NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年4月23日4:00

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
951	7.8	HIGH ローカル	-	-	Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.	CWE-416 解放済みメモリの使用	CVE-2026-32200	2026-04-18 00:10	2026-04-15	表示	GitHub Exploit DB Packet Storm

952	7.5	HIGH ネットワーク	-	-	Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.	CWE-20 CWE-121 不適切な入力確認スタックオーバーフロー	CVE-2026-32203	2026-04-18 00:10	2026-04-15	表示	GitHub Exploit DB Packet Storm

953	4.4	MEDIUM ローカル	-	-	Improper access control in Windows Virtualization-Based Security (VBS) Enclave allows an authorized attacker to bypass a security feature locally.	CWE-284 不適切なアクセス制御	CVE-2026-32220	2026-04-18 00:10	2026-04-15	表示	GitHub Exploit DB Packet Storm

954	8.4	HIGH ローカル	-	-	Heap-based buffer overflow in Microsoft Graphics Component allows an unauthorized attacker to execute code locally.	CWE-122 ヒープオーバーフロー	CVE-2026-32221	2026-04-18 00:10	2026-04-15	表示	GitHub Exploit DB Packet Storm

955	7.8	HIGH ローカル	-	-	Untrusted pointer dereference in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.	CWE-822 信頼性のないポインタデリファレンス	CVE-2026-32222	2026-04-18 00:10	2026-04-15	表示	GitHub Exploit DB Packet Storm

956	6.8	MEDIUM 物理	-	-	Heap-based buffer overflow in Windows USB Print Driver allows an unauthorized attacker to elevate privileges with a physical attack.	CWE-122 ヒープオーバーフロー	CVE-2026-32223	2026-04-18 00:10	2026-04-15	表示	GitHub Exploit DB Packet Storm

957	7.0	HIGH ローカル	-	-	Use after free in Windows Server Update Service allows an authorized attacker to elevate privileges locally.	CWE-416 解放済みメモリの使用	CVE-2026-32224	2026-04-18 00:10	2026-04-15	表示	GitHub Exploit DB Packet Storm

958	8.8	HIGH ネットワーク	-	-	Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network.	CWE-693 保護メカニズムの不具合	CVE-2026-32225	2026-04-18 00:10	2026-04-15	表示	GitHub Exploit DB Packet Storm

959	5.9	MEDIUM ネットワーク	-	-	Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network.	CWE-362 競合状態	CVE-2026-32226	2026-04-18 00:10	2026-04-15	表示	GitHub Exploit DB Packet Storm

960	7.8	HIGH ローカル	-	-	Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.	CWE-416 解放済みメモリの使用	CVE-2026-33095	2026-04-18 00:10	2026-04-15	表示	GitHub Exploit DB Packet Storm

961	7.5	HIGH ネットワーク	-	-	Out-of-bounds read in Windows HTTP.sys allows an unauthorized attacker to deny service over a network.	CWE-125 境界外読み取り	CVE-2026-33096	2026-04-18 00:10	2026-04-15	表示	GitHub Exploit DB Packet Storm

962	7.8	HIGH ローカル	-	-	Use after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally.	CWE-416 解放済みメモリの使用	CVE-2026-33098	2026-04-18 00:10	2026-04-15	表示	GitHub Exploit DB Packet Storm

963	7.0	HIGH ローカル	-	-	Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.	CWE-416 解放済みメモリの使用	CVE-2026-33099	2026-04-18 00:10	2026-04-15	表示	GitHub Exploit DB Packet Storm

964	7.0	HIGH ローカル	-	-	Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally.	CWE-416 解放済みメモリの使用	CVE-2026-33100	2026-04-18 00:10	2026-04-15	表示	GitHub Exploit DB Packet Storm

965	7.8	HIGH ローカル	-	-	Use after free in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally.	CWE-416 解放済みメモリの使用	CVE-2026-33101	2026-04-18 00:10	2026-04-15	表示	GitHub Exploit DB Packet Storm

966	5.5	MEDIUM ローカル	-	-	Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information locally.	CWE-284 不適切なアクセス制御	CVE-2026-33103	2026-04-18 00:10	2026-04-15	表示	GitHub Exploit DB Packet Storm

967	8.4	HIGH ローカル	-	-	Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally.	CWE-822 信頼性のないポインタデリファレンス	CVE-2026-33114	2026-04-18 00:10	2026-04-15	表示	GitHub Exploit DB Packet Storm

968	8.4	HIGH ローカル	-	-	Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally.	CWE-416 解放済みメモリの使用	CVE-2026-33115	2026-04-18 00:10	2026-04-15	表示	GitHub Exploit DB Packet Storm

969	7.5	HIGH ネットワーク	-	-	Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network.	CWE-20 CWE-400 CWE-835 不適切な入力確認リソースの枯渇無限ループ	CVE-2026-33116	2026-04-18 00:10	2026-04-15	表示	GitHub Exploit DB Packet Storm

970	8.8	HIGH ネットワーク	-	-	Untrusted pointer dereference in SQL Server allows an authorized attacker to execute code over a network.	CWE-822 信頼性のないポインタデリファレンス	CVE-2026-33120	2026-04-18 00:10	2026-04-15	表示	GitHub Exploit DB Packet Storm

971	6.1	MEDIUM ローカル	-	-	Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to disclose information locally.	CWE-125 境界外読み取り	CVE-2026-33822	2026-04-18 00:10	2026-04-15	表示	GitHub Exploit DB Packet Storm

972	9.8	CRITICAL ネットワーク	-	-	Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network.	CWE-415 二重解放	CVE-2026-33824	2026-04-18 00:10	2026-04-15	表示	GitHub Exploit DB Packet Storm

973	8.0	HIGH 隣接	-	-	Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network.	CWE-20 不適切な入力確認	CVE-2026-33826	2026-04-18 00:10	2026-04-15	表示	GitHub Exploit DB Packet Storm

974	8.1	HIGH ネットワーク	-	-	Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network.	CWE-362 競合状態	CVE-2026-33827	2026-04-18 00:10	2026-04-15	表示	GitHub Exploit DB Packet Storm

975	2.7	LOW ネットワーク	-	-	Mattermost versions 10.11.x <= 10.11.12 fail to validate whether users were correctly owned by the correct Connected Workspace which allows a malicious remote server connected using the Conntexted Wo…	CWE-862 認証の欠如	CVE-2026-27769	2026-04-18 00:09	2026-04-15	表示	GitHub Exploit DB Packet Storm

976	6.8	MEDIUM ネットワーク	-	-	Mattermost versions 10.11.x <= 10.11.12, 11.5.x <= 11.5.0, 11.4.x <= 11.4.2, 11.3.x <= 11.3.2 fail to validate CSRF tokens on an authentication endpoint which allows an attacker to update a user's au…	CWE-352 同一生成元ポリシー違反	CVE-2026-28741	2026-04-18 00:09	2026-04-15	表示	GitHub Exploit DB Packet Storm

977	-	-	-	-	@fastify/reply-from v12.6.1 and earlier and @fastify/http-proxy v11.4.3 and earlier process the client's Connection header after the proxy has added its own headers via rewriteRequestHeaders. This al…	CWE-644 HTTP ヘッダのスクリプト構文の不適切な無効化	CVE-2026-33805	2026-04-18 00:09	2026-04-15	表示	GitHub Exploit DB Packet Storm

978	6.5	MEDIUM ネットワーク	-	-	Mattermost versions 10.11.x <= 10.11.12, 11.5.x <= 11.5.0, 11.4.x <= 11.4.2, 11.3.x <= 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with a…	CWE-367 Time-of-check Time-of-use (TOCTOU) 競合状態	CVE-2026-3590	2026-04-18 00:09	2026-04-15	表示	GitHub Exploit DB Packet Storm

979	7.1	HIGH ローカル	-	-	During an internal security assessment, a potential vulnerability was discovered in Lenovo Diagnostics and the HardwareScanAddin used in Lenovo Vantage that, during installation or when using hardwar…	CWE-59 リンク解釈の問題	CVE-2026-0827	2026-04-18 00:09	2026-04-15	表示	GitHub Exploit DB Packet Storm

980	6.7	MEDIUM ローカル	-	-	A potential DLL hijacking vulnerability was reported in Lenovo Service Bridge that, under certain conditions, could allow a local authenticated user to execute code with elevated privileges.	CWE-427 制御されていない検索パスの要素	CVE-2026-1636	2026-04-18 00:09	2026-04-15	表示	GitHub Exploit DB Packet Storm

981	7.3	HIGH ローカル	-	-	During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to execute code with elevated …	CWE-427 制御されていない検索パスの要素	CVE-2026-4134	2026-04-18 00:09	2026-04-15	表示	GitHub Exploit DB Packet Storm

982	6.6	MEDIUM ローカル	-	-	During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to perform an arbitrary file w…	CWE-59 リンク解釈の問題	CVE-2026-4135	2026-04-18 00:09	2026-04-15	表示	GitHub Exploit DB Packet Storm

983	7.8	HIGH ローカル	-	-	During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix that could allow a local authenticated user to perform arbitrary code execution with elevated p…	CWE-88 引数の挿入または変更	CVE-2026-4145	2026-04-18 00:09	2026-04-15	表示	GitHub Exploit DB Packet Storm

984	8.4	HIGH ローカル	-	-	Command injection in the connect function in NietThijmen ShoppingCart 0.0.2 allows an attacker to execute arbitrary shell commands and achieve remote code execution via injection of malicious payload…	CWE-77 コマンドインジェクション	CVE-2024-53412	2026-04-18 00:09	2026-04-16	表示	GitHub Exploit DB Packet Storm

985	7.5	HIGH ネットワーク	-	-	CentSDR commit e40795 was discovered to contain a stack overflow in the "Thread1" function.	CWE-121 スタックオーバーフロー	CVE-2026-30364	2026-04-18 00:09	2026-04-16	表示	GitHub Exploit DB Packet Storm

986	-	-	-	-	HP System Optimizer might potentially be vulnerable to escalation of privilege. HP is releasing an update to mitigate this potential vulnerability.	CWE-250 不要な特権による実行	CVE-2026-4667	2026-04-18 00:09	2026-04-16	表示	GitHub Exploit DB Packet Storm

987	-	-	-	-	Certain HP DeskJet All in One devices may be vulnerable to remote code execution caused by a buffer overflow when specially crafted Web Services for Devices (WSD) scan requests are improperly validat…	CWE-121 スタックオーバーフロー	CVE-2026-4682	2026-04-18 00:09	2026-04-16	表示	GitHub Exploit DB Packet Storm

988	-	-	-	-	In Grafana's alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as par…	CWE-200 情報漏えい	CVE-2025-12141	2026-04-18 00:09	2026-04-16	表示	GitHub Exploit DB Packet Storm

989	7.5	HIGH ネットワーク	-	-	Nordic Semiconductor IronSide SE for nRF54H20 before 23.0.2+17 has an Algorithmic complexity issue.	CWE-407 アルゴリズムの複雑性	CVE-2025-67841	2026-04-18 00:09	2026-04-16	表示	GitHub Exploit DB Packet Storm

990	6.6	MEDIUM ネットワーク	-	-	In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.20, 10.0.2503.13, and 9.3.2411.127, …	CWE-176 Unicode エンコーディングの不適切な処理	CVE-2026-20202	2026-04-18 00:09	2026-04-16	表示	GitHub Exploit DB Packet Storm

991	4.3	MEDIUM ネットワーク	-	-	In Splunk Enterprise versions below 10.2.2, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.6, 10.2.2510.10, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, …	CWE-284 不適切なアクセス制御	CVE-2026-20203	2026-04-18 00:09	2026-04-16	表示	GitHub Exploit DB Packet Storm

992	7.1	HIGH ネットワーク	-	-	In Splunk Enterprise versions below 10.2.1, 10.0.5, 9.4.10, and 9.3.11, and Splunk Cloud Platform versions below 10.4.2603.0, 10.3.2512.5, 10.2.2510.9, 10.1.2507.19, 10.0.2503.13, and 9.3.2411.127, a…	CWE-377 安全でない一時ファイル	CVE-2026-20204	2026-04-18 00:09	2026-04-16	表示	GitHub Exploit DB Packet Storm

993	7.2	HIGH ネットワーク	-	-	In Splunk MCP Server app versions below 1.0.3 , a user who holds a role with access to the Splunk `_internal` index or possesses the high-privilege capability `mcp_tool_admin` could view users sessio…	CWE-532 ログファイルからの情報漏えい	CVE-2026-20205	2026-04-18 00:09	2026-04-16	表示	GitHub Exploit DB Packet Storm

994	8.3	HIGH ネットワーク	-	-	Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the /controllers/Installer.php and the function add_git_submodule.	CWE-77 コマンドインジェクション	CVE-2026-30461	2026-04-18 00:09	2026-04-16	表示	GitHub Exploit DB Packet Storm

995	8.0	HIGH ローカル	-	-	A prompt injection vulnerability in Windsurf 1.9544.26 allows remote attackers to execute arbitrary commands on a victim system. When Windsurf processes attacker-controlled HTML content, malicious in…	CWE-77 コマンドインジェクション	CVE-2026-30615	2026-04-18 00:09	2026-04-16	表示	GitHub Exploit DB Packet Storm

996	7.3	HIGH ネットワーク	-	-	Jaaz 1.0.30 contains a remote code execution vulnerability in its MCP STDIO command execution handling. A remote attacker can send crafted network requests to the network-accessible Jaaz application,…	CWE-77 コマンドインジェクション	CVE-2026-30616	2026-04-18 00:09	2026-04-16	表示	GitHub Exploit DB Packet Storm

997	8.6	HIGH ネットワーク	-	-	LangChain-ChatChat 0.3.1 contains a remote code execution vulnerability in its MCP STDIO server configuration and execution handling. A remote attacker can access the publicly exposed MCP management …	CWE-77 コマンドインジェクション	CVE-2026-30617	2026-04-18 00:09	2026-04-16	表示	GitHub Exploit DB Packet Storm

998	8.6	HIGH ネットワーク	-	-	Agent Zero 0.9.8 contains a remote code execution vulnerability in its External MCP Servers configuration feature. The application allows users to define MCP servers using a JSON configuration contai…	CWE-77 コマンドインジェクション	CVE-2026-30624	2026-04-18 00:09	2026-04-16	表示	GitHub Exploit DB Packet Storm

999	9.8	CRITICAL ネットワーク	-	-	Upsonic 0.71.6 contains a remote code execution vulnerability in its MCP server/task creation functionality. The application allows users to define MCP tasks with arbitrary command and args values. A…	CWE-77 コマンドインジェクション	CVE-2026-30625	2026-04-18 00:09	2026-04-16	表示	GitHub Exploit DB Packet Storm

1000	-	-	-	-	The vulnerability, if exploited, could allow an unauthenticated miscreant to perform operations intended only for Simulator Instructor or Simulator Developer (Administrator) roles, resulting in privi…	CWE-862 認証の欠如	CVE-2026-5387	2026-04-18 00:09	2026-04-16	表示	GitHub Exploit DB Packet Storm