NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年4月23日4:00

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
1051	6.7	MEDIUM ローカル	-	-	Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper neutralizat…	CWE-88 引数の挿入または変更	CVE-2026-35153	2026-04-18 00:07	2026-04-17	表示	GitHub Exploit DB Packet Storm

1052	-	-	-	-	GREENmod uses named pipes for communication between plugins, the web portal, and the system service, but the access control lists for these pipes are configured incorrectly. This allows an attacker t…	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-5131	2026-04-18 00:07	2026-04-17	表示	GitHub Exploit DB Packet Storm

1053	6.2	MEDIUM ネットワーク	-	-	Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain a session fixation vulnerability. A high privileged attacker with remote ac…	CWE-384 セッションの固定化	CVE-2025-46605	2026-04-18 00:07	2026-04-17	表示	GitHub Exploit DB Packet Storm

1054	6.2	MEDIUM ネットワーク	-	-	Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper restriction of excessive authentication attempts vulnerability.…	CWE-307 過度な認証試行の不適切な制限	CVE-2025-46606	2026-04-18 00:07	2026-04-17	表示	GitHub Exploit DB Packet Storm

1055	6.6	MEDIUM ネットワーク	-	-	Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper authentication vulnerability. A high privileged attacker with r…	CWE-287 不適切な認証	CVE-2025-46607	2026-04-18 00:07	2026-04-17	表示	GitHub Exploit DB Packet Storm

1056	6.6	MEDIUM ネットワーク	-	-	Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 8.4 through 8.5 contain an improper authentication vulnerability. A high privileged attacker with r…	CWE-287 不適切な認証	CVE-2025-46641	2026-04-18 00:07	2026-04-17	表示	GitHub Exploit DB Packet Storm

1057	4.3	MEDIUM ネットワーク	-	-	Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.1…	CWE-200 情報漏えい	CVE-2026-23777	2026-04-18 00:07	2026-04-17	表示	GitHub Exploit DB Packet Storm

1058	5.9	MEDIUM ネットワーク	-	-	Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.1…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-28263	2026-04-18 00:07	2026-04-17	表示	GitHub Exploit DB Packet Storm

1059	7.5	HIGH ネットワーク	-	-	A flaw was found in dnsmasq. A remote attacker could exploit an out-of-bounds write vulnerability by sending a specially crafted BOOTREPLY (Bootstrap Protocol Reply) packet to a dnsmasq server config…	CWE-787 境界外書き込み	CVE-2026-6507	2026-04-18 00:07	2026-04-17	表示	GitHub Exploit DB Packet Storm

1060	7.5	HIGH ネットワーク	vinyl-cache	vinyl_cache	Varnish Cache 9 before 9.0.1 allows a "workspace overflow" denial of service (daemon panic) after timeout_linger. A malicious client could send an HTTP/1 request, wait long enough until the session r…	CWE-670 常に不適切な制御フローの実装	CVE-2026-40396	2026-04-17 23:38	2026-04-13	表示	GitHub Exploit DB Packet Storm

1061	7.5	HIGH ネットワーク	varnish-software	varnish_enterprise	Varnish Enterprise before 6.0.16r12 allows a "workspace overflow" denial of service (daemon panic) for shared VCL. The headerplus.write_req0() function from vmod_headerplus updates the underlying req…	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2026-40395	2026-04-17 23:37	2026-04-13	表示	GitHub Exploit DB Packet Storm

1062	7.5	HIGH ネットワーク	varnish-software vinyl-cache	varnish_enterprise vinyl_cache	Varnish Cache 9 before 9.0.1 and Varnish Enterprise before 6.0.16r11 allows a "workspace overflow" denial of service (daemon panic) for certain amounts of prefetched data. The setup of an HTTP/2 sess…	CWE-670 常に不適切な制御フローの実装	CVE-2026-40394	2026-04-17 23:35	2026-04-13	表示	GitHub Exploit DB Packet Storm

1063	9.1	CRITICAL ネットワーク	dolibarr	dolibarr_erp\/crm	Dolibarr ERP-CRM 8.0.4 contains an SQL injection vulnerability in the rowid parameter of the admin dict.php endpoint that allows attackers to execute arbitrary SQL queries. Attackers can inject malic…	CWE-89 SQLインジェクション	CVE-2019-25710	2026-04-17 23:25	2026-04-12	表示	GitHub Exploit DB Packet Storm

1064	5.3	MEDIUM ネットワーク	-	-	A vulnerability was detected in arnobt78 Hotel Booking Management System up to f8922d0e0f6ac1cc761974c7616f44c2bbc04bea. The impacted element is an unknown function of the file /api/health/detailed o…	CWE-200 CWE-284 情報漏えい不適切なアクセス制御	CVE-2026-6492	2026-04-17 23:16	2026-04-17	表示	GitHub Exploit DB Packet Storm

1065	5.3	MEDIUM ローカル	-	-	A security vulnerability has been detected in libvips up to 8.18.2. The affected element is the function im_minpos_vec of the file libvips/deprecated/vips7compat.c of the component nip2 Handler. Such…	CWE-119 CWE-122 バッファエラーヒープオーバーフロー	CVE-2026-6491	2026-04-17 23:16	2026-04-17	表示	GitHub Exploit DB Packet Storm

1066	7.3	HIGH ネットワーク	-	-	A weakness has been identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. Impacted is an unknown function of the file admin/deletecourse.php of the component GET Request Paramet…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-6490	2026-04-17 23:16	2026-04-17	表示	GitHub Exploit DB Packet Storm

1067	5.5	MEDIUM ローカル	nsasoft	spotftp	SpotFTP Password Recover 2.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized buffer in the Name field during registration. …	CWE-807 セキュリティ決定の信頼できない入力への依存	CVE-2019-25711	2026-04-17 23:14	2026-04-12	表示	GitHub Exploit DB Packet Storm

1068	5.5	MEDIUM ローカル	nsasoft	blueauditor	BlueAuditor 1.7.2.0 contains a buffer overflow vulnerability in the registration key field that allows local attackers to crash the application by submitting an oversized key value. Attackers can tri…	CWE-787 境界外書き込み	CVE-2019-25712	2026-04-17 23:07	2026-04-12	表示	GitHub Exploit DB Packet Storm

1069	8.1	HIGH ネットワーク	myt_project	myt	MyT-PM 1.5.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the Charge[group_total] parameter. Attack…	CWE-89 SQLインジェクション	CVE-2019-25713	2026-04-17 23:04	2026-04-12	表示	GitHub Exploit DB Packet Storm

1070	6.3	MEDIUM ネットワーク	-	-	A security flaw has been discovered in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This issue affects some unknown processing of the file admin/addteacher.php of the component Backg…	CWE-284 CWE-434 不適切なアクセス制御危険なタイプのファイルの無制限アップロード	CVE-2026-6489	2026-04-17 22:16	2026-04-17	表示	GitHub Exploit DB Packet Storm

1071	6.3	MEDIUM ネットワーク	-	-	A vulnerability was identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This vulnerability affects unknown code of the file admin/editcourse.php of the component GET Request P…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-6488	2026-04-17 22:16	2026-04-17	表示	GitHub Exploit DB Packet Storm

1072	4.3	MEDIUM ネットワーク	-	-	A flaw has been found in Qihui jtbc5 CMS 5.0.3.6. Affected is an unknown function of the file /dev/code/common/diplomat/manage.php of the component Code Endpoint. This manipulation of the argument pa…	CWE-22 パス・トラバーサル	CVE-2026-6487	2026-04-17 22:16	2026-04-17	表示	GitHub Exploit DB Packet Storm

1073	3.5	LOW ネットワーク	-	-	A vulnerability was detected in classroombookings up to 2.17.0. This impacts the function read of the file crbs-core/application/views/layout.php of the component User Display Name Handler. The manip…	CWE-79 CWE-94 クロスサイト・スクリプティング（XSS）コード・インジェクション	CVE-2026-6486	2026-04-17 22:16	2026-04-17	表示	GitHub Exploit DB Packet Storm

1074	6.5	MEDIUM ネットワーク	openclaw	openclaw	OpenClaw before 2026.3.23 contains a replay identity vulnerability in Plivo V2 signature verification that allows attackers to bypass replay protection by modifying query parameters. The verification…	CWE-294 Capture-replayによる認証回避	CVE-2026-35618	2026-04-17 21:20	2026-04-10	表示	GitHub Exploit DB Packet Storm

1075	7.1	HIGH ネットワーク	openclaw	openclaw	OpenClaw before 2026.3.22 contains an improper authentication verification vulnerability in Google Chat app-url webhook handling that accepts add-on principals outside intended deployment bindings. A…	CWE-290 スプーフィングによる認証回避	CVE-2026-35622	2026-04-17 21:19	2026-04-10	表示	GitHub Exploit DB Packet Storm

1076	5.4	MEDIUM ネットワーク	openclaw	openclaw	OpenClaw before 2026.3.22 contains a policy confusion vulnerability in room authorization that matches colliding room names instead of stable room tokens. Attackers can exploit similarly named rooms …	CWE-807 セキュリティ決定の信頼できない入力への依存	CVE-2026-35624	2026-04-17 21:18	2026-04-10	表示	GitHub Exploit DB Packet Storm

1077	7.2	HIGH ネットワーク	-	-	A vulnerability was found in Wavlink WL-WN530H4 20220721. This vulnerability affects the function strcat/snprintf of the file /cgi-bin/internet.cgi. The manipulation results in os command injection. …	CWE-77 CWE-78 コマンドインジェクション OSコマンド・インジェクション	CVE-2026-6483	2026-04-17 20:16	2026-04-17	表示	GitHub Exploit DB Packet Storm

1078	4.4	MEDIUM ネットワーク	-	-	The VideoZen plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 1.0.1. This is due to insufficient input sanitization and output escaping in the videoze…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-6439	2026-04-17 18:16	2026-04-17	表示	GitHub Exploit DB Packet Storm

1079	4.3	MEDIUM ネットワーク	-	-	The cms-fuer-motorrad-werkstaetten plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.0.0. This is due to missing nonce validation on all eight AJAX de…	CWE-352 同一生成元ポリシー違反	CVE-2026-6451	2026-04-17 17:16	2026-04-17	表示	GitHub Exploit DB Packet Storm

1080	9.8	CRITICAL ネットワーク	-	-	The Accordion and Accordion Slider plugin for WordPress is vulnerable to an injected backdoor in version 1.4.6. This is due to the plugin being sold to a malicious threat actor that embedded a backdo…	CWE-506 埋め込まれた悪意のあるコード	CVE-2026-6443	2026-04-17 16:16	2026-04-17	表示	GitHub Exploit DB Packet Storm

1081	4.3	MEDIUM ネットワーク	-	-	The Canto plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 3.1.1. This is due to the absence of any capability check or nonce verification in the updateOpti…	CWE-862 認証の欠如	CVE-2026-6441	2026-04-17 16:16	2026-04-17	表示	GitHub Exploit DB Packet Storm

1082	7.5	HIGH ネットワーク	-	-	The Unlimited Elements for Elementor plugin for WordPress is vulnerable to Arbitrary File Read via the Repeater JSON/CSV URL parameter in versions up to, and including, 2.0.6. This is due to insuffic…	CWE-22 パス・トラバーサル	CVE-2026-4659	2026-04-17 16:16	2026-04-17	表示	GitHub Exploit DB Packet Storm

1083	7.0	HIGH ローカル	-	-	A vulnerability has been found in Mobatek MobaXterm Home Edition up to 26.1. This affects an unknown part in the library msimg32.dll. The manipulation leads to uncontrolled search path. An attack has…	CWE-426 CWE-427 信頼性のない検索パス制御されていない検索パスの要素	CVE-2026-6421	2026-04-17 15:16	2026-04-17	表示	GitHub Exploit DB Packet Storm

1084	5.3	MEDIUM ネットワーク	-	-	The Quiz And Survey Master plugin for WordPress is vulnerable to Arbitrary Shortcode Execution in versions up to and including 11.1.0. This is due to insufficient input sanitization and the execution…	CWE-74 インジェクション	CVE-2026-5797	2026-04-17 15:16	2026-04-17	表示	GitHub Exploit DB Packet Storm

1085	6.5	MEDIUM ネットワーク	-	-	The Tutor LMS plugin for WordPress is vulnerable to SQL Injection in versions up to and including 3.9.8. This is due to insufficient escaping on the 'date' parameter combined with direct interpolatio…	CWE-89 SQLインジェクション	CVE-2026-6080	2026-04-17 14:16	2026-04-17	表示	GitHub Exploit DB Packet Storm

1086	5.3	MEDIUM ネットワーク	-	-	The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course content manipulation in versions up to and including 3.9.8. This is due to a missing aut…	CWE-862 認証の欠如	CVE-2026-5502	2026-04-17 14:16	2026-04-17	表示	GitHub Exploit DB Packet Storm

1087	5.3	MEDIUM ネットワーク	-	-	The Kubio plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to and including 2.7.2. This is due to insufficient capability checks in the kubio_rest_pre_insert_import_assets()…	CWE-862 認証の欠如	CVE-2026-5427	2026-04-17 14:16	2026-04-17	表示	GitHub Exploit DB Packet Storm

1088	5.3	MEDIUM ネットワーク	-	-	The LatePoint plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.3.2. The vulnerability exists because the OsStripeConnectController::creat…	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-5234	2026-04-17 14:16	2026-04-17	表示	GitHub Exploit DB Packet Storm

1089	4.9	MEDIUM ネットワーク	-	-	The JetBackup – Backup, Restore & Migrate plugin for WordPress is vulnerable to Path Traversal leading to Arbitrary Directory Deletion in versions up to and including 3.1.19.8. This is due to insuffi…	CWE-22 パス・トラバーサル	CVE-2026-4853	2026-04-17 14:16	2026-04-17	表示	GitHub Exploit DB Packet Storm

1090	4.9	MEDIUM ネットワーク	-	-	The Form Maker by 10Web plugin for WordPress is vulnerable to SQL Injection via the 'ip_search', 'startdate', 'enddate', 'username_search', and 'useremail_search' parameters in all versions up to, an…	CWE-89 SQLインジェクション	CVE-2026-3330	2026-04-17 14:16	2026-04-17	表示	GitHub Exploit DB Packet Storm

1091	6.5	MEDIUM ネットワーク	-	-	The wpForo Forum plugin for WordPress is vulnerable to unauthorized modification of data due to the use of `extract($args, EXTR_OVERWRITE)` on user-controlled input in the `edit()` method of `classes…	CWE-862 認証の欠如	CVE-2026-4666	2026-04-17 13:16	2026-04-17	表示	GitHub Exploit DB Packet Storm

1092	7.2	HIGH ネットワーク	-	-	The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'utm_source' parameter in all versions up to, and including, 14.16.4. This is due to insufficient input san…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-5231	2026-04-17 11:16	2026-04-17	表示	GitHub Exploit DB Packet Storm

1093	6.4	MEDIUM ネットワーク	-	-	The Royal Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Instagram Feed widget's 'instagram_follow_text' setting in all versions up to, and including, …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-5162	2026-04-17 11:16	2026-04-17	表示	GitHub Exploit DB Packet Storm

1094	6.5	MEDIUM ネットワーク	-	-	The MasterStudy LMS WordPress Plugin for Online Courses and Education plugin for WordPress is vulnerable to Time-based Blind SQL Injection via the 'order' and 'orderby' parameters in the /lms/stm-lms…	CWE-89 SQLインジェクション	CVE-2026-4817	2026-04-17 11:16	2026-04-17	表示	GitHub Exploit DB Packet Storm

1095	6.5	MEDIUM ネットワーク	-	-	The WP Statistics plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 14.16.4. This is due to missing capability checks on multiple AJAX handlers includi…	CWE-862 認証の欠如	CVE-2026-3488	2026-04-17 11:16	2026-04-17	表示	GitHub Exploit DB Packet Storm

1096	7.8	HIGH ローカル	adobe	indesign	InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation …	CWE-787 境界外書き込み	CVE-2026-27291	2026-04-17 06:23	2026-04-15	表示	GitHub Exploit DB Packet Storm

1097	7.8	HIGH ローカル	adobe	indesign	InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploit…	CWE-122 ヒープオーバーフロー	CVE-2026-34628	2026-04-17 06:22	2026-04-15	表示	GitHub Exploit DB Packet Storm

1098	7.8	HIGH ローカル	adobe	indesign	InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploit…	CWE-122 ヒープオーバーフロー	CVE-2026-34629	2026-04-17 06:21	2026-04-15	表示	GitHub Exploit DB Packet Storm

1099	7.8	HIGH ローカル	adobe	indesign	InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploit…	CWE-122 ヒープオーバーフロー	CVE-2026-34627	2026-04-17 06:12	2026-04-15	表示	GitHub Exploit DB Packet Storm

1100	8.2	HIGH ネットワーク	openclaw	openclaw	OpenClaw before 2026.3.22 performs cryptographic and dispatch operations on inbound Nostr direct messages before enforcing sender and pairing policy validation. Attackers can trigger unauthorized pre…	CWE-696 不適切な動作順序	CVE-2026-35627	2026-04-17 05:52	2026-04-10	表示	GitHub Exploit DB Packet Storm