NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月13日4:20

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
1101	7.3	HIGH ローカル	-	-	A local privilege escalation vulnerability was found in the ansible.posix authorized_key module. The module's keyfile() function uses os.chown() instead of os.lchown() and opens files without O_NOFOL…	CWE-59 リンク解釈の問題	CVE-2026-11837	2026-06-10 14:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1102	2.4	LOW ネットワーク	-	-	A weakness has been identified in FluentCMS 0.0.5. The impacted element is an unknown function of the file /admin/blocks of the component Blocks Plugin. This manipulation causes cross site scripting.…	CWE-79 CWE-94 クロスサイト・スクリプティング（XSS）コード・インジェクション	CVE-2026-11434	2026-06-10 14:16	2026-06-7	表示	GitHub Exploit DB Packet Storm

1103	-	-	-	-	A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions. We hav…	CWE-359 CWE-862 認可されていないアクターへの個人情報の漏えい認証の欠如	CVE-2026-26237	2026-06-10 13:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

1104	-	-	-	-	A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to e…	CWE-78 OSコマンド・インジェクション	CVE-2026-24719	2026-06-10 13:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

1105	-	-	-	-	A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read…	CWE-22 パス・トラバーサル	CVE-2026-24717	2026-06-10 13:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

1106	-	-	-	-	A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerabili…	CWE-476 NULL ポインタデリファレンス	CVE-2026-24716	2026-06-10 13:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

1107	-	-	-	-	A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to e…	CWE-78 OSコマンド・インジェクション	CVE-2026-22893	2026-06-10 13:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

1108	-	-	-	-	A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS…	CWE-476 NULL ポインタデリファレンス	CVE-2025-66281	2026-06-10 13:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

1109	-	-	-	-	An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vuln…	CWE-121 CWE-190 スタックオーバーフロー整数オーバーフローまたはラップアラウンド	CVE-2025-66280	2026-06-10 13:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

1110	-	-	-	-	A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to e…	CWE-78 OSコマンド・インジェクション	CVE-2025-66279	2026-06-10 13:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

1111	-	-	-	-	A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to e…	CWE-78 OSコマンド・インジェクション	CVE-2025-66273	2026-06-10 13:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

1112	-	-	-	-	A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerabili…	CWE-476 NULL ポインタデリファレンス	CVE-2025-62850	2026-06-10 13:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

1113	-	-	-	-	QuTS hero is not affected. We have already fixed the vulnerability in the following version: QTS 5.2.7.3256 build 20250913 and later	-	CVE-2025-66276	2026-06-10 12:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1114	-	-	-	-	A cross-site request forgery (CSRF) vulnerability has been reported to affect Notification Center. The remote attackers can then exploit the vulnerability to gain privileges or hijack user identities…	CWE-352 同一生成元ポリシー違反	CVE-2025-58468	2026-06-10 12:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1115	5.4	MEDIUM ネットワーク	-	-	WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of option tags in the post_title …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2019-25744	2026-06-10 11:16	2026-06-4	表示	GitHub Exploit DB Packet Storm

1116	5.4	MEDIUM ネットワーク	-	-	WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script tags in the post title fiel…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2019-25743	2026-06-10 11:16	2026-06-4	表示	GitHub Exploit DB Packet Storm

1117	5.4	MEDIUM ネットワーク	-	-	WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Address input field when crea…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2019-25742	2026-06-10 11:16	2026-06-4	表示	GitHub Exploit DB Packet Storm

1118	5.4	MEDIUM ネットワーク	-	-	GigToDo 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript and HTML code through the proposal description field. Attackers…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2019-25739	2026-06-10 11:16	2026-06-4	表示	GitHub Exploit DB Packet Storm

1119	6.1	MEDIUM ネットワーク	-	-	Live Chat Unlimited 2.8.3 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the chat input field. Attackers can submit pay…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2019-25737	2026-06-10 11:16	2026-06-4	表示	GitHub Exploit DB Packet Storm

1120	6.1	MEDIUM ネットワーク	-	-	Zuz Music 2.1 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious JavaScript by submitting crafted contact form data. Attackers can inje…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2019-25731	2026-06-10 11:16	2026-06-4	表示	GitHub Exploit DB Packet Storm

1121	-	-	-	-	Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to version 2.53.0, an authenticated user could supply specially crafted content in certain…	CWE-74 インジェクション	CVE-2026-46546	2026-06-10 10:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1122	-	-	-	-	SimpleBLE is a cross-platform library and bindings for Bluetooth Low Energy (BLE). Prior to version 0.14.0, there are multiple stack-based buffer overflow vulnerabilities in SimpleBLE. There is a sta…	CWE-121 CWE-787 スタックオーバーフロー境界外書き込み	CVE-2026-44634	2026-06-10 10:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1123	4.3	MEDIUM ネットワーク	-	-	BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the friends REST API that allows any authenticated attacker to enumerate another user's complete friend list. Attackers…	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-53675	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1124	7.1	HIGH ネットワーク	-	-	BuddyPress 14.4.0 contains a regular expression injection vulnerability in the activity mention resolver that, when username compatibility mode is enabled, allows attackers to manipulate a REGEXP dat…	CWE-943 データクエリロジックの特殊要素の不適切な中立化	CVE-2026-53674	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1125	8.1	HIGH ネットワーク	-	-	BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the messages REST API that allows authenticated attackers to access arbitrary private message threads by supplying a us…	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-53673	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1126	6.8	MEDIUM ネットワーク	-	-	SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate…	CWE-287 不適切な認証	CVE-2026-47838	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1127	7.5	HIGH ネットワーク	-	-	Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote, unauthenticated denial-of-service vulnerability in Me…	CWE-248 キャッチされない例外	CVE-2026-46545	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1128	5.3	MEDIUM ネットワーク	-	-	Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote peer can crash any full node by sending a RequestBatch…	CWE-617 到達可能なアサーション	CVE-2026-46543	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1129	4.3	MEDIUM ネットワーク	-	-	Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a denial-of-service vulnerability exists in the Ed25519 multisi…	CWE-617 到達可能なアサーション	CVE-2026-46542	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1130	7.5	HIGH ネットワーク	-	-	Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, iIn handle_dht_get(), the DhtResults accumulator is only initia…	CWE-754 例外的な状態における不適切なチェック	CVE-2026-46541	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1131	6.5	MEDIUM ネットワーク	-	-	Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch() adopts a fork chain whose tip …	CWE-841 行動ワークフローの不適切な実施	CVE-2026-46540	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1132	5.9	MEDIUM ネットワーク	-	-	Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a logic flaw in BlockInclusionProof::is_block_proven causes the…	CWE-345 データの信頼性についての不十分な検証	CVE-2026-46539	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1133	8.6	HIGH ネットワーク	-	-	SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. Prior to version 7.0.3, simplesamlphp-module-casserver builds file paths for the file-based CA…	CWE-22 パス・トラバーサル	CVE-2026-46491	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1134	6.5	MEDIUM ネットワーク	-	-	FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.2, authorized clients have the ability to exceed the permitted over-commit of their write buffer and trigge…	CWE-248 キャッチされない例外	CVE-2026-46411	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1135	-	-	-	-	Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. From version 21.0 to before version 51.2, a guest can cause a use-after-free in the cloud-hypervisor process by submitting two virti…	CWE-416 解放済みメモリの使用	CVE-2026-45782	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1136	5.3	MEDIUM ネットワーク	-	-	Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. network-libp2p handles kad get-record query progress in handle_dht_get (network-libp2p/…	CWE-755 例外的な状態における不適切な処理	CVE-2026-44505	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1137	5.3	MEDIUM ネットワーク	-	-	Spring Data REST's Querydsl integration accepts arbitrary persistent property paths as request-parameter filter keys and does not consider Jackson customizations before handing them to Querydsl. Aff…	CWE-284 不適切なアクセス制御	CVE-2026-41837	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1138	8.1	HIGH ネットワーク	-	-	JsonPulsarHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its subpackages. Additionally, an empty trusted-…	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2026-41732	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1139	8.1	HIGH ネットワーク	-	-	JsonKafkaHeaderMapper and the deprecated DefaultKafkaHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its s…	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2026-41731	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1140	5.3	MEDIUM ネットワーク	-	-	Spring Data REST serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence-layer internals to HTTP clients. Affected versions: Spring Data REST 3.7.…	CWE-209 エラーメッセージによる情報漏えい	CVE-2026-41730	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1141	8.1	HIGH ネットワーク	-	-	Spring Data REST is vulnerable to SpEL expression injection through map-typed properties when processing JSON Patch (application/json-patch+json) requests. When a persistent entity exposes a Map-type…	CWE-917 言語構文の表現に使用される特殊な要素の不適切な無効化	CVE-2026-41729	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1142	7.5	HIGH ネットワーク	-	-	Spring Data REST's JSON Patch (application/json-patch+json) implementation does not apply the write-access filter to intermediate path segments when resolving a multi-segment JSON Pointer. Affected …	CWE-284 不適切なアクセス制御	CVE-2026-41728	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1143	6.5	MEDIUM ネットワーク	-	-	Spring Kafka's retry topic infrastructure did not sufficiently validate user-controlled header values before acting on them. A producer could send a record with a crafted retry_topic-attempts header …	CWE-20 不適切な入力確認	CVE-2026-41727	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1144	6.5	MEDIUM ネットワーク	-	-	When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by sending records with unique random spring.kafka.serialization.selector header values, ev…	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2026-41726	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1145	5.9	MEDIUM ネットワーク	-	-	Spring Data Commons contains a vulnerability that can lead to a Denial of Service (DoS) condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload…	CWE-400 リソースの枯渇	CVE-2026-41721	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1146	6.4	MEDIUM ネットワーク	-	-	A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort into a repository query method that delegates evaluation to the SpelPropertyComparator. …	CWE-917 言語構文の表現に使用される特殊な要素の不適切な無効化	CVE-2026-41719	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1147	8.1	HIGH ネットワーク	-	-	Spring Data MongoDB contains a SpEL (Spring Expression Language) expression injection vulnerability. The issue occurs during parameter binding when a user-defined repository query method is annotated…	CWE-917 言語構文の表現に使用される特殊な要素の不適切な無効化	CVE-2026-41717	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1148	7.5	HIGH ネットワーク	-	-	Spring Data's internal property-lookup cache accepts and permanently retains attacker-supplied strings as cache keys, allowing heap exhaustion through repeated requests. Affected versions: Spring Da…	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2026-41716	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1149	4.0	MEDIUM ネットワーク	-	-	Applications that configure their broker connection via RabbitConnectionFactoryBean.setUri("amqps://...") without also calling setUseSSL(true) get TLS encryption with no certificate validation and no…	CWE-295 不正な証明書検証	CVE-2026-41714	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1150	5.9	MEDIUM ネットワーク	-	-	Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack leading to a StackOverflowException when parsing Sort parameters. Affected versions: Spring Data Commons …	CWE-400 リソースの枯渇	CVE-2026-41711	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm