NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月14日4:12

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
1551	5.3	MEDIUM ネットワーク	google	chrome	Integer overflow in libyuv in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory …	CWE-472 不変と仮定される Web パラメータの外部制御	CVE-2026-11678	2026-06-9 23:52	2026-06-9	表示	GitHub Exploit DB Packet Storm

1552	8.3	HIGH ネットワーク	google	chrome	Race in Network in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the network process to potentially perform a sandbox escape via a crafted HTML page. (Chr…	CWE-362 競合状態	CVE-2026-11677	2026-06-9 23:52	2026-06-9	表示	GitHub Exploit DB Packet Storm

1553	3.1	LOW ネットワーク	google	chrome	Out of bounds read in Skia in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium sec…	CWE-20 不適切な入力確認	CVE-2026-11675	2026-06-9 23:52	2026-06-9	表示	GitHub Exploit DB Packet Storm

1554	8.8	HIGH ネットワーク	google	chrome	Use after free in Ozone in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)	CWE-416 解放済みメモリの使用	CVE-2026-11629	2026-06-9 23:52	2026-06-9	表示	GitHub Exploit DB Packet Storm

1555	7.5	HIGH ネットワーク	google	chrome	Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HT…	CWE-416 解放済みメモリの使用	CVE-2026-11694	2026-06-9 23:52	2026-06-9	表示	GitHub Exploit DB Packet Storm

1556	8.8	HIGH ネットワーク	google	chrome	Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity:…	CWE-94 コード・インジェクション	CVE-2026-11688	2026-06-9 23:52	2026-06-9	表示	GitHub Exploit DB Packet Storm

1557	8.8	HIGH ネットワーク	google	chrome	Use after free in Dawn in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)	CWE-416 解放済みメモリの使用	CVE-2026-11687	2026-06-9 23:52	2026-06-9	表示	GitHub Exploit DB Packet Storm

1558	3.1	LOW ネットワーク	google	chrome	Insufficient validation of untrusted input in Dawn in Google Chrome on macOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a…	CWE-20 不適切な入力確認	CVE-2026-11686	2026-06-9 23:52	2026-06-9	表示	GitHub Exploit DB Packet Storm

1559	4.3	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in MediaCapture in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: …	CWE-20 不適切な入力確認	CVE-2026-11685	2026-06-9 23:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1560	3.1	LOW ネットワーク	google	chrome	Insufficient policy enforcement in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the utility process to leak cross-origin data via a crafted HTML page…	CWE-693 保護メカニズムの不具合	CVE-2026-11684	2026-06-9 23:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1561	8.3	HIGH ネットワーク	google	chrome	Use after free in Tracing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. …	CWE-416 解放済みメモリの使用	CVE-2026-11700	2026-06-9 23:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1562	8.8	HIGH ネットワーク	google	chrome	Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)	CWE-416 解放済みメモリの使用	CVE-2026-11699	2026-06-9 23:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1563	9.6	CRITICAL ネットワーク	google	chrome	Insufficient validation of untrusted input in UI in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security…	CWE-20 不適切な入力確認	CVE-2026-11697	2026-06-9 23:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1564	5.3	MEDIUM ネットワーク	google	chrome	Uninitialized Use in Video in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from proc…	CWE-457 初期化されていない変数の使用	CVE-2026-11696	2026-06-9 23:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1565	4.3	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)	CWE-693 保護メカニズムの不具合	CVE-2026-11695	2026-06-9 23:50	2026-06-9	表示	GitHub Exploit DB Packet Storm

1566	8.8	HIGH ネットワーク	google	chrome	Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)	CWE-416 解放済みメモリの使用	CVE-2026-11698	2026-06-9 23:50	2026-06-9	表示	GitHub Exploit DB Packet Storm

1567	5.3	MEDIUM ネットワーク	checkmk	checkmk	Incorrect authorization in the User Messages dashboard widget in Checkmk <2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, allowing a…	CWE-863 不正な認証	CVE-2026-7765	2026-06-9 23:49	2026-06-8	表示	GitHub Exploit DB Packet Storm

1568	5.4	MEDIUM ネットワーク	checkmk	checkmk	Improper neutralization of HTML-encoded characters in the URL validation function in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows an authenticated user to bypass URL validati…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-8833	2026-06-9 23:49	2026-06-8	表示	GitHub Exploit DB Packet Storm

1569	-	-	-	-	The Electron preload script in Logseq exposes an API method that allows the renderer process to invoke IPC handlers without proper path validation. An attacker with JavaScript execution in the render…	CWE-749 危険なメソッドや機能の公開	CVE-2026-47899	2026-06-9 23:47	2026-06-9	表示	GitHub Exploit DB Packet Storm

1570	-	-	-	-	Logseq is vulnerable to a stored cross-site scripting (XSS). A malicious plugin can include a JavaScript payload in the "name" field of its "package.json" file, which is rendered using "innerHTML" wi…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-47900	2026-06-9 23:47	2026-06-9	表示	GitHub Exploit DB Packet Storm

1571	-	-	-	-	Logseq is vulnerable to a sandbox escape flaw where plugins running in sandboxed iframes can inject arbitrary HTML attributes, such as event handlers, into their container element in the host DOM. Du…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-47901	2026-06-9 23:47	2026-06-9	表示	GitHub Exploit DB Packet Storm

1572	-	-	-	-	Uncontrolled Resource Consumption vulnerability in the Elixir standard library's Version module allows an attacker who controls a version string to cause a denial of service through CPU and memory ex…	CWE-400 リソースの枯渇	CVE-2026-49762	2026-06-9 23:47	2026-06-9	表示	GitHub Exploit DB Packet Storm

1573	9.8	CRITICAL ネットワーク	-	-	Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Netcad Software Inc. E-İmar allows SQL Injection. This issue affects E-İmar: from 2.10.1.0 befor…	CWE-89 SQLインジェクション	CVE-2026-7486	2026-06-9 23:47	2026-06-9	表示	GitHub Exploit DB Packet Storm

1574	-	-	-	-	Logseq exposes an IPC handler that allows the renderer process to execute shell commands. While an allowlist restricts the command name (e.g. `git`, `pandoc`, `grep`), the argument string is concaten…	CWE-78 OSコマンド・インジェクション	CVE-2026-9279	2026-06-9 23:47	2026-06-9	表示	GitHub Exploit DB Packet Storm

1575	8.8	HIGH ネットワーク	google	chrome	Use after free in File Input in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)	CWE-416 解放済みメモリの使用	CVE-2026-11630	2026-06-9 23:47	2026-06-9	表示	GitHub Exploit DB Packet Storm

1576	8.3	HIGH ネットワーク	google	chrome	Use after free in Aura in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTM…	CWE-416 解放済みメモリの使用	CVE-2026-11631	2026-06-9 23:45	2026-06-9	表示	GitHub Exploit DB Packet Storm

1577	3.3	LOW ネットワーク	-	-	A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the create_masked_entry_string() function in auditlog.c copies a fixed-length password mask into a precis…	CWE-122 ヒープオーバーフロー	CVE-2026-11792	2026-06-9 23:42	2026-06-9	表示	GitHub Exploit DB Packet Storm

1578	4.9	MEDIUM ネットワーク	-	-	A stack buffer overflow flaw was found in 389 Directory Server. The checkPrefix() function in pw.c copies an attacker-controlled algorithm ID into a 256-byte stack buffer without bounds checking when…	CWE-121 スタックオーバーフロー	CVE-2026-11793	2026-06-9 23:42	2026-06-9	表示	GitHub Exploit DB Packet Storm

1579	9.6	CRITICAL ネットワーク	google	chrome	Use after free in WebMIDI in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)	CWE-416 解放済みメモリの使用	CVE-2026-11165	2026-06-9 23:24	2026-06-5	表示	GitHub Exploit DB Packet Storm

1580	9.8	CRITICAL ネットワーク	-	-	A remote, unauthenticated attacker can trigger memory corruption in Zephyr's HTTP server WebSocket upgrade path by sending a crafted Sec-WebSocket-Key header. The HTTP/1 header parser copies the head…	CWE-170 CWE-787 不適切な NULL による終了境界外書き込み	CVE-2026-5067	2026-06-9 23:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

1581	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: media: rockchip: rkcif: fix off by one bugs Change these comparisons from > vs >= to avoid accessing one element beyond the end o…	-	CVE-2026-52907	2026-06-9 23:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

1582	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: 9p: fix access mode flags being ORed instead of replaced Since commit 1f3e4142c0eb ("9p: convert to the new mount API"), v9fs_app…	-	CVE-2026-52906	2026-06-9 23:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

1583	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: disallow non-power of two min_region_sz on damon_start() Commit d8f867fa0825 ("mm/damon: add damon_ctx->min_sz_reg…	-	CVE-2026-52905	2026-06-9 23:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

1584	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix nvkm_device leak on aperture removal failure When aperture_remove_conflicting_pci_devices() fails during probe, …	-	CVE-2026-52904	2026-06-9 23:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

1585	5.3	MEDIUM ネットワーク	-	-	The WPForms WordPress plugin before 1.10.0.5 does not verify the authenticity of incoming PayPal webhook events before processing them, allowing unauthenticated attackers to forge webhook payloads a…	CWE-862 認証の欠如	CVE-2026-4986	2026-06-9 23:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

1586	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: greybus: gb-beagleplay: bound bootloader receive buffering cc1352_bootloader_rx() appends each serdev chunk into the fixed rx_buf…	-	CVE-2026-46332	2026-06-9 23:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

1587	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: Revert "net/smc: Introduce TCP ULP support" This reverts commit d7cd421da9da2cc7b4d25b8537f66db5c8331c40. As reported by Al Viro…	-	CVE-2026-46330	2026-06-9 23:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

1588	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: erofs: handle end of filesystem properly for file-backed mounts I/O requests beyond the end of the filesystem should be zeroed ou…	-	CVE-2026-46329	2026-06-9 23:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

1589	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: apparmor: fix rlimit for posix cpu timers Posix cpu timers requires an additional step beyond setting the rlimit. Refactor the co…	-	CVE-2026-46328	2026-06-9 23:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

1590	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: dm: fix unlocked test for dm_suspended_md The function dm_blk_report_zones tests if the device is suspended with the "dm_suspende…	-	CVE-2026-46327	2026-06-9 23:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

1591	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: iio: pressure: mprls0025pa: fix spi_transfer struct initialisation Make sure that the spi_transfer struct is zeroed out before us…	-	CVE-2026-46326	2026-06-9 23:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

1592	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix iova-to-va conversion for MR page sizes != PAGE_SIZE The current implementation incorrectly handles memory regions …	-	CVE-2026-46325	2026-06-9 23:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

1593	6.1	MEDIUM ネットワーク	-	-	Multiple reflected Cross-Site Scripting (XSS) vulnerabilities in damasac thaipalliative_lte through version 3.0 allow remote attackers to inject arbitrary web script or HTML via the idFormMain parame…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-38579	2026-06-9 23:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

1594	-	-	-	-	A vulnerability in the quarantine and restore workflow of the X-VPN macOS website versions 77.0 through 77.5 allow a local attacker to leverage a race condition and symlink manipulation to achieve pr…	CWE-367 Time-of-check Time-of-use (TOCTOU) 競合状態	CVE-2026-2638	2026-06-9 23:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

1595	8.3	HIGH ネットワーク	-	-	Integer overflow in libyuv in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.…	CWE-472 不変と仮定される Web パラメータの外部制御	CVE-2026-11640	2026-06-9 23:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

1596	8.8	HIGH ネットワーク	-	-	Versions of the package degit before 2.8.6, from 3.0.0 and before 3.3.1 are vulnerable to Command Injection due to improper sanitisation of user input for git shell commands directly invoked with exe…	CWE-78 CWE-77 OSコマンド・インジェクションコマンドインジェクション	CVE-2026-11572	2026-06-9 23:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

1597	6.5	MEDIUM ネットワーク	google	chrome	Insufficient policy enforcement in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)	CWE-693 保護メカニズムの不具合	CVE-2026-11288	2026-06-9 22:59	2026-06-5	表示	GitHub Exploit DB Packet Storm

1598	6.5	MEDIUM ネットワーク	google	chrome	Side-channel information leakage in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)	CWE-1300 CWE-203 物理サイドチャネルの不適切な保護セキュリティ関連の処理に対するレスポンスの違いに起因する情報漏えい	CVE-2026-11289	2026-06-9 22:58	2026-06-5	表示	GitHub Exploit DB Packet Storm

1599	7.5	HIGH ネットワーク	-	-	Shenzhen Tenda Technology Co., Ltd Tenda AC1206 v15.03.06.23 was discovered to contain multiple stack overflows in the fromGstDhcpSetSer function via the username and password parameters. These vulne…	CWE-121 スタックオーバーフロー	CVE-2026-36789	2026-06-9 22:57	2026-06-9	表示	GitHub Exploit DB Packet Storm

1600	6.5	MEDIUM ネットワーク	-	-	OfflineIMAP before 8.0.3 trusts the server with their STARTTLS capability prior to authentication, which allows STRIPTLS/man-in-the-middle attacks, taking over the connection and extracting account c…	CWE-348 信頼性の低い送信元の使用	CVE-2020-37248	2026-06-9 22:57	2026-06-9	表示	GitHub Exploit DB Packet Storm