NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年4月23日4:00

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
1301	9.3	CRITICAL ネットワーク	-	-	Adobe Connect versions 2025.3, 12.10 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to exec…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-27246	2026-04-16 01:14	2026-04-15	表示	GitHub Exploit DB Packet Storm

1302	9.6	CRITICAL ネットワーク	-	-	Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Ex…	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2026-27303	2026-04-16 01:14	2026-04-15	表示	GitHub Exploit DB Packet Storm

1303	6.1	MEDIUM ネットワーク	-	-	Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnera…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-34614	2026-04-16 01:14	2026-04-15	表示	GitHub Exploit DB Packet Storm

1304	9.3	CRITICAL ネットワーク	-	-	Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Ex…	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2026-34615	2026-04-16 01:14	2026-04-15	表示	GitHub Exploit DB Packet Storm

1305	8.7	HIGH ネットワーク	-	-	Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could result in privilege escalation. A low-privileged attacker could exploit this vul…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-34617	2026-04-16 01:14	2026-04-15	表示	GitHub Exploit DB Packet Storm

1306	9.8	CRITICAL ネットワーク	cryptography.io	cryptography	cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Pyth…	CWE-119 バッファエラー	CVE-2026-39892	2026-04-16 01:12	2026-04-9	表示	GitHub Exploit DB Packet Storm

1307	8.4	HIGH ローカル	nixos	nix	Nix is a package manager for Linux and other Unix systems. A bug in the fix for CVE-2024-27297 allowed for arbitrary overwrites of files writable by the Nix process orchestrating the builds (typicall…	CWE-61 UNIX Symbolic Link のフォロー	CVE-2026-39860	2026-04-16 01:12	2026-04-9	表示	GitHub Exploit DB Packet Storm

1308	4.9	MEDIUM ネットワーク	kamailio	kamailio	Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.0.5 and 5.8.7, an out-of-bounds read in the auth module of Kamailio (formerly OpenSER and SER) allows remote attackers …	CWE-125 境界外読み取り	CVE-2026-39864	2026-04-16 01:06	2026-04-9	表示	GitHub Exploit DB Packet Storm

1309	6.5	MEDIUM ネットワーク	openclaw	openclaw	OpenClaw before 2026.3.22 contains an information disclosure vulnerability that allows attackers with operator.read scope to expose credentials embedded in channel baseUrl and httpUrl fields. Attacke…	CWE-312 重要な情報の平文保存	CVE-2026-35644	2026-04-16 01:03	2026-04-10	表示	GitHub Exploit DB Packet Storm

1310	7.5	HIGH ネットワーク	kamailio	kamailio	Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.1.1, 6.0.6, and 5.8.8, an out-of-bounds access in the core of Kamailio (formerly OpenSER and SER) allows remote attacke…	CWE-119 バッファエラー	CVE-2026-39863	2026-04-16 00:58	2026-04-9	表示	GitHub Exploit DB Packet Storm

1311	8.8	HIGH ネットワーク	apache	storm	Deserialization of Untrusted Data vulnerability in Apache Storm. Versions Affected: before 2.8.6. Description: When processing topology credentials submitted via the Nimbus Thrift API, Storm deser…	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2026-35337	2026-04-16 00:54	2026-04-13	表示	GitHub Exploit DB Packet Storm

1312	5.4	MEDIUM ネットワーク	apache	storm	Stored Cross-Site Scripting (XSS) via Unsanitized Topology Metadata in Apache Storm UI Versions Affected: before 2.8.6 Description: The Storm UI visualization component interpolates topology meta…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-35565	2026-04-16 00:53	2026-04-13	表示	GitHub Exploit DB Packet Storm

1313	4.3	MEDIUM ネットワーク	apache	openmeetings	Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings. Any registered user can query web service with their credentials and get files/sub-folders of any folder by ID (met…	CWE-274 不十分な特権の不適切な処理	CVE-2026-33005	2026-04-16 00:27	2026-04-10	表示	GitHub Exploit DB Packet Storm

1314	7.5	HIGH ネットワーク	apache	openmeetings	Use of Hard-coded Cryptographic Key vulnerability in Apache OpenMeetings. The remember-me cookie encryption key is set to default value in openmeetings.properties and not being auto-rotated. In case…	CWE-321 ハードコードされた暗号鍵の使用	CVE-2026-33266	2026-04-16 00:21	2026-04-10	表示	GitHub Exploit DB Packet Storm

1315	7.5	HIGH ネットワーク	apache	openmeetings	Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The REST login endpoint uses HTTP GET method with username and password passed as query parameters. Pleas…	CWE-598 GET リクエストにおけるクエリ文字列からの情報漏えい	CVE-2026-34020	2026-04-16 00:21	2026-04-10	表示	GitHub Exploit DB Packet Storm

1316	6.5	MEDIUM ネットワーク	-	-	The YML for Yandex Market WordPress plugin before 5.0.26 is vulnerable to Remote Code Execution via the feed generation process.	-	CVE-2025-14545	2026-04-16 00:05	2026-04-10	表示	GitHub Exploit DB Packet Storm

1317	6.5	MEDIUM ネットワーク	-	-	The YITH WooCommerce Wishlist WordPress plugin before 4.13.0 does not properly validate wishlist ownership in the save_title() AJAX handler before allowing wishlist renaming operations. The function …	-	CVE-2026-4432	2026-04-16 00:05	2026-04-10	表示	GitHub Exploit DB Packet Storm

1318	6.8	MEDIUM ネットワーク	-	-	The Form Maker by 10Web WordPress plugin before 1.15.38 does not properly prepare SQL queries when the "MySQL Mapping" feature is in use, which could make SQL Injection attacks possible in certain c…	CWE-89 SQLインジェクション	CVE-2025-15441	2026-04-16 00:05	2026-04-13	表示	GitHub Exploit DB Packet Storm

1319	8.6	HIGH ネットワーク	-	-	The Product Filter for WooCommerce by WBW WordPress plugin before 3.1.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing unauthenticated users to perform SQL inje…	CWE-89 SQLインジェクション	CVE-2026-3830	2026-04-16 00:05	2026-04-13	表示	GitHub Exploit DB Packet Storm

1320	9.1	CRITICAL ネットワーク	-	-	V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication tokens in HTTP response bodies of the loginWithMailLink endpoint when the login_with_mail_link_enable feature is active. Una…	CWE-201 送信データへの重要な情報の挿入	CVE-2026-39912	2026-04-16 00:00	2026-04-10	表示	GitHub Exploit DB Packet Storm

1321	6.1	MEDIUM ネットワーク	-	-	WordPress adivaha Travel Plugin 2.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the isMobile parameter. A…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2023-54358	2026-04-16 00:00	2026-04-10	表示	GitHub Exploit DB Packet Storm

1322	8.2	HIGH ネットワーク	-	-	WordPress adivaha Travel Plugin 2.3 contains a time-based blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'pid…	CWE-89 SQLインジェクション	CVE-2023-54359	2026-04-16 00:00	2026-04-10	表示	GitHub Exploit DB Packet Storm

1323	6.1	MEDIUM ネットワーク	-	-	Joomla JLex Review 6.0.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the review_id URL parameter. Attackers can craft mal…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2023-54360	2026-04-16 00:00	2026-04-10	表示	GitHub Exploit DB Packet Storm

1324	6.1	MEDIUM ネットワーク	-	-	Joomla iProperty Real Estate 4.1.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the filter_keyword parameter. Attackers ca…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2023-54361	2026-04-16 00:00	2026-04-10	表示	GitHub Exploit DB Packet Storm

1325	6.1	MEDIUM ネットワーク	-	-	Joomla VirtueMart Shopping-Cart 4.0.12 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can c…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2023-54362	2026-04-16 00:00	2026-04-10	表示	GitHub Exploit DB Packet Storm

1326	6.1	MEDIUM ネットワーク	-	-	Joomla Solidres 2.13.3 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating multiple GET parameters including show…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2023-54363	2026-04-16 00:00	2026-04-10	表示	GitHub Exploit DB Packet Storm

1327	6.1	MEDIUM ネットワーク	-	-	Joomla HikaShop 4.7.4 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating GET parameters in the product filter en…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2023-54364	2026-04-16 00:00	2026-04-10	表示	GitHub Exploit DB Packet Storm

1328	9.8	CRITICAL ネットワーク	-	-	Smart Slider 3 Pro version 3.5.1.35 for WordPress and Joomla contains a multi-stage remote access toolkit injected through a compromised update system that allows unauthenticated attackers to execute…	CWE-506 埋め込まれた悪意のあるコード	CVE-2026-34424	2026-04-16 00:00	2026-04-10	表示	GitHub Exploit DB Packet Storm

1329	7.1	HIGH ネットワーク	-	-	Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileF…	CWE-89 SQLインジェクション	CVE-2018-25257	2026-04-16 00:00	2026-04-12	表示	GitHub Exploit DB Packet Storm

1330	8.4	HIGH ローカル	-	-	RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers c…	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2018-25258	2026-04-16 00:00	2026-04-12	表示	GitHub Exploit DB Packet Storm

1331	8.4	HIGH ローカル	-	-	Faleemi Desktop Software 1.8 contains a local buffer overflow vulnerability in the System Setup dialog that allows attackers to bypass DEP protections through structured exception handling exploitati…	CWE-787 境界外書き込み	CVE-2019-25691	2026-04-16 00:00	2026-04-12	表示	GitHub Exploit DB Packet Storm

1332	8.4	HIGH ローカル	-	-	R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting malicious input into the GUI Preferences language field. Attackers can craft a payl…	CWE-787 境界外書き込み	CVE-2019-25695	2026-04-16 00:00	2026-04-12	表示	GitHub Exploit DB Packet Storm

1333	5.0	MEDIUM ローカル	bytecodealliance	wasmtime	Wasmtime is a runtime for WebAssembly. In 43.0.0, cloning a wasmtime::Linker is unsound and can result in use-after-free bugs. This bug is not controllable by guest Wasm programs. It can only be trig…	CWE-416 解放済みメモリの使用	CVE-2026-34983	2026-04-15 23:49	2026-04-10	表示	GitHub Exploit DB Packet Storm

1334	7.8	HIGH ローカル	bytecodealliance	wasmtime	Wasmtime is a runtime for WebAssembly. From 32.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Cranelift compilation backend contains a bug on aarch64 when performing a certain shape of heap acc…	CWE-125 CWE-787 境界外読み取り境界外書き込み	CVE-2026-34971	2026-04-15 23:10	2026-04-10	表示	GitHub Exploit DB Packet Storm

1335	9.9	CRITICAL ネットワーク	bytecodealliance	wasmtime	Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime with its Winch (baseline) non-default compiler backend may allow properly constructed guest Wasm to a…	CWE-125 CWE-787 境界外読み取り境界外書き込み	CVE-2026-34987	2026-04-15 22:41	2026-04-10	表示	GitHub Exploit DB Packet Storm

1336	6.3	MEDIUM ネットワーク	bytecodealliance	wasmtime	Wasmtime is a runtime for WebAssembly. From 28.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of its pooling allocator contains a bug where in certain configurations the contents…	CWE-119 バッファエラー	CVE-2026-34988	2026-04-15 22:14	2026-04-10	表示	GitHub Exploit DB Packet Storm

1337	7.5	HIGH ネットワーク	bytecodealliance	wasmtime	Wasmtime is a runtime for WebAssembly. From 25.0.0 to before 36.0.7, 42.0.2, and 43.0.1, Wasmtime's Winch compiler backend contains a bug where translating the table.grow operator causes the result t…	CWE-789 過剰なサイズ値のメモリ割り当て	CVE-2026-35186	2026-04-15 22:04	2026-04-10	表示	GitHub Exploit DB Packet Storm

1338	5.4	MEDIUM ネットワーク	bytecodealliance	wasmtime	Wasmtime is a runtime for WebAssembly. Prior to 24.0.7, 36.0.7, 42.0.2, and 43.0.1, Wasmtime's implementation of transcoding strings between components contains a bug where the return value of a gues…	CWE-787 境界外書き込み	CVE-2026-35195	2026-04-15 22:00	2026-04-10	表示	GitHub Exploit DB Packet Storm

1339	9.8	CRITICAL ネットワーク	sonos	era_300_firmware	Sonos Era 300 SMB Response Out-Of-Bounds Access Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sonos Era 300. A…	CWE-119 バッファエラー	CVE-2026-4149	2026-04-15 21:26	2026-04-11	表示	GitHub Exploit DB Packet Storm

1340	6.8	MEDIUM 物理	samsung	android	Improper check for exceptional conditions in Recents prior to SMR Apr-2026 Release 1 allows physical attacker to bypass App Pinning.	CWE-754 例外的な状態における不適切なチェック	CVE-2026-21009	2026-04-15 21:23	2026-04-13	表示	GitHub Exploit DB Packet Storm

1341	6.1	MEDIUM ネットワーク	-	-	The Product Pricing Table by WooBeWoo plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validatio…	CWE-352 同一生成元ポリシー違反	CVE-2026-1852	2026-04-15 21:16	2026-04-15	表示	GitHub Exploit DB Packet Storm

1342	-	-	-	-	Missing Authorization vulnerability in ThemeGrill ThemeGrill Demo Importer themegrill-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ThemeGri…	CWE-862 認証の欠如	CVE-2026-40730	2026-04-15 20:16	2026-04-15	表示	GitHub Exploit DB Packet Storm

1343	6.4	MEDIUM ネットワーク	-	-	The VI: Include Post By plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class_container' attribute of the 'include-post-by-cat' shortcode in all versions up to, and includi…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-5717	2026-04-15 18:16	2026-04-15	表示	GitHub Exploit DB Packet Storm

1344	7.2	HIGH ネットワーク	-	-	The Quick Interest Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'loan-amount' and 'loan-period' parameters in all versions up to, and including, 3.1.5 due to insuf…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-5694	2026-04-15 18:16	2026-04-15	表示	GitHub Exploit DB Packet Storm

1345	8.8	HIGH ネットワーク	-	-	The Login as User plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the handle_return_to_admin() function trusting a client-contro…	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-5617	2026-04-15 18:16	2026-04-15	表示	GitHub Exploit DB Packet Storm

1346	6.1	MEDIUM ネットワーク	-	-	The OPEN-BRAIN plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.0. This is due to missing nonce verification on the settings form in the func…	CWE-352 同一生成元ポリシー違反	CVE-2026-4091	2026-04-15 18:16	2026-04-15	表示	GitHub Exploit DB Packet Storm

1347	6.4	MEDIUM ネットワーク	-	-	The Power Charts Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter of the [pc] shortcode in all versions up to, and including, 0.1.0. This is due to insuff…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-4011	2026-04-15 18:16	2026-04-15	表示	GitHub Exploit DB Packet Storm

1348	6.4	MEDIUM ネットワーク	-	-	The Coachific Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'userhash' shortcode attribute in all versions up to and including 1.0. This is due to insufficient i…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-4005	2026-04-15 18:16	2026-04-15	表示	GitHub Exploit DB Packet Storm

1349	4.3	MEDIUM ネットワーク	-	-	The Petje.af plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 2.1.8. This is due to missing nonce validation in the ajax_revoke_token() function wh…	CWE-352 同一生成元ポリシー違反	CVE-2026-4002	2026-04-15 18:16	2026-04-15	表示	GitHub Exploit DB Packet Storm

1350	6.4	MEDIUM ネットワーク	-	-	The WM JqMath plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style' shortcode attribute of the [jqmath] shortcode in all versions up to and including 1.3. This is due to i…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-3998	2026-04-15 18:16	2026-04-15	表示	GitHub Exploit DB Packet Storm