NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月11日5:13

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
451	6.5	MEDIUM ネットワーク	-	-	An authenticated user can cause a MongoDB server to crash or return incorrect results by creating documents that interfere with internal metadata processing during query execution. This stems from in… New	CWE-617 到達可能なアサーション	CVE-2026-9750	2026-06-10 08:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

452	6.5	MEDIUM ネットワーク	-	-	This issue can occur when running an aggregation pipeline that uses the internal $exchange stage configured with key-range partitioning and order-preserving delivery. If a single key range produces e… New	CWE-617 到達可能なアサーション	CVE-2026-9749	2026-06-10 08:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

453	6.5	MEDIUM ネットワーク	-	-	The $_internalConvertBucketIndexStats stage used PauseExecution as a way to signal "skip this document" when an index stats conversion failed. But PauseExecution is not a general purpose skip mechani… New	CWE-617 到達可能なアサーション	CVE-2026-9748	2026-06-10 08:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

454	6.5	MEDIUM ネットワーク	-	-	Adding fromRouter:true and runtimeConstants.userRoles could cause aggregations to crash mongodb server. New	CWE-617 到達可能なアサーション	CVE-2026-9747	2026-06-10 08:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

455	6.5	MEDIUM ネットワーク	-	-	When using $changestreams and $_requestReshardingResumeToken with the exchange option the server hits an invariant which causes the server to crash. There are no special privileges needed. The user m… New	CWE-617 到達可能なアサーション	CVE-2026-9746	2026-06-10 08:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

456	6.5	MEDIUM ネットワーク	-	-	In MongoDB Server 8.0, an aggregation stage can leave its _subPipeline field null during processing of certain pipelines. If a getMore is subsequently issued on the same cursor, the server may derefe… New	CWE-476 NULL ポインタデリファレンス	CVE-2026-9743	2026-06-10 08:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

457	7.5	HIGH ネットワーク	-	-	When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" command that lead to server crash. The authenticate command is… New	CWE-1287 指定されたタイプの入力に対する不適切な検証	CVE-2026-9742	2026-06-10 08:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

458	6.5	MEDIUM ネットワーク	-	-	A bug in query analysis processing of the $vectorSearch aggregation stage for Queryable Encryption (QE) or Client-Side Field Level Encryption (CSFLE) results in literal values for encrypted fields w… New	CWE-319 重要な情報の平文での送信	CVE-2026-9741	2026-06-10 08:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

459	7.5	HIGH ネットワーク	-	-	A vulnerability in MongoDB Server's BSON validation logic allows an unauthenticated user to crash the mongod process by sending a specially crafted message. The BSON validator's handling of certain n… New	CWE-674 不適切な再帰制御	CVE-2026-9740	2026-06-10 08:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

460	5.5	MEDIUM ローカル	-	-	MongoDB server may log authentication parameters, including credentials, to the server log during SASL authentication. When connection health metric logging is enabled, the full authentication parame… New	CWE-532 ログファイルからの情報漏えい	CVE-2026-9735	2026-06-10 08:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

461	6.5	MEDIUM 隣接	-	-	lldpd is an implementation of IEEE 802.1ab (LLDP). Prior to version 1.0.22, lldpd_decode() in src/daemon/lldpd.c strips 802.1Q VLAN tags from received Ethernet frames by calling memmove() to shift th… New	CWE-125 境界外読み取り	CVE-2026-46433	2026-06-10 08:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

462	7.5	HIGH ネットワーク	-	-	SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.2.0, in deployments where untrusted users can provide SQL queries to be l… New	CWE-400 リソースの枯渇	CVE-2026-46374	2026-06-10 08:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

463	7.5	HIGH ネットワーク	-	-	SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.1.0, in deployments where untrusted users can provide SQL queries to be l… New	CWE-674 不適切な再帰制御	CVE-2026-46373	2026-06-10 08:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

464	-	-	-	-	A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user. New	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2026-44963	2026-06-10 08:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

465	-	-	-	-	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. New	-	CVE-2026-10238	2026-06-10 08:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

466	5.4	MEDIUM ネットワーク	-	-	A markdown based cross-site scripting (XSS) vulnerability in the AI assistant chat function of FastapiAdmin v2.2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted pa… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-36728	2026-06-10 07:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

467	8.1	HIGH ネットワーク	-	-	Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type. New	CWE-284 不適切なアクセス制御	CVE-2026-36720	2026-06-10 07:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

468	6.1	MEDIUM ネットワーク	-	-	OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious content through th… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-34417	2026-06-10 07:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

469	9.8	CRITICAL ネットワーク	-	-	An issue was discovered in bitbank2 AnimatedGIF v2.2.0. A buffer overflow in the DecodeLZW function allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code … New	CWE-120 古典的バッファオーバーフロー	CVE-2026-30141	2026-06-10 07:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

470	6.1	MEDIUM ネットワーク	-	-	OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability in the DICOM image upload handler that allows attackers to execute arbitrary JavaScript in a victim's browser by embeddi… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-25860	2026-06-10 07:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

471	6.5	MEDIUM ネットワーク	-	-	GPAC MP4Box v2.4 was discovered to contain a floating point exception in the gf_opus_parse_packet_header function (media_tools/av_parsers.c). bThis vulnerability allows attackers to cause a Denial of… New	CWE-1077 誤った演算子による浮動小数点の比較	CVE-2025-55658	2026-06-10 07:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

472	7.8	HIGH ローカル	-	-	Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerab… New	-	CVE-2026-8863	2026-06-10 06:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

473	6.3	MEDIUM ネットワーク	-	-	SemCms 5.0 is vulnerable to Cross Site Request Forgery (CSRF) via crafted POST request to /admin/semcms_user.php. New	CWE-352 同一生成元ポリシー違反	CVE-2026-39170	2026-06-10 06:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

474	7.5	HIGH ネットワーク	-	-	SEMCMS 5.0 is vulnerable to unauthorized access in SEMCMS_copy.php. New	CWE-284 不適切なアクセス制御	CVE-2026-39169	2026-06-10 06:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

475	7.5	HIGH ネットワーク	-	-	Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the macAddr parameter of the formDelStaState function. This vulnerability allows attackers to c… New	CWE-121 スタックオーバーフロー	CVE-2026-36822	2026-06-10 06:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

476	7.5	HIGH ネットワーク	-	-	Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the picCropName parameter of the formCropAndSetWewifiPic function. This vulnerability allows at… New	CWE-121 スタックオーバーフロー	CVE-2026-36821	2026-06-10 06:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

477	7.5	HIGH ネットワーク	-	-	Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser function. This vulnerability … New	CWE-121 スタックオーバーフロー	CVE-2026-36820	2026-06-10 06:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

478	7.5	HIGH ネットワーク	-	-	Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the bindMACAddr parameter of the fromSetDhcpRules function. This vulnerability allows attackers… New	CWE-121 スタックオーバーフロー	CVE-2026-36819	2026-06-10 06:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

479	6.1	MEDIUM ネットワーク	-	-	A markdown based cross-site scripting (XSS) vulnerability in the /system/notice/create endpoint of FastapiAdmin v2.2.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafte… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-36725	2026-06-10 06:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

480	6.5	MEDIUM ネットワーク	-	-	An uncaught exception in the /application/job/update/{id} endpoint of FastapiAdmin v2.2.0 allows authenticated attackers with the module_task:job:update permission to cause a Denial of Service (DoS) … New	CWE-400 リソースの枯渇	CVE-2026-36724	2026-06-10 06:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

481	6.1	MEDIUM ネットワーク	-	-	OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious input through the … New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-34416	2026-06-10 06:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

482	5.4	MEDIUM ネットワーク	-	-	Evoluted PHP Directory Listing Script through 4.0.5 contains a reflected cross-site scripting vulnerability in index.php where the dir parameter value is reflected without HTML encoding inside the HT… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-25557	2026-06-10 06:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

483	6.5	MEDIUM ネットワーク	-	-	A NULL pointer dereference in the ctts_box_write function (isomedia/box_code_base.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. New	CWE-476 NULL ポインタデリファレンス	CVE-2025-55659	2026-06-10 06:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

484	7.5	HIGH ネットワーク	-	-	An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later). There is a Heap buffer overflow in various buffer encryption utilities. New	CWE-122 ヒープオーバーフロー	CVE-2023-43688	2026-06-10 06:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

485	7.8	HIGH ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: pstore/ram: fix buffer overflow in persistent_ram_save_old() persistent_ram_save_old() can be called multiple times for the same … Update	CWE-787 境界外書き込み	CVE-2026-46253	2026-06-10 05:42	2026-06-4	表示	GitHub Exploit DB Packet Storm

486	5.5	MEDIUM ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix locking in regulator_resolve_supply() error path If late enabling of a supply regulator fails in regulator_r… Update	CWE-667 不適切なロック	CVE-2026-46252	2026-06-10 05:42	2026-06-4	表示	GitHub Exploit DB Packet Storm

487	7.3	HIGH ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: MIPS: Work around LLVM bug when gp is used as global register variable On MIPS, __current_thread_info is defined as global regist… Update	NVD-CWE-noinfo	CVE-2026-46250	2026-06-10 05:42	2026-06-4	表示	GitHub Exploit DB Packet Storm

488	8.4	HIGH ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: btrfs: fix block_group_tree dirty_list corruption When the incompat flag EXTENT_TREE_V2 is set, we unconditionally add the block … Update	NVD-CWE-noinfo	CVE-2026-46251	2026-06-10 05:38	2026-06-4	表示	GitHub Exploit DB Packet Storm

489	5.5	MEDIUM ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Fix PF driver crash with kexec kernel booting During a kexec reboot the hardware is not power-cycled, so AF state f… Update	NVD-CWE-noinfo	CVE-2026-46249	2026-06-10 05:37	2026-06-4	表示	GitHub Exploit DB Packet Storm

490	5.5	MEDIUM ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: clear stale link mapping of ahvif->links_map When an arvif is initialized in non-AP STA mode but MLO connection pre… Update	NVD-CWE-noinfo	CVE-2026-46248	2026-06-10 05:36	2026-06-4	表示	GitHub Exploit DB Packet Storm

491	5.5	MEDIUM ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: clk: qcom: gfx3d: add parent to parent request map After commit d228ece36345 ("clk: divider: remove round_rate() in favor of dete… Update	NVD-CWE-noinfo	CVE-2026-46247	2026-06-10 05:36	2026-06-4	表示	GitHub Exploit DB Packet Storm

492	7.8	HIGH ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: power: supply: pm8916_lbc: Fix use-after-free for extcon in IRQ handler Using the `devm_` variant for requesting IRQ _before_ the… Update	CWE-416 解放済みメモリの使用	CVE-2026-46246	2026-06-10 05:36	2026-06-4	表示	GitHub Exploit DB Packet Storm

493	5.5	MEDIUM ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix dc_link NULL handling in HPD init amdgpu_dm_hpd_init() may see connectors without a valid dc_link. The code… Update	CWE-476 NULL ポインタデリファレンス	CVE-2026-46245	2026-06-10 05:36	2026-06-4	表示	GitHub Exploit DB Packet Storm

494	9.1	CRITICAL ネットワーク	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_inner: Fix IPv6 inner_thoff desync In nft_inner_parse_l2l3(), when processing inner IPv6 packets, ipv6_find_hdr() … Update	NVD-CWE-noinfo	CVE-2026-46244	2026-06-10 05:35	2026-06-4	表示	GitHub Exploit DB Packet Storm

495	5.5	MEDIUM ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Recover from panthor_gpu_flush_caches() failures We have seen a few cases where the whole memory subsystem is blocke… Update	NVD-CWE-noinfo	CVE-2025-71314	2026-06-10 05:35	2026-06-4	表示	GitHub Exploit DB Packet Storm

496	5.5	MEDIUM ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Add missing NULL check for alloc_workqueue() alloc_workqueue() can return NULL on memory allocation failure. Witho… Update	CWE-476 NULL ポインタデリファレンス	CVE-2025-71313	2026-06-10 05:35	2026-06-4	表示	GitHub Exploit DB Packet Storm

497	-	-	-	-	A flaw exists in FlashArray Purity where insufficient filtering of certain data paths could expose sensitive information to an authenticated user with low privileges. New	CWE-939 カスタム URL スキームのハンドラの不適切な認可	CVE-2026-6445	2026-06-10 05:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

498	-	-	-	-	A flaw exists in the FlashArray Purity management interface where an authenticated low-privileged user may, under specific conditions, access functionality beyond their assigned privileges. New	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-6444	2026-06-10 05:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

499	7.5	HIGH ネットワーク	-	-	Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the webAuthUserInfo parameter of the formAddWebAuthUser function. This vulnerability allows att… New	CWE-121 スタックオーバーフロー	CVE-2026-36823	2026-06-10 05:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

500	7.5	HIGH ネットワーク	-	-	Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the wl_radio parameter of the formwrlSSIDset function. This vulnerability allo… New	CWE-121 スタックオーバーフロー	CVE-2026-36771	2026-06-10 05:16	2026-06-10	表示	GitHub Exploit DB Packet Storm