NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月13日4:20

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
1051	5.4	MEDIUM ネットワーク	adobe	experience_manager	Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject ma…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-47954	2026-06-10 22:04	2026-06-10	表示	GitHub Exploit DB Packet Storm

1052	5.4	MEDIUM ネットワーク	adobe	experience_manager	Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject ma…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-47953	2026-06-10 22:04	2026-06-10	表示	GitHub Exploit DB Packet Storm

1053	7.8	HIGH ローカル	adobe	incopy	InCopy versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of t…	CWE-122 ヒープオーバーフロー	CVE-2026-34707	2026-06-10 22:01	2026-06-10	表示	GitHub Exploit DB Packet Storm

1054	7.8	HIGH ローカル	adobe	incopy	InCopy versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this is…	CWE-787 境界外書き込み	CVE-2026-34706	2026-06-10 22:01	2026-06-10	表示	GitHub Exploit DB Packet Storm

1055	5.5	MEDIUM ローカル	adobe	indesign	InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability…	CWE-125 境界外読み取り	CVE-2026-34705	2026-06-10 22:01	2026-06-10	表示	GitHub Exploit DB Packet Storm

1056	5.5	MEDIUM ローカル	adobe	indesign	InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulne…	CWE-476 NULL ポインタデリファレンス	CVE-2026-34704	2026-06-10 22:01	2026-06-10	表示	GitHub Exploit DB Packet Storm

1057	5.5	MEDIUM ローカル	adobe	indesign	InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulne…	CWE-476 NULL ポインタデリファレンス	CVE-2026-34703	2026-06-10 22:01	2026-06-10	表示	GitHub Exploit DB Packet Storm

1058	7.8	HIGH ローカル	adobe	indesign	InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploi…	CWE-121 スタックオーバーフロー	CVE-2026-34702	2026-06-10 22:01	2026-06-10	表示	GitHub Exploit DB Packet Storm

1059	7.8	HIGH ローカル	adobe	indesign	InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploit…	CWE-122 ヒープオーバーフロー	CVE-2026-34701	2026-06-10 22:01	2026-06-10	表示	GitHub Exploit DB Packet Storm

1060	7.8	HIGH ローカル	adobe	indesign	InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation …	CWE-787 境界外書き込み	CVE-2026-34700	2026-06-10 22:01	2026-06-10	表示	GitHub Exploit DB Packet Storm

1061	7.8	HIGH ローカル	adobe	indesign	InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploit…	CWE-122 ヒープオーバーフロー	CVE-2026-34699	2026-06-10 22:01	2026-06-10	表示	GitHub Exploit DB Packet Storm

1062	7.8	HIGH ローカル	adobe	indesign	InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploit…	CWE-122 ヒープオーバーフロー	CVE-2026-34698	2026-06-10 22:01	2026-06-10	表示	GitHub Exploit DB Packet Storm

1063	7.8	HIGH ローカル	adobe	indesign	InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploi…	CWE-121 スタックオーバーフロー	CVE-2026-34697	2026-06-10 22:01	2026-06-10	表示	GitHub Exploit DB Packet Storm

1064	7.8	HIGH ローカル	adobe	indesign	InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of thi…	CWE-416 解放済みメモリの使用	CVE-2026-34696	2026-06-10 22:01	2026-06-10	表示	GitHub Exploit DB Packet Storm

1065	7.8	HIGH ローカル	adobe	indesign	InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploi…	CWE-121 スタックオーバーフロー	CVE-2026-34695	2026-06-10 22:00	2026-06-10	表示	GitHub Exploit DB Packet Storm

1066	7.8	HIGH ローカル	adobe	incopy	InCopy versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of …	CWE-121 スタックオーバーフロー	CVE-2026-34708	2026-06-10 22:00	2026-06-10	表示	GitHub Exploit DB Packet Storm

1067	7.8	HIGH ローカル	cisco	catalyst_sd-wan_manager sd-wan_vsmart_controller	A vulnerability in the CLI of Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, and Cisco Catalyst SD-WAN Validator, formerly SD-WAN vB…	CWE-116 不適切なエンコード、または出力のエスケープ	CVE-2026-20245	2026-06-10 21:59	2026-06-5	表示	GitHub Exploit DB Packet Storm

1068	6.5	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in MHTML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a crafted …	CWE-346 CWE-352 同一生成元ポリシー違反同一生成元ポリシー違反	CVE-2026-11195	2026-06-10 21:32	2026-06-5	表示	GitHub Exploit DB Packet Storm

1069	6.5	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)	CWE-346 CWE-352 同一生成元ポリシー違反同一生成元ポリシー違反	CVE-2026-11194	2026-06-10 21:31	2026-06-5	表示	GitHub Exploit DB Packet Storm

1070	6.5	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)	CWE-200 情報漏えい	CVE-2026-11182	2026-06-10 21:29	2026-06-5	表示	GitHub Exploit DB Packet Storm

1071	5.3	MEDIUM ネットワーク	google	chrome	Out of bounds read in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from proc…	CWE-125 境界外読み取り	CVE-2026-11005	2026-06-10 21:26	2026-06-5	表示	GitHub Exploit DB Packet Storm

1072	-	-	-	-	An HTML injection vulnerability in the "fetch links" email sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting (XSS) in emails clients that render HTM…	CWE-74 インジェクション	CVE-2026-11859	2026-06-10 21:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1073	-	-	-	-	NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as (stub) resolver over UDP, lacks matching the query destination address and port with the response source address…	CWE-346 同一生成元ポリシー違反	CVE-2026-10846	2026-06-10 21:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1074	-	-	-	-	A NETGEAR security issue that could allow an attacker with ability to intercept and tamper with traffic between the router and the Internet to run commands on your device when the device administrato…	CWE-119 バッファエラー	CVE-2026-0409	2026-06-10 21:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1075	9.1	CRITICAL ネットワーク	-	-	The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload handlers and does not validate the actual content of uploaded …	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2026-9067	2026-06-10 20:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

1076	3.5	LOW ネットワーク	-	-	The Store Locator WordPress plugin before 1.6.6 does not sanitize and escape one of its settings before storing it and outputting it on the Store Locator WordPress plugin before 1.6.6 admin page, all…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-9060	2026-06-10 20:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

1077	8.8	HIGH ネットワーク	-	-	The Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6.79 does not properly sanitize content within a custom shortcode used in its email-encoding feature, allowing unauthenticated atta…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-8071	2026-06-10 20:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

1078	8.6	HIGH ネットワーク	-	-	The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL in…	CWE-89 SQLインジェクション	CVE-2026-3326	2026-06-10 20:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1079	4.3	MEDIUM ネットワーク	7-zip	7-zip	7-Zip is a file archiver with a high compression ratio. Versions 9.11 through 26.00 contain a heap out-of-bounds read of up to 3 bytes in the UDF disc image handler's File Identifier Descriptor parse…	CWE-125 境界外読み取り	CVE-2026-48102	2026-06-10 19:45	2026-06-6	表示	GitHub Exploit DB Packet Storm

1080	-	-	-	-	Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Debian source packages (.dsc) and upload artifacts (.changes) are manifest files that name the files …	-	CVE-2026-11853	2026-06-10 19:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1081	-	-	-	-	Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Files managed by debusine are organized into artifacts. The endpoints that create and delete relation…	-	CVE-2026-11852	2026-06-10 19:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1082	7.5	HIGH ネットワーク	-	-	Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key unwrap) processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap out-of-bounds read in…	CWE-125 境界外読み取り	CVE-2026-9076	2026-06-10 17:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1083	8.1	HIGH ネットワーク	-	-	Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heap buffer overflow. Impact summary: A heap buffer overflow may…	CWE-787 境界外書き込み	CVE-2026-7383	2026-06-10 17:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1084	4.8	MEDIUM ネットワーク	-	-	Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452) mishandle the authentication of AAD (Additional Authenticated Data) with an empty ciphertext allowing a forgery of …	CWE-325 暗号化処理の不備	CVE-2026-45446	2026-06-10 17:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1085	7.5	HIGH ネットワーク	-	-	Issue summary: When an application drives an AES-OCB context through the public EVP_Cipher() one-shot interface, the application-supplied initialisation vector (IV) is silently discarded. Impact sum…	CWE-325 暗号化処理の不備	CVE-2026-45445	2026-06-10 17:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1086	6.2	MEDIUM ローカル	-	-	Issue summary: When the X509_VERIFY_PARAM_set1_email is called by an application to validate a crafted e-mail address, such as during S/MIME message validation, an out of bounds read can happen. Imp…	CWE-125 境界外読み取り	CVE-2026-42771	2026-06-10 17:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1087	3.7	LOW ネットワーク	-	-	Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which present…	CWE-325 暗号化処理の不備	CVE-2026-42770	2026-06-10 17:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1088	5.3	MEDIUM ネットワーク	-	-	Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol (CMP) message response rendered the certificate validation inef…	CWE-295 不正な証明書検証	CVE-2026-42769	2026-06-10 17:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1089	3.7	LOW ネットワーク	-	-	Issue summary: The CMS_decrypt and PKCS7_decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provide the CMS or S/MIME messages and observe the error code and/…	CWE-514	CVE-2026-42768	2026-06-10 17:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1090	5.9	MEDIUM ネットワーク	-	-	Issue summary: An attacker-controlled CMP (Certificate Management Protocol) server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference ca…	CWE-476 NULL ポインタデリファレンス	CVE-2026-42767	2026-06-10 17:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1091	5.9	MEDIUM ネットワーク	-	-	Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption. Impact summary: This NULL pointer dereference leads to an application …	CWE-476 NULL ポインタデリファレンス	CVE-2026-42766	2026-06-10 17:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1092	7.5	HIGH ネットワーク	-	-	Issue summary: When a partial-chain certificate verification is enabled together with OCSP response checking for the whole chain, a NULL dereference will happen if the verified chain does not have a …	CWE-476 NULL ポインタデリファレンス	CVE-2026-42765	2026-06-10 17:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1093	7.5	HIGH ネットワーク	-	-	Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer …	CWE-476 NULL ポインタデリファレンス	CVE-2026-42764	2026-06-10 17:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1094	-	-	-	-	Issue summary: A malicious server can exploit TLS OCSP stapling by delivering a crafted response through the status_request extension, triggering a double-free in the client's certificate verificatio…	CWE-415 二重解放	CVE-2026-35188	2026-06-10 17:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1095	7.5	HIGH ネットワーク	-	-	Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer over-read on 64-bit Unix and Unix-like platfo…	CWE-125 境界外読み取り	CVE-2026-34180	2026-06-10 17:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1096	-	-	-	-	Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP objec…	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2026-10721	2026-06-10 17:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1097	-	-	-	-	A vulnerability has been found in some Dahua products could allow an unauthenticated remote attacker to send a specially crafted packet, triggering an exception that causes the system to reboot unexp…	CWE-617 到達可能なアサーション	CVE-2026-29116	2026-06-10 16:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1098	-	-	-	-	A vulnerability has been found in some Dahua products could allow an authenticated remote attacker to send a specially crafted packet, triggering an exception that causes the system to reboot unexpec…	CWE-617 到達可能なアサーション	CVE-2026-29115	2026-06-10 16:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1099	-	-	-	-	A vulnerability has been found in some Dahua products. An attacker may obtain the device’s CA root certificate. If that CA is installed and trusted on client systems, the attacker could issue fraudul…	CWE-538 ファイルおよびディレクトリ情報の漏えい	CVE-2026-29114	2026-06-10 16:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1100	-	-	-	-	An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken …	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2026-11815	2026-06-10 16:16	2026-06-10	表示	GitHub Exploit DB Packet Storm