NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年4月22日4:00

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
701	5.5	MEDIUM ローカル	-	-	ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, the -sample operation has an out of bounds read when an s…	CWE-125 境界外読み取り	CVE-2026-33905	2026-04-18 00:26	2026-04-14	表示	GitHub Exploit DB Packet Storm

702	7.5	HIGH ネットワーク	-	-	ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, Magick frees the memory of the XML tree via the `DestroyX…	CWE-674 不適切な再帰制御	CVE-2026-33908	2026-04-18 00:26	2026-04-14	表示	GitHub Exploit DB Packet Storm

703	6.2	MEDIUM ローカル	-	-	jq is a command-line JSON processor. In versions 1.8.1 and below, functions jv_setpath(), jv_getpath(), and delpaths_sorted() in jq's src/jv_aux.c use unbounded recursion whose depth is controlled by…	CWE-674 不適切な再帰制御	CVE-2026-33947	2026-04-18 00:26	2026-04-14	表示	GitHub Exploit DB Packet Storm

704	5.1	MEDIUM ローカル	-	-	ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, an integer overflow in the despeckle operation causes a h…	CWE-190 CWE-787 整数オーバーフローまたはラップアラウンド境界外書き込み	CVE-2026-34238	2026-04-18 00:26	2026-04-14	表示	GitHub Exploit DB Packet Storm

705	6.2	MEDIUM ローカル	-	-	ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, a crafted image could result in an out of bounds heap write when writing a y…	CWE-122 CWE-787 ヒープオーバーフロー境界外書き込み	CVE-2026-40169	2026-04-18 00:26	2026-04-14	表示	GitHub Exploit DB Packet Storm

706	5.5	MEDIUM ローカル	-	-	ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, the JXL encoder has an heap write overflow when a user specifies that the im…	CWE-122 ヒープオーバーフロー	CVE-2026-40183	2026-04-18 00:26	2026-04-14	表示	GitHub Exploit DB Packet Storm

707	5.5	MEDIUM ローカル	-	-	ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below both 7.1.2-19 and 6.9.13-44, contain a heap out-of-bounds write in the JP2 encoder with w…	CWE-122 CWE-787 ヒープオーバーフロー境界外書き込み	CVE-2026-40310	2026-04-18 00:26	2026-04-14	表示	GitHub Exploit DB Packet Storm

708	5.5	MEDIUM ローカル	-	-	ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below 7.1.2-19 and 6.9.13-44 contain a heap use-after-free vulnerability that can cause a crash…	CWE-416 CWE-693 解放済みメモリの使用保護メカニズムの不具合	CVE-2026-40311	2026-04-18 00:26	2026-04-14	表示	GitHub Exploit DB Packet Storm

709	6.2	MEDIUM ローカル	-	-	ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below 7.1.2-19, an off by one error in the MSL decoder could result in a crash when a malico…	CWE-193 境界条件の判定	CVE-2026-40312	2026-04-18 00:26	2026-04-14	表示	GitHub Exploit DB Packet Storm

710	6.1	MEDIUM ローカル	-	-	jq is a command-line JSON processor. In commits after 69785bf77f86e2ea1b4a20ca86775916889e91c9, the _strindices builtin in jq's src/builtin.c passes its arguments directly to jv_string_indexes() with…	CWE-125 CWE-476 CWE-843 境界外読み取り NULL ポインタデリファレンス型の取り違え	CVE-2026-39956	2026-04-18 00:26	2026-04-14	表示	GitHub Exploit DB Packet Storm

711	-	-	-	-	jq is a command-line JSON processor. In commits before 2f09060afab23fe9390cce7cb860b10416e1bf5f, the jv_parse_sized() API in libjq accepts a counted buffer with an explicit length parameter, but its …	CWE-125 境界外読み取り	CVE-2026-39979	2026-04-18 00:26	2026-04-14	表示	GitHub Exploit DB Packet Storm

712	-	-	-	-	jq is a command-line JSON processor. Commits before 6374ae0bcdfe33a18eb0ae6db28493b1f34a0a5b contain a vulnerability where CLI input parsing allows validation bypass via embedded NUL bytes. When read…	CWE-20 CWE-170 不適切な入力確認不適切な NULL による終了	CVE-2026-33948	2026-04-18 00:26	2026-04-14	表示	GitHub Exploit DB Packet Storm

713	5.3	MEDIUM ネットワーク	-	-	nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. In versions 1.2.2 and below, an unauthenticated p2p peer can cause th…	CWE-617 到達可能なアサーション	CVE-2026-34069	2026-04-18 00:26	2026-04-14	表示	GitHub Exploit DB Packet Storm

714	7.5	HIGH ネットワーク	-	-	jq is a command-line JSON processor. Before commit 0c7d133c3c7e37c00b6d46b658a02244fdd3c784, jq used MurmurHash3 with a hardcoded, publicly visible seed (0x432A9843) for all JSON object hash table op…	CWE-328 CWE-407 脆弱なハッシュの使用アルゴリズムの複雑性	CVE-2026-40164	2026-04-18 00:26	2026-04-14	表示	GitHub Exploit DB Packet Storm

715	9.8	CRITICAL ネットワーク	-	-	A critical vulnerability in the Talend JobServer and Talend Runtime allows unauthenticated remote code execution via the JMX monitoring port. The attack vector is the JMX monitoring port of the Talen…	-	CVE-2026-6264	2026-04-18 00:26	2026-04-14	表示	GitHub Exploit DB Packet Storm

716	4.3	MEDIUM ネットワーク	-	-	Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Versions 0.7.2 and below contain a Blind Server Side Request Forgery in the functionality that allow…	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-34225	2026-04-18 00:26	2026-04-14	表示	GitHub Exploit DB Packet Storm

717	-	-	-	-	External Secrets Operator reads information from a third-party service and automatically injects the values as Kubernetes Secrets. Versions 2.2.0 and below contain a vulnerability in runtime/template…	CWE-200 情報漏えい	CVE-2026-34984	2026-04-18 00:26	2026-04-14	表示	GitHub Exploit DB Packet Storm

718	2.7	LOW ネットワーク	-	-	SourceCodester Storage Unit Rental Management System v1.0 is vulnerable to SQL Injection in the file /storage/admin/maintenance/manage_storage_unit.php.	CWE-89 SQLインジェクション	CVE-2026-37589	2026-04-18 00:25	2026-04-15	表示	GitHub Exploit DB Packet Storm

719	-	-	-	-	MCPHub in versions below 0.11.0 is vulnerable to authentication bypass. Some endpoints are not protected by authentication middleware, allowing an unauthenticated attacker to perform actions in the n…	CWE-639 ユーザ制御の鍵による認証回避	CVE-2025-13822	2026-04-18 00:24	2026-04-14	表示	GitHub Exploit DB Packet Storm

720	5.4	MEDIUM ネットワーク	-	-	Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-pr…	CWE-863 不正な認証	CVE-2026-24069	2026-04-18 00:24	2026-04-14	表示	GitHub Exploit DB Packet Storm

721	7.4	HIGH ネットワーク	-	-	In Eclipse Jetty, the HTTP/1.1 parser is vulnerable to request smuggling when chunk extensions are used, similar to the "funky chunks" techniques outlined here: * https://w4ke.info/2025/06/18/funk…	CWE-444 HTTP リクエストスマグリング	CVE-2026-2332	2026-04-18 00:24	2026-04-14	表示	GitHub Exploit DB Packet Storm

722	7.1	HIGH ネットワーク	-	-	A vulnerability has been identified in Industrial Edge Management Pro V1 (All versions >= V1.7.6 < V1.15.17), Industrial Edge Management Pro V2 (All versions >= V2.0.0 < V2.1.1), Industrial Edge Mana…	CWE-305 根本の脆弱性による認証回避	CVE-2026-33892	2026-04-18 00:24	2026-04-14	表示	GitHub Exploit DB Packet Storm

723	-	-	-	-	Improper neutralization of argument delimiters in a command ('argument injection') vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execut…	CWE-88 引数の挿入または変更	CVE-2026-2449	2026-04-18 00:24	2026-04-14	表示	GitHub Exploit DB Packet Storm

724	-	-	-	-	.NET misconfiguration: use of impersonation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Hijacking a Privileged Thread of Execution.This issue affects upKeeper Instant…	CWE-520 .NET の誤設定によるなりすまし	CVE-2026-2450	2026-04-18 00:24	2026-04-14	表示	GitHub Exploit DB Packet Storm

725	-	-	-	-	A vulnerability in the AdminServer component of OpenEdge on all supported platforms grants its authenticated users OS-level access to the server through the adopted authority of the AdminServer proce…	CWE-552 外部からアクセス可能なファイルまたはディレクトリ	CVE-2025-7389	2026-04-18 00:24	2026-04-14	表示	GitHub Exploit DB Packet Storm

726	-	-	-	-	The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applicatio…	CWE-257 復元可能な形式でのパスワード保存	CVE-2025-8095	2026-04-18 00:24	2026-04-14	表示	GitHub Exploit DB Packet Storm

727	9.8	CRITICAL ネットワーク	-	-	An issue in Hostbill v.2025-11-24 and 2025-12-01 allows a remote attacker to execute arbitrary code and escalate privileges via the CSV registration field	CWE-1236 CSV ファイル内の数式要素の不適切な中和	CVE-2026-31049	2026-04-18 00:24	2026-04-14	表示	GitHub Exploit DB Packet Storm

728	9.8	CRITICAL ネットワーク	-	-	A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP (Model Context Protocol) configuration files. The attack is triggered when a us…	CWE-94 コード・インジェクション	CVE-2025-61260	2026-04-18 00:24	2026-04-15	表示	GitHub Exploit DB Packet Storm

729	4.6	MEDIUM 物理	-	-	A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed in Trezor One v1.13.0 to v1.14.0, Trezor T v1.13.0 to v1.14.0, and Trezor Safe v1.13.0 to v1.14.0 …	CWE-385 秘密のタイミングチャネル	CVE-2025-69893	2026-04-18 00:24	2026-04-15	表示	GitHub Exploit DB Packet Storm

730	6.5	MEDIUM ネットワーク	-	-	A Local File Inclusion (LFI) vulnerability in the NFSen module (nfsen.inc.php) of LibreNMS 22.11.0-23-gd091788f2 allows authenticated attackers to include arbitrary PHP files from the server filesyst…	CWE-98 PHP リモートファイルインクルージョン	CVE-2026-30480	2026-04-18 00:24	2026-04-15	表示	GitHub Exploit DB Packet Storm

731	6.8	MEDIUM ネットワーク	-	-	Rate Limiting for attempting a user login is not being properly enforced, making HCL DevOps Velocity susceptible to brute-force attacks past the unsuccessful login attempt limit. This vulnerability …	CWE-307 過度な認証試行の不適切な制限	CVE-2025-31991	2026-04-18 00:18	2026-04-14	表示	GitHub Exploit DB Packet Storm

732	4.3	MEDIUM ネットワーク	-	-	The bson_validate function may return early on specific inputs and incorrectly report success. This behavior could result in skipping validation for BSON data, allowing malformed or invalid UTF-8 seq…	CWE-20 不適切な入力確認	CVE-2026-6231	2026-04-18 00:18	2026-04-14	表示	GitHub Exploit DB Packet Storm

733	6.5	MEDIUM 隣接	-	-	A vulnerability exists in the command handling of the IEC 61850 communication stack included in the product revisions listed as affected in this CVE. An attacker with access to IEC 61850 networks cou…	CWE-1284 入力で指定された数量の不適切な検証	CVE-2025-3756	2026-04-18 00:18	2026-04-14	表示	GitHub Exploit DB Packet Storm

734	-	-	-	-	Use-after-free (UAF) was possible in the `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile` when a memory allocation fails with a `MemoryError` and the decompression instance is re-u…	CWE-416 CWE-787 解放済みメモリの使用境界外書き込み	CVE-2026-6100	2026-04-18 00:18	2026-04-14	表示	GitHub Exploit DB Packet Storm

735	-	-	-	-	Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open()" API could have commands injected into the …	CWE-77 コマンドインジェクション	CVE-2026-4786	2026-04-18 00:18	2026-04-14	表示	GitHub Exploit DB Packet Storm

736	7.5	HIGH ネットワーク	-	-	Crypt::SecretBuffer versions before 0.019 for Perl is suseceptible to timing attacks. For example, if Crypt::SecretBuffer was used to store and compare plaintext passwords, then discrepencies in tim…	CWE-208 タイミングの違いに起因する情報漏えい	CVE-2026-5086	2026-04-18 00:18	2026-04-14	表示	GitHub Exploit DB Packet Storm

737	6.1	MEDIUM ネットワーク	-	-	Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management (SICF Handler in SRM Catalog), an unauthenticated attacker could craft a malicious URL, that if accessed …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-0512	2026-04-18 00:18	2026-04-14	表示	GitHub Exploit DB Packet Storm

738	4.2	MEDIUM ネットワーク	-	-	Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid session tokens and reuse them to gain unauth…	CWE-539 重要情報を含む永続 Cookie の使用	CVE-2026-24318	2026-04-18 00:18	2026-04-14	表示	GitHub Exploit DB Packet Storm

739	4.3	MEDIUM ネットワーク	-	-	The Material Master application does not enforce authorization checks for authenticated users when executing reports, resulting in the disclosure of sensitive information. This vulnerability has a lo…	CWE-862 認証の欠如	CVE-2026-27672	2026-04-18 00:18	2026-04-14	表示	GitHub Exploit DB Packet Storm

740	4.9	MEDIUM ネットワーク	-	-	Due to a missing authorization check, SAP S/4HANA (Private Cloud and On-Premise) allows an authenticated user to delete files on the operating system and gain unauthorized control over file operation…	CWE-862 認証の欠如	CVE-2026-27673	2026-04-18 00:18	2026-04-14	表示	GitHub Exploit DB Packet Storm

741	6.1	MEDIUM ネットワーク	-	-	Due to a Code Injection vulnerability in SAP NetWeaver Application Server Java (Web Dynpro Java), an unauthenticated attacker could supply crafted input that is interpreted by the application and cau…	CWE-94 コード・インジェクション	CVE-2026-27674	2026-04-18 00:18	2026-04-14	表示	GitHub Exploit DB Packet Storm

742	2.0	LOW ネットワーク	-	-	SAP Landscape Transformation contains a vulnerability in an RFC-exposed function module that could allow a high privileged adversary to inject arbitrary ABAP code and operating system commands. Due t…	CWE-94 コード・インジェクション	CVE-2026-27675	2026-04-18 00:18	2026-04-14	表示	GitHub Exploit DB Packet Storm

743	4.3	MEDIUM ネットワーク	-	-	Due to missing authorization checks in the SAP S/4HANA OData Service (Manage Technical Object Structures), an attacker could update and delete child entities via exposed OData services without proper…	CWE-862 認証の欠如	CVE-2026-27676	2026-04-18 00:18	2026-04-14	表示	GitHub Exploit DB Packet Storm

744	6.5	MEDIUM ネットワーク	-	-	Due to missing authorization checks in the SAP S/4HANA OData Service (Manage Reference Equipment), an attacker could update and delete child entities via OData services without proper authorization. …	CWE-862 認証の欠如	CVE-2026-27677	2026-04-18 00:18	2026-04-14	表示	GitHub Exploit DB Packet Storm

745	6.5	MEDIUM ネットワーク	-	-	Due to missing authorization checks in the SAP S/4HANA backend OData Service (Manage Reference Structures), an attacker could update and delete child entities via exposed OData services without prope…	CWE-862 認証の欠如	CVE-2026-27678	2026-04-18 00:18	2026-04-14	表示	GitHub Exploit DB Packet Storm

746	6.5	MEDIUM ネットワーク	-	-	Due to missing authorization checks in the SAP S/4HANA frontend OData Service (Manage Reference Structures), an attacker could update and delete child entities via exposed OData services without prop…	CWE-862 認証の欠如	CVE-2026-27679	2026-04-18 00:18	2026-04-14	表示	GitHub Exploit DB Packet Storm

747	9.9	CRITICAL ネットワーク	-	-	Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete da…	CWE-89 SQLインジェクション	CVE-2026-27681	2026-04-18 00:18	2026-04-14	表示	GitHub Exploit DB Packet Storm

748	4.1	MEDIUM ネットワーク	-	-	SAP BusinessObjects Business Intelligence application allows an authenticated attacker to inject malicious JavaScript payloads through crafted URLs. When a victim accesses the URL, the script execute…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-27683	2026-04-18 00:18	2026-04-14	表示	GitHub Exploit DB Packet Storm

749	7.1	HIGH ネットワーク	-	-	Due to a missing authorization check in SAP ERP and SAP S/4HANA (Private Cloud and On-Premise), an authenticated attacker could execute a particular ABAP report to overwrite any existing eight?charac…	CWE-862 認証の欠如	CVE-2026-34256	2026-04-18 00:18	2026-04-14	表示	GitHub Exploit DB Packet Storm

750	6.1	MEDIUM ネットワーク	-	-	Due to an Open Redirect vulnerability in SAP NetWeaver Application Server ABAP, an unauthenticated attacker could craft malicious URL that, if accessed by a victim, they could be redirected to the pa…	CWE-601 オープンリダイレクト	CVE-2026-34257	2026-04-18 00:18	2026-04-14	表示	GitHub Exploit DB Packet Storm