NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2026年4月23日4:00

No CVSS レベル
攻撃区分		 ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
801 - -
- - Plaintext Storage of a Password vulnerability in Sparx Systems Pty Ltd. Sparx Pro Cloud Server.  In a setup where OpenID is used as the primary method of authentication to authenticate to Sparx EA, P… CWE-256
平文でパスワードを保存 		CVE-2025-15624 2026-04-18 00:13 2026-04-17 表示 GitHub Exploit DB Packet Storm
802 - -
- - Unauthenticated user is able to execute arbitrary SQL commands in Sparx Pro Cloud Server database in certain cases. CWE-89
CWE-200
SQLインジェクション
情報漏えい 		CVE-2025-15625 2026-04-18 00:13 2026-04-17 表示 GitHub Exploit DB Packet Storm
803 6.0 MEDIUM
ローカル 		- - An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiAnalyzer 7.6.0 through 7.6.4, FortiAnalyzer 7.4.0 through 7.4.7, FortiAnalyzer 7.2 all… CWE-22
パス・トラバーサル 		CVE-2025-68649 2026-04-18 00:11 2026-04-15 表示 GitHub Exploit DB Packet Storm
804 5.7 MEDIUM
ネットワーク 		- - A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3… CWE-319
重要な情報の平文での送信 		CVE-2026-21742 2026-04-18 00:11 2026-04-15 表示 GitHub Exploit DB Packet Storm
805 4.6 MEDIUM
ネットワーク 		- - An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR Paa… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-22154 2026-04-18 00:11 2026-04-15 表示 GitHub Exploit DB Packet Storm
806 6.5 MEDIUM
ネットワーク 		- - A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3… CWE-319
重要な情報の平文での送信 		CVE-2026-22155 2026-04-18 00:11 2026-04-15 表示 GitHub Exploit DB Packet Storm
807 6.5 MEDIUM
ネットワーク 		- - An improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5 all versions, FortiSOAR PaaS 7.4 all… CWE-22
パス・トラバーサル 		CVE-2026-22573 2026-04-18 00:11 2026-04-15 表示 GitHub Exploit DB Packet Storm
808 4.1 MEDIUM
ネットワーク 		- - A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all v… CWE-257
復元可能な形式でのパスワード保存 		CVE-2026-22574 2026-04-18 00:11 2026-04-15 表示 GitHub Exploit DB Packet Storm
809 4.3 MEDIUM
ネットワーク 		- - A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all v… CWE-257
復元可能な形式でのパスワード保存 		CVE-2026-22576 2026-04-18 00:11 2026-04-15 表示 GitHub Exploit DB Packet Storm
810 8.1 HIGH
ネットワーク 		- - A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, FortiManager Cloud 7.6.2 through 7.6.4 may allow a remote unauthenticated attacker to execute arbitrary… CWE-122
ヒープオーバーフロー 		CVE-2026-22828 2026-04-18 00:11 2026-04-15 表示 GitHub Exploit DB Packet Storm
811 7.5 HIGH
ネットワーク 		- - A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 throug… CWE-287
不適切な認証 		CVE-2026-23708 2026-04-18 00:11 2026-04-15 表示 GitHub Exploit DB Packet Storm
812 6.7 MEDIUM
ネットワーク 		- - A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all ver… CWE-22
パス・トラバーサル 		CVE-2026-25691 2026-04-18 00:11 2026-04-15 表示 GitHub Exploit DB Packet Storm
813 2.7 LOW
ネットワーク 		- - A insufficiently protected credentials vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4 all versions, FortiSandbox PaaS 5.0.1 through 5.0.5 may allow an authenticathed adm… CWE-522
認証情報の不十分な保護 		CVE-2026-27316 2026-04-18 00:11 2026-04-15 表示 GitHub Exploit DB Packet Storm
814 - -
- - CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause critical files overwritten with text data when a Web Admin user alters the … CWE-22
パス・トラバーサル 		CVE-2026-2399 2026-04-18 00:11 2026-04-15 表示 GitHub Exploit DB Packet Storm
815 - -
- - CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability exists that could cause application user credentials to reset when a Web Admin user alters the POST /setPCBEDesc re… CWE-93
CRLF インジェクション 		CVE-2026-2400 2026-04-18 00:11 2026-04-15 表示 GitHub Exploit DB Packet Storm
816 - -
- - CWE-532 Insertion of Sensitive Information into Log File vulnerability exists that could cause confidential information to be exposed when a Web Admin user executes a malicious file provided by an a… CWE-532
ログファイルからの情報漏えい 		CVE-2026-2401 2026-04-18 00:11 2026-04-15 表示 GitHub Exploit DB Packet Storm
817 - -
- - CWE-307 Improper Restriction of Excessive Authentication Attempts vulnerability exists that would allow an attacker to gain access to the user account by performing an arbitrary number of authenticat… CWE-307
過度な認証試行の不適切な制限 		CVE-2026-2402 2026-04-18 00:11 2026-04-15 表示 GitHub Exploit DB Packet Storm
818 - -
- - CWE-1284 Improper Validation of Specified Quantity in Input vulnerability exists that could cause Event and Data Log truncation impacting log integrity when a Web Admin user alters the POST /logsetti… CWE-1284
入力で指定された数量の不適切な検証 		CVE-2026-2403 2026-04-18 00:11 2026-04-15 表示 GitHub Exploit DB Packet Storm
819 - -
- - CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /j_security check request payload. CWE-116
不適切なエンコード、または出力のエスケープ 		CVE-2026-2404 2026-04-18 00:11 2026-04-15 表示 GitHub Exploit DB Packet Storm
820 - -
- - CWE-400 Uncontrolled Resource Consumption vulnerability exists that could cause excessive troubleshooting zip file creation and denial of service when a Web Admin user floods the system with POST /he… CWE-400
リソースの枯渇 		CVE-2026-2405 2026-04-18 00:11 2026-04-15 表示 GitHub Exploit DB Packet Storm
821 9.8 CRITICAL
ネットワーク 		- - A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code… CWE-78
OSコマンド・インジェクション 		CVE-2026-39808 2026-04-18 00:11 2026-04-15 表示 GitHub Exploit DB Packet Storm
822 6.7 MEDIUM
ローカル 		- - A improper neutralization of special elements used in an sql command ('sql injection') vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5, FortiClientEMS 7.2.0 through 7.2.12, FortiClientEM… CWE-89
SQLインジェクション 		CVE-2026-39809 2026-04-18 00:11 2026-04-15 表示 GitHub Exploit DB Packet Storm
823 6.0 MEDIUM
ローカル 		- - A use of hard-coded cryptographic key vulnerability in Fortinet FortiClientEMS 7.4.0 through 7.4.5 may allow attacker to information disclosure via decrypting database dump. CWE-321
ハードコードされた暗号鍵の使用 		CVE-2026-39810 2026-04-18 00:11 2026-04-15 表示 GitHub Exploit DB Packet Storm
824 4.9 MEDIUM
ネットワーク 		- - A integer overflow or wraparound vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions … CWE-190
整数オーバーフローまたはラップアラウンド 		CVE-2026-39811 2026-04-18 00:11 2026-04-15 表示 GitHub Exploit DB Packet Storm
825 4.8 MEDIUM
ネットワーク 		- - A improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 a… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-39812 2026-04-18 00:11 2026-04-15 表示 GitHub Exploit DB Packet Storm
826 9.8 CRITICAL
ネットワーク 		- - A path traversal: '../filedir' vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8 may allow attacker to escalation of privilege via <insert attack vector her… CWE-24
パストラバーサル (../filedir) 		CVE-2026-39813 2026-04-18 00:11 2026-04-15 表示 GitHub Exploit DB Packet Storm
827 6.7 MEDIUM
ローカル 		- - A relative path traversal vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.2, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.1 through 7.4.12, FortiWeb 7.2.7 through 7.2.12, FortiWeb 7.0.10 through 7… CWE-23
相対的パストラバーサル 		CVE-2026-39814 2026-04-18 00:11 2026-04-15 表示 GitHub Exploit DB Packet Storm
828 - -
- - CWE-798 Use of Hard-coded Credentials vulnerability exists that could cause unauthorized access to sensitive device information when an unauthenticated attacker is able to interrogate the SNMP port. CWE-798
ハードコードされた認証情報の使用 		CVE-2026-4832 2026-04-18 00:11 2026-04-15 表示 GitHub Exploit DB Packet Storm
829 - -
- - The "profiling.sampling" module (Python 3.15+) and "asyncio introspection capabilities" (3.14+, "python -m asyncio ps" and "python -m asyncio pstree") features could be used to read and write address… CWE-121
CWE-125
スタックオーバーフロー
境界外読み取り 		CVE-2026-5713 2026-04-18 00:11 2026-04-15 表示 GitHub Exploit DB Packet Storm
830 6.9 MEDIUM
ネットワーク 		- - A flaw was found in Keycloak, specifically in the organization selection login page. A remote attacker with `manage-realm` or `manage-organizations` administrative privileges can exploit a Stored Cro… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-37980 2026-04-18 00:11 2026-04-15 表示 GitHub Exploit DB Packet Storm
831 7.1 HIGH
ローカル 		- - A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in th… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-4344 2026-04-18 00:11 2026-04-15 表示 GitHub Exploit DB Packet Storm
832 7.1 HIGH
ローカル 		- - A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious … CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-4345 2026-04-18 00:11 2026-04-15 表示 GitHub Exploit DB Packet Storm
833 7.1 HIGH
ローカル 		- - A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerabili… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-4369 2026-04-18 00:11 2026-04-15 表示 GitHub Exploit DB Packet Storm
834 5.7 MEDIUM
ネットワーク 		- - Improper protection of an alternate path in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to retain access when their account has been disabled. CWE-424
代替パスの不適切な保護 		CVE-2026-4913 2026-04-18 00:11 2026-04-15 表示 GitHub Exploit DB Packet Storm
835 5.4 MEDIUM
ネットワーク 		- - Stored XSS in Ivanti N-ITSM before version 2025.4 allows a remote authenticated attacker to obtain limited information from other user sessions. User interaction is required. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-4914 2026-04-18 00:11 2026-04-15 表示 GitHub Exploit DB Packet Storm
836 4.3 MEDIUM
ネットワーク 		- - A server-side request forgery (ssrf) vulnerability [CWE-918] vulnerability in Fortinet FortiSOAR PaaS 7.6.4, FortiSOAR PaaS 7.6.0 through 7.6.2, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4… CWE-918
サーバサイドリクエストフォージェリ 		CVE-2025-59809 2026-04-18 00:11 2026-04-15 表示 GitHub Exploit DB Packet Storm
837 5.4 MEDIUM
ネットワーク 		- - An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability [CWE-79] vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.4, FortiSandbox PaaS 5.0.0 thro… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2025-61886 2026-04-18 00:11 2026-04-15 表示 GitHub Exploit DB Packet Storm
838 6.0 MEDIUM
ローカル 		- - An Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') [CWE-22] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.4, FortiOS 7.4.0 through 7.4.9, FortiOS 7.2 all versions… CWE-22
パス・トラバーサル 		CVE-2025-61624 2026-04-18 00:11 2026-04-15 表示 GitHub Exploit DB Packet Storm
839 6.7 MEDIUM
ローカル 		- - Reliance on untrusted inputs in a security decision in Windows Boot Loader allows an authorized attacker to bypass a security feature locally. CWE-807
セキュリティ決定の信頼できない入力への依存 		CVE-2026-0390 2026-04-18 00:10 2026-04-15 表示 GitHub Exploit DB Packet Storm
840 5.5 MEDIUM
ローカル 		- - Access of resource using incompatible type ('type confusion') in Windows COM allows an authorized attacker to disclose information locally. CWE-843
型の取り違え 		CVE-2026-20806 2026-04-18 00:10 2026-04-15 表示 GitHub Exploit DB Packet Storm
841 4.6 MEDIUM
物理 		- - Improper removal of sensitive information before storage or transfer in Windows Recovery Environment Agent allows an unauthorized attacker to bypass a security feature with a physical attack. CWE-212
保存または転送前の重要な情報の不適切な削除 		CVE-2026-20928 2026-04-18 00:10 2026-04-15 表示 GitHub Exploit DB Packet Storm
842 7.8 HIGH
ローカル 		- - Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Management Services allows an authorized attacker to elevate privileges locally. CWE-362
競合状態 		CVE-2026-20930 2026-04-18 00:10 2026-04-15 表示 GitHub Exploit DB Packet Storm
843 4.6 MEDIUM
ネットワーク 		- - Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-20945 2026-04-18 00:10 2026-04-15 表示 GitHub Exploit DB Packet Storm
844 5.7 MEDIUM
ネットワーク 		- - Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio Code allows an authorized attacker to disclose information over a network. CWE-77
コマンドインジェクション 		CVE-2026-23653 2026-04-18 00:10 2026-04-15 表示 GitHub Exploit DB Packet Storm
845 7.8 HIGH
ローカル 		- - Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. CWE-416
解放済みメモリの使用 		CVE-2026-23657 2026-04-18 00:10 2026-04-15 表示 GitHub Exploit DB Packet Storm
846 7.5 HIGH
ネットワーク 		- - Improper input validation in .NET Framework allows an unauthorized attacker to deny service over a network. CWE-755
例外的な状態における不適切な処理 		CVE-2026-23666 2026-04-18 00:10 2026-04-15 表示 GitHub Exploit DB Packet Storm
847 5.7 MEDIUM
ローカル 		- - Untrusted pointer dereference in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally. CWE-822
信頼性のないポインタデリファレンス 		CVE-2026-23670 2026-04-18 00:10 2026-04-15 表示 GitHub Exploit DB Packet Storm
848 7.0 HIGH
ローカル 		- - Concurrent execution using shared resource with improper synchronization ('race condition') in Applocker Filter Driver (applockerfltr.sys) allows an authorized attacker to elevate privileges locally. CWE-362
競合状態 		CVE-2026-25184 2026-04-18 00:10 2026-04-15 表示 GitHub Exploit DB Packet Storm
849 7.8 HIGH
ローカル 		- - Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally. CWE-20
不適切な入力確認 		CVE-2026-26143 2026-04-18 00:10 2026-04-15 表示 GitHub Exploit DB Packet Storm
850 9.0 CRITICAL
ネットワーク 		- - Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to bypass a security feature over a network. CWE-150
エスケープ、メタ、またはコントロールシーケンスの不適切な無効化 		CVE-2026-26149 2026-04-18 00:10 2026-04-15 表示 GitHub Exploit DB Packet Storm