NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月21日4:01

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
1	8.1	HIGH ネットワーク	zoom	meeting_software_development_kit workplace	Improper Authorization in Handler for Custom URL Scheme in Zoom Workplace before version 7.0.4 for Android and before 7.0.3 for iOS may allow an unauthenticated user to conduct an escalation of privi…	CWE-939 カスタム URL スキームのハンドラの不適切な認可	CVE-2026-53408	2026-06-17 03:59	2026-06-13	表示	GitHub Exploit DB Packet Storm

2	7.2	HIGH ネットワーク	mariadb	mariadb	MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.27, 10.11.1 to before 10.11.18, 11.4.1 to before 11.4.12, 11.8.1 to before 11.8.8, and 12.3.1, a high…	CWE-78 OSコマンド・インジェクション	CVE-2026-48165	2026-06-17 03:58	2026-06-13	表示	GitHub Exploit DB Packet Storm

3	6.1	MEDIUM ローカル	docker mobyproject	engine moby moby\/v2	Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during …	CWE-81 CWE-367 エラーメッセージ用 Web ページ内のスクリプトの不適切な無害化 Time-of-check Time-of-use (TOCTOU) 競合状態	CVE-2026-41568	2026-06-17 03:31	2026-06-13	表示	GitHub Exploit DB Packet Storm

4	7.2	HIGH ローカル	docker mobyproject	engine moby moby\/v2	Moby is an open source container framework. In Docker Engine prior to version 29.5.1, Docker Daemon versions 28.5.2 and prior, and Moby Daemon prior to version 2.0.0-beta.14, a race condition during …	CWE-61 CWE-367 UNIX Symbolic Link のフォロー Time-of-check Time-of-use (TOCTOU) 競合状態	CVE-2026-42306	2026-06-17 03:31	2026-06-13	表示	GitHub Exploit DB Packet Storm

5	5.5	MEDIUM ローカル	amd	uprof	Unrestricted resource allocation in AMD uProf may be exploitable to consume excessive system resources, potentially leading to a loss of availability.	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2026-28237	2026-06-17 03:08	2026-06-10	表示	GitHub Exploit DB Packet Storm

6	5.5	MEDIUM ローカル	amd	uprof	Improper access control in AMD uProf may allow a local attacker with user privileges to write to the kernel-shared memory section, potentially resulting in crash or denial of service.	CWE-497 認可されていない制御領域への重要情報の漏えい	CVE-2026-0466	2026-06-17 03:05	2026-06-10	表示	GitHub Exploit DB Packet Storm

7	5.5	MEDIUM ローカル	gpac	gpac	A heap use-after-free in the gf_node_get_tag function (scenegraph/base_scenegraph.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.	CWE-416 解放済みメモリの使用	CVE-2025-55650	2026-06-17 02:39	2026-06-16	表示	GitHub Exploit DB Packet Storm

8	5.5	MEDIUM ローカル	gpac	gpac	A NULL pointer dereference in the gf_media_map_esd function (media_tools/isom_tools.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.	CWE-476 NULL ポインタデリファレンス	CVE-2025-55649	2026-06-17 02:39	2026-06-16	表示	GitHub Exploit DB Packet Storm

9	5.5	MEDIUM ローカル	gpac	gpac	A heap buffer overflow in the gf_opus_parse_packet_header function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.	CWE-122 ヒープオーバーフロー	CVE-2025-55648	2026-06-17 02:39	2026-06-16	表示	GitHub Exploit DB Packet Storm

10	5.5	MEDIUM ローカル	gpac	gpac	An Out-of-Memory in the mp4_mux_cenc_insert_pssh function (filters/mux_isom.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2025-55647	2026-06-17 02:38	2026-06-16	表示	GitHub Exploit DB Packet Storm

11	5.5	MEDIUM ローカル	gpac	gpac	A heap buffer overflow in the gf_cenc_set_pssh function (isomedia/drm_sample.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.	CWE-122 ヒープオーバーフロー	CVE-2025-55645	2026-06-17 02:38	2026-06-16	表示	GitHub Exploit DB Packet Storm

12	5.5	MEDIUM ローカル	gpac	gpac	A heap use-after-free in the gf_node_get_tag function (scenegraph/base_scenegraph.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.	CWE-416 解放済みメモリの使用	CVE-2025-55644	2026-06-17 02:37	2026-06-16	表示	GitHub Exploit DB Packet Storm

13	5.5	MEDIUM ローカル	gpac	gpac	A NULL pointer dereference in the TrackWriter handling component (filters/mux_isom.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.	CWE-476 NULL ポインタデリファレンス	CVE-2025-55643	2026-06-17 02:37	2026-06-16	表示	GitHub Exploit DB Packet Storm

14	8.6	HIGH ネットワーク	-	-	An attacker with network-level access between the SUSE Virtualization and Rancher Manager in SUSE Harvester before 1.8.0 could interfere with the TLS handshake and abuse it to bypass TLS as a secur…	CWE-295 不正な証明書検証	CVE-2025-71261	2026-06-17 02:37	2026-06-17	表示	GitHub Exploit DB Packet Storm

15	8.6	HIGH ネットワーク	-	-	A flaw was found in Pacemaker. An unauthenticated remote attacker can exploit an integer overflow vulnerability in the remote message decompression process. By sending a specially crafted compressed …	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2026-10649	2026-06-17 02:37	2026-06-17	表示	GitHub Exploit DB Packet Storm

16	-	-	-	-	To allow builds of Python to be run from an in-tree layout (rather than an installed file layout), the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Mod…	CWE-427 制御されていない検索パスの要素	CVE-2026-12003	2026-06-17 02:37	2026-06-17	表示	GitHub Exploit DB Packet Storm

17	7.8	HIGH ローカル	-	-	NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclos…	CWE-94 コード・インジェクション	CVE-2026-24155	2026-06-17 02:37	2026-06-17	表示	GitHub Exploit DB Packet Storm

18	7.8	HIGH ローカル	-	-	NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A successful exploit of this vulnerability may lead to code execution, escalati…	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2026-24228	2026-06-17 02:37	2026-06-17	表示	GitHub Exploit DB Packet Storm

19	8.8	HIGH 隣接	-	-	Passing of unsanitized strings from DHCP replies into the wicked dhcp client before wicked 0.6.79 could be used by attackers operating a malicious DHCP server to execute code on the local machine.	CWE-78 OSコマンド・インジェクション	CVE-2026-44932	2026-06-17 02:37	2026-06-17	表示	GitHub Exploit DB Packet Storm

20	9.1	CRITICAL ネットワーク	-	-	Perry before 0.5.1166 contains a JWT validation vulnerability that allows remote attackers to bypass token expiration by exploiting the unconditional setting of validate_exp = false in the verify_dec…	CWE-613 不適切なセッション期限	CVE-2026-53776	2026-06-17 02:36	2026-06-17	表示	GitHub Exploit DB Packet Storm

21	8.6	HIGH ローカル	-	-	Yeoman Environment provides an API to discover, create, and run generators, and to configure where and how a generator is resolved. Versions 2.9.0 through 6.0.0 install missing local generator packag…	CWE-829 信頼性のない制御領域からの機能の組み込み	CVE-2026-42089	2026-06-17 02:35	2026-06-17	表示	GitHub Exploit DB Packet Storm

22	6.7	MEDIUM ローカル	-	-	Dell Peripheral Manager, versions from 1.5.1 to 1.7.2, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious…	CWE-427 制御されていない検索パスの要素	CVE-2024-22451	2026-06-17 02:34	2026-06-17	表示	GitHub Exploit DB Packet Storm

23	8.8	HIGH ネットワーク	-	-	Dell OpenManage Integration with Microsoft Windows Admin Center contains a Remote Code Execution vulnerability in the gateway plugin. A remote authenticated user could potentially exploit this vulner…	CWE-77 コマンドインジェクション	CVE-2024-24909	2026-06-17 02:34	2026-06-17	表示	GitHub Exploit DB Packet Storm

24	5.4	MEDIUM ネットワーク	-	-	PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager. A remote authenticated low-privileged malicious actor could potentially exploit this vulnerability, it could…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2024-30476	2026-06-17 02:34	2026-06-17	表示	GitHub Exploit DB Packet Storm

25	7.0	HIGH ローカル	-	-	api-gateway container running with root privilege would allow an attacker to escape the container and access host system to perform unintended actions.	CWE-269 不適切な権限管理	CVE-2024-38487	2026-06-17 02:34	2026-06-17	表示	GitHub Exploit DB Packet Storm

26	6.5	MEDIUM ネットワーク	gpac	gpac	GPAC MP4Box v2.4 was discovered to contain a floating point exception in the avidmx_process function (isomedia/isom_write.c).	CWE-369 ゼロ除算	CVE-2025-55642	2026-06-17 02:34	2026-06-16	表示	GitHub Exploit DB Packet Storm

27	5.5	MEDIUM ローカル	gpac	gpac	A NULL pointer dereference in the gf_isom_copy_sample_info function (isomedia/isom_write.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file.	CWE-476 NULL ポインタデリファレンス	CVE-2025-55641	2026-06-17 02:28	2026-06-16	表示	GitHub Exploit DB Packet Storm

28	4.3	MEDIUM ネットワーク	webpack.js	webpack-dev-server	Impact: When a user-configured proxy on webpack-dev-server has a broad context (e.g. /) and ws: true, it also intercepts the dev server's own HMR WebSocket and forwards it to the proxy target. This l…	CWE-346 CWE-441 同一生成元ポリシー違反フィルタリング回避	CVE-2026-9595	2026-06-17 02:24	2026-06-16	表示	GitHub Exploit DB Packet Storm

29	6.5	MEDIUM ネットワーク	mattermost	mattermost_desktop	Mattermost Desktop App versions <=6.1 5.5.13.0 fail to account for attempting to open extremely long URLs in the Mattermost Desktop App which allows a malicious server owner to crash the application …	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2026-8683	2026-06-17 02:18	2026-06-16	表示	GitHub Exploit DB Packet Storm

30	6.5	MEDIUM ネットワーク	-	-	Firefox for iOS used partial domain matching when attaching cookies to PDF requests, allowing a malicious site on a suffix domain to receive cookies belonging to the target site. This vulnerability w…	CWE-345 データの信頼性についての不十分な検証	CVE-2026-53899	2026-06-17 02:16	2026-06-16	表示	GitHub Exploit DB Packet Storm

31	9.8	CRITICAL ネットワーク	-	-	Bernd Bestel grocy v4.6.0 was discovered to contain a SQL injection vulnerability in the product-group parameter at /stockreports/spendings. This vulnerability allows attackers to access sensitive da…	CWE-89 SQLインジェクション	CVE-2026-50890	2026-06-17 02:16	2026-06-16	表示	GitHub Exploit DB Packet Storm

32	7.5	HIGH ネットワーク	-	-	An input handling flaw in the HTTP refresh token process of LLDAP v0.6.2 allows attackers to cause a Denial of Service (DoS) via sending a crafted refresh-token header.	CWE-400 リソースの枯渇	CVE-2026-50889	2026-06-17 02:16	2026-06-16	表示	GitHub Exploit DB Packet Storm

33	8.1	HIGH ネットワーク	-	-	An authenticated Server-Side Request Forgery (SSRF) in the custom scraper subsystem component of Benjamin Jonard Koillection v1.8.0 allows attackers to scan internal resources via supplying a crafted…	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-50888	2026-06-17 02:16	2026-06-16	表示	GitHub Exploit DB Packet Storm

34	8.8	HIGH ネットワーク	-	-	Incorrect access control in statping-ng v0.93.0 allows attackers to escalate privileges to Administrator and access sensitive components.	CWE-284 不適切なアクセス制御	CVE-2026-50884	2026-06-17 02:16	2026-06-16	表示	GitHub Exploit DB Packet Storm

35	8.8	HIGH ネットワーク	-	-	DbGate is cross-platform database manager. In versions 7.1.8 and prior, the POST /runners/load-reader endpoint in DbGate accepts a functionName parameter that is directly interpolated into a JavaScri…	CWE-94 コード・インジェクション	CVE-2026-48017	2026-06-17 02:16	2026-06-16	表示	GitHub Exploit DB Packet Storm

36	-	-	-	-	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.	-	CVE-2026-39927	2026-06-17 02:16	2026-06-17	表示	GitHub Exploit DB Packet Storm

37	-	-	-	-	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.	-	CVE-2026-39926	2026-06-17 02:16	2026-06-17	表示	GitHub Exploit DB Packet Storm

38	-	-	-	-	Rejected reason: loading template...	-	CVE-2026-12412	2026-06-17 02:16	2026-06-17	表示	GitHub Exploit DB Packet Storm

39	5.4	MEDIUM ネットワーク	-	-	Incorrect boundary conditions in the Internationalization component. This vulnerability was fixed in Firefox ESR 140.12, Firefox ESR 115.37, and Thunderbird 140.12.	CWE-119 バッファエラー	CVE-2026-12330	2026-06-17 02:16	2026-06-16	表示	GitHub Exploit DB Packet Storm

40	5.3	MEDIUM ネットワーク	-	-	Memory safety bug fixed in Thunderbird ESR 140.12. This vulnerability was fixed in Firefox ESR 140.12 and Thunderbird 140.12.	CWE-119 CWE-416 CWE-476 バッファエラー解放済みメモリの使用 NULL ポインタデリファレンス	CVE-2026-12329	2026-06-17 02:16	2026-06-16	表示	GitHub Exploit DB Packet Storm

41	8.1	HIGH ネットワーク	-	-	Memory safety bugs present in Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume t…	CWE-120 古典的バッファオーバーフロー	CVE-2026-12328	2026-06-17 02:16	2026-06-16	表示	GitHub Exploit DB Packet Storm

42	7.3	HIGH ネットワーク	-	-	Memory safety bugs present in Firefox ESR 140.11, Thunderbird ESR 140.11, Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effo…	CWE-119 バッファエラー	CVE-2026-12327	2026-06-17 02:16	2026-06-16	表示	GitHub Exploit DB Packet Storm

43	7.3	HIGH ネットワーク	-	-	Memory safety bugs present in Firefox 151 and Thunderbird 151. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited t…	CWE-119 バッファエラー	CVE-2026-12326	2026-06-17 02:16	2026-06-16	表示	GitHub Exploit DB Packet Storm

44	6.5	MEDIUM ネットワーク	-	-	Denial-of-service in the Graphics: ImageLib component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.	CWE-400 リソースの枯渇	CVE-2026-12325	2026-06-17 02:16	2026-06-16	表示	GitHub Exploit DB Packet Storm

45	7.3	HIGH ネットワーク	-	-	Incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.	CWE-703 例外的な状況に対する不適切なチェックまたは処理	CVE-2026-12324	2026-06-17 02:16	2026-06-16	表示	GitHub Exploit DB Packet Storm

46	5.4	MEDIUM ネットワーク	-	-	Spoofing issue in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.	CWE-1021 レンダリングされたユーザインターフェースレイヤまたはフレームの不適切な制限	CVE-2026-12323	2026-06-17 02:16	2026-06-16	表示	GitHub Exploit DB Packet Storm

47	5.4	MEDIUM ネットワーク	-	-	Clickjacking issue in the Widget: Gtk component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.	CWE-1021 レンダリングされたユーザインターフェースレイヤまたはフレームの不適切な制限	CVE-2026-12322	2026-06-17 02:16	2026-06-16	表示	GitHub Exploit DB Packet Storm

48	5.4	MEDIUM ネットワーク	-	-	JIT miscompilation in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.	CWE-670 常に不適切な制御フローの実装	CVE-2026-12321	2026-06-17 02:16	2026-06-16	表示	GitHub Exploit DB Packet Storm

49	4.3	MEDIUM ネットワーク	-	-	Information disclosure in the Password Manager component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.	CWE-200 情報漏えい	CVE-2026-12320	2026-06-17 02:16	2026-06-16	表示	GitHub Exploit DB Packet Storm

50	6.5	MEDIUM ネットワーク	-	-	Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.	CWE-400 リソースの枯渇	CVE-2026-12319	2026-06-17 02:16	2026-06-16	表示	GitHub Exploit DB Packet Storm