NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月12日4:20

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
801	7.5	HIGH ネットワーク	-	-	Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, iIn handle_dht_get(), the DhtResults accumulator is only initia… New	CWE-754 例外的な状態における不適切なチェック	CVE-2026-46541	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

802	6.5	MEDIUM ネットワーク	-	-	Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch() adopts a fork chain whose tip … New	CWE-841 行動ワークフローの不適切な実施	CVE-2026-46540	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

803	5.9	MEDIUM ネットワーク	-	-	Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a logic flaw in BlockInclusionProof::is_block_proven causes the… New	CWE-345 データの信頼性についての不十分な検証	CVE-2026-46539	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

804	8.6	HIGH ネットワーク	-	-	SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. Prior to version 7.0.3, simplesamlphp-module-casserver builds file paths for the file-based CA… New	CWE-22 パス・トラバーサル	CVE-2026-46491	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

805	6.5	MEDIUM ネットワーク	-	-	FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.2, authorized clients have the ability to exceed the permitted over-commit of their write buffer and trigge… New	CWE-248 キャッチされない例外	CVE-2026-46411	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

806	-	-	-	-	Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. From version 21.0 to before version 51.2, a guest can cause a use-after-free in the cloud-hypervisor process by submitting two virti… New	CWE-416 解放済みメモリの使用	CVE-2026-45782	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

807	7.5	HIGH ネットワーク	-	-	Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. From version 0.0.90 to before version 1.2.0, a path traversal vulnerability exists in Pip… New	CWE-22 パス・トラバーサル	CVE-2026-44716	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

808	5.3	MEDIUM ネットワーク	-	-	Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. network-libp2p handles kad get-record query progress in handle_dht_get (network-libp2p/… New	CWE-755 例外的な状態における不適切な処理	CVE-2026-44505	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

809	5.3	MEDIUM ネットワーク	-	-	Spring Data REST's Querydsl integration accepts arbitrary persistent property paths as request-parameter filter keys and does not consider Jackson customizations before handing them to Querydsl. Aff… New	CWE-284 不適切なアクセス制御	CVE-2026-41837	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

810	8.1	HIGH ネットワーク	-	-	JsonPulsarHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its subpackages. Additionally, an empty trusted-… New	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2026-41732	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

811	8.1	HIGH ネットワーク	-	-	JsonKafkaHeaderMapper and the deprecated DefaultKafkaHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its s… New	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2026-41731	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

812	5.3	MEDIUM ネットワーク	-	-	Spring Data REST serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence-layer internals to HTTP clients. Affected versions: Spring Data REST 3.7.… New	CWE-209 エラーメッセージによる情報漏えい	CVE-2026-41730	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

813	8.1	HIGH ネットワーク	-	-	Spring Data REST is vulnerable to SpEL expression injection through map-typed properties when processing JSON Patch (application/json-patch+json) requests. When a persistent entity exposes a Map-type… New	CWE-917 言語構文の表現に使用される特殊な要素の不適切な無効化	CVE-2026-41729	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

814	7.5	HIGH ネットワーク	-	-	Spring Data REST's JSON Patch (application/json-patch+json) implementation does not apply the write-access filter to intermediate path segments when resolving a multi-segment JSON Pointer. Affected … New	CWE-284 不適切なアクセス制御	CVE-2026-41728	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

815	6.5	MEDIUM ネットワーク	-	-	Spring Kafka's retry topic infrastructure did not sufficiently validate user-controlled header values before acting on them. A producer could send a record with a crafted retry_topic-attempts header … New	CWE-20 不適切な入力確認	CVE-2026-41727	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

816	6.5	MEDIUM ネットワーク	-	-	When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by sending records with unique random spring.kafka.serialization.selector header values, ev… New	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2026-41726	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

817	5.9	MEDIUM ネットワーク	-	-	Spring Data Commons contains a vulnerability that can lead to a Denial of Service (DoS) condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload… New	CWE-400 リソースの枯渇	CVE-2026-41721	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

818	6.4	MEDIUM ネットワーク	-	-	A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort into a repository query method that delegates evaluation to the SpelPropertyComparator. … New	CWE-917 言語構文の表現に使用される特殊な要素の不適切な無効化	CVE-2026-41719	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

819	8.1	HIGH ネットワーク	-	-	Spring Data MongoDB contains a SpEL (Spring Expression Language) expression injection vulnerability. The issue occurs during parameter binding when a user-defined repository query method is annotated… New	CWE-917 言語構文の表現に使用される特殊な要素の不適切な無効化	CVE-2026-41717	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

820	7.5	HIGH ネットワーク	-	-	Spring Data's internal property-lookup cache accepts and permanently retains attacker-supplied strings as cache keys, allowing heap exhaustion through repeated requests. Affected versions: Spring Da… New	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2026-41716	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

821	4.0	MEDIUM ネットワーク	-	-	Applications that configure their broker connection via RabbitConnectionFactoryBean.setUri("amqps://...") without also calling setUseSSL(true) get TLS encryption with no certificate validation and no… New	CWE-295 不正な証明書検証	CVE-2026-41714	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

822	5.9	MEDIUM ネットワーク	-	-	Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack leading to a StackOverflowException when parsing Sort parameters. Affected versions: Spring Data Commons … New	CWE-400 リソースの枯渇	CVE-2026-41711	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

823	6.1	MEDIUM ネットワーク	-	-	Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cookie so that users can be redirected back to their intended destination after… New	CWE-601 オープンリダイレクト	CVE-2026-41706	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

824	4.4	MEDIUM ネットワーク	-	-	Correlation IDs for replies in the RabbitTemplate.sendAndReceive() with the fixed reply queue are predictable due to internal simple counter. Affected versions: Spring AMQP 4.0.0 through 4.0.3; 3.2.… New	CWE-330 不十分なランダム値の使用	CVE-2026-41701	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

825	4.8	MEDIUM ネットワーク	-	-	Spring Data Relational does not properly escape binding values of externally-controlled input when using StringMatcher (STARTING, ENDING, or CONTAINING) in Query By Example (QBE). An attacker can sup… New	CWE-943 データクエリロジックの特殊要素の不適切な中立化	CVE-2026-41697	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

826	5.9	MEDIUM ネットワーク	-	-	Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the bound parameter. An attacker can supply a crafted string to … New	CWE-943 データクエリロジックの特殊要素の不適切な中立化	CVE-2026-41696	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

827	7.5	HIGH ネットワーク	-	-	Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolutio… New	CWE-400 リソースの枯渇	CVE-2026-41695	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

828	3.7	LOW ネットワーク	-	-	Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able to craft these SAML payloa… New	CWE-347 デジタル署名の不適切な検証	CVE-2026-41694	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

829	6.1	MEDIUM ネットワーク	-	-	Spring Security Authorization Server's authorization endpoint performs insufficient validation of the request_uri parameter. An attacker can craft a malicious authorization request containing an inva… New	CWE-601 オープンリダイレクト	CVE-2026-41008	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

830	7.6	HIGH ネットワーク	-	-	An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters. Affected versions: Spring Security 5.7.0 throug… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-41003	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

831	7.3	HIGH 隣接	-	-	An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository (saml2_asserting_party_metadata) may be able to store malicious serialized payloads in the col… New	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2026-40993	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

832	5.9	MEDIUM ネットワーク	-	-	When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a maliciou… New	CWE-611 XML 外部エンティティ参照の不適切な制限	CVE-2026-40991	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

833	7.5	HIGH ネットワーク	-	-	An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Logout may be vulnerable to a denial of service by way of an unbounded writer that inflates … New	CWE-400 リソースの枯渇	CVE-2026-40988	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

834	-	-	-	-	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. New	-	CVE-2026-10238	2026-06-10 08:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

835	8.1	HIGH ネットワーク	-	-	Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type. New	CWE-284 不適切なアクセス制御	CVE-2026-36720	2026-06-10 07:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

836	7.8	HIGH ローカル	-	-	Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerab… New	-	CVE-2026-8863	2026-06-10 06:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

837	6.3	MEDIUM ネットワーク	-	-	SemCms 5.0 is vulnerable to Cross Site Request Forgery (CSRF) via crafted POST request to /admin/semcms_user.php. New	CWE-352 同一生成元ポリシー違反	CVE-2026-39170	2026-06-10 06:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

838	7.5	HIGH ネットワーク	-	-	SEMCMS 5.0 is vulnerable to unauthorized access in SEMCMS_copy.php. New	CWE-284 不適切なアクセス制御	CVE-2026-39169	2026-06-10 06:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

839	7.5	HIGH ネットワーク	-	-	Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the macAddr parameter of the formDelStaState function. This vulnerability allows attackers to c… New	CWE-121 スタックオーバーフロー	CVE-2026-36822	2026-06-10 06:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

840	7.5	HIGH ネットワーク	-	-	Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the picCropName parameter of the formCropAndSetWewifiPic function. This vulnerability allows at… New	CWE-121 スタックオーバーフロー	CVE-2026-36821	2026-06-10 06:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

841	7.5	HIGH ネットワーク	-	-	Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser function. This vulnerability … New	CWE-121 スタックオーバーフロー	CVE-2026-36820	2026-06-10 06:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

842	7.5	HIGH ネットワーク	-	-	Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the bindMACAddr parameter of the fromSetDhcpRules function. This vulnerability allows attackers… New	CWE-121 スタックオーバーフロー	CVE-2026-36819	2026-06-10 06:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

843	7.5	HIGH ネットワーク	-	-	An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later). There is a Heap buffer overflow in various buffer encryption utilities. New	CWE-122 ヒープオーバーフロー	CVE-2023-43688	2026-06-10 06:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

844	7.8	HIGH ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: pstore/ram: fix buffer overflow in persistent_ram_save_old() persistent_ram_save_old() can be called multiple times for the same … Update	CWE-787 境界外書き込み	CVE-2026-46253	2026-06-10 05:42	2026-06-4	表示	GitHub Exploit DB Packet Storm

845	5.5	MEDIUM ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix locking in regulator_resolve_supply() error path If late enabling of a supply regulator fails in regulator_r… Update	CWE-667 不適切なロック	CVE-2026-46252	2026-06-10 05:42	2026-06-4	表示	GitHub Exploit DB Packet Storm

846	7.3	HIGH ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: MIPS: Work around LLVM bug when gp is used as global register variable On MIPS, __current_thread_info is defined as global regist… Update	NVD-CWE-noinfo	CVE-2026-46250	2026-06-10 05:42	2026-06-4	表示	GitHub Exploit DB Packet Storm

847	8.4	HIGH ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: btrfs: fix block_group_tree dirty_list corruption When the incompat flag EXTENT_TREE_V2 is set, we unconditionally add the block … Update	NVD-CWE-noinfo	CVE-2026-46251	2026-06-10 05:38	2026-06-4	表示	GitHub Exploit DB Packet Storm

848	5.5	MEDIUM ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Fix PF driver crash with kexec kernel booting During a kexec reboot the hardware is not power-cycled, so AF state f… Update	NVD-CWE-noinfo	CVE-2026-46249	2026-06-10 05:37	2026-06-4	表示	GitHub Exploit DB Packet Storm

849	5.5	MEDIUM ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: clear stale link mapping of ahvif->links_map When an arvif is initialized in non-AP STA mode but MLO connection pre… Update	NVD-CWE-noinfo	CVE-2026-46248	2026-06-10 05:36	2026-06-4	表示	GitHub Exploit DB Packet Storm

850	5.5	MEDIUM ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: clk: qcom: gfx3d: add parent to parent request map After commit d228ece36345 ("clk: divider: remove round_rate() in favor of dete… Update	NVD-CWE-noinfo	CVE-2026-46247	2026-06-10 05:36	2026-06-4	表示	GitHub Exploit DB Packet Storm