NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月13日4:20

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
951	9.1	CRITICAL ネットワーク	-	-	A flaw was found in migration-planner. An authenticated user can exploit this vulnerability by sending a DELETE request to the /api/v1/sources route, which lacks proper authorization and filtering. T… New	CWE-306 重要な機能に対する認証の欠如解説	CVE-2026-53469	2026-06-11 00:16	2026-06-11	表示	GitHub Exploit DB Packet Storm

952	9.9	CRITICAL ネットワーク	-	-	Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the install blueprint declares only bp.before_request → @jwt_required() (app/rout… New	CWE-639 CWE-862 CWE-863 ユーザ制御の鍵による認証回避認証の欠如不正な認証	CVE-2026-45552	2026-06-11 00:16	2026-06-11	表示	GitHub Exploit DB Packet Storm

953	8.8	HIGH ネットワーク	-	-	Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification. Impact summary: A use-after-free may result in process crashes… New	CWE-416 解放済みメモリの使用	CVE-2026-45447	2026-06-11 00:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

954	9.8	CRITICAL ネットワーク	-	-	DedeCMS V5.7.118 is vulnerable to Command Execution in file_manage_control.php. New	CWE-78 OSコマンド・インジェクション	CVE-2026-38615	2026-06-11 00:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

955	9.8	CRITICAL ネットワーク	-	-	A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token. New	CWE-347 デジタル署名の不適切な検証	CVE-2026-36721	2026-06-11 00:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

956	7.5	HIGH ネットワーク	-	-	An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0 allows unauthenticated attackers to obtain sensitive information, including SHA256 password hashes, via e… New	CWE-200 情報漏えい	CVE-2026-36719	2026-06-11 00:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

957	8.4	HIGH ローカル	-	-	Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.too… New	CWE-367 Time-of-check Time-of-use (TOCTOU) 競合状態	CVE-2026-24067	2026-06-11 00:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

958	8.4	HIGH ローカル	-	-	Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.too… New	CWE-296 証明書のトラストチェーンの不適切な追跡	CVE-2026-24066	2026-06-11 00:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

959	7.8	HIGH ローカル	-	-	Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime ent… New	CWE-426 信頼性のない検索パス	CVE-2026-24064	2026-06-11 00:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

960	6.5	MEDIUM ネットワーク	-	-	A heap buffer overflow flaw was found in 389 Directory Server. When serializing objectclass definitions, the oc_superior (SUP) field length is omitted from buffer size calculations in read_schema_dse… New	CWE-122 ヒープオーバーフロー	CVE-2026-11884	2026-06-11 00:16	2026-06-11	表示	GitHub Exploit DB Packet Storm

961	8.3	HIGH ネットワーク	google	chrome	Insufficient validation of untrusted input in Drag and Drop in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perfor… Update	CWE-20 不適切な入力確認	CVE-2026-11029	2026-06-11 00:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

962	6.7	MEDIUM ローカル	-	-	During an internal security assessment, a potential out-of-bounds write vulnerability was discovered in the BIOS of some ThinkPad products could allow a privileged local user to execute code in Syste… New	CWE-787 境界外書き込み	CVE-2025-10238	2026-06-11 00:16	2026-06-11	表示	GitHub Exploit DB Packet Storm

963	6.7	MEDIUM ローカル	-	-	During an internal security assessment, a potential vulnerability was discovered in some ThinkPad embedded controller firmware that could allow a privileged local user to perform arbitrary reads or w… New	CWE-327 不完全、または危険な暗号アルゴリズムの使用	CVE-2025-10237	2026-06-11 00:16	2026-06-11	表示	GitHub Exploit DB Packet Storm

964	7.9	HIGH ローカル	microsoft	windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2012 windows_server_2016 w…	Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. New	CWE-693 保護メカニズムの不具合	CVE-2026-48575	2026-06-11 00:15	2026-06-10	表示	GitHub Exploit DB Packet Storm

965	7.9	HIGH ローカル	microsoft	windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2012 windows_server_2016 w…	Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. New	CWE-1329 アップデートができないコンポーネントへの依存	CVE-2026-48576	2026-06-11 00:14	2026-06-10	表示	GitHub Exploit DB Packet Storm

966	7.9	HIGH ローカル	microsoft	windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2012 windows_server_2016 w…	Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. New	CWE-284 不適切なアクセス制御	CVE-2026-48578	2026-06-11 00:13	2026-06-10	表示	GitHub Exploit DB Packet Storm

967	5.4	MEDIUM ネットワーク	adobe	experience_manager	Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the D… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-47935	2026-06-11 00:08	2026-06-10	表示	GitHub Exploit DB Packet Storm

968	7.8	HIGH ローカル	microsoft	windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2016 windows_server_2019 w…	Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. New	CWE-416 解放済みメモリの使用	CVE-2026-48583	2026-06-11 00:08	2026-06-10	表示	GitHub Exploit DB Packet Storm

969	5.4	MEDIUM ネットワーク	adobe	experience_manager	Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject ma… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-47936	2026-06-11 00:08	2026-06-10	表示	GitHub Exploit DB Packet Storm

970	9.8	CRITICAL ネットワーク	freeswitch	freeswitch	FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version… New	CWE-122 CWE-131 ヒープオーバーフロー正しくないバッファサイズ計算	CVE-2026-49841	2026-06-11 00:07	2026-06-10	表示	GitHub Exploit DB Packet Storm

971	5.3	MEDIUM ネットワーク	freeswitch	freeswitch	FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version… New	CWE-287 不適切な認証	CVE-2026-49843	2026-06-11 00:07	2026-06-10	表示	GitHub Exploit DB Packet Storm

972	7.5	HIGH ネットワーク	microsoft	windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2016 windows_server_2019 w…	Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network. New	CWE-400 リソースの枯渇	CVE-2026-49160	2026-06-11 00:07	2026-06-10	表示	GitHub Exploit DB Packet Storm

973	4.3	MEDIUM ネットワーク	freeswitch	freeswitch	FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version… New	CWE-287 不適切な認証	CVE-2026-49848	2026-06-11 00:06	2026-06-10	表示	GitHub Exploit DB Packet Storm

974	7.5	HIGH ネットワーク	freeswitch	freeswitch	FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version… New	CWE-674 不適切な再帰制御	CVE-2026-49847	2026-06-11 00:06	2026-06-10	表示	GitHub Exploit DB Packet Storm

975	7.5	HIGH ネットワーク	freeswitch	freeswitch	FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version… New	CWE-400 リソースの枯渇	CVE-2026-49842	2026-06-11 00:06	2026-06-10	表示	GitHub Exploit DB Packet Storm

976	9.1	CRITICAL ネットワーク	freeswitch	freeswitch	FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version… New	CWE-20 CWE-122 CWE-195 CWE-787 不適切な入力確認ヒープオーバーフロー符号付き型から符号無し型への変換エラー境界外書き込み	CVE-2026-49840	2026-06-11 00:06	2026-06-10	表示	GitHub Exploit DB Packet Storm

977	7.5	HIGH ネットワーク	freeswitch	freeswitch	FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version… New	CWE-20 CWE-125 CWE-787 不適切な入力確認境界外読み取り境界外書き込み	CVE-2026-49475	2026-06-11 00:06	2026-06-10	表示	GitHub Exploit DB Packet Storm

978	5.3	MEDIUM ネットワーク	freeswitch	freeswitch	FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version… New	CWE-116 不適切なエンコード、または出力のエスケープ	CVE-2026-49472	2026-06-11 00:06	2026-06-10	表示	GitHub Exploit DB Packet Storm

979	5.4	MEDIUM ネットワーク	adobe	experience_manager	Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject ma… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-47939	2026-06-11 00:05	2026-06-10	表示	GitHub Exploit DB Packet Storm

980	7.5	HIGH ネットワーク	freeswitch	freeswitch	FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version… New	CWE-776 DTD の再帰的なエンティティ参照の不適切な制限	CVE-2026-45771	2026-06-11 00:04	2026-06-10	表示	GitHub Exploit DB Packet Storm

981	5.4	MEDIUM ネットワーク	adobe	experience_manager	Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the D… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-47946	2026-06-11 00:03	2026-06-10	表示	GitHub Exploit DB Packet Storm

982	5.4	MEDIUM ネットワーク	adobe	experience_manager	Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject ma… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-47945	2026-06-11 00:03	2026-06-10	表示	GitHub Exploit DB Packet Storm

983	5.4	MEDIUM ネットワーク	adobe	experience_manager	Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject ma… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-47944	2026-06-11 00:03	2026-06-10	表示	GitHub Exploit DB Packet Storm

984	9.8	CRITICAL ネットワーク	perl	dbi	DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the for… Update	CWE-787 境界外書き込み	CVE-2026-10879	2026-06-11 00:02	2026-06-6	表示	GitHub Exploit DB Packet Storm

985	9.8	CRITICAL ネットワーク	binary	datadog\	DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sour… Update	CWE-93 CWE-150 CRLF インジェクションエスケープ、メタ、またはコントロールシーケンスの不適切な無効化	CVE-2026-11362	2026-06-11 00:01	2026-06-6	表示	GitHub Exploit DB Packet Storm

986	9.1	CRITICAL ネットワーク	binary	datadog\	DataDog::DogStatsd versions through 0.07 for Perl allow metric injections. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sources. The send_s… Update	CWE-93 CWE-150 CRLF インジェクションエスケープ、メタ、またはコントロールシーケンスの不適切な無効化	CVE-2026-9270	2026-06-11 00:01	2026-06-6	表示	GitHub Exploit DB Packet Storm

987	5.4	MEDIUM ネットワーク	adobe	experience_manager	Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject ma… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-47941	2026-06-11 00:00	2026-06-10	表示	GitHub Exploit DB Packet Storm

988	5.4	MEDIUM ネットワーク	adobe	experience_manager	Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the D… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-47947	2026-06-10 23:59	2026-06-10	表示	GitHub Exploit DB Packet Storm

989	5.4	MEDIUM ネットワーク	adobe	experience_manager	Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject ma… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-47948	2026-06-10 23:59	2026-06-10	表示	GitHub Exploit DB Packet Storm

990	5.4	MEDIUM ネットワーク	adobe	experience_manager	Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject ma… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-47949	2026-06-10 23:58	2026-06-10	表示	GitHub Exploit DB Packet Storm

991	5.4	MEDIUM ネットワーク	adobe	experience_manager	Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject ma… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-47950	2026-06-10 23:58	2026-06-10	表示	GitHub Exploit DB Packet Storm

992	5.4	MEDIUM ネットワーク	adobe	experience_manager	Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject ma… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-47951	2026-06-10 23:57	2026-06-10	表示	GitHub Exploit DB Packet Storm

993	5.4	MEDIUM ネットワーク	adobe	experience_manager	Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject ma… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-47990	2026-06-10 23:57	2026-06-10	表示	GitHub Exploit DB Packet Storm

994	5.4	MEDIUM ネットワーク	adobe	experience_manager	Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject ma… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-47942	2026-06-10 23:57	2026-06-10	表示	GitHub Exploit DB Packet Storm

995	6.1	MEDIUM ネットワーク	adobe	experience_manager	Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Redirect (Open Redirect) vulnerability that could lead to account takeover. An attacker could constr… New	CWE-601 オープンリダイレクト	CVE-2026-47991	2026-06-10 23:56	2026-06-10	表示	GitHub Exploit DB Packet Storm

996	7.5	HIGH ネットワーク	crux	protocol\	Protocol::HTTP2 versions before 1.13 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 request can expand into large serv… Update	CWE-409 高圧縮データの不適切な処理 (データ増幅)	CVE-2026-10725	2026-06-10 23:56	2026-06-6	表示	GitHub Exploit DB Packet Storm

997	5.4	MEDIUM ネットワーク	adobe	experience_manager	Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the D… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-47993	2026-06-10 23:56	2026-06-10	表示	GitHub Exploit DB Packet Storm

998	5.4	MEDIUM ネットワーク	adobe	experience_manager	Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the D… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-48250	2026-06-10 23:55	2026-06-10	表示	GitHub Exploit DB Packet Storm

999	5.4	MEDIUM ネットワーク	adobe	experience_manager	Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the D… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-48251	2026-06-10 23:54	2026-06-10	表示	GitHub Exploit DB Packet Storm

1000	5.4	MEDIUM ネットワーク	adobe	experience_manager	Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject ma… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-47943	2026-06-10 23:52	2026-06-10	表示	GitHub Exploit DB Packet Storm