NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2026年4月22日4:00

No CVSS レベル
攻撃区分		 ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
651 6.1 MEDIUM
ネットワーク 		- - In manikandan580 School-management-system 1.0, a reflected XSS vulnerability exists in /studentms/admin/contact-us.php via the pagedes POST parameter. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2025-65136 2026-04-18 00:33 2026-04-15 表示 GitHub Exploit DB Packet Storm
652 9.9 CRITICAL
ネットワーク 		- - An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x allows attackers to execute arbitrary code via uploading a crafted PHP file. CWE-434
危険なタイプのファイルの無制限アップロード 		CVE-2026-38526 2026-04-18 00:33 2026-04-15 表示 GitHub Exploit DB Packet Storm
653 8.5 HIGH
ネットワーク 		- - A Server-Side Request Forgery (SSRF) in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attackers to scan internal resources via supplying a crafted POST request. CWE-918
サーバサイドリクエストフォージェリ 		CVE-2026-38527 2026-04-18 00:33 2026-04-15 表示 GitHub Exploit DB Packet Storm
654 7.1 HIGH
ネットワーク 		- - Krayin CRM v2.2.x was discovered to contain a SQL injection vulnerability via the rotten_lead parameter at /Lead/LeadDataGrid.php. CWE-89
SQLインジェクション 		CVE-2026-38528 2026-04-18 00:33 2026-04-15 表示 GitHub Exploit DB Packet Storm
655 2.7 LOW
ネットワーク 		- - SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file /storage/admin/rents/manage_rent.php. CWE-89
SQLインジェクション 		CVE-2026-37590 2026-04-18 00:32 2026-04-15 表示 GitHub Exploit DB Packet Storm
656 2.7 LOW
ネットワーク 		- - Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL injection in the file /storage/admin/tenants/view_details.php. CWE-89
SQLインジェクション 		CVE-2026-37591 2026-04-18 00:32 2026-04-15 表示 GitHub Exploit DB Packet Storm
657 2.7 LOW
ネットワーク 		- - Sourcecodester Storage Unit Rental Management System v1.0 is vulnerable to SQL in the file /storage/admin/maintenance/manage_pricing.php. CWE-89
SQLインジェクション 		CVE-2026-37592 2026-04-18 00:32 2026-04-15 表示 GitHub Exploit DB Packet Storm
658 2.7 LOW
ネットワーク 		- - SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/view_att.php. CWE-89
SQLインジェクション 		CVE-2026-37593 2026-04-18 00:32 2026-04-15 表示 GitHub Exploit DB Packet Storm
659 2.7 LOW
ネットワーク 		- - SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/view_employee.php. CWE-89
SQLインジェクション 		CVE-2026-37594 2026-04-18 00:32 2026-04-15 表示 GitHub Exploit DB Packet Storm
660 2.7 LOW
ネットワーク 		- - SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/manage_employee.php. CWE-89
SQLインジェクション 		CVE-2026-37595 2026-04-18 00:32 2026-04-15 表示 GitHub Exploit DB Packet Storm
661 2.7 LOW
ネットワーク 		- - SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/manage_department.php. CWE-89
SQLインジェクション 		CVE-2026-37596 2026-04-18 00:32 2026-04-15 表示 GitHub Exploit DB Packet Storm
662 2.7 LOW
ネットワーク 		- - SourceCodester Online Employees Work From Home Attendance System v1.0 is vulnerable to SQL Injection in the file /wfh_attendance/admin/attendance_list.php. CWE-89
SQLインジェクション 		CVE-2026-37597 2026-04-18 00:32 2026-04-15 表示 GitHub Exploit DB Packet Storm
663 2.7 LOW
ネットワーク 		- - SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to arbitrary code execution (RCE) via /scheduler/classes/SystemSettings.php?f=update_settings. CWE-89
SQLインジェクション 		CVE-2026-37598 2026-04-18 00:32 2026-04-15 表示 GitHub Exploit DB Packet Storm
664 2.7 LOW
ネットワーク 		- - SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/view_details.php. CWE-89
SQLインジェクション 		CVE-2026-37600 2026-04-18 00:32 2026-04-15 表示 GitHub Exploit DB Packet Storm
665 2.7 LOW
ネットワーク 		- - SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/appointments/manage_appointment.php. CWE-89
SQLインジェクション 		CVE-2026-37601 2026-04-18 00:32 2026-04-15 表示 GitHub Exploit DB Packet Storm
666 2.7 LOW
ネットワーク 		- - SourceCodester Patient Appointment Scheduler System v1.0 is vulnerable to SQL Injection in the file /scheduler/admin/user/manage_user.php. CWE-89
SQLインジェクション 		CVE-2026-37602 2026-04-18 00:32 2026-04-15 表示 GitHub Exploit DB Packet Storm
667 3.7 LOW
ネットワーク 		- - Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the login endpoint performs bcrypt password verification only when the supplied username exists, returning immediate… CWE-208
タイミングの違いに起因する情報漏えい 		CVE-2026-40263 2026-04-18 00:29 2026-04-17 表示 GitHub Exploit DB Packet Storm
668 8.7 HIGH
ネットワーク 		- - Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset delivery handler serves uploaded files inline and relies on magic-byte detection for content type, which d… CWE-79
CWE-434
クロスサイト・スクリプティング(XSS)
危険なタイプのファイルの無制限アップロード 		CVE-2026-40262 2026-04-18 00:29 2026-04-17 表示 GitHub Exploit DB Packet Storm
669 5.9 MEDIUM
ネットワーク 		- - Note Mark is an open-source note-taking application. In versions 0.19.1 and prior, the asset download endpoint at /api/notes/{noteID}/assets/{assetID} is registered without authentication middleware,… CWE-862
認証の欠如 		CVE-2026-40265 2026-04-18 00:29 2026-04-17 表示 GitHub Exploit DB Packet Storm
670 2.7 LOW
ネットワーク 		- - Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL Injection in the file /orms/admin/rooms/manage_room.php. CWE-89
SQLインジェクション 		CVE-2026-36941 2026-04-18 00:28 2026-04-14 表示 GitHub Exploit DB Packet Storm
671 2.7 LOW
ネットワーク 		- - Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in the file /orms/admin/activities/manage_activity.php. - CVE-2026-36942 2026-04-18 00:28 2026-04-14 表示 GitHub Exploit DB Packet Storm
672 2.7 LOW
ネットワーク 		- - Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/repairs/manage_repair.php. CWE-89
SQLインジェクション 		CVE-2026-36943 2026-04-18 00:28 2026-04-14 表示 GitHub Exploit DB Packet Storm
673 2.7 LOW
ネットワーク 		- - Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerale to SQL injection in the file/rsms/admin/repairs/view_details.php. CWE-89
SQLインジェクション 		CVE-2026-36944 2026-04-18 00:28 2026-04-14 表示 GitHub Exploit DB Packet Storm
674 2.7 LOW
ネットワーク 		- - Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/clients/manage_client.php CWE-89
SQLインジェクション 		CVE-2026-36945 2026-04-18 00:28 2026-04-14 表示 GitHub Exploit DB Packet Storm
675 2.7 LOW
ネットワーク 		- - Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/reservations/view_details.php. CWE-89
SQLインジェクション 		CVE-2026-36937 2026-04-18 00:28 2026-04-14 表示 GitHub Exploit DB Packet Storm
676 2.7 LOW
ネットワーク 		- - Sourcecodester Online Resort Management System v1.0 is vulnerable to SQL injection in /orms/admin/rooms/view_room.php. CWE-89
SQLインジェクション 		CVE-2026-36938 2026-04-18 00:28 2026-04-14 表示 GitHub Exploit DB Packet Storm
677 7.3 HIGH
ネットワーク 		- - Sourcecodester Online Thesis Archiving System v1.0 is vulnerale to SQL injection in the file /otas/view_archive.php. CWE-89
SQLインジェクション 		CVE-2026-36948 2026-04-18 00:28 2026-04-14 表示 GitHub Exploit DB Packet Storm
678 2.7 LOW
ネットワーク 		- - Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in /otas/projects_per_department.php. CWE-89
SQLインジェクション 		CVE-2026-36950 2026-04-18 00:28 2026-04-14 表示 GitHub Exploit DB Packet Storm
679 2.7 LOW
ネットワーク 		- - Sourcecodester Online Thesis Archiving System v1.0 is vulnerable to SQL injection in the file /otas/admin/curriculum/manage_curriculum.php. CWE-89
SQLインジェクション 		CVE-2026-36952 2026-04-18 00:28 2026-04-14 表示 GitHub Exploit DB Packet Storm
680 7.2 HIGH
ネットワーク 		- - Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads into POST parameters. Attackers can i… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-40038 2026-04-18 00:28 2026-04-14 表示 GitHub Exploit DB Packet Storm
681 6.5 MEDIUM
ネットワーク 		- - Pachno 1.0.6 contains an open redirection vulnerability that allows attackers to redirect users to arbitrary external websites by manipulating the return_to parameter. Attackers can craft malicious l… CWE-305
根本の脆弱性による認証回避 		CVE-2026-40039 2026-04-18 00:28 2026-04-14 表示 GitHub Exploit DB Packet Storm
682 8.8 HIGH
ネットワーク 		- - Pachno 1.0.6 contains an unrestricted file upload vulnerability that allows authenticated users to upload arbitrary file types by bypassing ineffective extension filtering to the /uploadfile endpoint… CWE-434
危険なタイプのファイルの無制限アップロード 		CVE-2026-40040 2026-04-18 00:28 2026-04-14 表示 GitHub Exploit DB Packet Storm
683 4.3 MEDIUM
ネットワーク 		- - Pachno 1.0.6 contains a cross-site request forgery vulnerability that allows attackers to perform arbitrary actions in authenticated user context by exploiting missing CSRF protections on state-chang… CWE-352
同一生成元ポリシー違反 		CVE-2026-40041 2026-04-18 00:28 2026-04-14 表示 GitHub Exploit DB Packet Storm
684 9.8 CRITICAL
ネットワーク 		- - Pachno 1.0.6 contains an XML external entity injection vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting unsafe XML parsing in the TextParser helper. Attackers… CWE-403
ファイル記述子の漏えい 		CVE-2026-40042 2026-04-18 00:28 2026-04-14 表示 GitHub Exploit DB Packet Storm
685 6.5 MEDIUM
ネットワーク 		- - Pachno 1.0.6 contains an authentication bypass vulnerability in the runSwitchUser() action that allows authenticated low-privilege users to escalate privileges by manipulating the original_username c… CWE-639
ユーザ制御の鍵による認証回避 		CVE-2026-40043 2026-04-18 00:28 2026-04-14 表示 GitHub Exploit DB Packet Storm
686 9.8 CRITICAL
ネットワーク 		- - Pachno 1.0.6 contains a deserialization vulnerability that allows unauthenticated attackers to execute arbitrary code by injecting malicious serialized objects into cache files. Attackers can write P… CWE-502
信頼性のないデータのデシリアライゼーション 		CVE-2026-40044 2026-04-18 00:28 2026-04-14 表示 GitHub Exploit DB Packet Storm
687 - -
- - Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through 4.10.2 and 5.0.0 through 5.5.4, the PaymentsController::actionPay discloses some order data to unauthenticated users w… CWE-200
CWE-862
情報漏えい
認証の欠如 		CVE-2026-32270 2026-04-18 00:26 2026-04-14 表示 GitHub Exploit DB Packet Storm
688 - -
- - Craft Commerce is an ecommerce platform for Craft CMS. In versions 4.0.0 through 4.10.2 and 5.0.0 through 5.5.4, there is an SQL injection vulnerability in the Commerce TotalRevenue widget which allo… CWE-89
SQLインジェクション 		CVE-2026-32271 2026-04-18 00:26 2026-04-14 表示 GitHub Exploit DB Packet Storm
689 - -
- - Craft Commerce is an ecommerce platform for Craft CMS. In versions 5.0.0 through 5.5.4, an SQL injection vulnerability exists where the ProductQuery::hasVariant and VariantQuery::hasProduct propertie… CWE-89
SQLインジェクション 		CVE-2026-32272 2026-04-18 00:26 2026-04-14 表示 GitHub Exploit DB Packet Storm
690 5.3 MEDIUM
ネットワーク 		- - ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-189 and 6.9.13-44, when `Magick` parses an XML file it is possible that a single… CWE-122
CWE-191
ヒープオーバーフロー
整数アンダーフロー 		CVE-2026-33899 2026-04-18 00:26 2026-04-14 表示 GitHub Exploit DB Packet Storm
691 5.9 MEDIUM
ネットワーク 		- - ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the viff encoder contains an integer truncation/wraparoun… CWE-190
整数オーバーフローまたはラップアラウンド 		CVE-2026-33900 2026-04-18 00:26 2026-04-14 表示 GitHub Exploit DB Packet Storm
692 3.5 LOW
ネットワーク 		- - EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Attachment/fromImageUrl endpoint is vulnerable to Server-Side Request Forgery (SS… CWE-367
CWE-918
Time-of-check Time-of-use (TOCTOU) 競合状態
サーバサイドリクエストフォージェリ 		CVE-2026-33659 2026-04-18 00:26 2026-04-14 表示 GitHub Exploit DB Packet Storm
693 5.4 MEDIUM
ネットワーク 		- - EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Email/importEml endpoint contains an Insecure Direct Object Reference (IDOR) vuln… CWE-639
ユーザ制御の鍵による認証回避 		CVE-2026-33740 2026-04-18 00:26 2026-04-14 表示 GitHub Exploit DB Packet Storm
694 7.5 HIGH
ネットワーク 		- - ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a heap buffer overflow occurs in the MVG decoder that cou… CWE-122
CWE-787
ヒープオーバーフロー
境界外書き込み 		CVE-2026-33901 2026-04-18 00:26 2026-04-14 表示 GitHub Exploit DB Packet Storm
695 9.8 CRITICAL
ネットワーク 		- - A malicious actor with access to the UniFi Play network could exploit a Path Traversal vulnerability found in the device firmware to write files on the system that could be used for a remote code exe… CWE-22
パス・トラバーサル 		CVE-2026-22562 2026-04-18 00:26 2026-04-14 表示 GitHub Exploit DB Packet Storm
696 9.8 CRITICAL
ネットワーク 		- - A series of Improper Input Validation vulnerabilities could allow a Command Injection by a malicious actor with access to the UniFi Play network. Affected Products: UniFi Play PowerAmp (Version 1.0… CWE-20
不適切な入力確認 		CVE-2026-22563 2026-04-18 00:26 2026-04-14 表示 GitHub Exploit DB Packet Storm
697 9.8 CRITICAL
ネットワーク 		- - An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to enable SSH to make unauthorized changes to the system.
 Affected Products: UniFi Play… CWE-284
不適切なアクセス制御 		CVE-2026-22564 2026-04-18 00:26 2026-04-14 表示 GitHub Exploit DB Packet Storm
698 7.5 HIGH
ネットワーク 		- - An Improper Input Validation vulnerability could allow a malicious actor with access to the UniFi Play network to cause the device to stop responding.
 Affected Products: UniFi Play PowerAmp (Versi… CWE-20
不適切な入力確認 		CVE-2026-22565 2026-04-18 00:26 2026-04-14 表示 GitHub Exploit DB Packet Storm
699 7.5 HIGH
ネットワーク 		- - An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to obtain UniFi Play WiFi credentials.
 Affected Products: UniFi Play PowerAmp (Version … CWE-284
不適切なアクセス制御 		CVE-2026-22566 2026-04-18 00:26 2026-04-14 表示 GitHub Exploit DB Packet Storm
700 5.5 MEDIUM
ローカル 		- - ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a stack overflow vulnerability in ImageMagick's FX expres… CWE-674
不適切な再帰制御 		CVE-2026-33902 2026-04-18 00:26 2026-04-14 表示 GitHub Exploit DB Packet Storm