NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月11日5:13

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
501	7.5	HIGH ネットワーク	-	-	Shenzhen Tenda Technology Co., Ltd Tenda US_W3V1.0BR v1.0.0.3 was discovered to contain a stack overflow in the Go parameter of the ask_to_reboot function. This vulnerability allows attackers to caus… New	CWE-121 スタックオーバーフロー	CVE-2026-36770	2026-06-10 05:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

502	6.1	MEDIUM ネットワーク	-	-	Ellucian Banner Self-Service before the April T2 release (2025-04-23) contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in … New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-32856	2026-06-10 05:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

503	7.8	HIGH ローカル	-	-	SQLite before 3.53.2 contains a heap-based buffer overflow vulnerability in the FTS5 full-text search extension that allows attackers to cause a crash or execute arbitrary code by supplying a crafted… New	CWE-122 ヒープオーバーフロー	CVE-2026-11824	2026-06-10 05:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

504	7.8	HIGH ローカル	-	-	SQLite before 3.53.2 contains memory corruption vulnerabilities in the FTS5 full-text search extension that allow attackers to cause process crashes, memory exhaustion, or arbitrary code execution by… New	CWE-122 ヒープオーバーフロー	CVE-2026-11822	2026-06-10 05:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

505	7.2	HIGH ネットワーク	-	-	A flaw was found in Keycloak. A limited administrator can exploit an improper access control vulnerability in the POST /admin/realms/{realm}/partialImport endpoint. This allows them to bypass Fine-Gr… Update	CWE-863 不正な認証	CVE-2026-11577	2026-06-10 05:16	2026-06-8	表示	GitHub Exploit DB Packet Storm

506	9.8	CRITICAL ネットワーク	-	-	Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. … New	-	CVE-2026-10045	2026-06-10 05:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

507	7.5	HIGH ネットワーク	-	-	A NULL pointer dereference in the gf_odf_vvc_cfg_write_bs function (odf/descriptors.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. New	CWE-476 NULL ポインタデリファレンス	CVE-2025-55657	2026-06-10 05:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

508	7.5	HIGH ネットワーク	-	-	A segmentation violaton in the gf_hevc_read_sps_bs_internal function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying crafted HEVC SPS … New	CWE-400 リソースの枯渇	CVE-2025-52293	2026-06-10 05:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

509	7.5	HIGH ネットワーク	-	-	A stack buffer overflow in the filein_process function (in_file.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. New	CWE-121 スタックオーバーフロー	CVE-2025-52292	2026-06-10 05:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

510	6.2	MEDIUM ローカル	-	-	An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later). A large number of Firefox preference files can cause the parser to ignore other browser configuration files, lea… New	CWE-755 例外的な状態における不適切な処理	CVE-2023-43686	2026-06-10 05:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

511	8.2	HIGH ローカル	-	-	The utility functions used by Malwarebytes EDR 1.0.11 on Linux for calculating a cryptographic hash of data bytes truncate the hashed data if it exceeds 4GB. This leads to an integer wrap-around if t… New	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2023-29146	2026-06-10 05:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

512	5.5	MEDIUM ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: AppArmor: Allow apparmor to handle unaligned dfa tables The dfa tables can originate from kernel or userspace and 8-byte alignmen… Update	NVD-CWE-noinfo	CVE-2026-46254	2026-06-10 05:10	2026-06-4	表示	GitHub Exploit DB Packet Storm

513	5.5	MEDIUM ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-edma: don't explicitly disable clocks in .remove() The clocks in fsl_edma_engine::muxclk are allocated and enabled… Update	NVD-CWE-noinfo	CVE-2026-46255	2026-06-10 05:10	2026-06-4	表示	GitHub Exploit DB Packet Storm

514	5.5	MEDIUM ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: NFS/localio: prevent direct reclaim recursion into NFS via nfs_writepages LOCALIO is an NFS loopback mount optimization that avoi… Update	CWE-667 不適切なロック	CVE-2026-46256	2026-06-10 05:10	2026-06-4	表示	GitHub Exploit DB Packet Storm

515	5.5	MEDIUM ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/timer-sp804: Fix an Oops when read_current_timer is called on ARM32 platforms where the SP804 is not registere… Update	CWE-908 初期化されていないリソースの使用	CVE-2026-46257	2026-06-10 05:10	2026-06-4	表示	GitHub Exploit DB Packet Storm

516	5.5	MEDIUM ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: gpio: cdev: Avoid NULL dereference in linehandle_create() In linehandle_create(), there is a statement like this: retain_and_nu… Update	CWE-476 NULL ポインタデリファレンス	CVE-2026-46258	2026-06-10 05:09	2026-06-4	表示	GitHub Exploit DB Packet Storm

517	7.8	HIGH ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: procfs: fix missing RCU protection when reading real_parent in do_task_stat() When reading /proc/[pid]/stat, do_task_stat() acces… Update	NVD-CWE-noinfo	CVE-2026-46259	2026-06-10 05:09	2026-06-4	表示	GitHub Exploit DB Packet Storm

518	7.8	HIGH ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix out-of-bound access in fib6_add_rt2node(). syzbot reported out-of-bound read in fib6_add_rt2node(). [0] When IPv6 rout… Update	CWE-125 境界外読み取り	CVE-2026-46260	2026-06-10 05:09	2026-06-4	表示	GitHub Exploit DB Packet Storm

519	5.5	MEDIUM ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcm_fiu_probe() platform_get_resource_byname() can return NULL, which w… Update	CWE-476 NULL ポインタデリファレンス	CVE-2026-46261	2026-06-10 05:03	2026-06-4	表示	GitHub Exploit DB Packet Storm

520	5.5	MEDIUM ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl_xcvr: Revert fix missing lock in fsl_xcvr_mode_put() This reverts commit f51424872760 ("ASoC: fsl_xcvr: fix missing loc… Update	CWE-667 不適切なロック	CVE-2026-46262	2026-06-10 04:59	2026-06-4	表示	GitHub Exploit DB Packet Storm

521	7.8	HIGH ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bounds stream encoder index v3 eng_id can be negative and that stream_enc_regs[] can be indexed out o… Update	CWE-125 境界外読み取り	CVE-2026-46263	2026-06-10 04:57	2026-06-4	表示	GitHub Exploit DB Packet Storm

522	4.7	MEDIUM ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: coresight: tmc-etr: Fix race condition between sysfs and perf mode When trying to run perf and sysfs mode simultaneously, the WAR… Update	CWE-362 競合状態	CVE-2026-46272	2026-06-10 04:52	2026-06-4	表示	GitHub Exploit DB Packet Storm

523	7.8	HIGH ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: do WoW offloads only on primary link In case of multi-link connection, WCN7850 firmware crashes due to WoW offloads… Update	NVD-CWE-noinfo	CVE-2026-46271	2026-06-10 04:52	2026-06-4	表示	GitHub Exploit DB Packet Storm

524	8.4	HIGH ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: power: supply: rt9455: Fix use-after-free in power_supply_changed() Using the `devm_` variant for requesting IRQ _before_ the `de… Update	CWE-416 解放済みメモリの使用	CVE-2026-46270	2026-06-10 04:52	2026-06-4	表示	GitHub Exploit DB Packet Storm

525	5.5	MEDIUM ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: pinctrl: canaan: k230: Fix NULL pointer dereference when parsing devicetree When probing the k230 pinctrl driver, the kernel trig… Update	CWE-476 NULL ポインタデリファレンス	CVE-2026-46269	2026-06-10 04:51	2026-06-4	表示	GitHub Exploit DB Packet Storm

526	5.5	MEDIUM ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: PCI/P2PDMA: Fix p2pmem_alloc_mmap() warning condition Commit b7e282378773 has already changed the initial page refcount of p2pdma… Update	NVD-CWE-noinfo	CVE-2026-46268	2026-06-10 04:48	2026-06-4	表示	GitHub Exploit DB Packet Storm

527	7.8	HIGH ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: nfc: hci: shdlc: Stop timers and work before freeing context llc_shdlc_deinit() purges SHDLC skb queues and frees the llc_shdlc s… Update	CWE-416 解放済みメモリの使用	CVE-2026-46267	2026-06-10 04:48	2026-06-4	表示	GitHub Exploit DB Packet Storm

528	9.1	CRITICAL ネットワーク	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: inet: RAW sockets using IPPROTO_RAW MUST drop incoming ICMP Yizhou Zhao reported that simply having one RAW socket on protocol IP… Update	NVD-CWE-noinfo	CVE-2026-46266	2026-06-10 04:47	2026-06-4	表示	GitHub Exploit DB Packet Storm

529	7.5	HIGH ネットワーク	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix WQ_MEM_RECLAIM warning When sunrpc is used, if a reset triggered, our wq may lead the following trace: workqueue: … Update	NVD-CWE-noinfo	CVE-2026-46265	2026-06-10 04:46	2026-06-4	表示	GitHub Exploit DB Packet Storm

530	-	-	-	-	An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token. New	-	CVE-2026-36727	2026-06-10 04:35	2026-06-10	表示	GitHub Exploit DB Packet Storm

531	-	-	-	-	Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain multiple stack overflows in the fromVirtualSer function via the puVar2, puVar1, __s2, __s1_00, and… New	-	CVE-2026-36779	2026-06-10 04:35	2026-06-10	表示	GitHub Exploit DB Packet Storm

532	-	-	-	-	Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain a stack overflow in the domain parameter of the fromNetToolGet function. This vulnerability allows… New	-	CVE-2026-36783	2026-06-10 04:35	2026-06-10	表示	GitHub Exploit DB Packet Storm

533	-	-	-	-	Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain a stack overflow in the ip parameter of the fromNetToolGet function. This vulnerability allows att… New	-	CVE-2026-36784	2026-06-10 04:35	2026-06-10	表示	GitHub Exploit DB Packet Storm

534	-	-	-	-	Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the wl_radio parameter of the formWifiRadioSet function. This vulnerability al… New	-	CVE-2026-36792	2026-06-10 04:35	2026-06-10	表示	GitHub Exploit DB Packet Storm

535	-	-	-	-	Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a stack overflow in the picCropName parameter of the formCropAndSetWewifiPic function. This vulnerability allows attac… New	-	CVE-2026-36796	2026-06-10 04:35	2026-06-10	表示	GitHub Exploit DB Packet Storm

536	-	-	-	-	Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a stack overflow in the IPMacBindRuleIp parameter of the formIPMacBindModify function. This vulnerability allows attac… New	-	CVE-2026-36797	2026-06-10 04:35	2026-06-10	表示	GitHub Exploit DB Packet Storm

537	-	-	-	-	Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain multiple stack overflows in the formSetDebugCfgr function via the enable, level, and module parameters. These vulnerab… New	-	CVE-2026-36798	2026-06-10 04:35	2026-06-10	表示	GitHub Exploit DB Packet Storm

538	-	-	-	-	Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a buffer overflow in the portalAuth parameter of the formPortalAuth function. This vulnerability allows attackers to c… New	-	CVE-2026-36799	2026-06-10 04:35	2026-06-10	表示	GitHub Exploit DB Packet Storm

539	-	-	-	-	Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain a buffer overflow in the IPMacBindIndex parameter of the formIPMacBindDel function. This vulnerability allows attacker… New	-	CVE-2026-36800	2026-06-10 04:35	2026-06-10	表示	GitHub Exploit DB Packet Storm

540	-	-	-	-	Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserPwd parameter of the formAddWebAuthUser function. This vulnerability allows att… New	-	CVE-2026-36807	2026-06-10 04:35	2026-06-10	表示	GitHub Exploit DB Packet Storm

541	-	-	-	-	Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthUserInfo parameter of the formAddWebAuthUser function. This vulnerability allows at… New	-	CVE-2026-36808	2026-06-10 04:35	2026-06-10	表示	GitHub Exploit DB Packet Storm

542	-	-	-	-	Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthWhiteID parameter of the formModifyWebAuthWhiteUser function. This vulnerability al… New	-	CVE-2026-36809	2026-06-10 04:35	2026-06-10	表示	GitHub Exploit DB Packet Storm

543	-	-	-	-	Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the gotoUrl parameter of the formPortalAuth function. This vulnerability allows attackers to c… New	-	CVE-2026-36810	2026-06-10 04:35	2026-06-10	表示	GitHub Exploit DB Packet Storm

544	-	-	-	-	Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the picName parameter of the formDelwebAuthPic function. This vulnerability allows attackers t… New	-	CVE-2026-36811	2026-06-10 04:35	2026-06-10	表示	GitHub Exploit DB Packet Storm

545	-	-	-	-	Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the hostname parameter of the formSetNetCheckTools function. This vulnerability allows attacke… New	-	CVE-2026-36815	2026-06-10 04:35	2026-06-10	表示	GitHub Exploit DB Packet Storm

546	-	-	-	-	Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the wewifiWhiteUserInfo parameter of the formAddWewifiWhiteUser function. This vulnerability a… New	-	CVE-2026-36816	2026-06-10 04:35	2026-06-10	表示	GitHub Exploit DB Packet Storm

547	-	-	-	-	Shenzhen Tenda Technology Co., Ltd Tenda W15E v15.11.0.10 was discovered to contain a buffer overflow in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser function. This vulnerability… New	-	CVE-2026-36817	2026-06-10 04:35	2026-06-10	表示	GitHub Exploit DB Packet Storm

548	-	-	-	-	Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the wewifiWhiteUserInfo parameter of the formAddWewifiWhiteUser function. This vulnerability al… New	-	CVE-2026-36818	2026-06-10 04:35	2026-06-10	表示	GitHub Exploit DB Packet Storm

549	5.7	MEDIUM 物理	-	-	Dell Client Platform BIOS contains a Weak Encoding for Password vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of P… New	CWE-261 パスワードの弱い暗号の使用	CVE-2026-40639	2026-06-10 04:30	2026-06-10	表示	GitHub Exploit DB Packet Storm

550	8.8	HIGH ネットワーク	google	chrome	Out of bounds memory access in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: … Update	CWE-125 CWE-787 境界外読み取り境界外書き込み	CVE-2026-10941	2026-06-10 04:21	2026-06-5	表示	GitHub Exploit DB Packet Storm