NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年5月19日4:16

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
1	10.0	CRITICAL ネットワーク	dhtmlx	pdf_export_module	PDF Export Module used in DHTMLX's products Gantt and Scheduler is vulnerable to Remote Code Execution due to lack of "data" parameter sanitization. An unauthenticated attacker can inject the malicio… Update	CWE-78 OSコマンド・インジェクション	CVE-2026-41553	2026-05-19 03:40	2026-05-15	表示	GitHub Exploit DB Packet Storm

2	8.7	HIGH ネットワーク	mattermost	mattermost_server	Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to sanitize sensitive configuration fields before including them in support packet generation, which allows a Mattermo… New	CWE-200 情報漏えい	CVE-2026-6346	2026-05-19 03:39	2026-05-18	表示	GitHub Exploit DB Packet Storm

3	7.6	HIGH ネットワーク	mattermost	mattermost_server	Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to sanitize sensitive configuration fields in the Mattermost Calls plugin which allows an attacker with access to a su… New	CWE-200 情報漏えい	CVE-2026-6347	2026-05-19 03:39	2026-05-18	表示	GitHub Exploit DB Packet Storm

4	9.8	CRITICAL ネットワーク	radare	radare2	radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_threads_list() function that allows remote attackers to trigger memory corruption by sending a valid qfThreadInfo response followed b… Update	CWE-416 解放済みメモリの使用	CVE-2026-8695	2026-05-19 03:38	2026-05-16	表示	GitHub Exploit DB Packet Storm

5	9.8	CRITICAL ネットワーク	radare	radare2	radare2 6.1.5 contains a use-after-free vulnerability in the gdbr_pids_list() function within the GDB client core that allows remote attackers to cause a denial of service or potentially execute arbi… Update	CWE-416 解放済みメモリの使用	CVE-2026-8696	2026-05-19 03:38	2026-05-16	表示	GitHub Exploit DB Packet Storm

6	4.3	MEDIUM ネットワーク	mattermost	mattermost_server	Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13 fail to enforce the PostEditTimeLimit on non-message post fields which allows an authenticated user to modify post file attachments, props, a… Update	CWE-672 有効期限後または解放後のリソースの操作	CVE-2026-4053	2026-05-19 03:37	2026-05-16	表示	GitHub Exploit DB Packet Storm

7	6.5	MEDIUM ネットワーク	mattermost	mattermost_server	Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 Fail to validate the response body of proxied images, which allows a remote attacker to enact client-side DoS via an SVG fi… Update	CWE-754 例外的な状態における不適切なチェック	CVE-2026-4054	2026-05-19 03:36	2026-05-16	表示	GitHub Exploit DB Packet Storm

8	6.5	MEDIUM ネットワーク	open5gs	open5gs	A vulnerability has been found in Open5GS up to 2.7.7. Affected is the function ogs_sbi_client_add in the library /lib/sbi/client.c of the component NRF. The manipulation of the argument client_pool … New	CWE-404 リソースの不適切なシャットダウンおよびリリース	CVE-2026-8731	2026-05-19 03:35	2026-05-17	表示	GitHub Exploit DB Packet Storm

9	9.1	CRITICAL ネットワーク	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the LDAP authentication endpoint does not validate that the submitted password is no… Update	CWE-287 NVD-CWE-noinfo 不適切な認証	CVE-2026-44551	2026-05-19 03:35	2026-05-16	表示	GitHub Exploit DB Packet Storm

10	6.5	MEDIUM ネットワーク	open5gs	open5gs	A vulnerability was detected in Open5GS up to 2.7.7. This affects an unknown function in the library /lib/sbi/message.c of the component NRF. Performing a manipulation of the argument service-names/s… New	CWE-404 リソースの不適切なシャットダウンおよびリリース	CVE-2026-8729	2026-05-19 03:35	2026-05-17	表示	GitHub Exploit DB Packet Storm

11	6.5	MEDIUM ネットワーク	open5gs	open5gs	A security vulnerability has been detected in Open5GS up to 2.7.7. The impacted element is the function ogs_sbi_discovery_option_parse_plmn_list in the library /lib/sbi/conv.c of the component NRF. S… New	CWE-404 リソースの不適切なシャットダウンおよびリリース	CVE-2026-8728	2026-05-19 03:35	2026-05-17	表示	GitHub Exploit DB Packet Storm

12	4.3	MEDIUM ネットワーク	tp-link	tl-wr720n_firmware	TP-Link TL-WR720N wireless router contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious web requests. Attacker… New	CWE-352 同一生成元ポリシー違反	CVE-2018-25321	2026-05-19 03:34	2026-05-17	表示	GitHub Exploit DB Packet Storm

13	6.5	MEDIUM ネットワーク	open5gs	open5gs	A vulnerability was determined in Open5GS up to 2.7.7. Affected is the function ogs_sbi_subscription_data_add/ogs_sbi_nf_service_add in the library /lib/sbi/context.c of the component NRF. Executing … New	CWE-404 リソースの不適切なシャットダウンおよびリリース	CVE-2026-8744	2026-05-19 03:34	2026-05-17	表示	GitHub Exploit DB Packet Storm

14	8.8	HIGH ネットワーク	google	chrome	Heap buffer overflow in WebML in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Criti… Update	CWE-122 ヒープオーバーフロー	CVE-2026-8509	2026-05-19 03:34	2026-05-15	表示	GitHub Exploit DB Packet Storm

15	6.5	MEDIUM ネットワーク	open5gs	open5gs	A vulnerability was identified in Open5GS up to 2.7.7. Affected by this vulnerability is the function ogs_timer_add in the library /src/ausf/nausf-handler.c of the component AUSF. The manipulation le… New	CWE-404 リソースの不適切なシャットダウンおよびリリース	CVE-2026-8745	2026-05-19 03:34	2026-05-17	表示	GitHub Exploit DB Packet Storm

16	9.6	CRITICAL ネットワーク	google	chrome	Use after free in UI in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) Update	CWE-416 解放済みメモリの使用	CVE-2026-8511	2026-05-19 03:34	2026-05-15	表示	GitHub Exploit DB Packet Storm

17	8.3	HIGH ネットワーク	google	chrome	Use after free in FileSystem in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a cr… Update	CWE-416 解放済みメモリの使用	CVE-2026-8512	2026-05-19 03:33	2026-05-15	表示	GitHub Exploit DB Packet Storm

18	8.3	HIGH ネットワーク	google	chrome	Use after free in Aura in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch… Update	CWE-416 解放済みメモリの使用	CVE-2026-8514	2026-05-19 03:33	2026-05-15	表示	GitHub Exploit DB Packet Storm

19	8.7	HIGH ネットワーク	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, the tool_servers and terminal_servers keys in utils/tools.py do use a prefix. When t… Update	CWE-668 誤った領域へのリソースの漏えい	CVE-2026-44552	2026-05-19 03:32	2026-05-16	表示	GitHub Exploit DB Packet Storm

20	8.3	HIGH ネットワーク	google	chrome	Use after free in HID in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape via a crafted H… Update	CWE-416 解放済みメモリの使用	CVE-2026-8515	2026-05-19 03:32	2026-05-15	表示	GitHub Exploit DB Packet Storm

21	8.1	HIGH ネットワーク	openwebui	open_webui	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.9.0, administrative role changes and user deletions do not iterate SESSION_POOL to discon… Update	CWE-613 不適切なセッション期限	CVE-2026-44553	2026-05-19 03:29	2026-05-16	表示	GitHub Exploit DB Packet Storm

22	5.3	MEDIUM ネットワーク	pyload	pyload	pyLoad is a free and open-source download manager written in Python. Prior to 0.5.0b3.dev100, pyload-ng WebUI returns full Python traceback details to clients on unhandled exceptions. Because /web/<p… Update	CWE-209 エラーメッセージによる情報漏えい	CVE-2026-44226	2026-05-19 03:25	2026-05-12	表示	GitHub Exploit DB Packet Storm

23	6.5	MEDIUM ネットワーク	guimard	apache\	Apache::Session::Generate::SHA256 versions before 1.3.19 for Perl create insecure session ids. Apache::Session::Generate::SHA256 generated session ids insecurely. The default session id generator re… Update	CWE-338 CWE-340 暗号における脆弱な PRNG の使用予測可能な数字や識別子の生成	CVE-2026-8503	2026-05-19 03:23	2026-05-15	表示	GitHub Exploit DB Packet Storm

24	5.4	MEDIUM ネットワーク	google	chrome	Incorrect security UI in Fullscreen in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) Update	CWE-451 ユーザインターフェースにおける重要情報の誤った表示	CVE-2026-8561	2026-05-19 03:22	2026-05-15	表示	GitHub Exploit DB Packet Storm

25	4.3	MEDIUM ネットワーク	google	chrome	Side-channel information leakage in Navigation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Mediu… Update	CWE-1300 物理サイドチャネルの不適切な保護	CVE-2026-8562	2026-05-19 03:21	2026-05-15	表示	GitHub Exploit DB Packet Storm

26	6.5	MEDIUM ネットワーク	-	-	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.0, GET /api/v1/memories/ef is accessible without authentication and executes request.ap… Update	CWE-862 認証の欠如	CVE-2026-45667	2026-05-19 03:17	2026-05-16	表示	GitHub Exploit DB Packet Storm

27	8.8	HIGH ネットワーク	-	-	Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability New	CWE-20 CWE-94 CWE-119 不適切な入力確認コード・インジェクションバッファエラー	CVE-2026-45495	2026-05-19 03:17	2026-05-19	表示	GitHub Exploit DB Packet Storm

28	5.4	MEDIUM ネットワーク	-	-	Microsoft Edge (Chromium-based) Spoofing Vulnerability New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-45494	2026-05-19 03:17	2026-05-19	表示	GitHub Exploit DB Packet Storm

29	5.4	MEDIUM ネットワーク	-	-	Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network. New	CWE-20 不適切な入力確認	CVE-2026-45492	2026-05-19 03:17	2026-05-19	表示	GitHub Exploit DB Packet Storm

30	9.1	CRITICAL ネットワーク	-	-	DumbAssets through 1.0.11 contains a path traversal vulnerability in the POST /api/delete-file endpoint and filesToDelete array parameters that allows unauthenticated attackers to delete arbitrary fi… New	CWE-22 パス・トラバーサル	CVE-2026-45230	2026-05-19 03:17	2026-05-19	表示	GitHub Exploit DB Packet Storm

31	10.0	CRITICAL ネットワーク	-	-	Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network. New	CWE-287 不適切な認証	CVE-2026-42822	2026-05-19 03:17	2026-05-19	表示	GitHub Exploit DB Packet Storm

32	8.8	HIGH ネットワーク	-	-	Thermo Fisher Scientific Torrent Suite Dx through 5.14.2 has a privilege escalation vulnerability that may allow an authenticated user with limited access privileges to gain unauthorized administrato… New	CWE-269 不適切な権限管理	CVE-2026-41085	2026-05-19 03:17	2026-05-19	表示	GitHub Exploit DB Packet Storm

33	6.2	MEDIUM ローカル	-	-	OpENer v2.3-558-g1e99582 contains an out-of-bounds read vulnerability in the Common Packet Format (CPF) parser, specifically in CreateCommonPacketFormatStructure() in source/src/enet_encap/cpf.c. A c… New	CWE-125 境界外読み取り	CVE-2026-38719	2026-05-19 03:17	2026-05-19	表示	GitHub Exploit DB Packet Storm

34	5.5	MEDIUM ローカル	-	-	NetBSD prior to commit ec8451e contains a signed integer overflow vulnerability in the cryptodev_op() function in sys/opencrypto/cryptodev.c where the local variable iov_len is declared as a signed i… New	CWE-190 CWE-476 整数オーバーフローまたはラップアラウンド NULL ポインタデリファレンス	CVE-2026-32849	2026-05-19 03:17	2026-05-19	表示	GitHub Exploit DB Packet Storm

35	4.7	MEDIUM ローカル	-	-	NetBSD prior to commit ec8451e contains a race condition vulnerability in cryptodev_op() within the opencrypto subsystem that allows local attackers to trigger a double-free condition by concurrently… New	CWE-362 CWE-415 競合状態二重解放	CVE-2026-32848	2026-05-19 03:17	2026-05-19	表示	GitHub Exploit DB Packet Storm

36	-	-	-	-	HSC MailInspector 5.3.3-7 is vulnerable to Cross Site Scripting (XSS) in the /police/WarningUrlPage.php endpoint due to improper neutralization of user-supplied input that uses alternate or obfuscate… New	-	CVE-2026-29965	2026-05-19 03:17	2026-05-19	表示	GitHub Exploit DB Packet Storm

37	-	-	-	-	HSC MailInspector v5.3.3-7 contains a Cross-Site Scripting (XSS) vulnerability in the /tap/tap.php endpoint due to improper neutralization of user-controlled input using alternate or obfuscated JavaS… New	-	CVE-2026-29964	2026-05-19 03:17	2026-05-19	表示	GitHub Exploit DB Packet Storm

38	-	-	-	-	HSC MailInspector 5.3.3-7 has a Path Traversal vulnerability due to improper validation of user-supplied input in the /tap/dw.php endpoint. The text parameter is used to construct file paths without … New	-	CVE-2026-29963	2026-05-19 03:17	2026-05-19	表示	GitHub Exploit DB Packet Storm

39	-	-	-	-	HSC MailInspector v5.3.3-7 contains a Local File Inclusion (LFI) vulnerability caused by improper control of user-supplied file paths. The endpoint /vendor/phpunit/phpunit.php processes user-controll… New	-	CVE-2026-29962	2026-05-19 03:17	2026-05-19	表示	GitHub Exploit DB Packet Storm

40	5.3	MEDIUM ローカル	oalders	www\	WWW::Mechanize::Cached versions before 2.00 for Perl deserialize cached HTTP responses from a world-writable on-disk cache, enabling local response forgery and code execution. With no explicit cache… Update	CWE-502 CWE-732 信頼性のないデータのデシリアライゼーション重要なリソースに対する不適切なパーミッションの割り当て	CVE-2026-8612	2026-05-19 03:17	2026-05-15	表示	GitHub Exploit DB Packet Storm

41	8.8	HIGH ネットワーク	-	-	ngrok v4.3.3 and 5.0.0-beta.2 is vulnerable to Command Injection. New	CWE-77 コマンドインジェクション	CVE-2025-57282	2026-05-19 03:17	2026-05-19	表示	GitHub Exploit DB Packet Storm

42	7.5	HIGH ネットワーク	-	-	In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), the broker mishandles protocol violations during CONNECT packet parsing. When receiving a CONNECT packet with a zero-length C… New	CWE-400 リソースの枯渇	CVE-2025-56352	2026-05-19 03:17	2026-05-19	表示	GitHub Exploit DB Packet Storm

43	-	-	-	-	Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request. New	-	CVE-2023-24215	2026-05-19 03:17	2026-05-19	表示	GitHub Exploit DB Packet Storm

44	8.6	HIGH ネットワーク	lfprojects	mlflow	A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled (`--app-name basic-auth`) an… Update	CWE-305 根本の脆弱性による認証回避	CVE-2026-2652	2026-05-19 03:16	2026-05-15	表示	GitHub Exploit DB Packet Storm

45	7.0	HIGH ローカル	vmware	fusion	VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during an operation performed by a SETUID binary. A malicious actor with local non-administrative user privileges… Update	CWE-367 Time-of-check Time-of-use (TOCTOU) 競合状態	CVE-2026-41702	2026-05-19 03:15	2026-05-15	表示	GitHub Exploit DB Packet Storm

46	5.3	MEDIUM ローカル	tonyc	imager\	Imager::File::GIF versions through 1.002 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files. Imager::File::GIF's i_readgif_multi_low allocates a single per-row buffer G… Update	CWE-787 境界外書き込み	CVE-2026-8454	2026-05-19 03:12	2026-05-15	表示	GitHub Exploit DB Packet Storm

47	7.1	HIGH ローカル	netty	netty	Netty is an asynchronous, event-driven network application framework. Prior to 4.2.13.Final and 4.1.133.Final, the Netty Redis codec encoder (RedisEncoder) writes user-controlled string content direc… Update	CWE-93 CRLF インジェクション	CVE-2026-42586	2026-05-19 03:02	2026-05-14	表示	GitHub Exploit DB Packet Storm

48	3.6	LOW ローカル	-	-	Vim is an open source, command line text editor. Prior to 9.2.0479, a command injection vulnerability exists in tar#Vimuntar() in runtime/autoload/tar.vim when decompressing .tgz archives on Unix-lik… Update	CWE-78 CWE-88 OSコマンド・インジェクション引数の挿入または変更	CVE-2026-46483	2026-05-19 02:52	2026-05-16	表示	GitHub Exploit DB Packet Storm

49	8.8	HIGH ネットワーク	-	-	Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Basamak Information Technology Consulting and Organization Trade Ltd. Co. DernekWeb allows Stored… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-7498	2026-05-19 02:51	2026-05-18	表示	GitHub Exploit DB Packet Storm

50	6.3	MEDIUM ネットワーク	-	-	A security vulnerability has been detected in kalcaddle Kodbox up to 1.64. This issue affects the function parseVideoInfo of the file /workspace/source-code/plugins/fileThumb/lib/VideoResize.class.ph… New	CWE-74 CWE-77 インジェクションコマンドインジェクション	CVE-2026-8753	2026-05-19 02:51	2026-05-17	表示	GitHub Exploit DB Packet Storm