages as group conversations. Attackers can bypass dmPolicy enfo… New	CWE-184 不完全なブラックリスト	CVE-2026-44993	2026-05-12 03:16	2026-05-12	表示	GitHub Exploit DB Packet Storm

43	5.0	MEDIUM ローカル	-	-	OpenClaw versions 2026.4.5 before 2026.4.20 contain an environment variable injection vulnerability allowing workspace dotenv to override MINIMAX_API_HOST. Attackers can redirect credentialed MiniMax… New	CWE-441 フィルタリング回避	CVE-2026-44992	2026-05-12 03:16	2026-05-12	表示	GitHub Exploit DB Packet Storm

44	4.2	MEDIUM ネットワーク	-	-	OpenClaw before 2026.4.21 contains an authorization bypass vulnerability in command-auth.ts that allows non-owner senders to execute owner-enforced slash commands when wildcard inbound senders are co… New	CWE-863 不正な認証	CVE-2026-44991	2026-05-12 03:16	2026-05-12	表示	GitHub Exploit DB Packet Storm

45	3.0	LOW ネットワーク	-	-	In OpenStack Ironic through 35.x, instance_info['ks_template'] is rendered without sandboxing. Update	CWE-1336 テンプレートエンジンで使用される特殊な要素の不適切な無効化	CVE-2026-44916	2026-05-12 03:16	2026-05-8	表示	GitHub Exploit DB Packet Storm

46	-	-	-	-	jq is a command-line JSON processor. In 1.8.2rc1 and earlier, the ordinary module loader recurses without cycle detection when two otherwise valid modules include each other. New	CWE-674 不適切な再帰制御	CVE-2026-44777	2026-05-12 03:16	2026-05-12	表示	GitHub Exploit DB Packet Storm

47	4.7	MEDIUM ネットワーク	-	-	Zen is a firefox-based browser. Prior to 1.19.12b, the ZEN Browser incorrectly truncates long hostnames in the address bar and shows only the attacker-controlled prefix of the subdomain, hiding the a… New	CWE-451 ユーザインターフェースにおける重要情報の誤った表示	CVE-2026-44659	2026-05-12 03:16	2026-05-12	表示	GitHub Exploit DB Packet Storm

48	2.4	LOW ネットワーク	-	-	Zen is a firefox-based browser. Prior to 1.19.12b, RSS feed URLs entered by the user are validated to http: or https: in promptForFeedUrl, but item links inside the feed are not subject to the same r… New	CWE-20 不適切な入力確認	CVE-2026-44658	2026-05-12 03:16	2026-05-12	表示	GitHub Exploit DB Packet Storm

49	8.2	HIGH ネットワーク	-	-	In JetBrains TeamCity before 2026.1 2025.11.5 authenticated users could expose server API to unauthorised access New	CWE-306 重要な機能に対する認証の欠如解説	CVE-2026-44413	2026-05-12 03:16	2026-05-12	表示	GitHub Exploit DB Packet Storm

50	9.1	CRITICAL ネットワーク	-	-	Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. Prior to version 2.13.0, a Server-Side Request Forgery (SSRF) vulnerability in the f… New	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-44313	2026-05-12 03:16	2026-05-9	表示	GitHub Exploit DB Packet Storm