NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年4月23日4:00

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
751	6.5	MEDIUM ネットワーク	-	-	Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessin…	CWE-862 認証の欠如	CVE-2026-34261	2026-04-18 00:18	2026-04-14	表示	GitHub Exploit DB Packet Storm

752	5.0	MEDIUM ネットワーク	-	-	Information Disclosure Vulnerability in SAP HANA Cockpit and HANA Database Explorer	CWE-522 認証情報の不十分な保護	CVE-2026-34262	2026-04-18 00:18	2026-04-14	表示	GitHub Exploit DB Packet Storm

753	6.5	MEDIUM ネットワーク	-	-	During authorization checks in SAP Human Capital Management for SAP S/4HANA, the system returns specific messages. Due to this, an authenticated user with low privileges could guess and enumerate the…	CWE-204 リクエストに対するレスポンス内容の違いに起因する情報漏えい	CVE-2026-34264	2026-04-18 00:18	2026-04-14	表示	GitHub Exploit DB Packet Storm

754	3.7	LOW ネットワーク	-	-	A vulnerability has been identified in Siemens Software Center (All versions < V3.5.8.2), Simcenter 3D (All versions < V2506.6000), Simcenter Femap (All versions < V2506.0002), Simcenter STAR-CCM+ (A…	CWE-295 不正な証明書検証	CVE-2025-40745	2026-04-18 00:18	2026-04-14	表示	GitHub Exploit DB Packet Storm

755	7.3	HIGH ネットワーク	-	-	A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3 with UMC). The affected application contains an authentication weakness due to insufficient validation of user identity in th…	CWE-347 デジタル署名の不適切な検証	CVE-2026-24032	2026-04-18 00:18	2026-04-14	表示	GitHub Exploit DB Packet Storm

756	8.8	HIGH ネットワーク	-	-	A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3). Affected products do not properly validate user authorization when processing password reset requests. This could allow an …	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-25654	2026-04-18 00:18	2026-04-14	表示	GitHub Exploit DB Packet Storm

757	8.8	HIGH ネットワーク	-	-	A vulnerability has been identified in RUGGEDCOM CROSSBOW Secure Access Manager Primary (SAM-P) (All versions < V5.8). User Administrators are allowed to administer groups they belong to. This could …	CWE-266 不適切な権限設定	CVE-2026-27668	2026-04-18 00:18	2026-04-14	表示	GitHub Exploit DB Packet Storm

758	9.3	CRITICAL ローカル	-	-	Sandbox Escape Vulnerability in Terrarium allows arbitrary code execution with root privileges on a host process via JavaScript prototype chain traversal.	-	CVE-2026-5752	2026-04-18 00:17	2026-04-15	表示	GitHub Exploit DB Packet Storm

759	6.1	MEDIUM ネットワーク	-	-	Reflected Cross-Site Scripting (XSS) Vulnerability in Radware Alteon 34.5.4.0 vADC load-balancer allows an attacker to inject malicious scripts into the website, potentially leading to unauthorized a…	-	CVE-2026-5754	2026-04-18 00:17	2026-04-15	表示	GitHub Exploit DB Packet Storm

760	7.5	HIGH ネットワーク	-	-	Unauthenticated Configuration File Modification Vulnerability in DRC Central Office Services (COS) allows an attacker to modify the server's configuration file, potentially leading to mass data exfil…	-	CVE-2026-5756	2026-04-18 00:17	2026-04-15	表示	GitHub Exploit DB Packet Storm

761	7.8	HIGH ローカル	-	-	It has been identified that a vulnerability (CWE-427) exists in the UPS (Uninterruptible Power Supply) management application, whereby improper permissions on the installation directory allow a malic…	CWE-427 制御されていない検索パスの要素	CVE-2026-5397	2026-04-18 00:17	2026-04-15	表示	GitHub Exploit DB Packet Storm

762	2.9	LOW ローカル	-	-	HCL AION is affected by a vulnerability where certain system behaviours may allow exploration of internal filesystem structures. Exposure of such information may provide insights into the underlying …	CWE-209 エラーメッセージによる情報漏えい	CVE-2025-52641	2026-04-18 00:17	2026-04-15	表示	GitHub Exploit DB Packet Storm

763	7.5	HIGH ネットワーク	-	-	Uncontrolled Resource Consumption in Bosch VMS Central Server in Bosch VMS 12.0.1 allows attackers to consume excessive amounts of disk space via network interface.	CWE-400 リソースの枯渇	CVE-2024-33618	2026-04-18 00:17	2026-04-15	表示	GitHub Exploit DB Packet Storm

764	6.1	MEDIUM ネットワーク	-	-	Versions of the package github.com/yuin/goldmark/renderer/html before 1.7.17 are vulnerable to Cross-site Scripting (XSS) due to improper ordering of URL validation and normalization. The renderer va…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-5160	2026-04-18 00:17	2026-04-15	表示	GitHub Exploit DB Packet Storm

765	6.5	MEDIUM ネットワーク	-	-	JavaScript is vulnerable to prototype pollution in Mafintosh's protocol-buffers-schema Version 3.6.0, where an attacker may alter the application logic, bypass security checks, cause a DoS or achieve…	-	CVE-2026-5758	2026-04-18 00:17	2026-04-16	表示	GitHub Exploit DB Packet Storm

766	7.3	HIGH ローカル	-	-	A flaw was found in gimp. This buffer overflow vulnerability in the GIF image loading component's `ReadJeffsImage` function allows an attacker to write beyond an allocated buffer by processing a spec…	CWE-120 古典的バッファオーバーフロー	CVE-2026-6384	2026-04-18 00:17	2026-04-16	表示	GitHub Exploit DB Packet Storm

767	6.5	MEDIUM ネットワーク	-	-	A flaw was found in FFmpeg. A remote attacker could exploit this vulnerability by providing a specially crafted MPEG-PS/VOB media file containing a malicious DVD subtitle stream. This vulnerability i…	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2026-6385	2026-04-18 00:17	2026-04-16	表示	GitHub Exploit DB Packet Storm

768	-	-	-	-	Inadequate Encryption Strength vulnerability in TP-Link Archer C7 v5 and v5.8 (uhttpd modules) allows Password Recovery Exploitation. The web interface encrypts the admin password client-side using R…	CWE-326 不適切な暗号強度	CVE-2026-5363	2026-04-18 00:17	2026-04-16	表示	GitHub Exploit DB Packet Storm

769	-	-	-	-	An Incorrect Permission Assignment for Critical Resource vulnerability in the ASUS DriverHub update process allows privilege escalation due to improper protection of required execution resources duri…	CWE-367 Time-of-check Time-of-use (TOCTOU) 競合状態	CVE-2026-1880	2026-04-18 00:17	2026-04-16	表示	GitHub Exploit DB Packet Storm

770	-	-	-	-	A Download of Code Without Integrity Check vulnerability in the update modules in ASUS Member Center(华硕大厅) allows a local user to achieve privilege escalation to Administrator via exploitation of a T…	CWE-367 CWE-494 Time-of-check Time-of-use (TOCTOU) 競合状態ダウンロードしたコードの完全性検証不備	CVE-2026-3428	2026-04-18 00:17	2026-04-16	表示	GitHub Exploit DB Packet Storm

771	7.3	HIGH ローカル	-	-	Dell Storage Manager - Replay Manager for Microsoft Servers, version(s) 8.0, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially e…	CWE-269 不適切な権限管理	CVE-2026-23772	2026-04-18 00:17	2026-04-16	表示	GitHub Exploit DB Packet Storm

772	-	-	-	-	Insufficiently Protected Credentials in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client does not verify the receiver of OAuth2 credentials during OpenID authentication	CWE-522 認証情報の不十分な保護	CVE-2025-15621	2026-04-18 00:17	2026-04-16	表示	GitHub Exploit DB Packet Storm

773	5.9	MEDIUM ネットワーク	-	-	@fastify/static versions 8.0.0 through 9.1.0 decode percent-encoded path separators (%2F) before filesystem resolution, while Fastify's router treats them as literal characters. This mismatch allows …	CWE-177 URLエンコーディング（16進エンコーディング）の不適切な処理	CVE-2026-6414	2026-04-18 00:17	2026-04-16	表示	GitHub Exploit DB Packet Storm

774	8.1	HIGH ネットワーク	-	-	Zohocorp ManageEngine PAM360 versions before 8531 and ManageEngine Password Manager Pro versions from 8600 to 13230 are vulnerable to Authenticated SQL injection in the query report module.	CWE-89 SQLインジェクション	CVE-2026-5785	2026-04-18 00:17	2026-04-16	表示	GitHub Exploit DB Packet Storm

775	9.1	CRITICAL ネットワーク	-	-	@fastify/middie versions 9.3.1 and earlier do not register inherited middleware directly on child plugin engine instances. When a Fastify application registers authentication middleware in a parent s…	CWE-436 解釈の競合	CVE-2026-6270	2026-04-18 00:17	2026-04-16	表示	GitHub Exploit DB Packet Storm

776	5.3	MEDIUM ネットワーク	-	-	@fastify/static versions 8.0.0 through 9.1.0 allow path traversal when directory listing is enabled via the list option. The dirList.path() function resolves directories outside the configured static…	CWE-22 パス・トラバーサル	CVE-2026-6410	2026-04-18 00:17	2026-04-16	表示	GitHub Exploit DB Packet Storm

777	7.4	HIGH ネットワーク	-	-	@fastify/middie versions 9.3.1 and earlier are vulnerable to middleware bypass when the deprecated Fastify ignoreDuplicateSlashes option is enabled. The middleware path matching logic does not accoun…	CWE-436 解釈の競合	CVE-2026-33804	2026-04-18 00:17	2026-04-17	表示	GitHub Exploit DB Packet Storm

778	-	-	-	-	A Denial of Service (DoS) vulnerability exists in the Protobuf PHP library during the parsing of untrusted input. Maliciously structured messages—specifically those containing negative varints or dee…	CWE-20 不適切な入力確認	CVE-2026-6409	2026-04-18 00:17	2026-04-17	表示	GitHub Exploit DB Packet Storm

779	-	-	-	-	A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user to recover a shared per-device cookie secret from their own webstax_auth session cookie and forge a…	CWE-331 エントロピー不足	CVE-2026-2336	2026-04-18 00:17	2026-04-17	表示	GitHub Exploit DB Packet Storm

780	5.4	MEDIUM ネットワーク	-	-	A vulnerability was found in prasathmani TinyFileManager up to 2.6. Affected is an unknown function of the file /filemanager.php of the component POST Parameter Handler. The manipulation of the argum…	CWE-22 パス・トラバーサル	CVE-2026-6496	2026-04-18 00:16	2026-04-18	表示	GitHub Exploit DB Packet Storm

781	3.5	LOW ネットワーク	-	-	A flaw has been found in lukevella rallly up to 4.7.4. This affects an unknown function of the file apps/web/src/app/[locale]/(auth)/reset-password/components/reset-password-form.tsx of the component…	CWE-79 CWE-94 クロスサイト・スクリプティング（XSS）コード・インジェクション	CVE-2026-6493	2026-04-18 00:16	2026-04-18	表示	GitHub Exploit DB Packet Storm

782	7.3	HIGH ネットワーク	-	-	SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_music.php.	CWE-89 SQLインジェクション	CVE-2026-37336	2026-04-18 00:15	2026-04-17	表示	GitHub Exploit DB Packet Storm

783	7.3	HIGH ネットワーク	-	-	SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_playlist.php.	CWE-89 SQLインジェクション	CVE-2026-37337	2026-04-18 00:15	2026-04-17	表示	GitHub Exploit DB Packet Storm

784	9.4	CRITICAL ネットワーク	-	-	SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_user.php.	CWE-89 SQLインジェクション	CVE-2026-37338	2026-04-18 00:15	2026-04-17	表示	GitHub Exploit DB Packet Storm

785	9.8	CRITICAL ネットワーク	-	-	SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_park.php.	CWE-89 SQLインジェクション	CVE-2026-37345	2026-04-18 00:15	2026-04-17	表示	GitHub Exploit DB Packet Storm

786	4.7	MEDIUM ネットワーク	-	-	SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/view_account.php?emp_id=.	CWE-89 SQLインジェクション	CVE-2026-37346	2026-04-18 00:15	2026-04-17	表示	GitHub Exploit DB Packet Storm

787	9.1	CRITICAL ネットワーク	-	-	SourceCodester Payroll Management and Information System v1.0 is vulnerable to SQL Injection in the file /payroll/view_employee.php.	CWE-89 SQLインジェクション	CVE-2026-37347	2026-04-18 00:15	2026-04-17	表示	GitHub Exploit DB Packet Storm

788	8.2	HIGH ネットワーク	-	-	Zohocorp ManageEngine Log360 versions 13000 through 13013 are vulnerable to authentication bypass on certain actions due to improper filter configuration.	CWE-288 代替パスまたはチャネルを使用した認証回避	CVE-2026-3324	2026-04-18 00:14	2026-04-17	表示	GitHub Exploit DB Packet Storm

789	5.1	MEDIUM 物理	-	-	Dell Client Platform BIOS contains a Weak Password Recovery Mechanism vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability, leadi…	CWE-640 パスワードを忘れた場合の脆弱なパスワードリカバリの仕組み	CVE-2025-36579	2026-04-18 00:14	2026-04-17	表示	GitHub Exploit DB Packet Storm

790	4.1	MEDIUM ローカル	-	-	Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper check for unusual or exceptional conditions vulnerability. A high privileged attacker with local access could potentially explo…	CWE-754 例外的な状態における不適切なチェック	CVE-2025-43883	2026-04-18 00:14	2026-04-17	表示	GitHub Exploit DB Packet Storm

791	-	-	-	-	Insufficient checks of the RMP on host buffer access in IOMMU may allow an attacker with privileges and a compromised hypervisor to trigger an out of bounds condition without RMP checks, resulting in…	CWE-788 バッファの終端後のメモリ領域に対するアクセス	CVE-2023-20585	2026-04-18 00:14	2026-04-17	表示	GitHub Exploit DB Packet Storm

792	4.4	MEDIUM ローカル	-	-	Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release vulnerability. A high privileged attacker with local access could potentially exploit this vulnera…	CWE-404 リソースの不適切なシャットダウンおよびリリース	CVE-2025-43935	2026-04-18 00:14	2026-04-17	表示	GitHub Exploit DB Packet Storm

793	6.6	MEDIUM ローカル	-	-	Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit th…	CWE-532 ログファイルからの情報漏えい	CVE-2025-43937	2026-04-18 00:14	2026-04-17	表示	GitHub Exploit DB Packet Storm

794	-	-	-	-	A missing lock verification in AMD Secure Processor (ASP) firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some Zen 5-based products, poten…	CWE-414 ロック確認の欠如	CVE-2025-54510	2026-04-18 00:14	2026-04-17	表示	GitHub Exploit DB Packet Storm

795	-	-	-	-	Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to achieve privilege escalation potentially resulti…	CWE-668 誤った領域へのリソースの漏えい	CVE-2025-54502	2026-04-18 00:14	2026-04-17	表示	GitHub Exploit DB Packet Storm

796	8.4	HIGH ローカル	-	-	Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.1…	CWE-1391 脆弱な認証情報の使用	CVE-2026-23853	2026-04-18 00:13	2026-04-17	表示	GitHub Exploit DB Packet Storm

797	7.2	HIGH ネットワーク	-	-	In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass	CWE-1336 テンプレートエンジンで使用される特殊な要素の不適切な無効化	CVE-2026-33392	2026-04-18 00:13	2026-04-17	表示	GitHub Exploit DB Packet Storm

798	5.0	MEDIUM ローカル	-	-	Red Magic 11 Pro (NX809J) contains a vulnerability that allows non-privileged applications to trigger sensitive operations. The vulnerability stems from the lack of validation for applications access…	CWE-269 不適切な権限管理	CVE-2026-40002	2026-04-18 00:13	2026-04-17	表示	GitHub Exploit DB Packet Storm

799	-	-	-	-	Insufficiently Protected Credentials vulnerability in Sparx Systems Pty Ltd. Sparx Enterprise Architect. Client reveals plaintext OAuth2 client secretDesktop client decodes the secret and uses the pl…	CWE-522 認証情報の不十分な保護	CVE-2025-15622	2026-04-18 00:13	2026-04-17	表示	GitHub Exploit DB Packet Storm

800	-	-	-	-	Exposure of Private Personal Information to an Unauthorized Actor, : Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud…	CWE-359 CWE-497 認可されていないアクターへの個人情報の漏えい認可されていない制御領域への重要情報の漏えい	CVE-2025-15623	2026-04-18 00:13	2026-04-17	表示	GitHub Exploit DB Packet Storm