NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2026年7月13日4:09

No CVSS レベル
攻撃区分
ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
1 2.4 LOW
物理
- - The Nuvoton NuMaker HSUSBD USB device-controller driver (drivers/usb/udc/udc_numaker.c) armed the control Data IN stage unconditionally (base->CEPTXCNT = len in numaker_hsusbd_ep_trigger). Because th… New CWE-400
リソースの枯渇
CVE-2026-10668 2026-07-13 02:16 2026-07-13 表示 GitHub Exploit DB Packet Storm
2 7.8 HIGH
ローカル
- - Zephyr's dynamic kernel-object tracking (kernel/userspace/userspace.c, formerly kernel/userspace.c) maintains a doubly-linked list (obj_list) of dynamically allocated kernel objects. Iteration over t… New CWE-416
解放済みメモリの使用
CVE-2026-10667 2026-07-13 02:16 2026-07-13 表示 GitHub Exploit DB Packet Storm
3 8.1 HIGH
ネットワーク
- - parse_ipv4() in subsys/net/ip/utils.c (reached via net_ipaddr_parse() for strings of the form "a.b.c.d:port") copies the port substring into a fixed 17-byte stack buffer (char ipaddr[NET_IPV4_ADDR_LE… New CWE-787
境界外書き込み
CVE-2026-10666 2026-07-13 02:16 2026-07-13 表示 GitHub Exploit DB Packet Storm
4 7.4 HIGH
ネットワーク
- - In Zephyr's WireGuard subsystem (subsys/net/lib/wireguard), wg_process_data_message() in wg_crypto.c linearizes an inbound transport-data payload into a fixed pool buffer of CONFIG_WIREGUARD_BUF_LEN … New CWE-787
境界外書き込み
CVE-2026-10665 2026-07-13 02:16 2026-07-13 表示 GitHub Exploit DB Packet Storm
5 5.0 MEDIUM
隣接
- - The nRF70 Wi-Fi driver's power-save event handler nrf_wifi_event_proc_get_power_save_info() in drivers/wifi/nrf_wifi/src/wifi_mgmt.c copied TWT (Target Wake Time) flow entries from an nrf_wifi_umac_e… New CWE-787
境界外書き込み
CVE-2026-10664 2026-07-13 02:16 2026-07-13 表示 GitHub Exploit DB Packet Storm
6 6.1 MEDIUM
物理
- - In Zephyr's experimental USB host stack (CONFIG_USB_HOST_STACK), usbh_device_disconnect() (subsys/usb/host/usbh_device.c) freed the root usb_device slab object without clearing the cached pointer ctx… New CWE-416
解放済みメモリの使用
CVE-2026-10663 2026-07-13 02:16 2026-07-13 表示 GitHub Exploit DB Packet Storm
7 8.3 HIGH
ネットワーク
- - Untrusted pointer dereference in Microsoft Edge (Chromium-based) allows an unauthorized attacker to elevate privileges over a network. New CWE-822
信頼性のないポインタデリファレンス
CVE-2026-58596 2026-07-13 01:16 2026-07-13 表示 GitHub Exploit DB Packet Storm
8 6.3 MEDIUM
ネットワーク
- - A vulnerability was detected in AojiaoZero Antaris 1.0. This affects the function _rewardPurchase of the file /ipn.php of the component PayPal IPN Payment Handler. The manipulation of the argument it… New CWE-74
CWE-89
インジェクション
SQLインジェクション
CVE-2026-15502 2026-07-12 22:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
9 6.3 MEDIUM
ネットワーク
- - A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.25.2. Affected by this issue is the function ToolsRoute.test_mcp_connection of the file astrbot/dashboard/routes/tools.py of … New CWE-918
サーバサイドリクエストフォージェリ
CVE-2026-15501 2026-07-12 22:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
10 8.8 HIGH
隣接
- - LuCI versions fail to properly encode DHCPv6 lease hostnames before rendering in status tables, allowing adjacent network attackers to inject HTML markup. Attackers can send a DHCPv6 Client FQDN cont… New CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2026-61876 2026-07-12 21:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
11 8.8 HIGH
隣接
- - luci-app-upnp contains a stored cross-site scripting vulnerability that allows unauthenticated LAN clients to inject JavaScript via UPnP IGD AddPortMapping SOAP requests. Attackers can send malicious… New CWE-79
クロスサイト・スクリプティング(XSS)
CVE-2026-61875 2026-07-12 21:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
12 3.1 LOW
ネットワーク
- - filebrowser versions before 2.63.17 fail to normalize paths before querying the share index in DeleteWithPathPrefix, allowing authenticated users to leave stale public shares behind. Attackers can de… New CWE-863
不正な認証
CVE-2026-61874 2026-07-12 21:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
13 8.8 HIGH
ネットワーク
- - OpenWrt luci-app-samba4 read ACL grants file.exec permission on /usr/sbin/smbd, allowing authenticated delegated users to execute the Samba daemon with caller-controlled command-line arguments. Attac… New CWE-269
不適切な権限管理
CVE-2026-59260 2026-07-12 21:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
14 5.3 MEDIUM
ネットワーク
- - Capgo before 12.128.2 contains an information disclosure vulnerability in the unauthenticated /private/sso/check-domain endpoint that returns internal org_id and provider_id values. Attackers can enu… New CWE-200
情報漏えい
CVE-2026-56336 2026-07-12 21:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
15 8.1 HIGH
ネットワーク
- - Capgo before 12.128.2 contains a cross-organization account disruption vulnerability in the SSO prelink endpoint that allows enterprise administrators to delete password identities of users in foreig… New CWE-285
不適切な認可
CVE-2026-56313 2026-07-12 21:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
16 7.3 HIGH
ネットワーク
- - Capgo before 12.128.2 allows email address changes without requiring current password re-authentication or verification of the existing email address. An attacker with access to a valid session cooki… New CWE-640
パスワードを忘れた場合の脆弱なパスワードリカバリの仕組み
CVE-2026-56308 2026-07-12 21:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
17 3.8 LOW
ネットワーク
- - Capgo before 12.128.2 contains a sql injection vulnerability in the POST /private/admin_stats endpoint where the limit parameter is destructured from unvalidated request body and interpolated directl… New CWE-89
SQLインジェクション
CVE-2026-56281 2026-07-12 21:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
18 9.8 CRITICAL
ネットワーク
- - Flowise before 3.1.0 (affected versions 3.0.13 and earlier) uses weak hardcoded default JWT secrets ('auth_token', 'refresh_token') and default audience and issuer values ('AUDIENCE', 'ISSUER') in th… New CWE-321
ハードコードされた暗号鍵の使用
CVE-2026-56271 2026-07-12 21:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
19 9.1 CRITICAL
ネットワーク
- - Crawl4AI before 0.8.7 contains an arbitrary file write vulnerability in the Docker API server's /screenshot and /pdf endpoints. The output_path parameter accepts arbitrary filesystem paths without va… New CWE-22
パス・トラバーサル
CVE-2026-56260 2026-07-12 21:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
20 8.2 HIGH
ネットワーク
- - Crawl4AI before 0.8.8 contains credential exfiltration vulnerabilities in the Docker API server that allow attackers to redirect LLM API calls to attacker-controlled endpoints and read arbitrary envi… New CWE-200
情報漏えい
CVE-2026-56259 2026-07-12 21:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
21 5.4 MEDIUM
ネットワーク
- - Capgo before 12.128.2 contains a scope isolation vulnerability in the POST /webhooks/test endpoint that allows app-scoped API keys to invoke org-scoped webhook operations. Attackers with app-scoped c… New CWE-863
不正な認証
CVE-2026-56252 2026-07-12 21:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
22 8.3 HIGH
ネットワーク
- - Capgo before 12.128.2 contains a privilege escalation vulnerability where demoted super_admin users retain access to delete_non_compliant_bundles and count_non_compliant_bundles RPCs due to stale org… New CWE-285
不適切な認可
CVE-2026-56241 2026-07-12 21:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
23 7.5 HIGH
ネットワーク
- - Capgo before 12.128.2 contains an information disclosure vulnerability in the Supabase PostgREST global_stats endpoint that allows unauthenticated attackers to read sensitive financial and operationa… New CWE-200
情報漏えい
CVE-2026-56238 2026-07-12 21:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
24 6.3 MEDIUM
ネットワーク
- - A weakness has been identified in AstrBotDevs AstrBot up to 4.25.2. Affected by this vulnerability is the function get_online_plugins of the file astrbot/dashboard/routes/plugin.py of the component m… New CWE-918
サーバサイドリクエストフォージェリ
CVE-2026-15500 2026-07-12 21:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
25 6.3 MEDIUM
ネットワーク
- - A security flaw has been discovered in AstrBotDevs AstrBot up to 4.25.2. Affected is the function FutureTaskTool.call of the file astrbot/core/tools/cron_tools.py of the component Scheduled Task Hand… New CWE-266
CWE-285
不適切な権限設定
不適切な認可
CVE-2026-15499 2026-07-12 21:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
26 7.3 HIGH
ネットワーク
- - A vulnerability was identified in sergomanov SmartHomeAdatum up to cf495353d81b680675eb8d9aa14a318aa45ce12c. This impacts an unknown function of the file users.php of the component Login. Such manipu… New CWE-74
CWE-89
インジェクション
SQLインジェクション
CVE-2026-15498 2026-07-12 21:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
27 7.3 HIGH
ネットワーク
- - A vulnerability was determined in SonicCloudOrg sonic-agent up to 2.7.2. This affects an unknown function of the file sonic-server-controller/src/main/java/org/cloud/sonic/controller/controller/Excha… New CWE-74
CWE-94
インジェクション
コード・インジェクション
CVE-2026-15497 2026-07-12 21:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
28 6.3 MEDIUM
ネットワーク
- - A vulnerability was found in SonicCloudOrg sonic-agent up to 2.7.2. The impacted element is the function evalIsFailed of the file sonic-agent/src/main/java/org/cloud/sonic/agent/tests/script/GroovySc… New CWE-77
CWE-78
コマンドインジェクション
OSコマンド・インジェクション
CVE-2026-15496 2026-07-12 20:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
29 6.3 MEDIUM
ネットワーク
- - A vulnerability has been found in SonicCloudOrg sonic-agent up to 2.7.2. The affected element is an unknown function of the file AndroidWSServer.java of the component Android WebSocket Server. The ma… New CWE-77
CWE-78
コマンドインジェクション
OSコマンド・インジェクション
CVE-2026-15495 2026-07-12 20:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
30 4.7 MEDIUM
ネットワーク
- - A flaw has been found in AMTT Hotel Broadband Operation System 1.0. Impacted is an unknown function of the file manager/network/switch_status.php. Executing a manipulation of the argument ID can lead… New CWE-74
CWE-89
インジェクション
SQLインジェクション
CVE-2026-15494 2026-07-12 20:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
31 3.5 LOW
ネットワーク
- - A vulnerability was detected in Akpali9 Attendance-Management-System up to 70b91fe38f4195b701a45f0edcd4f42d5f64aeee. This issue affects some unknown processing of the file absent.php. Performing a ma… New CWE-79
CWE-94
クロスサイト・スクリプティング(XSS)
コード・インジェクション
CVE-2026-15493 2026-07-12 20:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
32 4.3 MEDIUM
ネットワーク
- - A security vulnerability has been detected in igweze wizgrade up to b1d55f22b90cd7e7a6e5002f006d7c649e8086d6. This vulnerability affects unknown code of the file dashboard/studentConductManager.php. … New CWE-79
CWE-94
クロスサイト・スクリプティング(XSS)
コード・インジェクション
CVE-2026-15492 2026-07-12 20:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
33 7.3 HIGH
ネットワーク
- - A weakness has been identified in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. This affects an unknown part. This manipulation causes missing authentication. The attack is… New CWE-287
CWE-306
不適切な認証
重要な機能に対する認証の欠如 解説
CVE-2026-15491 2026-07-12 19:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
34 7.3 HIGH
ネットワーク
- - A security flaw has been discovered in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected by this issue is some unknown functionality of the file proses/add.php. The ma… New CWE-74
CWE-89
インジェクション
SQLインジェクション
CVE-2026-15490 2026-07-12 19:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
35 7.3 HIGH
ネットワーク
- - A vulnerability was identified in RafyMrX TOKO-ONLINE-ROTI up to ddfe1cd587be0a0b5135d8b6e85cce2ec3aece99. Affected by this vulnerability is an unknown functionality of the file proses/login.php. The… New CWE-74
CWE-89
インジェクション
SQLインジェクション
CVE-2026-15489 2026-07-12 18:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
36 7.3 HIGH
ネットワーク
- - A vulnerability was determined in hcr707305003 shiroiAdmin 1.1/1.3. Affected is the function FileController::upload of the file app/common/controller/FileController.php. Executing a manipulation of t… New CWE-284
CWE-434
不適切なアクセス制御
危険なタイプのファイルの無制限アップロード
CVE-2026-15488 2026-07-12 18:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
37 6.3 MEDIUM
ネットワーク
- - A vulnerability was found in TRENDnet TEW-821DAP 1.11B03. This impacts the function sub_41FBD0 of the file /goform/system_ntp of the component Firmware Update Handler. Performing a manipulation of th… New CWE-77
CWE-78
コマンドインジェクション
OSコマンド・インジェクション
CVE-2026-15487 2026-07-12 18:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
38 6.3 MEDIUM
ネットワーク
- - A vulnerability has been found in TRENDnet TEW-821DAP 1.11B03. This affects the function sub_42026C of the file /goform/tools_ddns of the component Firmware Update Handler. Such manipulation of the a… New CWE-77
CWE-78
コマンドインジェクション
OSコマンド・インジェクション
CVE-2026-15486 2026-07-12 18:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
39 6.3 MEDIUM
ネットワーク
- - A flaw has been found in TRENDnet TEW-821DAP 1.11B03. The impacted element is the function sub_43F2C4 of the file /goform/tools_nslookup of the component DNS Lookup Handler. This manipulation of the … New CWE-77
CWE-78
コマンドインジェクション
OSコマンド・インジェクション
CVE-2026-15485 2026-07-12 17:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
40 8.8 HIGH
ネットワーク
- - A vulnerability was detected in TRENDnet TEW-821DAP 1.12B01. The affected element is the function sub_41EC14 of the file /goform/tools_nslookup of the component ssi. The manipulation results in buffe… New CWE-119
CWE-120
バッファエラー
古典的バッファオーバーフロー
CVE-2026-15484 2026-07-12 16:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
41 8.8 HIGH
ネットワーク
- - A security vulnerability has been detected in TRENDnet TEW-821DAP 1.12B01. Impacted is the function sub_41EC14 of the file /goform/tools_nslookup of the component ssi. The manipulation of the argumen… New CWE-119
CWE-120
バッファエラー
古典的バッファオーバーフロー
CVE-2026-15483 2026-07-12 16:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
42 7.3 HIGH
ネットワーク
- - A weakness has been identified in Aster Telecom Azcall 10/11. This issue affects some unknown processing of the file /azcall/adm/gestao_loja/sis.php?t=consultar of the component HTTP Handler. Executi… New CWE-74
CWE-89
インジェクション
SQLインジェクション
CVE-2026-15482 2026-07-12 16:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
43 8.8 HIGH
ネットワーク
- - A security flaw has been discovered in Trendnet TEW-635BRM up to 1.00.03. This vulnerability affects the function ipoa_test of the file /sbin/rc of the component IPoA WAN Connection Setup. Performing… New CWE-74
CWE-77
インジェクション
コマンドインジェクション
CVE-2026-15481 2026-07-12 15:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
44 8.8 HIGH
ネットワーク
- - A vulnerability was identified in Trendnet TEW-635BRM up to 1.00.03. This affects the function start_httpd of the file /sbin/rc of the component Web Service. Such manipulation of the argument device_… New CWE-119
CWE-121
バッファエラー
スタックオーバーフロー
CVE-2026-15480 2026-07-12 15:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
45 7.3 HIGH
ネットワーク
- - A vulnerability was found in H3C NX15 V100R017. Affected by this vulnerability is the function change_passwd of the file /api/login/modify of the component Administrator Password Modification Endpoin… New CWE-640
パスワードを忘れた場合の脆弱なパスワードリカバリの仕組み
CVE-2026-15479 2026-07-12 15:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
46 6.3 MEDIUM
ネットワーク
- - A flaw has been found in IceHRM up to 35.0.1. This impacts an unknown function of the file core/src/Reports/User/Reports/EmployeeAttendanceReport.php of the component UserReport Endpoint. Executing a… New CWE-74
CWE-89
インジェクション
SQLインジェクション
CVE-2026-15478 2026-07-12 14:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
47 6.3 MEDIUM
ネットワーク
- - A vulnerability was detected in Bahmni bahmnicore up to 0.93. This affects the function additionalParams of the file /openmrs/ws/rest/v1/bahmnicore/sql of the component Search Endpoint. Performing a … New CWE-74
CWE-89
インジェクション
SQLインジェクション
CVE-2026-15477 2026-07-12 14:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
48 5.3 MEDIUM
ローカル
- - A security vulnerability has been detected in QILING Disk Master 6.0.0.0. The impacted element is an unknown function in the library diskbckp.sys of the component Kernel Driver. Such manipulation lea… New CWE-266
CWE-284
不適切な権限設定
不適切なアクセス制御
CVE-2026-15476 2026-07-12 13:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
49 5.3 MEDIUM
ローカル
- - A weakness has been identified in MiniTool Partition Wizard up to 13.6. The affected element is an unknown function in the library pwdrvio.sys of the component Signed Kernel Driver. This manipulation… New CWE-266
CWE-284
不適切な権限設定
不適切なアクセス制御
CVE-2026-15475 2026-07-12 12:16 2026-07-12 表示 GitHub Exploit DB Packet Storm
50 4.3 MEDIUM
ネットワーク
- - A security flaw has been discovered in Eleveo Call Recording Software 9.7.0. Impacted is an unknown function of the file /callrec/audio.jsp of the component Call Recording Handler. The manipulation o… New CWE-266
CWE-285
不適切な権限設定
不適切な認可
CVE-2026-15474 2026-07-12 12:16 2026-07-12 表示 GitHub Exploit DB Packet Storm