NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年4月22日4:00

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
551	7.5	HIGH ネットワーク	-	-	An issue in the file handling logic of the component download.php of SAC-NFe v2.0.02 allows attackers to execute a directory traversal and read arbitrary files from the system via a crafted GET reque…	CWE-22 パス・トラバーサル	CVE-2026-30996	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

552	7.4	HIGH ネットワーク	-	-	Git for Windows is the Windows port of Git. Versions prior to 2.53.0.windows.3 do not have protections that prevent attackers from obtaining a user's NTLM hash. The NTLM hash can be obtained by trick…	CWE-200 情報漏えい	CVE-2026-32631	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

553	3.1	LOW ネットワーク	-	-	Weblate is a web based localization tool. In versions prior to 5.17, the tasks API didn't verify user access for pending tasks. This could expose logs of in-progress operations to users who don't hav…	CWE-284 不適切なアクセス制御	CVE-2026-33212	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

554	4.3	MEDIUM ネットワーク	-	-	Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't enforce proper access control. This issue has been f…	CWE-862 認証の欠如	CVE-2026-33214	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

555	8.0	HIGH ネットワーク	-	-	Velociraptor versions prior to 0.76.3 contain a vulnerability in the query() plugin which allows access to all orgs with the user's current ACL token. This allows an authenticated GUI user with acces…	CWE-863 不正な認証	CVE-2026-6290	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

556	6.8	MEDIUM ネットワーク	-	-	Weblate is a web based localization tool. In versions prior to 5.17, the translation memory API exposed unintended endpoints, which in turn didn't perform proper access control. This issue has been f…	CWE-22 CWE-200 パス・トラバーサル情報漏えい	CVE-2026-33220	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

557	8.0	HIGH ネットワーク	-	-	Weblate is a web based localization tool. In versions prior to 5.17, the project backup didn't filter Git and Mercurial configuration files which could lead to remote code execution under certain cir…	CWE-23 CWE-94 CWE-434 相対的パストラバーサルコード・インジェクション危険なタイプのファイルの無制限アップロード	CVE-2026-33435	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

558	5.0	MEDIUM ネットワーク	-	-	Weblate is a web based localization tool. In versions prior to 5.17, the ALLOWED_ASSET_DOMAINS setting applied only to the first issued requests and didn't restrict possible redirects. This issue has…	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-33440	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

559	7.4	HIGH ネットワーク	-	-	OpenProject is an open-source project management application. In versions prior to 17.3.0, 2FA OTP verification in the confirm_otp action of the two_factor_authentication module has no rate limiting,…	CWE-307 過度な認証試行の不適切な制限	CVE-2026-33667	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

560	7.7	HIGH ネットワーク	-	-	Weblate is a web based localization tool. In versions prior to 5.17, the ZIP download feature didn't verify downloaded files, potentially following symlinks outside the repository. This issue has be…	CWE-22 CWE-59 CWE-200 パス・トラバーサルリンク解釈の問題情報漏えい	CVE-2026-34242	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

561	5.0	MEDIUM ネットワーク	-	-	Weblate is a web based localization tool. In versions prior to 5.17, a user with the project.edit permission (granted by the per-project "Administration" role) can configure machine translation servi…	CWE-200 CWE-918 情報漏えいサーバサイドリクエストフォージェリ	CVE-2026-34244	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

562	8.8	HIGH ネットワーク	-	-	Weblate is a web based localization tool. In versions prior to 5.17, the user patching API endpoint didn't properly limit the scope of edits. This issue has been fixed in version 5.17.	CWE-269 不適切な権限管理	CVE-2026-34393	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

563	4.1	MEDIUM ネットワーク	-	-	Weblate is a web based localization tool. In versions prior to 5.17, the webhook add-on did not utilize existing SSRF protections. This issue has been fixed in version 5.17. If developers are unable …	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-39845	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

564	5.0	MEDIUM ネットワーク	-	-	Weblate is a web based localization tool. In versions prior to 5.17, repository-boundary validation relies on string prefix checks on resolved absolute paths. In multiple code paths, the check uses s…	CWE-22 パス・トラバーサル	CVE-2026-40256	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

565	7.8	HIGH ローカル	-	-	Barracuda RMM versions prior to 2025.2.2 contain a privilege escalation vulnerability that allows local attackers to gain SYSTEM-level privileges by exploiting overly permissive filesystem ACLs on th…	CWE-732 重要なリソースに対する不適切なパーミッションの割り当て	CVE-2026-22676	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

566	9.4	CRITICAL ネットワーク	-	-	Dgraph is an open source distributed GraphQL database. Versions 25.3.1 and prior contain an unauthenticated credential disclosure vulnerability where the /debug/pprof/cmdline endpoint is registered o…	CWE-200 CWE-215 情報漏えいデバッグコードへの重要な情報の挿入	CVE-2026-40173	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

567	7.8	HIGH ローカル	-	-	Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::generateP4Command() method, which constructs she…	CWE-20 CWE-78 不適切な入力確認 OSコマンド・インジェクション	CVE-2026-40176	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

568	6.1	MEDIUM ネットワーク	-	-	ApostropheCMS is an open-source Node.js content management system. A regression introduced in commit 49d0bb7, included in versions 2.17.1 of the ApostropheCMS-maintained sanitize-html package bypasse…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-40186	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

569	8.8	HIGH ネットワーク	-	-	Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase() method, which appends the $source…	CWE-20 CWE-78 不適切な入力確認 OSコマンド・インジェクション	CVE-2026-40261	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

570	-	-	-	-	Pega Platform versions 8.1.0 through 25.1.1 are affected by an HTML Injection vulnerability in a user interface component. Requires a high privileged user with a developer role.	CWE-80 クロスサイトスクリプティング (Basic XSS)	CVE-2026-1564	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

571	-	-	-	-	Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-Site Scripting vulnerability in a user interface component. Requires a high privileged user with a developer role.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-1711	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

572	6.8	MEDIUM ネットワーク	-	-	ProcessWire CMS version 3.0.255 and prior contain a server-side request forgery vulnerability in the admin panel's 'Add Module From URL' feature that allows authenticated administrators to supply arb…	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-40500	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

573	9.1	CRITICAL ネットワーク	-	-	A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace bound…	CWE-1220 アクセス制御の不十分な粒度	CVE-2026-6388	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

574	-	-	-	-	Pillow is a Python imaging library. Versions 10.3.0 through 12.1.1 did not limit the amount of GZIP-compressed data read when decoding a FITS image, making them vulnerable to decompression bomb attac…	CWE-400 CWE-770 リソースの枯渇制限またはスロットリング無しのリソースの割り当て	CVE-2026-40192	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

575	5.4	MEDIUM ネットワーク	-	-	Istio is an open platform to connect, manage, and secure microservices. In versions 1.25.0 through 1.27.8, 1.28.0 through 1.28.5, 1.29.0, and 1.29.1, the serviceAccounts and notServiceAccounts fields…	CWE-185 CWE-863 不正な正規表現不正な認証	CVE-2026-39350	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

576	-	-	-	-	Prometheus is an open-source monitoring system and time series database. Versions 3.0 through 3.5.1 and 3.6.0 through 3.11.1 have stored cross-site scripting vulnerabilities in multiple components of…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-40179	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

577	8.8	HIGH ネットワーク	-	-	OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workfl…	CWE-94 CWE-95 コード・インジェクション Evalインジェクション	CVE-2026-40316	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

578	8.2	HIGH ネットワーク	-	-	maddy is a composable, all-in-one mail server. Versions prior to 0.9.3 contain an LDAP injection vulnerability in the auth.ldap module where user-supplied usernames are interpolated into LDAP search …	CWE-90 LDAP インジェクション	CVE-2026-40193	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

579	2.9	LOW ローカル	-	-	Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path.	CWE-426 信頼性のない検索パス	CVE-2026-40947	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

580	8.8	HIGH ネットワーク	-	-	OpenHarness prior to commit dd1d235 contains a command injection vulnerability that allows remote gateway users with chat access to invoke sensitive administrative commands by exploiting insufficient…	CWE-862 認証の欠如	CVE-2026-40502	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

581	6.5	MEDIUM ネットワーク	-	-	OpenHarness prior to commit dd1d235 contains a path traversal vulnerability that allows remote gateway users with chat access to read arbitrary files by supplying path traversal sequences to the /mem…	CWE-22 パス・トラバーサル	CVE-2026-40503	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

582	7.5	HIGH ネットワーク	-	-	Free5GC is an open-source Linux Foundation project for 5th generation (5G) mobile core networks. Versions 4.2.1 and below contain an information disclosure vulnerability in the UDR (Unified Data Repo…	CWE-200 CWE-202 CWE-209 情報漏えいデータクエリからの重要な情報の漏えいエラーメッセージによる情報漏えい	CVE-2026-40245	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

583	9.3	CRITICAL ローカル	-	-	Luanti 5 before 5.15.2, when LuaJIT is used, allows a Lua sandbox escape via a crafted mod.	CWE-829 信頼性のない制御領域からの機能の組み込み	CVE-2026-40959	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

584	8.1	HIGH ローカル	-	-	Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trusted_mods or secure.http_mods, then a crafted mod can intercept the re…	CWE-670 常に不適切な制御フローの実装	CVE-2026-40960	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

585	9.8	CRITICAL ネットワーク	-	-	Creolabs Gravity before 0.9.6 contains a heap buffer overflow vulnerability in the gravity_vm_exec function that allows attackers to write out-of-bounds memory by crafting scripts with many string li…	CWE-122 ヒープオーバーフロー	CVE-2026-40504	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

586	4.9	MEDIUM ローカル	-	-	FFmpeg before 8.1 has an integer overflow and resultant out-of-bounds write via CENC (Common Encryption) subsample data to libavformat/mov.c.	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2026-40962	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

587	7.4	HIGH ローカル	-	-	radare2 before 9236f44, when configured on UNIX without SSL, allows command injection via a PDB name to rabin2 -PP. NOTE: although users are supposed to use the latest version from git (not a release…	CWE-78 OSコマンド・インジェクション	CVE-2026-41015	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

588	8.8	HIGH ローカル	-	-	WinMatrix agent developed by Simopro Technology has a Missing Authentication vulnerability, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges on the local machin…	CWE-306 重要な機能に対する認証の欠如解説	CVE-2026-6348	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

589	-	-	-	-	The iSherlock developed by HGiga has an OS Command Injection vulnerability, allowing unauthenticated local attackers to inject arbitrary OS commands and execute them on the server.	CWE-78 OSコマンド・インジェクション	CVE-2026-6349	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

590	9.8	CRITICAL ネットワーク	-	-	MailGates/MailAudit developed by Openfind has a Stack-based Buffer Overflow vulnerability, allowing unauthenticated remote attackers to control the program's execution flow and execute arbitrary code.	CWE-121 スタックオーバーフロー	CVE-2026-6350	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

591	7.5	HIGH ネットワーク	-	-	MailGates/MailAudit developed by Openfind has a CRLF Injection vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read system files.	CWE-93 CRLF インジェクション	CVE-2026-6351	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

592	8.8	HIGH ネットワーク	-	-	In products of the MSE6 product-family by Festo a remote authenticated, low privileged attacker could use functions of undocumented test mode which could lead to a complete loss of confidentiality, i…	CWE-1242 文書化されていない機能やチキンビットの組み込み	CVE-2023-3634	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

593	4.3	MEDIUM ネットワーク	-	-	In Wago Smart Designer in versions up to 2.33.1 a low privileged remote attacker may enumerate projects and usernames through iterative requests to an specific endpoint.	CWE-203 セキュリティ関連の処理に対するレスポンスの違いに起因する情報漏えい	CVE-2023-5872	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

594	6.0	MEDIUM ネットワーク	-	-	Due to improper input validation in one of the Eaton Intelligent Power Protector (IPP) XML, it is possible for an attacker with admin privileges and access to the local system to inject malicious cod…	CWE-20 不適切な入力確認	CVE-2026-22615	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

595	6.5	MEDIUM ネットワーク	-	-	Eaton Intelligent Power Protector (IPP) software allows repeated authentication attempts against the web interface login page due to insufficient rate‑limiting controls. This security issue has been …	CWE-307 過度な認証試行の不適切な制限	CVE-2026-22616	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

596	6.3	MEDIUM ネットワーク	-	-	UDP Console provided by Arcserve contains an incorrectly specified destination in a communication channel vulnerability. When a user configures an activation server hostname of the affected product t…	CWE-941 通信チャネルの不適切な宛名の指定	CVE-2026-40118	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

597	5.7	MEDIUM ネットワーク	-	-	Eaton Intelligent Power Protector (IPP) uses an insecure cookie configuration, which could allow a network‑based attacker to intercept the cookie and exploit it through a man‑in‑the‑middle attack. Th…	CWE-614 HTTPS セッション内の Secure 属性がない重要な Cookie	CVE-2026-22617	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

598	5.9	MEDIUM ネットワーク	-	-	A security misconfiguration was identified in Eaton Intelligent Power Protector (IPP), where an HTTP response header was set with an insecure attribute, potentially exposing users to web‑based attack…	CWE-358 不適切に実装されたセキュリティチェック	CVE-2026-22618	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

599	7.8	HIGH ローカル	-	-	Eaton Intelligent Power Protector (IPP) is affected by insecure library loading in its executable, which could lead to arbitrary code execution by an attacker with access to the software package. Thi…	CWE-427 制御されていない検索パスの要素	CVE-2026-22619	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm

600	6.5	MEDIUM ネットワーク	-	-	LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where opening a crafted web page can repeatedly trigger OS-level dialogs, potentially causing the iOS devic…	CWE-451 ユーザインターフェースにおける重要情報の誤った表示	CVE-2026-3861	2026-04-18 00:38	2026-04-16	表示	GitHub Exploit DB Packet Storm