NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月13日4:20

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
1151	6.1	MEDIUM ネットワーク	-	-	Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cookie so that users can be redirected back to their intended destination after…	CWE-601 オープンリダイレクト	CVE-2026-41706	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1152	4.4	MEDIUM ネットワーク	-	-	Correlation IDs for replies in the RabbitTemplate.sendAndReceive() with the fixed reply queue are predictable due to internal simple counter. Affected versions: Spring AMQP 4.0.0 through 4.0.3; 3.2.…	CWE-330 不十分なランダム値の使用	CVE-2026-41701	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1153	4.8	MEDIUM ネットワーク	-	-	Spring Data Relational does not properly escape binding values of externally-controlled input when using StringMatcher (STARTING, ENDING, or CONTAINING) in Query By Example (QBE). An attacker can sup…	CWE-943 データクエリロジックの特殊要素の不適切な中立化	CVE-2026-41697	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1154	5.9	MEDIUM ネットワーク	-	-	Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the bound parameter. An attacker can supply a crafted string to …	CWE-943 データクエリロジックの特殊要素の不適切な中立化	CVE-2026-41696	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1155	7.5	HIGH ネットワーク	-	-	Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolutio…	CWE-400 リソースの枯渇	CVE-2026-41695	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1156	3.7	LOW ネットワーク	-	-	Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able to craft these SAML payloa…	CWE-347 デジタル署名の不適切な検証	CVE-2026-41694	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1157	6.1	MEDIUM ネットワーク	-	-	Spring Security Authorization Server's authorization endpoint performs insufficient validation of the request_uri parameter. An attacker can craft a malicious authorization request containing an inva…	CWE-601 オープンリダイレクト	CVE-2026-41008	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1158	7.6	HIGH ネットワーク	-	-	An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters. Affected versions: Spring Security 5.7.0 throug…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-41003	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1159	7.3	HIGH 隣接	-	-	An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository (saml2_asserting_party_metadata) may be able to store malicious serialized payloads in the col…	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2026-40993	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1160	5.9	MEDIUM ネットワーク	-	-	When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a maliciou…	CWE-611 XML 外部エンティティ参照の不適切な制限	CVE-2026-40991	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1161	7.5	HIGH ネットワーク	-	-	An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Logout may be vulnerable to a denial of service by way of an unbounded writer that inflates …	CWE-400 リソースの枯渇	CVE-2026-40988	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1162	-	-	-	-	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.	-	CVE-2026-10238	2026-06-10 08:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1163	8.1	HIGH ネットワーク	-	-	Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type.	CWE-284 不適切なアクセス制御	CVE-2026-36720	2026-06-10 07:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1164	7.8	HIGH ローカル	-	-	Multiple Microsoft-sigend UEFI SHIM bootloaders are vulnerable to SecureBoot bypass. An attacker with administrative privileges or the ability to modify the boot process could use one of the vulnerab…	-	CVE-2026-8863	2026-06-10 06:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

1165	6.3	MEDIUM ネットワーク	-	-	SemCms 5.0 is vulnerable to Cross Site Request Forgery (CSRF) via crafted POST request to /admin/semcms_user.php.	CWE-352 同一生成元ポリシー違反	CVE-2026-39170	2026-06-10 06:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

1166	7.5	HIGH ネットワーク	-	-	SEMCMS 5.0 is vulnerable to unauthorized access in SEMCMS_copy.php.	CWE-284 不適切なアクセス制御	CVE-2026-39169	2026-06-10 06:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

1167	7.5	HIGH ネットワーク	-	-	Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the macAddr parameter of the formDelStaState function. This vulnerability allows attackers to c…	CWE-121 スタックオーバーフロー	CVE-2026-36822	2026-06-10 06:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

1168	7.5	HIGH ネットワーク	-	-	Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the picCropName parameter of the formCropAndSetWewifiPic function. This vulnerability allows at…	CWE-121 スタックオーバーフロー	CVE-2026-36821	2026-06-10 06:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

1169	7.5	HIGH ネットワーク	-	-	Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the webAuthWhiteUserInfo parameter of the formAddWebAuthWhiteUser function. This vulnerability …	CWE-121 スタックオーバーフロー	CVE-2026-36820	2026-06-10 06:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

1170	7.5	HIGH ネットワーク	-	-	Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the bindMACAddr parameter of the fromSetDhcpRules function. This vulnerability allows attackers…	CWE-121 スタックオーバーフロー	CVE-2026-36819	2026-06-10 06:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

1171	7.5	HIGH ネットワーク	-	-	An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later). There is a Heap buffer overflow in various buffer encryption utilities.	CWE-122 ヒープオーバーフロー	CVE-2023-43688	2026-06-10 06:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

1172	7.8	HIGH ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: pstore/ram: fix buffer overflow in persistent_ram_save_old() persistent_ram_save_old() can be called multiple times for the same …	CWE-787 境界外書き込み	CVE-2026-46253	2026-06-10 05:42	2026-06-4	表示	GitHub Exploit DB Packet Storm

1173	5.5	MEDIUM ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix locking in regulator_resolve_supply() error path If late enabling of a supply regulator fails in regulator_r…	CWE-667 不適切なロック	CVE-2026-46252	2026-06-10 05:42	2026-06-4	表示	GitHub Exploit DB Packet Storm

1174	7.3	HIGH ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: MIPS: Work around LLVM bug when gp is used as global register variable On MIPS, __current_thread_info is defined as global regist…	NVD-CWE-noinfo	CVE-2026-46250	2026-06-10 05:42	2026-06-4	表示	GitHub Exploit DB Packet Storm

1175	8.4	HIGH ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: btrfs: fix block_group_tree dirty_list corruption When the incompat flag EXTENT_TREE_V2 is set, we unconditionally add the block …	NVD-CWE-noinfo	CVE-2026-46251	2026-06-10 05:38	2026-06-4	表示	GitHub Exploit DB Packet Storm

1176	5.5	MEDIUM ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Fix PF driver crash with kexec kernel booting During a kexec reboot the hardware is not power-cycled, so AF state f…	NVD-CWE-noinfo	CVE-2026-46249	2026-06-10 05:37	2026-06-4	表示	GitHub Exploit DB Packet Storm

1177	5.5	MEDIUM ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: clear stale link mapping of ahvif->links_map When an arvif is initialized in non-AP STA mode but MLO connection pre…	NVD-CWE-noinfo	CVE-2026-46248	2026-06-10 05:36	2026-06-4	表示	GitHub Exploit DB Packet Storm

1178	5.5	MEDIUM ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: clk: qcom: gfx3d: add parent to parent request map After commit d228ece36345 ("clk: divider: remove round_rate() in favor of dete…	NVD-CWE-noinfo	CVE-2026-46247	2026-06-10 05:36	2026-06-4	表示	GitHub Exploit DB Packet Storm

1179	7.8	HIGH ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: power: supply: pm8916_lbc: Fix use-after-free for extcon in IRQ handler Using the `devm_` variant for requesting IRQ _before_ the…	CWE-416 解放済みメモリの使用	CVE-2026-46246	2026-06-10 05:36	2026-06-4	表示	GitHub Exploit DB Packet Storm

1180	5.5	MEDIUM ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix dc_link NULL handling in HPD init amdgpu_dm_hpd_init() may see connectors without a valid dc_link. The code…	CWE-476 NULL ポインタデリファレンス	CVE-2026-46245	2026-06-10 05:36	2026-06-4	表示	GitHub Exploit DB Packet Storm

1181	9.1	CRITICAL ネットワーク	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_inner: Fix IPv6 inner_thoff desync In nft_inner_parse_l2l3(), when processing inner IPv6 packets, ipv6_find_hdr() …	NVD-CWE-noinfo	CVE-2026-46244	2026-06-10 05:35	2026-06-4	表示	GitHub Exploit DB Packet Storm

1182	5.5	MEDIUM ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Recover from panthor_gpu_flush_caches() failures We have seen a few cases where the whole memory subsystem is blocke…	NVD-CWE-noinfo	CVE-2025-71314	2026-06-10 05:35	2026-06-4	表示	GitHub Exploit DB Packet Storm

1183	5.5	MEDIUM ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Add missing NULL check for alloc_workqueue() alloc_workqueue() can return NULL on memory allocation failure. Witho…	CWE-476 NULL ポインタデリファレンス	CVE-2025-71313	2026-06-10 05:35	2026-06-4	表示	GitHub Exploit DB Packet Storm

1184	7.5	HIGH ネットワーク	-	-	Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the webAuthUserInfo parameter of the formAddWebAuthUser function. This vulnerability allows att…	CWE-121 スタックオーバーフロー	CVE-2026-36823	2026-06-10 05:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1185	7.5	HIGH ネットワーク	-	-	Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the wl_radio parameter of the formwrlSSIDset function. This vulnerability allo…	CWE-121 スタックオーバーフロー	CVE-2026-36771	2026-06-10 05:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1186	7.5	HIGH ネットワーク	-	-	Shenzhen Tenda Technology Co., Ltd Tenda US_W3V1.0BR v1.0.0.3 was discovered to contain a stack overflow in the Go parameter of the ask_to_reboot function. This vulnerability allows attackers to caus…	CWE-121 スタックオーバーフロー	CVE-2026-36770	2026-06-10 05:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1187	7.2	HIGH ネットワーク	-	-	A flaw was found in Keycloak. A limited administrator can exploit an improper access control vulnerability in the POST /admin/realms/{realm}/partialImport endpoint. This allows them to bypass Fine-Gr…	CWE-863 不正な認証	CVE-2026-11577	2026-06-10 05:16	2026-06-8	表示	GitHub Exploit DB Packet Storm

1188	9.8	CRITICAL ネットワーク	-	-	Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. …	-	CVE-2026-10045	2026-06-10 05:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1189	6.2	MEDIUM ローカル	-	-	An issue was discovered in Malwarebytes 4.x and 5.x (and Nebula 2020-10-21 and later). A large number of Firefox preference files can cause the parser to ignore other browser configuration files, lea…	CWE-755 例外的な状態における不適切な処理	CVE-2023-43686	2026-06-10 05:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1190	8.2	HIGH ローカル	-	-	The utility functions used by Malwarebytes EDR 1.0.11 on Linux for calculating a cryptographic hash of data bytes truncate the hashed data if it exceeds 4GB. This leads to an integer wrap-around if t…	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2023-29146	2026-06-10 05:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

1191	5.5	MEDIUM ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: AppArmor: Allow apparmor to handle unaligned dfa tables The dfa tables can originate from kernel or userspace and 8-byte alignmen…	NVD-CWE-noinfo	CVE-2026-46254	2026-06-10 05:10	2026-06-4	表示	GitHub Exploit DB Packet Storm

1192	5.5	MEDIUM ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-edma: don't explicitly disable clocks in .remove() The clocks in fsl_edma_engine::muxclk are allocated and enabled…	NVD-CWE-noinfo	CVE-2026-46255	2026-06-10 05:10	2026-06-4	表示	GitHub Exploit DB Packet Storm

1193	5.5	MEDIUM ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: NFS/localio: prevent direct reclaim recursion into NFS via nfs_writepages LOCALIO is an NFS loopback mount optimization that avoi…	CWE-667 不適切なロック	CVE-2026-46256	2026-06-10 05:10	2026-06-4	表示	GitHub Exploit DB Packet Storm

1194	5.5	MEDIUM ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/timer-sp804: Fix an Oops when read_current_timer is called on ARM32 platforms where the SP804 is not registere…	CWE-908 初期化されていないリソースの使用	CVE-2026-46257	2026-06-10 05:10	2026-06-4	表示	GitHub Exploit DB Packet Storm

1195	5.5	MEDIUM ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: gpio: cdev: Avoid NULL dereference in linehandle_create() In linehandle_create(), there is a statement like this: retain_and_nu…	CWE-476 NULL ポインタデリファレンス	CVE-2026-46258	2026-06-10 05:09	2026-06-4	表示	GitHub Exploit DB Packet Storm

1196	7.8	HIGH ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: procfs: fix missing RCU protection when reading real_parent in do_task_stat() When reading /proc/[pid]/stat, do_task_stat() acces…	NVD-CWE-noinfo	CVE-2026-46259	2026-06-10 05:09	2026-06-4	表示	GitHub Exploit DB Packet Storm

1197	7.8	HIGH ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix out-of-bound access in fib6_add_rt2node(). syzbot reported out-of-bound read in fib6_add_rt2node(). [0] When IPv6 rout…	CWE-125 境界外読み取り	CVE-2026-46260	2026-06-10 05:09	2026-06-4	表示	GitHub Exploit DB Packet Storm

1198	5.5	MEDIUM ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcm_fiu_probe() platform_get_resource_byname() can return NULL, which w…	CWE-476 NULL ポインタデリファレンス	CVE-2026-46261	2026-06-10 05:03	2026-06-4	表示	GitHub Exploit DB Packet Storm

1199	5.5	MEDIUM ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl_xcvr: Revert fix missing lock in fsl_xcvr_mode_put() This reverts commit f51424872760 ("ASoC: fsl_xcvr: fix missing loc…	CWE-667 不適切なロック	CVE-2026-46262	2026-06-10 04:59	2026-06-4	表示	GitHub Exploit DB Packet Storm

1200	7.8	HIGH ローカル	linux	linux_kernel	In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bounds stream encoder index v3 eng_id can be negative and that stream_enc_regs[] can be indexed out o…	CWE-125 境界外読み取り	CVE-2026-46263	2026-06-10 04:57	2026-06-4	表示	GitHub Exploit DB Packet Storm