NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2026年4月23日4:00

No CVSS レベル
攻撃区分		 ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
1101 6.3 MEDIUM
ローカル 		flatpak flatpak-builder flatpak-builder is a tool to build flatpaks from source. From 1.4.5 to before 1.4.8, the license-files manifest key takes an array of paths to user defined licence files relative to the source direct… CWE-22
パス・トラバーサル 		CVE-2026-39977 2026-04-17 05:52 2026-04-10 表示 GitHub Exploit DB Packet Storm
1102 5.1 MEDIUM
ローカル 		openclaw openclaw OpenClaw before 2026.3.23 contains an authentication bypass vulnerability in the Canvas gateway where authorizeCanvasRequest() unconditionally allows local-direct requests without validating bearer t… CWE-288
代替パスまたはチャネルを使用した認証回避 		CVE-2026-35634 2026-04-17 05:51 2026-04-10 表示 GitHub Exploit DB Packet Storm
1103 8.8 HIGH
ネットワーク 		openplcproject openplc_v3_firmware OpenPLC_V3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authenticated user with role=user can delete any other user, including administrators, by specifying the… CWE-862
認証の欠如 		CVE-2026-35063 2026-04-17 05:49 2026-04-10 表示 GitHub Exploit DB Packet Storm
1104 7.5 HIGH
ネットワーク 		openplcproject openplc_v3_firmware OpenPLC_V3 is vulnerable to a Plaintext Storage of a Password vulnerability that could allow an attacker to retrieve credentials and access sensitive information. CWE-256
平文でパスワードを保存 		CVE-2026-35556 2026-04-17 05:49 2026-04-10 表示 GitHub Exploit DB Packet Storm
1105 5.3 MEDIUM
ネットワーク 		langchain langchain_core LangChain is a framework for building agents and LLM-powered applications. Prior to 0.3.84 and 1.2.28, LangChain's f-string prompt-template validation was incomplete in two respects. First, some prom… CWE-1336
テンプレートエンジンで使用される特殊な要素の不適切な無効化 		CVE-2026-40087 2026-04-17 05:48 2026-04-10 表示 GitHub Exploit DB Packet Storm
1106 6.5 MEDIUM
ネットワーク 		openclaw openclaw OpenClaw versions 2026.3.11 through 2026.3.24 contain a session isolation bypass vulnerability where session_status resolves sessionId to canonical session keys before enforcing visibility checks. Sa… CWE-696
不適切な動作順序 		CVE-2026-35636 2026-04-17 05:48 2026-04-10 表示 GitHub Exploit DB Packet Storm
1107 9.6 CRITICAL
ネットワーク 		praison praisonai PraisonAI is a multi-agent teams system. Prior to 4.5.121, the execute_command function and workflow shell execution are exposed to user-controlled input via agent workflows, YAML definitions, and LL… CWE-78
OSコマンド・インジェクション 		CVE-2026-40088 2026-04-17 05:40 2026-04-10 表示 GitHub Exploit DB Packet Storm
1108 9.8 CRITICAL
ネットワーク 		wolfssl wolfssl Two potential heap out-of-bounds write locations existed in DecodeObjectId() in wolfcrypt/src/asn.c. First, a bounds check only validates one available slot before writing two OID arc values (out[0] … CWE-122
CWE-787
ヒープオーバーフロー
境界外書き込み 		CVE-2026-5187 2026-04-17 05:39 2026-04-10 表示 GitHub Exploit DB Packet Storm
1109 9.1 CRITICAL
ネットワーク 		wolfssl wolfssl Missing hash/digest size and OID checks allow digests smaller than allowed when verifying ECDSA certificates, or smaller than is appropriate for the relevant key type, to be accepted by signature ver… CWE-295
不正な証明書検証 		CVE-2026-5194 2026-04-17 05:37 2026-04-10 表示 GitHub Exploit DB Packet Storm
1110 4.4 MEDIUM
ローカル 		helm helm Helm is a package manager for Charts for Kubernetes. In Helm versions <=3.20.1 and <=4.1.3, a specially crafted Chart will cause helm pull --untar [chart URL | repo/chartname] to write the Chart's c… CWE-22
パス・トラバーサル 		CVE-2026-35206 2026-04-17 05:36 2026-04-10 表示 GitHub Exploit DB Packet Storm
1111 6.5 MEDIUM
ネットワーク 		b3log siyuan SiYuan is a personal knowledge management system. Prior to 3.6.4, SiYuan configures Mermaid.js with securityLevel: "loose" and htmlLabels: true. In this mode, <img> tags with src attributes survive M… CWE-918
サーバサイドリクエストフォージェリ 		CVE-2026-40107 2026-04-17 05:28 2026-04-10 表示 GitHub Exploit DB Packet Storm
1112 6.1 MEDIUM
ネットワーク 		altenar sportsbook Cross Site Scripting vulnerability in Altenar Sportsbook Software Platform (SB2) v.2.0 allows a remote attacker to obtain sensitive information and execute arbitrary code via the URL parameter CWE-200
情報漏えい 		CVE-2026-31262 2026-04-17 05:17 2026-04-11 表示 GitHub Exploit DB Packet Storm
1113 7.5 HIGH
ネットワーク 		nasm netwide_assembler A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can be exploited by a user assembling … CWE-787
境界外書き込み 		CVE-2026-6067 2026-04-17 04:49 2026-04-10 表示 GitHub Exploit DB Packet Storm
1114 6.5 MEDIUM
ネットワーク 		nasm netwide_assembler NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in the global depend_file and later dereferenced, as the response… CWE-416
解放済みメモリの使用 		CVE-2026-6068 2026-04-17 04:48 2026-04-10 表示 GitHub Exploit DB Packet Storm
1115 7.5 HIGH
ネットワーク 		nasm netwide_assembler NASM’s disasm() function contains a stack based buffer overflow when formatting disassembly output, allowing an attacker triggered out-of-bounds write when `slen` exceeds the buffer capacity. CWE-787
境界外書き込み 		CVE-2026-6069 2026-04-17 04:48 2026-04-10 表示 GitHub Exploit DB Packet Storm
1116 7.2 HIGH
ネットワーク 		couchcms couchcms CouchCMS contains a privilege escalation vulnerability that allows authenticated Admin-level users to create SuperAdmin accounts by tampering with the f_k_levels_list parameter in user creation reque… CWE-639
ユーザ制御の鍵による認証回避 		CVE-2026-29002 2026-04-17 04:41 2026-04-11 表示 GitHub Exploit DB Packet Storm
1117 5.5 MEDIUM
ローカル 		hdfgroup hdf5 HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition in the H5T__ref_mem_setnull… CWE-122
ヒープオーバーフロー 		CVE-2026-29043 2026-04-17 04:40 2026-04-11 表示 GitHub Exploit DB Packet Storm
1118 9.6 CRITICAL
ネットワーク 		lollms lollms A Stored Cross-Site Scripting (XSS) vulnerability was identified in the social feature of parisneo/lollms, affecting the latest version prior to 2.2.0. The vulnerability exists in the `create_post` f… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-1115 2026-04-17 04:39 2026-04-10 表示 GitHub Exploit DB Packet Storm
1119 4.8 MEDIUM
ネットワーク 		- - Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.3.1, the Axios library is vulnerable to a specific "Gadget" attack chain that allows Prototype Pollution in any… CWE-113
CWE-444
CWE-918
HTTP レスポンスの分割
HTTP リクエストスマグリング
サーバサイドリクエストフォージェリ 		CVE-2026-40175 2026-04-17 04:16 2026-04-11 表示 GitHub Exploit DB Packet Storm
1120 9.8 CRITICAL
ネットワーク 		chamilo chamilo_lms Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise-blocked PHP code from the main/install/ directory and allow an unauthenticated attacker to modify … CWE-552
外部からアクセス可能なファイルまたはディレクトリ 		CVE-2026-33698 2026-04-17 03:48 2026-04-11 表示 GitHub Exploit DB Packet Storm
1121 7.1 HIGH
ネットワーク 		chamilo chamilo_lms Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an Insecure Direct Object Reference (IDOR) vulnerability in the Learning Path progress saving endpoi… CWE-639
ユーザ制御の鍵による認証回避 		CVE-2026-33702 2026-04-17 03:48 2026-04-11 表示 GitHub Exploit DB Packet Storm
1122 6.5 MEDIUM
ネットワーク 		chamilo chamilo_lms Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerability in the /social-network/personal-data/{userId} endpoint allows any authentica… CWE-639
ユーザ制御の鍵による認証回避 		CVE-2026-33703 2026-04-17 03:48 2026-04-11 表示 GitHub Exploit DB Packet Storm
1123 5.5 MEDIUM
ローカル 		juniper junos
junos_os_evolved 		A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user with low privileges to read sensitive information. A local user with low privil… CWE-862
認証の欠如 		CVE-2026-33776 2026-04-17 03:46 2026-04-10 表示 GitHub Exploit DB Packet Storm
1124 6.7 MEDIUM
ローカル 		juniper junos
junos_os_evolved 		An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker executing specific, crafted CLI commands to inje… CWE-78
OSコマンド・インジェクション 		CVE-2026-33791 2026-04-17 03:44 2026-04-10 表示 GitHub Exploit DB Packet Storm
1125 7.8 HIGH
ローカル 		juniper junos
junos_os_evolved 		An Execution with Unnecessary Privileges vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, th… CWE-250
不要な特権による実行 		CVE-2026-33793 2026-04-17 03:42 2026-04-10 表示 GitHub Exploit DB Packet Storm
1126 7.4 HIGH
隣接 		juniper junos
junos_os_evolved 		An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already establis… CWE-20
不適切な入力確認 		CVE-2026-33797 2026-04-17 03:37 2026-04-10 表示 GitHub Exploit DB Packet Storm
1127 8.8 HIGH
ネットワーク 		chamilo chamilo_lms Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user (including students) can write arbitrary content to files on the server via the BigUpload endpoint. The key param… CWE-434
危険なタイプのファイルの無制限アップロード 		CVE-2026-33704 2026-04-17 03:34 2026-04-11 表示 GitHub Exploit DB Packet Storm
1128 5.3 MEDIUM
ネットワーク 		chamilo chamilo_lms Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files (.tpl) under /main/template/default/ are directly accessible without authentication via HTTP GET requests. These tem… CWE-538
ファイルおよびディレクトリ情報の漏えい 		CVE-2026-33705 2026-04-17 03:29 2026-04-11 表示 GitHub Exploit DB Packet Storm
1129 7.1 HIGH
ネットワーク 		chamilo chamilo_lms Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user with a REST API key can modify their own status field via the update_user_from_username endpoint. A student (stat… CWE-269
不適切な権限管理 		CVE-2026-33706 2026-04-17 03:27 2026-04-11 表示 GitHub Exploit DB Packet Storm
1130 9.8 CRITICAL
ネットワーク 		chamilo chamilo_lms Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password reset mechanism generates tokens using sha1($email) with no random component, no expiration, and no … CWE-640
パスワードを忘れた場合の脆弱なパスワードリカバリの仕組み 		CVE-2026-33707 2026-04-17 03:25 2026-04-11 表示 GitHub Exploit DB Packet Storm
1131 6.5 MEDIUM
ネットワーク 		chamilo chamilo_lms Chamilo LMS is a learning management system. Prior to 1.11.38, the get_user_info_from_username REST API endpoint returns personal information (email, first name, last name, user ID, active status) of… CWE-862
認証の欠如 		CVE-2026-33708 2026-04-17 03:25 2026-04-11 表示 GitHub Exploit DB Packet Storm
1132 7.5 HIGH
ネットワーク 		chamilo chamilo_lms Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are generated using md5(time() + (user_id * 5) - rand(10000, 10000)). The rand(10000, 10000) call always re… CWE-330
不十分なランダム値の使用 		CVE-2026-33710 2026-04-17 03:24 2026-04-11 表示 GitHub Exploit DB Packet Storm
1133 6.5 MEDIUM
ネットワーク 		chamilo chamilo_lms Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, any authenticated user (including ROLE_STUDENT) can enumerate all platform users and access personal information (email, phone, roles… CWE-639
ユーザ制御の鍵による認証回避 		CVE-2026-33736 2026-04-17 03:23 2026-04-11 表示 GitHub Exploit DB Packet Storm
1134 6.5 MEDIUM
ネットワーク 		chamilo chamilo_lms Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, multiple files use simplexml_load_string() without XXE protection. With LIBXML_NOENT flag, arbitrary server files can be … CWE-611
XML 外部エンティティ参照の不適切な制限 		CVE-2026-33737 2026-04-17 03:22 2026-04-11 表示 GitHub Exploit DB Packet Storm
1135 6.8 MEDIUM
物理 		samsung android Improper input validation in data related to network restrictions prior to SMR Apr-2026 Release 1 allows physical attackers to bypass the restrictions. NVD-CWE-noinfo
CVE-2026-21003 2026-04-17 02:25 2026-04-13 表示 GitHub Exploit DB Packet Storm
1136 5.5 MEDIUM
ローカル 		samsung galaxy_wearable Incorrect default permission in Galaxy Wearable prior to version 2.2.68.26 allows local attackers to access sensitive information. CWE-276
不適切なデフォルトパーミッション 		CVE-2026-21013 2026-04-17 02:24 2026-04-13 表示 GitHub Exploit DB Packet Storm
1137 2.8 LOW
ローカル 		samsung camera Improper access control in Samsung Camera prior to version 16.5.00.28 allows local attacker to access location data. User interaction is required for triggering this vulnerability. NVD-CWE-noinfo
CVE-2026-21014 2026-04-17 02:23 2026-04-13 表示 GitHub Exploit DB Packet Storm
1138 8.5 HIGH
ネットワーク 		gitlab gitlab GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.9.6 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to invoke u… CWE-749
危険なメソッドや機能の公開 		CVE-2026-5173 2026-04-17 01:44 2026-04-9 表示 GitHub Exploit DB Packet Storm
1139 8.8 HIGH
ネットワーク 		google chrome Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) CWE-416
解放済みメモリの使用 		CVE-2026-5883 2026-04-17 01:36 2026-04-9 表示 GitHub Exploit DB Packet Storm
1140 5.3 MEDIUM
ネットワーク 		google chrome Race in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severit… CWE-362
競合状態 		CVE-2026-5890 2026-04-17 01:35 2026-04-9 表示 GitHub Exploit DB Packet Storm
1141 4.3 MEDIUM
ネットワーク 		microsoft edge_chromium Microsoft Edge (Chromium-based) Spoofing Vulnerability CWE-451
ユーザインターフェースにおける重要情報の誤った表示 		CVE-2026-33118 2026-04-17 01:34 2026-04-11 表示 GitHub Exploit DB Packet Storm
1142 9.8 CRITICAL
ネットワーク 		mesa3d mesa In Mesa before 25.3.6 and 26 before 26.0.1, out-of-bounds memory access can occur in WebGPU because the amount of to-be-allocated data depends on an untrusted party, and is then used for alloca. CWE-787
境界外書き込み 		CVE-2026-40393 2026-04-17 01:17 2026-04-13 表示 GitHub Exploit DB Packet Storm
1143 7.8 HIGH
ローカル 		adobe indesign InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory st… CWE-125
境界外読み取り 		CVE-2026-27284 2026-04-17 00:35 2026-04-15 表示 GitHub Exploit DB Packet Storm
1144 7.8 HIGH
ローカル 		adobe indesign InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of thi… CWE-416
解放済みメモリの使用 		CVE-2026-27283 2026-04-17 00:35 2026-04-15 表示 GitHub Exploit DB Packet Storm
1145 7.8 HIGH
ローカル 		adobe indesign InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploit… CWE-122
ヒープオーバーフロー 		CVE-2026-27238 2026-04-17 00:35 2026-04-15 表示 GitHub Exploit DB Packet Storm
1146 5.5 MEDIUM
ローカル 		adobe indesign InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to memory exposure. An attacker could leverage this vulnerability to disc… CWE-122
ヒープオーバーフロー 		CVE-2026-27286 2026-04-17 00:33 2026-04-15 表示 GitHub Exploit DB Packet Storm
1147 5.5 MEDIUM
ローカル 		adobe indesign InDesign Desktop versions 20.5.2, 21.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerab… CWE-122
ヒープオーバーフロー 		CVE-2026-27285 2026-04-17 00:32 2026-04-15 表示 GitHub Exploit DB Packet Storm
1148 4.3 MEDIUM
ネットワーク 		- - Missing Authorization vulnerability in Long Watch Studio MyRewards woorewards allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MyRewards: from n/a through <=… CWE-862
認証の欠如 		CVE-2026-40786 2026-04-17 00:17 2026-04-15 表示 GitHub Exploit DB Packet Storm
1149 5.3 MEDIUM
ネットワーク 		- - Missing Authorization vulnerability in Majestic Support Majestic Support majestic-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Majestic Support: … CWE-862
認証の欠如 		CVE-2026-40778 2026-04-17 00:17 2026-04-15 表示 GitHub Exploit DB Packet Storm
1150 5.3 MEDIUM
ネットワーク 		- - Missing Authorization vulnerability in WP Royal Royal Elementor Addons royal-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royal Elemento… CWE-862
認証の欠如 		CVE-2026-40763 2026-04-17 00:17 2026-04-15 表示 GitHub Exploit DB Packet Storm