NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年4月23日4:00

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
1001	-	-	-	-	Deserialization of untrusted data vulnerability in OpenText, Inc RightFax on Windows, 64 bit, 32 bit allows Object Injection.This issue affects RightFax: through 25.4.	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2025-15610	2026-04-18 00:09	2026-04-16	表示	GitHub Exploit DB Packet Storm

1002	6.1	MEDIUM ネットワーク	-	-	A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. T…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-20059	2026-04-18 00:09	2026-04-16	表示	GitHub Exploit DB Packet Storm

1003	4.7	MEDIUM ネットワーク	-	-	A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is du…	CWE-601 オープンリダイレクト	CVE-2026-20060	2026-04-18 00:09	2026-04-16	表示	GitHub Exploit DB Packet Storm

1004	4.3	MEDIUM ネットワーク	-	-	A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit…	CWE-89 SQLインジェクション	CVE-2026-20061	2026-04-18 00:09	2026-04-16	表示	GitHub Exploit DB Packet Storm

1005	6.5	MEDIUM ネットワーク	-	-	Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attack…	CWE-23 相対的パストラバーサル	CVE-2026-20078	2026-04-18 00:09	2026-04-16	表示	GitHub Exploit DB Packet Storm

1006	6.5	MEDIUM ネットワーク	-	-	Multiple vulnerabilities in Cisco Unity Connection could allow an authenticated, remote attacker to download arbitrary files from an affected system. To exploit these vulnerabilities, the attack…	CWE-23 相対的パストラバーサル	CVE-2026-20081	2026-04-18 00:09	2026-04-16	表示	GitHub Exploit DB Packet Storm

1007	4.8	MEDIUM ネットワーク	-	-	Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker with administrative write privileges to condu…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-20132	2026-04-18 00:09	2026-04-16	表示	GitHub Exploit DB Packet Storm

1008	6.0	MEDIUM ローカル	-	-	A vulnerability in the CLI of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, local attacker with administrative privileges …	CWE-116 不適切なエンコード、または出力のエスケープ	CVE-2026-20136	2026-04-18 00:09	2026-04-16	表示	GitHub Exploit DB Packet Storm

1009	9.9	CRITICAL ネットワーク	-	-	A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vu…	CWE-77 コマンドインジェクション	CVE-2026-20147	2026-04-18 00:09	2026-04-16	表示	GitHub Exploit DB Packet Storm

1010	4.9	MEDIUM ネットワーク	-	-	A vulnerability in Cisco ISE and Cisco ISE-PIC could allow an authenticated, remote attacker to perform path traversal attacks on the underlying operating system and read arbitrary files. To exploit …	CWE-22 パス・トラバーサル	CVE-2026-20148	2026-04-18 00:09	2026-04-16	表示	GitHub Exploit DB Packet Storm

1011	5.5	MEDIUM ローカル	-	-	A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker with low privileges to overwrite arbitrary files on the local system of an affected devi…	CWE-59 リンク解釈の問題	CVE-2026-20161	2026-04-18 00:09	2026-04-16	表示	GitHub Exploit DB Packet Storm

1012	9.8	CRITICAL ネットワーク	-	-	A vulnerability in the integration of single sign-on (SSO) with Control Hub in Cisco Webex Services could have allowed an unauthenticated, remote attacker to impersonate any user within the service. …	CWE-295 不正な証明書検証	CVE-2026-20184	2026-04-18 00:09	2026-04-16	表示	GitHub Exploit DB Packet Storm

1013	5.3	MEDIUM ネットワーク	-	-	A vulnerability in the authentication service feature of Cisco AsyncOS Software for Cisco Secure Web Appliance could allow an unauthenticated, remote attacker to bypass authentication policy requirem…	CWE-305 根本の脆弱性による認証回避	CVE-2026-20152	2026-04-18 00:09	2026-04-16	表示	GitHub Exploit DB Packet Storm

1014	6.1	MEDIUM ネットワーク	-	-	A vulnerability in the Desktop Agent functionality of Cisco Webex Contact Center could have allowed an unauthenticated, remote attacker to conduct cross-site scripting attacks. Cisco has addressed th…	CWE-80 クロスサイトスクリプティング (Basic XSS)	CVE-2026-20170	2026-04-18 00:09	2026-04-16	表示	GitHub Exploit DB Packet Storm

1015	9.9	CRITICAL ネットワーク	-	-	A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploi…	CWE-22 パス・トラバーサル	CVE-2026-20180	2026-04-18 00:09	2026-04-16	表示	GitHub Exploit DB Packet Storm

1016	9.9	CRITICAL ネットワーク	-	-	A vulnerability in Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploi…	CWE-77 コマンドインジェクション	CVE-2026-20186	2026-04-18 00:09	2026-04-16	表示	GitHub Exploit DB Packet Storm

1017	8.2	HIGH ローカル	-	-	Adobe Photoshop Installer was affected by an Uncontrolled Search Path Element vulnerability that could have resulted in arbitrary code execution in the context of the current user. A low-privileged l…	CWE-427 制御されていない検索パスの要素	CVE-2026-34632	2026-04-18 00:08	2026-04-16	表示	GitHub Exploit DB Packet Storm

1018	8.1	HIGH ネットワーク	-	-	An authenticated user with access to a kvv2 path through a policy containing a glob may be able to delete secrets they were not authorized to read or write, resulting in denial-of-service. This vulne…	CWE-288 代替パスまたはチャネルを使用した認証回避	CVE-2026-3605	2026-04-18 00:08	2026-04-17	表示	GitHub Exploit DB Packet Storm

1019	7.5	HIGH ネットワーク	-	-	If a Vault auth mount is configured to pass through the "Authorization" header, and the "Authorization" header is used to authenticate to Vault, Vault forwarded the Vault token to the auth plugin bac…	CWE-201 送信データへの重要な情報の挿入	CVE-2026-4525	2026-04-18 00:08	2026-04-17	表示	GitHub Exploit DB Packet Storm

1020	5.3	MEDIUM ネットワーク	-	-	Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges. This may lead to these requests being sent to local network targets, potentially lea…	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-5052	2026-04-18 00:08	2026-04-17	表示	GitHub Exploit DB Packet Storm

1021	7.5	HIGH ネットワーク	-	-	Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress op…	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2026-5807	2026-04-18 00:08	2026-04-17	表示	GitHub Exploit DB Packet Storm

1022	8.4	HIGH ネットワーク	-	-	IdentityIQ 8.5, all IdentityIQ 8.5 patch levels prior to 8.5p2, IdentityIQ 8.4, and all IdentityIQ 8.4 patch levels prior to 8.4p4 allow authenticated users assigned the Debug Pages Read Only capabil…	CWE-863 不正な認証	CVE-2026-4857	2026-04-18 00:08	2026-04-16	表示	GitHub Exploit DB Packet Storm

1023	-	-	-	-	CWE-798: Use of Hard-coded Credentials in Sonatype Nexus Repository Manager versions 3.0.0 through 3.70.5 allows an unauthenticated attacker with network access to gain unauthorized read/write access…	CWE-798 ハードコードされた認証情報の使用	CVE-2026-5189	2026-04-18 00:08	2026-04-16	表示	GitHub Exploit DB Packet Storm

1024	5.5	MEDIUM ローカル	-	-	A flaw was found in the System Security Services Daemon (SSSD). The pam_passkey_child_read_data() function within the PAM passkey responder fails to properly handle raw bytes received from a pipe. Be…	CWE-805 不適切な長さの値によるバッファへのアクセス	CVE-2026-6245	2026-04-18 00:08	2026-04-16	表示	GitHub Exploit DB Packet Storm

1025	5.4	MEDIUM ネットワーク	-	-	A flaw was found in KubeVirt's Role-Based Access Control (RBAC) evaluation logic. The authorization mechanism improperly truncates subresource names, leading to incorrect permission evaluations. This…	CWE-863 不正な認証	CVE-2026-6383	2026-04-18 00:08	2026-04-16	表示	GitHub Exploit DB Packet Storm

1026	9.1	CRITICAL ネットワーク	-	-	Pyroscope is an open-source continuous profiling database. The database supports various storage backends, including Tencent Cloud Object Storage (COS). If the database is configured to use Tencent …	-	CVE-2025-41118	2026-04-18 00:08	2026-04-16	表示	GitHub Exploit DB Packet Storm

1027	5.3	MEDIUM ネットワーク	-	-	The CVE-2021-36156 fix validates the namespace parameter for path traversal sequences after a single URL decode, by double encoding, an attacker can read files at the Ruler API endpoint /loki/api/v1/…	-	CVE-2026-21726	2026-04-18 00:08	2026-04-16	表示	GitHub Exploit DB Packet Storm

1028	3.3	LOW ネットワーク	-	-	--- title: Cross-Tenant Legacy Correlation Disclosure and Deletion draft: false hero: image: /static/img/heros/hero-legal2.svg content: "# Cross-Tenant Legacy Correlation Disclosure and Deletion"…	-	CVE-2026-21727	2026-04-18 00:08	2026-04-16	表示	GitHub Exploit DB Packet Storm

1029	8.7	HIGH ネットワーク	-	-	ApostropheCMS is an open-source Node.js content management system. Versions 4.28.0 and prior contain a stored cross-site scripting vulnerability in SEO-related fields (SEO Title and Meta Description)…	CWE-79 CWE-116 クロスサイト・スクリプティング（XSS）不適切なエンコード、または出力のエスケープ	CVE-2026-35569	2026-04-18 00:08	2026-04-16	表示	GitHub Exploit DB Packet Storm

1030	5.5	MEDIUM ローカル	-	-	A flaw was found in GIMP. A remote attacker could exploit an integer overflow vulnerability in the FITS image loader by providing a specially crafted FITS file. This integer overflow leads to a zero-…	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2026-40915	2026-04-18 00:08	2026-04-16	表示	GitHub Exploit DB Packet Storm

1031	5.0	MEDIUM ローカル	-	-	A flaw was found in GIMP. A stack buffer overflow vulnerability in the TIM image loader's 4BPP decoding path allows a local user to cause a Denial of Service (DoS). By opening a specially crafted TIM…	CWE-787 境界外書き込み	CVE-2026-40916	2026-04-18 00:08	2026-04-16	表示	GitHub Exploit DB Packet Storm

1032	5.0	MEDIUM ローカル	-	-	A flaw was found in GIMP. This vulnerability, a heap buffer over-read in the `icns_slurp()` function, occurs when processing specially crafted ICNS image files. An attacker could provide a malicious …	CWE-125 境界外読み取り	CVE-2026-40917	2026-04-18 00:08	2026-04-16	表示	GitHub Exploit DB Packet Storm

1033	5.5	MEDIUM ローカル	-	-	A flaw was found in GIMP. Processing a specially crafted PVR image file with large dimensions can lead to a denial of service (DoS). This occurs due to a stack-based buffer overflow and an out-of-bou…	CWE-131 正しくないバッファサイズ計算	CVE-2026-40918	2026-04-18 00:08	2026-04-16	表示	GitHub Exploit DB Packet Storm

1034	6.1	MEDIUM ローカル	-	-	A flaw was found in GIMP. This vulnerability, a buffer overflow in the `file-seattle-filmworks` plugin, can be exploited when a user opens a specially crafted Seattle Filmworks file. A remote attacke…	CWE-787 境界外書き込み	CVE-2026-40919	2026-04-18 00:08	2026-04-16	表示	GitHub Exploit DB Packet Storm

1035	8.8	HIGH ネットワーク	-	-	Use after free in Permissions in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a craf…	CWE-416 解放済みメモリの使用	CVE-2026-6315	2026-04-18 00:08	2026-04-16	表示	GitHub Exploit DB Packet Storm

1036	8.8	HIGH ネットワーク	-	-	Use after free in Forms in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)	CWE-416 解放済みメモリの使用	CVE-2026-6316	2026-04-18 00:08	2026-04-16	表示	GitHub Exploit DB Packet Storm

1037	8.8	HIGH ネットワーク	-	-	Use after free in Cast in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)	CWE-416 解放済みメモリの使用	CVE-2026-6317	2026-04-18 00:08	2026-04-16	表示	GitHub Exploit DB Packet Storm

1038	8.8	HIGH ネットワーク	-	-	Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium)	CWE-416 解放済みメモリの使用	CVE-2026-6318	2026-04-18 00:08	2026-04-16	表示	GitHub Exploit DB Packet Storm

1039	7.5	HIGH ネットワーク	-	-	Use after free in Payments in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted…	CWE-416 解放済みメモリの使用	CVE-2026-6319	2026-04-18 00:08	2026-04-16	表示	GitHub Exploit DB Packet Storm

1040	8.8	HIGH ネットワーク	-	-	Use after free in XR in Google Chrome on Android prior to 147.0.7727.101 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Critic…	CWE-416 解放済みメモリの使用	CVE-2026-6358	2026-04-18 00:08	2026-04-16	表示	GitHub Exploit DB Packet Storm

1041	8.8	HIGH ネットワーク	-	-	Use after free in Video in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTM…	CWE-416 解放済みメモリの使用	CVE-2026-6359	2026-04-18 00:08	2026-04-16	表示	GitHub Exploit DB Packet Storm

1042	8.8	HIGH ネットワーク	-	-	Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)	CWE-416 解放済みメモリの使用	CVE-2026-6360	2026-04-18 00:08	2026-04-16	表示	GitHub Exploit DB Packet Storm

1043	7.2	HIGH ネットワーク	-	-	Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a …	CWE-122 ヒープオーバーフロー	CVE-2026-6361	2026-04-18 00:08	2026-04-16	表示	GitHub Exploit DB Packet Storm

1044	6.3	MEDIUM ネットワーク	-	-	Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted video file. (Chromium security severity: H…	CWE-416 解放済みメモリの使用	CVE-2026-6362	2026-04-18 00:08	2026-04-16	表示	GitHub Exploit DB Packet Storm

1045	8.8	HIGH ネットワーク	-	-	Type Confusion in V8 in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium)	CWE-843 型の取り違え	CVE-2026-6363	2026-04-18 00:08	2026-04-16	表示	GitHub Exploit DB Packet Storm

1046	6.5	MEDIUM ネットワーク	-	-	Out of bounds read in Skia in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted file. (Chromium security se…	CWE-125 境界外読み取り	CVE-2026-6364	2026-04-18 00:08	2026-04-16	表示	GitHub Exploit DB Packet Storm

1047	5.3	MEDIUM ネットワーク	-	-	A flaw was found in the AAP MCP server. An unauthenticated remote attacker can exploit a log injection vulnerability by sending specially crafted input to the `toolsetroute` parameter. This parameter…	CWE-117 不適切なログ出力の無効化	CVE-2026-6494	2026-04-18 00:07	2026-04-17	表示	GitHub Exploit DB Packet Storm

1048	6.7	MEDIUM ローカル	-	-	Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralizat…	CWE-78 OSコマンド・インジェクション	CVE-2026-35072	2026-04-18 00:07	2026-04-17	表示	GitHub Exploit DB Packet Storm

1049	6.7	MEDIUM ローカル	-	-	Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralizat…	CWE-78 OSコマンド・インジェクション	CVE-2026-35073	2026-04-18 00:07	2026-04-17	表示	GitHub Exploit DB Packet Storm

1050	6.7	MEDIUM ローカル	-	-	Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralizat…	CWE-78 OSコマンド・インジェクション	CVE-2026-35074	2026-04-18 00:07	2026-04-17	表示	GitHub Exploit DB Packet Storm