NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CRITICAL
HIGH
MEDIUM
LOW
CVE
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2025年7月12日4:10

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
1	7.8	HIGH ローカル	adobe	substance_3d_designer	Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of… Update	CWE-787 境界外書き込み	CVE-2025-21164	2025-07-12 02:48	2025-07-9	表示	GitHub Exploit DB Packet Storm

2	7.8	HIGH ローカル	adobe	dimension	Dimension versions 4.1.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue … Update	CWE-787 境界外書き込み	CVE-2025-30312	2025-07-12 02:47	2025-07-9	表示	GitHub Exploit DB Packet Storm

3	5.5	MEDIUM ローカル	adobe	substance_3d_designer	Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability t… Update	CWE-125 境界外読み取り	CVE-2025-21168	2025-07-12 02:47	2025-07-9	表示	GitHub Exploit DB Packet Storm

4	5.5	MEDIUM ローカル	adobe	substance_3d_designer	Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability t… Update	CWE-125 境界外読み取り	CVE-2025-21167	2025-07-12 02:47	2025-07-9	表示	GitHub Exploit DB Packet Storm

5	7.8	HIGH ローカル	adobe	substance_3d_designer	Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of… Update	CWE-787 境界外書き込み	CVE-2025-21166	2025-07-12 02:47	2025-07-9	表示	GitHub Exploit DB Packet Storm

6	7.8	HIGH ローカル	adobe	substance_3d_designer	Substance3D - Designer versions 14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of… Update	CWE-787 境界外書き込み	CVE-2025-21165	2025-07-12 02:47	2025-07-9	表示	GitHub Exploit DB Packet Storm

7	7.8	HIGH ローカル	adobe	incopy	InCopy versions 20.3, 19.5.3 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitatio… Update	CWE-824 初期化されていないポインタのアクセス	CVE-2025-47098	2025-07-12 02:46	2025-07-9	表示	GitHub Exploit DB Packet Storm

8	7.8	HIGH ローカル	adobe	incopy	InCopy versions 20.3, 19.5.3 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Expl… Update	CWE-191 整数アンダーフロー	CVE-2025-47097	2025-07-12 02:46	2025-07-9	表示	GitHub Exploit DB Packet Storm

9	5.5	MEDIUM ローカル	adobe	substance_3d_viewer	Substance3D - Viewer versions 0.22 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interact… Update	CWE-125 境界外読み取り	CVE-2025-43584	2025-07-12 02:46	2025-07-9	表示	GitHub Exploit DB Packet Storm

10	5.5	MEDIUM ローカル	adobe	substance_3d_viewer	Substance3D - Viewer versions 0.22 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability … Update	CWE-476 NULL ポインタデリファレンス	CVE-2025-43583	2025-07-12 02:46	2025-07-9	表示	GitHub Exploit DB Packet Storm

11	7.8	HIGH ローカル	adobe	substance_3d_viewer	Substance3D - Viewer versions 0.22 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user, scope uncha… Update	CWE-122 ヒープオーバーフロー	CVE-2025-43582	2025-07-12 02:46	2025-07-9	表示	GitHub Exploit DB Packet Storm

12	7.8	HIGH ローカル	adobe	incopy	InCopy versions 20.3, 19.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of t… Update	CWE-122 ヒープオーバーフロー	CVE-2025-47099	2025-07-12 02:45	2025-07-9	表示	GitHub Exploit DB Packet Storm

13	7.4	HIGH ネットワーク	adobe	coldfusion	ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an XML Injection vulnerability that could lead to arbitrary file system read. An attacker can exploit this issue by injecting … Update	CWE-91 ブラインド XPath インジェクション	CVE-2025-49538	2025-07-12 02:45	2025-07-9	表示	GitHub Exploit DB Packet Storm

14	7.3	HIGH 隣接	adobe	coldfusion	ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could lever… Update	CWE-863 不正な認証	CVE-2025-49536	2025-07-12 02:45	2025-07-9	表示	GitHub Exploit DB Packet Storm

15	5.5	MEDIUM ローカル	adobe	dimension	Dimension versions 4.1.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mit… Update	CWE-125 境界外読み取り	CVE-2025-47135	2025-07-12 02:45	2025-07-9	表示	GitHub Exploit DB Packet Storm

16	-	-	ivanti	endpoint_manager_mobile	OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2,12.4.0.3 and 12.3.0.3 allows a remote authenticated attacker with high privileges to achieve remote code executi… Update	CWE-78 OSコマンド・インジェクション	CVE-2025-6771	2025-07-12 02:29	2025-07-9	表示	GitHub Exploit DB Packet Storm

17	-	-	ivanti	endpoint_manager_mobile	OS command injection in Ivanti Endpoint Manager Mobile (EPMM) before version 12.5.0.2 allows a remote authenticated attacker with high privileges to achieve remote code execution Update	CWE-78 OSコマンド・インジェクション	CVE-2025-6770	2025-07-12 02:29	2025-07-9	表示	GitHub Exploit DB Packet Storm

18	6.1	MEDIUM ネットワーク	pixelite	events_manager	The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘calendar_header’ parameter in all versions up to, and includi… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2025-6975	2025-07-12 02:27	2025-07-10	表示	GitHub Exploit DB Packet Storm

19	7.5	HIGH ネットワーク	pixelite	events_manager	The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to time-based SQL Injection via the ‘orderby’ parameter in all versions up to, and including, 7.0.3 due … New	CWE-89 SQLインジェクション	CVE-2025-6970	2025-07-12 02:27	2025-07-10	表示	GitHub Exploit DB Packet Storm

20	5.4	MEDIUM ネットワーク	pixelite	events_manager	The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 7.0.3 … New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2025-6976	2025-07-12 02:26	2025-07-10	表示	GitHub Exploit DB Packet Storm

21	-	-	ivanti	endpoint_manager	SQL injection in Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a remote authenticated attacker with admin privileges to read arbitrary data from the database Update	CWE-89 SQLインジェクション	CVE-2025-7037	2025-07-12 02:24	2025-07-9	表示	GitHub Exploit DB Packet Storm

22	-	-	ivanti	endpoint_manager	Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords. Update	CWE-257 復元可能な形式でのパスワード保存	CVE-2025-6996	2025-07-12 02:24	2025-07-9	表示	GitHub Exploit DB Packet Storm

23	-	-	ivanti	endpoint_manager	Improper use of encryption in the agent of Ivanti Endpoint Manager before version 2024 SU3 and 2022 SU8 Security Update 1 allows a local authenticated attacker to decrypt other users’ passwords. Update	CWE-257 復元可能な形式でのパスワード保存	CVE-2025-6995	2025-07-12 02:24	2025-07-9	表示	GitHub Exploit DB Packet Storm

24	8.8	HIGH ネットワーク	fabianros	chat_system	A vulnerability was found in code-projects Chat System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /user/fetch_chat.php. The manipulation of the argumen… Update	CWE-89 CWE-74 SQLインジェクションインジェクション	CVE-2025-7186	2025-07-12 02:23	2025-07-9	表示	GitHub Exploit DB Packet Storm

25	8.8	HIGH ネットワーク	fabianros	chat_system	A vulnerability classified as critical has been found in code-projects Chat System 1.0. Affected is an unknown function of the file /user/fetch_member.php. The manipulation of the argument ID leads t… Update	-	CVE-2025-7187	2025-07-12 02:20	2025-07-9	表示	GitHub Exploit DB Packet Storm

26	8.8	HIGH ネットワーク	fabianros	library_management_system	A vulnerability was found in code-projects/Fabian Ros Library Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/profile_update.p… Update	CWE-284 CWE-434 不適切なアクセス制御危険なタイプのファイルの無制限アップロード	CVE-2025-7210	2025-07-12 02:19	2025-07-9	表示	GitHub Exploit DB Packet Storm

27	8.8	HIGH ネットワーク	fabianros	chat_system	A vulnerability classified as critical was found in code-projects Chat System 1.0. Affected by this vulnerability is an unknown functionality of the file /user/addmember.php. The manipulation of the … Update	CWE-89 CWE-74 SQLインジェクションインジェクション	CVE-2025-7188	2025-07-12 02:19	2025-07-9	表示	GitHub Exploit DB Packet Storm

28	8.8	HIGH ネットワーク	fabianros	chat_system	A vulnerability, which was classified as critical, has been found in code-projects Chat System 1.0. Affected by this issue is some unknown functionality of the file /user/send_message.php. The manipu… Update	CWE-89 CWE-74 SQLインジェクションインジェクション	CVE-2025-7189	2025-07-12 02:17	2025-07-9	表示	GitHub Exploit DB Packet Storm

29	5.4	MEDIUM ネットワーク	-	-	A vulnerability was found in letseeqiji gorobbs up to 1.0.8. It has been classified as critical. This affects the function ResetUserAvatar of the file controller/api/v1/user.go of the component API. … New	CWE-22 パス・トラバーサル	CVE-2025-7450	2025-07-12 02:15	2025-07-12	表示	GitHub Exploit DB Packet Storm

30	5.4	MEDIUM ネットワーク	-	-	Microsoft Edge (Chromium-based) Spoofing Vulnerability New	-	CVE-2025-47964	2025-07-12 02:15	2025-07-12	表示	GitHub Exploit DB Packet Storm

31	6.3	MEDIUM ネットワーク	-	-	No cwe for this issue in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. New	-	CVE-2025-47963	2025-07-12 02:15	2025-07-12	表示	GitHub Exploit DB Packet Storm

32	5.6	MEDIUM ローカル	-	-	Improper input validation in Microsoft Edge (Chromium-based) allows an authorized attacker to bypass a security feature locally. New	CWE-20 不適切な入力確認	CVE-2025-47182	2025-07-12 02:15	2025-07-12	表示	GitHub Exploit DB Packet Storm

33	-	-	-	-	GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains a ../ symlink to a… New	CWE-24 パストラバーサル (../filedir)	CVE-2025-45582	2025-07-12 02:15	2025-07-12	表示	GitHub Exploit DB Packet Storm

34	-	-	-	-	immich is a high performance self-hosted photo and video management solution. Prior to 1.132.0, immich is vulnerable to account hijacking through oauth2, because the state parameter is not being chec… New	CWE-303 認証アルゴリズム上の問題	CVE-2025-43856	2025-07-12 02:15	2025-07-12	表示	GitHub Exploit DB Packet Storm

35	-	-	-	-	Meshtastic is an open source mesh networking solution. Prior to 2.5.1, traceroute responses from the remote node are not rate limited. Given that there are SNR measurements attributed to each receive… New	CWE-799 インタラクション頻度の不適切な制御	CVE-2024-47065	2025-07-12 02:15	2025-07-12	表示	GitHub Exploit DB Packet Storm

36	8.8	HIGH ネットワーク	fabianros	library_management_system	A vulnerability, which was classified as critical, was found in code-projects Library Management System 2.0. This affects an unknown part of the file /admin/student_edit_photo.php. The manipulation o… Update	-	CVE-2025-7190	2025-07-12 02:15	2025-07-9	表示	GitHub Exploit DB Packet Storm

37	9.8	CRITICAL ネットワーク	anisha	jonnys_liquor	A vulnerability classified as critical was found in code-projects Jonnys Liquor 1.0. This vulnerability affects unknown code of the file /admin/admin-area.php. The manipulation of the argument drink … Update	CWE-89 CWE-74 SQLインジェクションインジェクション	CVE-2025-7198	2025-07-12 02:13	2025-07-9	表示	GitHub Exploit DB Packet Storm

38	9.8	CRITICAL ネットワーク	anisha	jonnys_liquor	A vulnerability classified as critical has been found in code-projects Jonnys Liquor 1.0. This affects an unknown part of the file /admin/delete-row.php. The manipulation of the argument ID leads to … Update	-	CVE-2025-7197	2025-07-12 02:13	2025-07-9	表示	GitHub Exploit DB Packet Storm

39	9.8	CRITICAL ネットワーク	anisha	jonnys_liquor	A vulnerability was found in code-projects Jonnys Liquor 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /browse.php. The manipulation of the argu… Update	-	CVE-2025-7196	2025-07-12 02:13	2025-07-9	表示	GitHub Exploit DB Packet Storm

40	9.8	CRITICAL ネットワーク	code-projects	student_enrollment	A vulnerability has been found in code-projects Student Enrollment System 1.0 and classified as critical. This vulnerability affects unknown code of the file /login.php. The manipulation of the argum… Update	-	CVE-2025-7191	2025-07-12 02:13	2025-07-9	表示	GitHub Exploit DB Packet Storm

41	9.8	CRITICAL ネットワーク	code-projects	library_system	A vulnerability, which was classified as critical, has been found in code-projects Library System 1.0. This issue affects some unknown processing of the file /notapprove.php. The manipulation of the … Update	CWE-89 CWE-74 SQLインジェクションインジェクション	CVE-2025-7199	2025-07-12 02:12	2025-07-9	表示	GitHub Exploit DB Packet Storm

42	8.8	HIGH 隣接	adobe	coldfusion	ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a Use of Hard-coded Credentials vulnerability that could result in privilege escalation. An attacker could leverage this vulne… Update	CWE-798 ハードコードされた認証情報の使用	CVE-2025-49551	2025-07-12 01:47	2025-07-9	表示	GitHub Exploit DB Packet Storm

43	4.5	MEDIUM 隣接	adobe	coldfusion	ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Access Control vulnerability that could lead to application denial-of-service. A high-privileged attacker could ex… Update	CWE-284 不適切なアクセス制御	CVE-2025-49546	2025-07-12 01:46	2025-07-9	表示	GitHub Exploit DB Packet Storm

44	6.2	MEDIUM 隣接	adobe	coldfusion	ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A high-privilege authenticat… Update	CWE-918 サーバサイドリクエストフォージェリ	CVE-2025-49545	2025-07-12 01:46	2025-07-9	表示	GitHub Exploit DB Packet Storm

45	6.8	MEDIUM ネットワーク	adobe	coldfusion	ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in a Security feature bypass.… Update	CWE-611 XML 外部エンティティ参照の不適切な制限	CVE-2025-49544	2025-07-12 01:46	2025-07-9	表示	GitHub Exploit DB Packet Storm

46	4.3	MEDIUM 隣接	adobe	coldfusion	ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scrip… Update	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2025-49543	2025-07-12 01:46	2025-07-9	表示	GitHub Exploit DB Packet Storm

47	5.2	MEDIUM 隣接	adobe	coldfusion	ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an unauthenticated attacker is able to convince a victim to visit a U… Update	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2025-49542	2025-07-12 01:46	2025-07-9	表示	GitHub Exploit DB Packet Storm

48	4.3	MEDIUM 隣接	adobe	coldfusion	ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scrip… Update	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2025-49541	2025-07-12 01:46	2025-07-9	表示	GitHub Exploit DB Packet Storm

49	4.3	MEDIUM 隣接	adobe	coldfusion	ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scrip… Update	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2025-49540	2025-07-12 01:46	2025-07-9	表示	GitHub Exploit DB Packet Storm

50	4.5	MEDIUM 隣接	adobe	coldfusion	ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in a security feature bypass.… Update	CWE-611 XML 外部エンティティ参照の不適切な制限	CVE-2025-49539	2025-07-12 01:46	2025-07-9	表示	GitHub Exploit DB Packet Storm