NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2026年4月23日4:00

No CVSS レベル
攻撃区分		 ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
1151 8.5 HIGH
ネットワーク 		- - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Beaver Builder Beaver Builder beaver-builder-lite-version allows Blind SQL Injection.This issue a… CWE-89
SQLインジェクション 		CVE-2026-40744 2026-04-17 00:17 2026-04-15 表示 GitHub Exploit DB Packet Storm
1152 5.4 MEDIUM
ネットワーク 		- - Missing Authorization vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.7. CWE-862
認証の欠如 		CVE-2026-40740 2026-04-17 00:17 2026-04-15 表示 GitHub Exploit DB Packet Storm
1153 6.5 MEDIUM
ネットワーク 		- - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zahlan Categories Images categories-images allows DOM-Based XSS.This issue affects Categories Ima… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-40734 2026-04-17 00:17 2026-04-15 表示 GitHub Exploit DB Packet Storm
1154 4.3 MEDIUM
ネットワーク 		- - Missing Authorization vulnerability in bPlugins 3D viewer – Embed 3D Models 3d-viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 3D viewer – Embed 3D M… CWE-862
認証の欠如 		CVE-2026-40729 2026-04-17 00:17 2026-04-15 表示 GitHub Exploit DB Packet Storm
1155 6.4 MEDIUM
ネットワーク 		- - The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'eeb_mailto' shortcode in all versions up to, and including, 2.… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-2840 2026-04-17 00:17 2026-04-17 表示 GitHub Exploit DB Packet Storm
1156 5.7 MEDIUM
ネットワーク 		- - monetr is a budgeting application focused on planning for recurring expenses. Prior to 1.12.3, a transaction integrity flaw allows an authenticated tenant user to soft-delete synced non-manual transa… CWE-285
不適切な認可 		CVE-2026-39901 2026-04-16 23:57 2026-04-9 表示 GitHub Exploit DB Packet Storm
1157 - -
- - Mercure is a protocol for pushing data updates to web browsers and other HTTP clients in a battery-efficient way. Prior to 0.22.0, a cache key collision vulnerability in TopicSelectorStore allows an … CWE-1289
安全でない等式による入力の不適切な検証 		CVE-2026-39972 2026-04-16 23:45 2026-04-10 表示 GitHub Exploit DB Packet Storm
1158 - -
- - ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to 5.0.4-beta-1f46165, ClearanceKit's Endpoint Security event handler only checked the sour… CWE-863
不正な認証 		CVE-2026-40191 2026-04-16 23:45 2026-04-11 表示 GitHub Exploit DB Packet Storm
1159 7.5 HIGH
ネットワーク 		adobe coldfusion ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerabilit… CWE-20
不適切な入力確認 		CVE-2026-27282 2026-04-16 23:43 2026-04-15 表示 GitHub Exploit DB Packet Storm
1160 9.3 CRITICAL
隣接 		adobe coldfusion ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitati… CWE-20
不適切な入力確認 		CVE-2026-27304 2026-04-16 23:42 2026-04-15 表示 GitHub Exploit DB Packet Storm
1161 8.6 HIGH
ネットワーク 		adobe coldfusion ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file syste… CWE-22
パス・トラバーサル 		CVE-2026-27305 2026-04-16 23:42 2026-04-15 表示 GitHub Exploit DB Packet Storm
1162 9.1 CRITICAL
ネットワーク 		- - oma is a package manager for AOSC OS. Prior to 1.25.2, oma-topics is responsible for fetching metadata for testing repositories (topics) named "Topic Manifests" ({mirror}/debs/manifest/topics.json) f… CWE-93
CRLF インジェクション 		CVE-2026-39958 2026-04-16 23:42 2026-04-10 表示 GitHub Exploit DB Packet Storm
1163 3.1 LOW
ネットワーク 		- - Flux notification-controller is the event forwarder and notification dispatcher for the GitOps Toolkit controllers. Prior to 1.8.3, the gcr Receiver type in Flux notification-controller does not vali… CWE-287
CWE-345
不適切な認証
データの信頼性についての不十分な検証 		CVE-2026-40109 2026-04-16 23:42 2026-04-10 表示 GitHub Exploit DB Packet Storm
1164 8.4 HIGH
隣接 		adobe coldfusion ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Attacker r… CWE-20
不適切な入力確認 		CVE-2026-27306 2026-04-16 23:41 2026-04-15 表示 GitHub Exploit DB Packet Storm
1165 2.4 LOW
隣接 		adobe coldfusion ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. A high-privileged attacker could e… CWE-400
リソースの枯渇 		CVE-2026-27307 2026-04-16 23:41 2026-04-15 表示 GitHub Exploit DB Packet Storm
1166 2.4 LOW
隣接 		adobe coldfusion ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. A high-privileged attacker could e… CWE-400
リソースの枯渇 		CVE-2026-27308 2026-04-16 23:40 2026-04-15 表示 GitHub Exploit DB Packet Storm
1167 7.7 HIGH
ネットワーク 		adobe coldfusion ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a Security feature… CWE-22
パス・トラバーサル 		CVE-2026-34619 2026-04-16 23:28 2026-04-15 表示 GitHub Exploit DB Packet Storm
1168 5.4 MEDIUM
ネットワーク 		openclaw openclaw OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Google Chat group policy enforcement that relies on mutable space display names. Attackers can rebind group policies by cha… CWE-807
セキュリティ決定の信頼できない入力への依存 		CVE-2026-35617 2026-04-16 23:19 2026-04-10 表示 GitHub Exploit DB Packet Storm
1169 6.5 MEDIUM
ネットワーク 		openclaw openclaw OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in webhook authentication that allows attackers to brute-force weak webhook passwords without throttling. Remote attackers can… CWE-307
過度な認証試行の不適切な制限 		CVE-2026-35623 2026-04-16 23:17 2026-04-10 表示 GitHub Exploit DB Packet Storm
1170 5.3 MEDIUM
ネットワーク 		- - The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference via the 'submission_id' parameter in … CWE-639
ユーザ制御の鍵による認証回避 		CVE-2026-4160 2026-04-16 23:16 2026-04-16 表示 GitHub Exploit DB Packet Storm
1171 6.3 MEDIUM
ローカル 		adobe acrobat
acrobat_dc
acrobat_reader_dc 		Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability… CWE-1321
オブジェクトプロトタイプ属性の不適切に制御された変更 (プロトタイプの汚染) 		CVE-2026-34626 2026-04-16 23:14 2026-04-15 表示 GitHub Exploit DB Packet Storm
1172 8.6 HIGH
ローカル 		adobe acrobat
acrobat_dc
acrobat_reader_dc 		Acrobat Reader versions 26.001.21411, 24.001.30360, 24.001.30362 and earlier are affected by an Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability… CWE-1321
オブジェクトプロトタイプ属性の不適切に制御された変更 (プロトタイプの汚染) 		CVE-2026-34622 2026-04-16 23:14 2026-04-15 表示 GitHub Exploit DB Packet Storm
1173 7.8 HIGH
ローカル 		openclaw openclaw OpenClaw before 2026.3.25 contains a privilege escalation vulnerability where silent local shared-auth reconnects auto-approve scope-upgrade requests, widening paired device permissions from operator… CWE-648
特権 API の不適切な使用 		CVE-2026-35625 2026-04-16 22:43 2026-04-10 表示 GitHub Exploit DB Packet Storm
1174 - -
- - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accid… - CVE-2026-5968 2026-04-16 22:16 2026-04-16 表示 GitHub Exploit DB Packet Storm
1175 5.4 MEDIUM
ネットワーク 		gitlab gitlab GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that, in customizable analytics dashboards, could have allowed… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-4332 2026-04-16 22:00 2026-04-9 表示 GitHub Exploit DB Packet Storm
1176 2.7 LOW
ネットワーク 		gitlab gitlab GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user with custom r… CWE-862
認証の欠如 		CVE-2026-4916 2026-04-16 21:59 2026-04-9 表示 GitHub Exploit DB Packet Storm
1177 7.5 HIGH
ネットワーク 		- - The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to SQL Injection via the 'packages' parameter in versions up to, and including, 3.6.26 due to insu… CWE-89
SQLインジェクション 		CVE-2026-3489 2026-04-16 21:16 2026-04-16 表示 GitHub Exploit DB Packet Storm
1178 5.4 MEDIUM
ネットワーク 		- - The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded image title in versions up to, and including, 1.7.9 due to insuffic… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-3369 2026-04-16 21:16 2026-04-16 表示 GitHub Exploit DB Packet Storm
1179 3.1 LOW
ネットワーク 		- - The OneSignal – Web Push Notifications plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.8.0. This is due to the plugin not properly verifying that a user… CWE-862
認証の欠如 		CVE-2026-3155 2026-04-16 21:16 2026-04-16 表示 GitHub Exploit DB Packet Storm
1180 5.3 MEDIUM
ネットワーク 		- - The Post Grid Gutenberg Blocks for News, Magazines, Blog Websites – PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ultp_shareCo… CWE-862
認証の欠如 		CVE-2026-0718 2026-04-16 17:16 2026-04-16 表示 GitHub Exploit DB Packet Storm
1181 8.8 HIGH
ネットワーク 		- - The Career Section plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Path Traversal and Arbitrary File Deletion in all versions up to, and including, 1.6. This is due to mis… CWE-22
パス・トラバーサル 		CVE-2025-14868 2026-04-16 17:16 2026-04-16 表示 GitHub Exploit DB Packet Storm
1182 4.4 MEDIUM
ネットワーク 		- - The OPEN-BRAIN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'API Key' settings field in all versions up to, and including, 0.5.0. This is due to insufficient input saniti… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-3995 2026-04-16 16:16 2026-04-16 表示 GitHub Exploit DB Packet Storm
1183 7.2 HIGH
ネットワーク 		- - The Prismatic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'prismatic_encoded' pseudo-shortcode in all versions up to, and including, 3.7.3. This is due to insufficient i… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-3876 2026-04-16 16:16 2026-04-16 表示 GitHub Exploit DB Packet Storm
1184 6.4 MEDIUM
ネットワーク 		- - The BetterDocs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'betterdocs_feedback_form' shortcode in all versions up to, and including, 4.3.8. This is due to insufficient … CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-3875 2026-04-16 16:16 2026-04-16 表示 GitHub Exploit DB Packet Storm
1185 6.1 MEDIUM
ネットワーク 		- - The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘crsearch’ parameter in all versions up to, and including, 5.101.0 due to insufficien… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-3355 2026-04-16 16:16 2026-04-16 表示 GitHub Exploit DB Packet Storm
1186 8.8 HIGH
ネットワーク 		- - The Livemesh Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 9.0. This is due to insufficient sanitization of the template name p… CWE-98
PHP リモートファイルインクルージョン 		CVE-2026-1620 2026-04-16 16:16 2026-04-16 表示 GitHub Exploit DB Packet Storm
1187 6.4 MEDIUM
ネットワーク 		- - The Livemesh Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 9.0… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-1572 2026-04-16 16:16 2026-04-16 表示 GitHub Exploit DB Packet Storm
1188 6.4 MEDIUM
ネットワーク 		- - The WP Maps – Store Locator,Google Maps,OpenStreetMap,Mapbox,Listing,Directory & Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'put_wpgm' shortcode in all versions… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2025-13364 2026-04-16 16:16 2026-04-16 表示 GitHub Exploit DB Packet Storm
1189 7.5 HIGH
ネットワーク 		- - The Payment Gateway for Redsys & WooCommerce Lite plugin for WordPress is vulnerable to Improper Verification of Cryptographic Signature in versions up to, and including, 7.0.0 due to successful_requ… CWE-347
デジタル署名の不適切な検証 		CVE-2026-5050 2026-04-16 15:16 2026-04-16 表示 GitHub Exploit DB Packet Storm
1190 6.5 MEDIUM
ネットワーク 		- - The Accessibility Suite by Ability, Inc plugin for WordPress is vulnerable to SQL Injection via the 'scan_id' parameter in all versions up to, and including, 4.20. This is due to insufficient escapin… CWE-89
SQLインジェクション 		CVE-2026-3773 2026-04-16 15:16 2026-04-16 表示 GitHub Exploit DB Packet Storm
1191 8.8 HIGH
ネットワーク 		- - The AcyMailing plugin for WordPress is vulnerable to privilege escalation in all versions From 9.11.0 up to, and including, 10.8.1 due to a missing capability check on the `wp_ajax_acymailing_router`… CWE-862
認証の欠如 		CVE-2026-3614 2026-04-16 15:16 2026-04-16 表示 GitHub Exploit DB Packet Storm
1192 7.5 HIGH
ネットワーク 		- - The Riaxe Product Customizer plugin for WordPress is vulnerable to SQL Injection via the 'options' parameter keys within 'product_data' of the /wp-json/InkXEProductDesignerLite/add-item-to-cart REST … CWE-89
SQLインジェクション 		CVE-2026-3599 2026-04-16 15:16 2026-04-16 表示 GitHub Exploit DB Packet Storm
1193 9.8 CRITICAL
ネットワーク 		- - The Riaxe Product Customizer plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.2. The plugin registers an unauthenticated AJAX action ('wp_ajax_nopr… CWE-862
認証の欠如 		CVE-2026-3596 2026-04-16 15:16 2026-04-16 表示 GitHub Exploit DB Packet Storm
1194 5.3 MEDIUM
ネットワーク 		- - The Riaxe Product Customizer plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.2. This is due to the plugin registering a REST API route at POST /wp… CWE-862
認証の欠如 		CVE-2026-3595 2026-04-16 15:16 2026-04-16 表示 GitHub Exploit DB Packet Storm
1195 5.3 MEDIUM
ネットワーク 		- - The Basic Google Maps Placemarks plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 1.10.7. This is due to the plugin not properly verifying that a user is a… CWE-862
認証の欠如 		CVE-2026-3581 2026-04-16 15:16 2026-04-16 表示 GitHub Exploit DB Packet Storm
1196 4.4 MEDIUM
ネットワーク 		- - The Custom New User Notification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's admin settings in all versions up to, and including, 1.2.0. This is due to insuffic… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-3551 2026-04-16 15:16 2026-04-16 表示 GitHub Exploit DB Packet Storm
1197 5.9 MEDIUM
ネットワーク 		huawei harmonyos Race condition vulnerability in the notification service. Impact: Successful exploitation of this vulnerability may affect availability. CWE-362
競合状態 		CVE-2026-34850 2026-04-16 14:05 2026-04-13 表示 GitHub Exploit DB Packet Storm
1198 7.5 HIGH
ネットワーク 		huawei harmonyos Race condition vulnerability in the event notification module. Impact: Successful exploitation of this vulnerability may affect availability. CWE-362
競合状態 		CVE-2026-34851 2026-04-16 14:01 2026-04-13 表示 GitHub Exploit DB Packet Storm
1199 6.5 MEDIUM
ネットワーク 		huawei harmonyos Stack overflow vulnerability in the media platform. Impact: Successful exploitation of this vulnerability may affect availability. CWE-835
無限ループ 		CVE-2026-34852 2026-04-16 13:54 2026-04-13 表示 GitHub Exploit DB Packet Storm
1200 7.5 HIGH
ネットワーク 		huawei harmonyos
emui 		Permission bypass vulnerability in the LBS module. Impact: Successful exploitation of this vulnerability may affect availability. CWE-270
特権コンテキストの切り替えエラー 		CVE-2026-34853 2026-04-16 13:52 2026-04-13 表示 GitHub Exploit DB Packet Storm