NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月12日4:20

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
751	5.3	MEDIUM ネットワーク	-	-	Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol (CMP) message response rendered the certificate validation inef… New	CWE-295 不正な証明書検証	CVE-2026-42769	2026-06-10 17:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

752	3.7	LOW ネットワーク	-	-	Issue summary: The CMS_decrypt and PKCS7_decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provide the CMS or S/MIME messages and observe the error code and/… New	CWE-514	CVE-2026-42768	2026-06-10 17:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

753	5.9	MEDIUM ネットワーク	-	-	Issue summary: An attacker-controlled CMP (Certificate Management Protocol) server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference ca… New	CWE-476 NULL ポインタデリファレンス	CVE-2026-42767	2026-06-10 17:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

754	5.9	MEDIUM ネットワーク	-	-	Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption. Impact summary: This NULL pointer dereference leads to an application … New	CWE-476 NULL ポインタデリファレンス	CVE-2026-42766	2026-06-10 17:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

755	7.5	HIGH ネットワーク	-	-	Issue summary: When a partial-chain certificate verification is enabled together with OCSP response checking for the whole chain, a NULL dereference will happen if the verified chain does not have a … New	CWE-476 NULL ポインタデリファレンス	CVE-2026-42765	2026-06-10 17:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

756	7.5	HIGH ネットワーク	-	-	Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer … New	CWE-476 NULL ポインタデリファレンス	CVE-2026-42764	2026-06-10 17:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

757	-	-	-	-	Issue summary: A malicious server can exploit TLS OCSP stapling by delivering a crafted response through the status_request extension, triggering a double-free in the client's certificate verificatio… New	CWE-415 二重解放	CVE-2026-35188	2026-06-10 17:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

758	7.5	HIGH ネットワーク	-	-	Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer over-read on 64-bit Unix and Unix-like platfo… New	CWE-125 境界外読み取り	CVE-2026-34180	2026-06-10 17:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

759	-	-	-	-	Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP objec… New	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2026-10721	2026-06-10 17:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

760	-	-	-	-	A vulnerability has been found in some Dahua products could allow an unauthenticated remote attacker to send a specially crafted packet, triggering an exception that causes the system to reboot unexp… New	CWE-617 到達可能なアサーション	CVE-2026-29116	2026-06-10 16:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

761	-	-	-	-	A vulnerability has been found in some Dahua products could allow an authenticated remote attacker to send a specially crafted packet, triggering an exception that causes the system to reboot unexpec… New	CWE-617 到達可能なアサーション	CVE-2026-29115	2026-06-10 16:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

762	-	-	-	-	A vulnerability has been found in some Dahua products. An attacker may obtain the device’s CA root certificate. If that CA is installed and trusted on client systems, the attacker could issue fraudul… New	CWE-538 ファイルおよびディレクトリ情報の漏えい	CVE-2026-29114	2026-06-10 16:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

763	-	-	-	-	An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken … New	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2026-11815	2026-06-10 16:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

764	-	-	-	-	A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vul… New	CWE-121 スタックオーバーフロー	CVE-2026-26241	2026-06-10 14:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

765	-	-	-	-	A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vul… New	CWE-121 スタックオーバーフロー	CVE-2026-26240	2026-06-10 14:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

766	7.3	HIGH ローカル	-	-	A local privilege escalation vulnerability was found in the ansible.posix authorized_key module. The module's keyfile() function uses os.chown() instead of os.lchown() and opens files without O_NOFOL… New	CWE-59 リンク解釈の問題	CVE-2026-11837	2026-06-10 14:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

767	2.4	LOW ネットワーク	-	-	A weakness has been identified in FluentCMS 0.0.5. The impacted element is an unknown function of the file /admin/blocks of the component Blocks Plugin. This manipulation causes cross site scripting.… Update	CWE-79 CWE-94 クロスサイト・スクリプティング（XSS）コード・インジェクション	CVE-2026-11434	2026-06-10 14:16	2026-06-7	表示	GitHub Exploit DB Packet Storm

768	-	-	-	-	A buffer overflow vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We… New	CWE-121 スタックオーバーフロー	CVE-2026-26239	2026-06-10 13:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

769	-	-	-	-	A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions. We hav… New	CWE-359 CWE-862 認可されていないアクターへの個人情報の漏えい認証の欠如	CVE-2026-26237	2026-06-10 13:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

770	-	-	-	-	An incorrect authorization vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass intended access restr… New	CWE-863 不正な認証	CVE-2026-24724	2026-06-10 13:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

771	-	-	-	-	An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to… New	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2026-24720	2026-06-10 13:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

772	-	-	-	-	A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to e… New	CWE-78 OSコマンド・インジェクション	CVE-2026-24719	2026-06-10 13:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

773	-	-	-	-	A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read… New	CWE-22 パス・トラバーサル	CVE-2026-24717	2026-06-10 13:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

774	-	-	-	-	A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerabili… New	CWE-476 NULL ポインタデリファレンス	CVE-2026-24716	2026-06-10 13:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

775	-	-	-	-	A NULL pointer dereference vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (… New	CWE-476 NULL ポインタデリファレンス	CVE-2026-22899	2026-06-10 13:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

776	-	-	-	-	A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to e… New	CWE-78 OSコマンド・インジェクション	CVE-2026-22893	2026-06-10 13:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

777	-	-	-	-	A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS… New	CWE-476 NULL ポインタデリファレンス	CVE-2025-66281	2026-06-10 13:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

778	-	-	-	-	An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vuln… New	CWE-121 CWE-190 スタックオーバーフロー整数オーバーフローまたはラップアラウンド	CVE-2025-66280	2026-06-10 13:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

779	-	-	-	-	A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to e… New	CWE-78 OSコマンド・インジェクション	CVE-2025-66279	2026-06-10 13:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

780	-	-	-	-	A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to e… New	CWE-78 OSコマンド・インジェクション	CVE-2025-66273	2026-06-10 13:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

781	-	-	-	-	A path traversal vulnerability has been reported to affect License Center. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpect… New	CWE-22 パス・トラバーサル	CVE-2025-62851	2026-06-10 13:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

782	-	-	-	-	A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerabili… New	CWE-476 NULL ポインタデリファレンス	CVE-2025-62850	2026-06-10 13:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

783	-	-	-	-	QuTS hero is not affected. We have already fixed the vulnerability in the following version: QTS 5.2.7.3256 build 20250913 and later New	-	CVE-2025-66276	2026-06-10 12:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

784	-	-	-	-	QTS, QuTS hero, QuTScloud are not affected. We have already fixed the vulnerability in the following version: New	CWE-472 不変と仮定される Web パラメータの外部制御	CVE-2025-59382	2026-06-10 12:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

785	-	-	-	-	A cross-site request forgery (CSRF) vulnerability has been reported to affect Notification Center. The remote attackers can then exploit the vulnerability to gain privileges or hijack user identities… New	CWE-352 同一生成元ポリシー違反	CVE-2025-58468	2026-06-10 12:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

786	5.4	MEDIUM ネットワーク	-	-	WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of option tags in the post_title … Update	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2019-25744	2026-06-10 11:16	2026-06-4	表示	GitHub Exploit DB Packet Storm

787	5.4	MEDIUM ネットワーク	-	-	WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script tags in the post title fiel… Update	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2019-25743	2026-06-10 11:16	2026-06-4	表示	GitHub Exploit DB Packet Storm

788	5.4	MEDIUM ネットワーク	-	-	WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Address input field when crea… Update	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2019-25742	2026-06-10 11:16	2026-06-4	表示	GitHub Exploit DB Packet Storm

789	5.4	MEDIUM ネットワーク	-	-	GigToDo 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript and HTML code through the proposal description field. Attackers… Update	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2019-25739	2026-06-10 11:16	2026-06-4	表示	GitHub Exploit DB Packet Storm

790	6.1	MEDIUM ネットワーク	-	-	Live Chat Unlimited 2.8.3 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the chat input field. Attackers can submit pay… Update	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2019-25737	2026-06-10 11:16	2026-06-4	表示	GitHub Exploit DB Packet Storm

791	6.1	MEDIUM ネットワーク	-	-	Zuz Music 2.1 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious JavaScript by submitting crafted contact form data. Attackers can inje… Update	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2019-25731	2026-06-10 11:16	2026-06-4	表示	GitHub Exploit DB Packet Storm

792	-	-	-	-	Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to version 2.53.0, an authenticated user could supply specially crafted content in certain… New	CWE-74 インジェクション	CVE-2026-46546	2026-06-10 10:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

793	-	-	-	-	SimpleBLE is a cross-platform library and bindings for Bluetooth Low Energy (BLE). Prior to version 0.14.0, there are multiple stack-based buffer overflow vulnerabilities in SimpleBLE. There is a sta… New	CWE-121 CWE-787 スタックオーバーフロー境界外書き込み	CVE-2026-44634	2026-06-10 10:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

794	4.3	MEDIUM ネットワーク	-	-	BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the friends REST API that allows any authenticated attacker to enumerate another user's complete friend list. Attackers… New	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-53675	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

795	7.1	HIGH ネットワーク	-	-	BuddyPress 14.4.0 contains a regular expression injection vulnerability in the activity mention resolver that, when username compatibility mode is enabled, allows attackers to manipulate a REGEXP dat… New	CWE-943 データクエリロジックの特殊要素の不適切な中立化	CVE-2026-53674	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

796	8.1	HIGH ネットワーク	-	-	BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the messages REST API that allows authenticated attackers to access arbitrary private message threads by supplying a us… New	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-53673	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

797	6.8	MEDIUM ネットワーク	-	-	SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate… New	CWE-287 不適切な認証	CVE-2026-47838	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

798	7.5	HIGH ネットワーク	-	-	Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote, unauthenticated denial-of-service vulnerability in Me… New	CWE-248 キャッチされない例外	CVE-2026-46545	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

799	5.3	MEDIUM ネットワーク	-	-	Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote peer can crash any full node by sending a RequestBatch… New	CWE-617 到達可能なアサーション	CVE-2026-46543	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

800	4.3	MEDIUM ネットワーク	-	-	Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a denial-of-service vulnerability exists in the Ed25519 multisi… New	CWE-617 到達可能なアサーション	CVE-2026-46542	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm