NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月12日4:20

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
551	7.9	HIGH ローカル	microsoft	windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2012 windows_server_2016 w…	Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. New	CWE-1329 アップデートができないコンポーネントへの依存	CVE-2026-48573	2026-06-11 02:15	2026-06-10	表示	GitHub Exploit DB Packet Storm

552	6.8	MEDIUM 物理	microsoft	windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2012 windows_server_2016 w…	Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. New	CWE-306 重要な機能に対する認証の欠如解説	CVE-2026-50507	2026-06-11 01:33	2026-06-10	表示	GitHub Exploit DB Packet Storm

553	6.5	MEDIUM ネットワーク	-	-	Silverpeas through 6.4.6 mishandles the "Personal space" feature that is selected when no componentId is set. New	CWE-36 絶対パストラバーサル	CVE-2026-53698	2026-06-11 01:17	2026-06-11	表示	GitHub Exploit DB Packet Storm

554	-	-	-	-	Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Nomachine allows Argument Injection.This issue affects Nomachine: before 9.5.7, before 8.23.2. New	CWE-88 引数の挿入または変更	CVE-2026-53694	2026-06-11 01:17	2026-06-11	表示	GitHub Exploit DB Packet Storm

555	-	-	-	-	A stored cross-site scripting vulnerability existed in MISP BSimVis tag rendering code. Several client-side rendering paths interpolated tag names, collection names, entity identifiers, cluster names… New	CWE-79 CWE-116 クロスサイト・スクリプティング（XSS）不適切なエンコード、または出力のエスケープ	CVE-2026-53693	2026-06-11 01:17	2026-06-11	表示	GitHub Exploit DB Packet Storm

556	9.6	CRITICAL ネットワーク	-	-	A flaw was found in migration-planner. The agent-API middleware processes JSON Web Tokens (JWTs) for authentication, but its UpdateSourceInventory and UpdateAgentStatus handlers fail to validate the … New	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-53471	2026-06-11 01:17	2026-06-11	表示	GitHub Exploit DB Packet Storm

557	5.3	MEDIUM ネットワーク	-	-	Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not encrypt secrets from POST config.xml submissions before storing them in job configurations unencrypted in job config.xml files on the Jenki… New	CWE-311 重要なデータの暗号化の欠如	CVE-2026-53442	2026-06-11 01:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

558	4.3	MEDIUM ネットワーク	-	-	Jenkins 2.567 and earlier, LTS 2.555.2 and earlier does not ensure that the "from" parameter in the "Delegate to servlet container" security realm is safe to redirect to after login, allowing attacke… New	CWE-601 オープンリダイレクト	CVE-2026-53440	2026-06-11 01:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

559	7.8	HIGH ローカル	-	-	Ghidra before 12.0.4 contains a path traversal vulnerability in the theme import functionality that allows attackers to write files outside the intended theme directory. Attackers can craft malicious… New	CWE-22 パス・トラバーサル	CVE-2026-52755	2026-06-11 01:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

560	5.5	MEDIUM ローカル	-	-	Ghidra before 12.0.3 contains an out-of-memory vulnerability in the rust_demangle function that allocates unbounded output buffers without size limits. Attackers can craft malicious Rust symbol names… New	CWE-789 過剰なサイズ値のメモリ割り当て	CVE-2026-52753	2026-06-11 01:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

561	-	-	-	-	Stack-based Buffer Overflow vulnerability in Erlang OTP (erl_interface) allows Stack-based Buffer Overflow. This vulnerability is associated with program file lib/erl_interface/src/misc/ei_printterm… New	CWE-121 スタックオーバーフロー	CVE-2026-49760	2026-06-11 01:17	2026-06-11	表示	GitHub Exploit DB Packet Storm

562	-	-	-	-	Stack-based Buffer Overflow vulnerability in Erlang OTP erts (inet_drv) allows an unauthenticated remote attacker to crash the BEAM VM by sending a crafted SCTP ERROR chunk. The sctp_parse_error_chu… New	CWE-121 スタックオーバーフロー	CVE-2026-49759	2026-06-11 01:17	2026-06-11	表示	GitHub Exploit DB Packet Storm

563	-	-	-	-	Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl (inet_tls_dist module) allows unauthenticated bypass of the distribution-over-TLS LAN allowlist. The inet_tls_dist:check_ip/… New	CWE-863 CWE-1025 不正な認証誤った要素を使用した比較	CVE-2026-48860	2026-06-11 01:17	2026-06-11	表示	GitHub Exploit DB Packet Storm

564	-	-	-	-	Observable Timing Discrepancy vulnerability in Erlang/OTP ssh (ssh_auth, ssh_options modules) allows unauthenticated remote username enumeration via timing side-channel in password authentication. W… New	CWE-208 タイミングの違いに起因する情報漏えい	CVE-2026-48859	2026-06-11 01:17	2026-06-11	表示	GitHub Exploit DB Packet Storm

565	4.3	MEDIUM ネットワーク	google	chrome	Uninitialized Use in Codecs in Google Chrome on Linux, ChromeOS prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted video file. (Chromium security severity: High) New	CWE-457 初期化されていない変数の使用	CVE-2026-11668	2026-06-11 01:17	2026-06-9	表示	GitHub Exploit DB Packet Storm

566	-	-	-	-	Server-Side Request Forgery (SSRF) vulnerability in Erlang/OTP ftp (ftp_internal module) allows FTP bounce attacks and SSRF via an unvalidated PASV response IP address. The ftp_internal:handle_ctrl_… New	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-48858	2026-06-11 01:17	2026-06-11	表示	GitHub Exploit DB Packet Storm

567	-	-	-	-	Sensitive Data Exposure vulnerability in Erlang OTP inets (httpc_response module) allows Retrieve Embedded Sensitive Data. The httpc client forwards the Authorization and Proxy-Authorization request… New	CWE-601 オープンリダイレクト	CVE-2026-48856	2026-06-11 01:17	2026-06-11	表示	GitHub Exploit DB Packet Storm

568	-	-	-	-	Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh (ssh_sftpd module) allows File Discovery. The SSH_FXP_READLINK handler in ssh_sftpd sends the raw result of… New	CWE-200 情報漏えい	CVE-2026-48855	2026-06-11 01:17	2026-06-11	表示	GitHub Exploit DB Packet Storm

569	5.0	MEDIUM ネットワーク	-	-	OpenFGA is an authorization/permission engine built for developers. Prior to version 1.16.0, when iterator caching is enabled, two distinct check requests can produce the same cache key, leading to O… New	CWE-345 CWE-668 データの信頼性についての不十分な検証誤った領域へのリソースの漏えい	CVE-2026-48096	2026-06-11 01:17	2026-06-11	表示	GitHub Exploit DB Packet Storm

570	8.3	HIGH ネットワーク	-	-	Plane is an open-source project management tool. Prior to version 1.3.1, there is a cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in … New	CWE-639 CWE-862 ユーザ制御の鍵による認証回避認証の欠如	CVE-2026-46558	2026-06-11 01:17	2026-06-11	表示	GitHub Exploit DB Packet Storm

571	-	-	-	-	Crawlee is a web scraping and browser automation library. From version 1.0.0 to before version 1.7.0, Crawlee is vulnerable to SSRF via sitemap-derived URLs. This issue has been patched in version 1.… New	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-46497	2026-06-11 01:17	2026-06-11	表示	GitHub Exploit DB Packet Storm

572	8.1	HIGH ネットワーク	-	-	Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, EscapedString (app/modules/roxywi/class_models.py:16-30) is the centralised Pydan… New	CWE-20 CWE-22 CWE-117 不適切な入力確認パス・トラバーサル不適切なログ出力の無効化	CVE-2026-45565	2026-06-11 01:17	2026-06-11	表示	GitHub Exploit DB Packet Storm

573	8.8	HIGH ネットワーク	-	-	Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /config/versions/<service>/<server_ip>/<configver>/save interpolates the URL… New	CWE-78 OSコマンド・インジェクション	CVE-2026-45564	2026-06-11 01:17	2026-06-11	表示	GitHub Exploit DB Packet Storm

574	4.3	MEDIUM ネットワーク	-	-	Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, GET /history/<service>/<server_ip> re-uses the server_ip path parameter as a user… New	CWE-639 CWE-863 ユーザ制御の鍵による認証回避不正な認証	CVE-2026-45563	2026-06-11 01:17	2026-06-11	表示	GitHub Exploit DB Packet Storm

575	4.9	MEDIUM ネットワーク	-	-	Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, get_ldap_email (app/modules/roxywi/user.py:120-157) builds the LDAP search filter… New	CWE-90 LDAP インジェクション	CVE-2026-45559	2026-06-11 01:17	2026-06-11	表示	GitHub Exploit DB Packet Storm

576	9.9	CRITICAL ネットワーク	-	-	Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the HAProxy section-save endpoints (POST /api/service/haproxy/<server_id>/section… New	CWE-20 CWE-77 CWE-78 CWE-94 不適切な入力確認コマンドインジェクション OSコマンド・インジェクションコード・インジェクション	CVE-2026-45558	2026-06-11 01:17	2026-06-11	表示	GitHub Exploit DB Packet Storm

577	9.9	CRITICAL ネットワーク	-	-	Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, POST /waf/<service>/<server_ip>/rule/<rule_id>/save accepts a config_file_name fo… New	CWE-20 CWE-22 CWE-73 CWE-78 不適切な入力確認パス・トラバーサルファイル名やパス名の外部制御 OSコマンド・インジェクション	CVE-2026-45556	2026-06-11 01:17	2026-06-11	表示	GitHub Exploit DB Packet Storm

578	7.5	HIGH ネットワーク	-	-	Issue summary: Remote peer may exhaust heap memory of the QUIC server or client by flooding it with packets containing PATH_CHALLENGE frames. Impact summary: A malicious remote peer can cause an unb… New	CWE-1325 不適切に制御された順次メモリ割り当て	CVE-2026-34183	2026-06-11 01:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

579	7.5	HIGH ネットワーク	-	-	UXSS in Focus for iOS / Klar Webkit navigation. This vulnerability was fixed in Focus for iOS 151.3.1 and Klar for iOS 151.3.1. New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-11799	2026-06-11 01:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

580	-	-	-	-	Insufficient input validation vulnerability in the listed NETGEAR devices allows authenticated administrators connected to the local network to tamper with the router's integrity. New	CWE-20 不適切な入力確認	CVE-2026-0417	2026-06-11 01:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

581	-	-	-	-	Insufficient input validation vulnerability in NETGEAR JR6150 (AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014) allows administrators connected to the local network to make unauthorized… New	CWE-20 不適切な入力確認	CVE-2026-0412	2026-06-11 01:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

582	-	-	-	-	Authenticated administrators connected to the local network can gain elevated access to the router and make unauthorized changes to router software and functionality. New	CWE-20 不適切な入力確認	CVE-2026-0410	2026-06-11 01:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

583	5.3	MEDIUM ネットワーク	google	chrome	Out of bounds read in Media in Google Chrome on ChromeOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from pr… New	CWE-472 不変と仮定される Web パラメータの外部制御	CVE-2026-11669	2026-06-11 01:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

584	8.3	HIGH ネットワーク	google	chrome	Heap buffer overflow in GPU in Google Chrome on Android prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafte… New	CWE-787 境界外書き込み	CVE-2026-11672	2026-06-11 01:15	2026-06-9	表示	GitHub Exploit DB Packet Storm

585	5.4	MEDIUM ネットワーク	microsoft	sharepoint_server	Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-47637	2026-06-11 01:14	2026-06-10	表示	GitHub Exploit DB Packet Storm

586	5.4	MEDIUM ネットワーク	microsoft	sharepoint_server	Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-47638	2026-06-11 01:07	2026-06-10	表示	GitHub Exploit DB Packet Storm

587	5.4	MEDIUM ネットワーク	microsoft	sharepoint_server	Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-47639	2026-06-11 01:06	2026-06-10	表示	GitHub Exploit DB Packet Storm

588	5.4	MEDIUM ネットワーク	microsoft	sharepoint_server	Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-47640	2026-06-11 01:01	2026-06-10	表示	GitHub Exploit DB Packet Storm

589	5.4	MEDIUM ネットワーク	microsoft	sharepoint_server	Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. New	CWE-20 NVD-CWE-noinfo 不適切な入力確認	CVE-2026-47641	2026-06-11 00:59	2026-06-10	表示	GitHub Exploit DB Packet Storm

590	8.3	HIGH ネットワーク	google	chrome	Insufficient validation of untrusted input in Dawn in Google Chrome on Linux and ChromeOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially per… New	CWE-20 NVD-CWE-noinfo 不適切な入力確認	CVE-2026-11676	2026-06-11 00:32	2026-06-9	表示	GitHub Exploit DB Packet Storm

591	8.8	HIGH ネットワーク	google	chrome	Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) New	CWE-416 解放済みメモリの使用	CVE-2026-11681	2026-06-11 00:32	2026-06-9	表示	GitHub Exploit DB Packet Storm

592	7.8	HIGH ローカル	microsoft	windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2012 windows_server_2016 w…	Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally. New	CWE-122 ヒープオーバーフロー	CVE-2026-48574	2026-06-11 00:32	2026-06-10	表示	GitHub Exploit DB Packet Storm

593	8.3	HIGH ネットワーク	google	chrome	Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via … New	CWE-20 NVD-CWE-noinfo 不適切な入力確認	CVE-2026-11682	2026-06-11 00:27	2026-06-9	表示	GitHub Exploit DB Packet Storm

594	7.8	HIGH ローカル	-	-	During an internal security assessment, a potential vulnerability was discovered in Lenovo Accessories and Display Manager for Enterprise for Windows that could allow a local authenticated user to ex… New	CWE-306 重要な機能に対する認証の欠如解説	CVE-2026-9045	2026-06-11 00:16	2026-06-11	表示	GitHub Exploit DB Packet Storm

595	7.8	HIGH ローカル	-	-	A potential uncontrolled search path vulnerability was reported in the LanSchool Classic client application that could allow a local authenticated user to execute arbitrary code with elevated privile… New	CWE-427 制御されていない検索パスの要素	CVE-2026-8637	2026-06-11 00:16	2026-06-11	表示	GitHub Exploit DB Packet Storm

596	-	-	-	-	A missing authentication check on the Aix‑DB "/llm/process_llm_out" endpoint allows unauthenticated clients to execute arbitrary "SELECT" SQL queries and retrieve database data, as the endpoint lacks… New	CWE-306 重要な機能に対する認証の欠如解説	CVE-2026-8335	2026-06-11 00:16	2026-06-11	表示	GitHub Exploit DB Packet Storm

597	4.3	MEDIUM ネットワーク	-	-	A vulnerability was identified in the Lenovo Android Application, distributed exclusively on tablets in the Chinese market, that could allow a website visited by the built-in browser to overwrite sys… New	CWE-749 危険なメソッドや機能の公開	CVE-2026-7516	2026-06-11 00:16	2026-06-11	表示	GitHub Exploit DB Packet Storm

598	7.0	HIGH ローカル	-	-	A potential authentication bypass was reported in Lenovo Smart Connect for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges. New	CWE-290 スプーフィングによる認証回避	CVE-2026-6090	2026-06-11 00:16	2026-06-11	表示	GitHub Exploit DB Packet Storm

599	7.1	HIGH ネットワーク	-	-	libnfs through 6.0.2 before 55c18ea does not validate a string size, leading to an integer overflow during a connection to a crafted NFS server. This occurs in libnfs_zdr_string in lib/libnfs-zdr.c. New	CWE-1284 入力で指定された数量の不適切な検証	CVE-2026-53689	2026-06-11 00:16	2026-06-11	表示	GitHub Exploit DB Packet Storm

600	9.6	CRITICAL 隣接	-	-	A flaw was found in assisted-migration-agent. An unauthenticated attacker, located on the same local area network (LAN), can exploit a path traversal vulnerability. By crafting a specially designed g… New	CWE-59 リンク解釈の問題	CVE-2026-53476	2026-06-11 00:16	2026-06-11	表示	GitHub Exploit DB Packet Storm