NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年4月23日4:00

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
1201	7.5	HIGH ネットワーク	huawei	harmonyos	UAF vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability.	CWE-362 競合状態	CVE-2026-34856	2026-04-16 13:47	2026-04-13	表示	GitHub Exploit DB Packet Storm

1202	6.5	MEDIUM ネットワーク	huawei	harmonyos	Access control vulnerability in the memo module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.	CWE-284 不適切なアクセス制御	CVE-2026-34860	2026-04-16 13:45	2026-04-13	表示	GitHub Exploit DB Packet Storm

1203	6.4	MEDIUM ネットワーク	-	-	The Vantage theme for WordPress is vulnerable to Stored Cross-Site Scripting via Gallery block text content in versions up to, and including, 1.20.32 due to insufficient output escaping in the galler…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-5070	2026-04-16 13:17	2026-04-16	表示	GitHub Exploit DB Packet Storm

1204	6.1	MEDIUM ネットワーク	-	-	The CodeColorer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter in 'cc' comment shortcode in versions up to, and including, 0.10.1 due to insufficient inpu…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-4032	2026-04-16 13:17	2026-04-16	表示	GitHub Exploit DB Packet Storm

1205	6.4	MEDIUM ネットワーク	-	-	The WP Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdocs_options[icon_size]' parameter in all versions up to, and including, 2.2.9 due to insufficient input sanit…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-3878	2026-04-16 13:17	2026-04-16	表示	GitHub Exploit DB Packet Storm

1206	6.4	MEDIUM ネットワーク	-	-	The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_box' shortcode in all versions up to, and including, 7.4.9 due to…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-3885	2026-04-16 12:16	2026-04-16	表示	GitHub Exploit DB Packet Storm

1207	6.4	MEDIUM ネットワーク	-	-	The WP YouTube Lyte plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lyte' shortcode in all versions up to, and including, 1.7.29 due to insufficient input sanitiza…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-3299	2026-04-16 11:16	2026-04-16	表示	GitHub Exploit DB Packet Storm

1208	6.3	MEDIUM ネットワーク	geosolutionsgroup	geonode	GeoNode versions 4.4.5 and 5.0.2 (and prior within their respective releases) contain a server-side request forgery vulnerability in the service registration endpoint that allows authenticated attack…	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-39922	2026-04-16 10:16	2026-04-11	表示	GitHub Exploit DB Packet Storm

1209	6.3	MEDIUM ネットワーク	geosolutionsgroup	geonode	GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side request forgery vulnerability that allows authenticated users with document upload permissions to trigger arbitrary outbou…	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-39921	2026-04-16 10:16	2026-04-11	表示	GitHub Exploit DB Packet Storm

1210	9.8	CRITICAL ネットワーク	-	-	The Barcode Scanner (+Mobile App) – Inventory manager, Order fulfillment system, POS (Point of Sale) plugin for WordPress is vulnerable to privilege escalation via insecure token-based authentication…	CWE-269 不適切な権限管理	CVE-2026-4880	2026-04-16 09:16	2026-04-16	表示	GitHub Exploit DB Packet Storm

1211	4.3	MEDIUM ネットワーク	-	-	The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Missing Authorization in all versions u…	CWE-862 認証の欠如	CVE-2026-4949	2026-04-16 08:16	2026-04-16	表示	GitHub Exploit DB Packet Storm

1212	-	-	-	-	Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accid…	-	CVE-2026-6398	2026-04-16 06:17	2026-04-16	表示	GitHub Exploit DB Packet Storm

1213	7.1	HIGH ローカル	sleuthkit	the_sleuth_kit	The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk_recover that allows an attacker to write files to arbitrary locations outside the intended recovery directory via crafted …	CWE-22 パス・トラバーサル	CVE-2026-40024	2026-04-16 05:52	2026-04-9	表示	GitHub Exploit DB Packet Storm

1214	6.1	MEDIUM ローカル	sleuthkit	the_sleuth_kit	The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wrapped_key_parser class follows attacker-controlled length fields without bo…	CWE-125 境界外読み取り	CVE-2026-40025	2026-04-16 05:52	2026-04-9	表示	GitHub Exploit DB Packet Storm

1215	6.5	MEDIUM ネットワーク	openclaw	openclaw	OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in Telegram webhook authentication that allows attackers to brute-force weak webhook secrets. The vulnerability enables repeat…	CWE-307 過度な認証試行の不適切な制限	CVE-2026-35628	2026-04-16 05:38	2026-04-10	表示	GitHub Exploit DB Packet Storm

1216	7.1	HIGH ローカル	huawei	harmonyos emui	UAF vulnerability in the kernel module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.	CWE-416 解放済みメモリの使用	CVE-2026-34854	2026-04-16 05:19	2026-04-13	表示	GitHub Exploit DB Packet Storm

1217	5.5	MEDIUM ローカル	huawei	harmonyos	UAF vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability.	CWE-362 競合状態	CVE-2026-34857	2026-04-16 05:16	2026-04-13	表示	GitHub Exploit DB Packet Storm

1218	4.1	MEDIUM ローカル	huawei	harmonyos	UAF vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability.	CWE-362 競合状態	CVE-2026-34858	2026-04-16 05:13	2026-04-13	表示	GitHub Exploit DB Packet Storm

1219	7.1	HIGH ローカル	huawei	harmonyos emui	UAF vulnerability in the kernel module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality.	CWE-416 解放済みメモリの使用	CVE-2026-34859	2026-04-16 05:12	2026-04-13	表示	GitHub Exploit DB Packet Storm

1220	7.4	HIGH ネットワーク	openclaw	openclaw	OpenClaw before 2026.3.25 contains a server-side request forgery vulnerability in multiple channel extensions that fail to properly guard configured base URLs against SSRF attacks. Attackers can expl…	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-35629	2026-04-16 05:09	2026-04-10	表示	GitHub Exploit DB Packet Storm

1221	4.7	MEDIUM ローカル	huawei	harmonyos	Race condition vulnerability in the thermal management module. Impact: Successful exploitation of this vulnerability may affect availability.	CWE-362 競合状態	CVE-2026-34861	2026-04-16 05:09	2026-04-13	表示	GitHub Exploit DB Packet Storm

1222	4.7	MEDIUM ローカル	huawei	harmonyos	Race condition vulnerability in the power consumption statistics module. Impact: Successful exploitation of this vulnerability may affect availability.	CWE-362 競合状態	CVE-2026-34862	2026-04-16 05:04	2026-04-13	表示	GitHub Exploit DB Packet Storm

1223	5.5	MEDIUM ローカル	huawei	harmonyos	Out-of-bounds write vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect availability.	CWE-787 境界外書き込み	CVE-2026-34863	2026-04-16 05:03	2026-04-13	表示	GitHub Exploit DB Packet Storm

1224	5.5	MEDIUM ローカル	huawei	harmonyos	Boundary-unlimited vulnerability in the application read module. Impact: Successful exploitation of this vulnerability may affect availability.	CWE-119 バッファエラー	CVE-2026-34864	2026-04-16 05:01	2026-04-13	表示	GitHub Exploit DB Packet Storm

1225	5.5	MEDIUM ローカル	adobe	bridge	Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Divide By Zero vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to crash the a…	CWE-369 ゼロ除算	CVE-2026-27222	2026-04-16 04:59	2026-04-15	表示	GitHub Exploit DB Packet Storm

1226	7.8	HIGH ローカル	adobe	bridge	Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of…	CWE-122 ヒープオーバーフロー	CVE-2026-27310	2026-04-16 04:59	2026-04-15	表示	GitHub Exploit DB Packet Storm

1227	7.8	HIGH ローカル	adobe	bridge	Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of…	CWE-122 ヒープオーバーフロー	CVE-2026-27311	2026-04-16 04:59	2026-04-15	表示	GitHub Exploit DB Packet Storm

1228	7.8	HIGH ローカル	adobe	bridge	Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of…	CWE-122 ヒープオーバーフロー	CVE-2026-27312	2026-04-16 04:59	2026-04-15	表示	GitHub Exploit DB Packet Storm

1229	7.8	HIGH ローカル	adobe	bridge	Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of…	CWE-122 ヒープオーバーフロー	CVE-2026-27313	2026-04-16 04:59	2026-04-15	表示	GitHub Exploit DB Packet Storm

1230	7.5	HIGH ネットワーク	openclaw	openclaw	OpenClaw before 2026.3.25 parses JSON request bodies before validating webhook signatures, allowing unauthenticated attackers to force resource-intensive parsing operations. Remote attackers can send…	CWE-696 不適切な動作順序	CVE-2026-35640	2026-04-16 04:52	2026-04-10	表示	GitHub Exploit DB Packet Storm

1231	5.5	MEDIUM ローカル	adobe	dng_software_development_kit	DNG SDK versions 1.7.1 2502 and earlier are affected by an out-of-bounds write vulnerability that could lead to application denial-of-service. An attacker could leverage this vulnerability to corrupt…	CWE-787 境界外書き込み	CVE-2026-27258	2026-04-16 04:46	2026-04-15	表示	GitHub Exploit DB Packet Storm

1232	5.4	MEDIUM ネットワーク	adobe	experience_manager experience_manager_screens	Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environ…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-27288	2026-04-16 04:46	2026-04-15	表示	GitHub Exploit DB Packet Storm

1233	5.4	MEDIUM ネットワーク	adobe	experience_manager experience_manager_screens	Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environ…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-34625	2026-04-16 04:42	2026-04-15	表示	GitHub Exploit DB Packet Storm

1234	5.4	MEDIUM ネットワーク	adobe	experience_manager experience_manager_screens	Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environ…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-34624	2026-04-16 04:42	2026-04-15	表示	GitHub Exploit DB Packet Storm

1235	5.4	MEDIUM ネットワーク	adobe	experience_manager experience_manager_screens	Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environ…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-34623	2026-04-16 04:41	2026-04-15	表示	GitHub Exploit DB Packet Storm

1236	4.3	MEDIUM ネットワーク	openclaw	openclaw	OpenClaw before 2026.3.25 contains an authorization bypass vulnerability where group reaction events bypass the requireMention access control mechanism. Attackers can trigger reactions in mention-gat…	CWE-288 代替パスまたはチャネルを使用した認証回避	CVE-2026-35642	2026-04-16 04:39	2026-04-10	表示	GitHub Exploit DB Packet Storm

1237	7.8	HIGH ローカル	adobe	photoshop	Photoshop Desktop versions 27.4 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure…	CWE-125 境界外読み取り	CVE-2026-27289	2026-04-16 04:34	2026-04-15	表示	GitHub Exploit DB Packet Storm

1238	7.8	HIGH ローカル	adobe	illustrator	Illustrator versions 30.2, 29.8.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of th…	CWE-787 境界外書き込み	CVE-2026-34618	2026-04-16 04:34	2026-04-15	表示	GitHub Exploit DB Packet Storm

1239	7.8	HIGH ローカル	adobe	incopy	InCopy versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. A…	CWE-125 境界外読み取り	CVE-2026-27287	2026-04-16 04:33	2026-04-15	表示	GitHub Exploit DB Packet Storm

1240	7.8	HIGH ローカル	adobe	incopy	InCopy versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this is…	CWE-787 境界外書き込み	CVE-2026-34631	2026-04-16 04:33	2026-04-15	表示	GitHub Exploit DB Packet Storm

1241	7.5	HIGH ネットワーク	orthanc-server	orthanc	A memory exhaustion vulnerability exists in ZIP archive processing. Orthanc automatically extracts ZIP archives uploaded to certain endpoints and trusts metadata fields describing the uncompressed si…	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2026-5439	2026-04-16 04:32	2026-04-10	表示	GitHub Exploit DB Packet Storm

1242	7.5	HIGH ネットワーク	orthanc-server	orthanc	A gzip decompression bomb vulnerability exists when Orthanc processes HTTP request with `Content-Encoding: gzip`. The server does not enforce limits on decompressed size and allocates memory based on…	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2026-5438	2026-04-16 04:31	2026-04-10	表示	GitHub Exploit DB Packet Storm

1243	6.5	MEDIUM ネットワーク	minio	minio	MinIO is a high-performance object storage system. From RELEASE.2018-08-18T03-49-57Z to before RELEASE.2025-12-20T04-58-37Z, MinIO's S3 Select feature is vulnerable to memory exhaustion when processi…	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2026-39414	2026-04-16 04:30	2026-04-9	表示	GitHub Exploit DB Packet Storm

1244	8.8	HIGH ネットワーク	openclaw	openclaw	OpenClaw before 2026.3.25 contains a privilege escalation vulnerability in the gateway plugin subagent fallback deleteSession function that uses a synthetic operator.admin runtime scope. Attackers ca…	CWE-648 CWE-863 特権 API の不適切な使用不正な認証	CVE-2026-35645	2026-04-16 04:25	2026-04-10	表示	GitHub Exploit DB Packet Storm

1245	6.1	MEDIUM ネットワーク	circl	ail_framework	AIL framework is an open-source platform to collect, crawl, process and analyse unstructured data. Prior to 6.8, a stored cross-site scripting (XSS) vulnerability was identified in the modal item pre…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-39416	2026-04-16 04:20	2026-04-9	表示	GitHub Exploit DB Packet Storm

1246	9.1	CRITICAL ネットワーク	kcp	kcp	kcp is a Kubernetes-like control plane for form-factors and use-cases beyond Kubernetes and container workloads. Prior to 0.30.3 and 0.29.3, the cache server is directly exposed by the root shard and…	CWE-302 CWE-862 認証回避の脆弱性認証の欠如	CVE-2026-39429	2026-04-16 04:15	2026-04-9	表示	GitHub Exploit DB Packet Storm

1247	7.5	HIGH ネットワーク	orthanc-server	orthanc	An out-of-bounds read vulnerability exists in `DicomStreamReader` during DICOM meta-header parsing. When processing malformed metadata structures, the parser may read beyond the bounds of the allocat…	CWE-125 境界外読み取り	CVE-2026-5437	2026-04-16 04:14	2026-04-10	表示	GitHub Exploit DB Packet Storm

1248	7.5	HIGH ネットワーク	zauberzeug	nicegui	NiceGUI is a Python-based UI framework. Prior to 3.10.0, Since PurePosixPath only recognizes forward slashes (/) as path separators, an attacker can bypass this sanitization on Windows by using backs…	CWE-22 パス・トラバーサル	CVE-2026-39844	2026-04-16 04:08	2026-04-9	表示	GitHub Exploit DB Packet Storm

1249	7.1	HIGH ネットワーク	bugsink	bugsink	Bugsink is a self-hosted error tracking tool. In 2.1.0, an authenticated file write vulnerability was identified in Bugsink 2.1.0 in the artifact bundle assembly flow. A user with a valid authenticat…	CWE-20 不適切な入力確認	CVE-2026-40162	2026-04-16 04:05	2026-04-11	表示	GitHub Exploit DB Packet Storm

1250	7.5	HIGH ネットワーク	agentfront frontmcp	\@frontmcp\/adapters \@frontmcp\/sdk frontmcp mcp-from-openapi	FrontMCP is a TypeScript-first framework for the Model Context Protocol (MCP). Prior to 2.3.0, the mcp-from-openapi library uses @apidevtools/json-schema-ref-parser to dereference $ref pointers in Op…	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-39885	2026-04-16 04:04	2026-04-9	表示	GitHub Exploit DB Packet Storm