NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月14日4:12

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
1601	7.5	HIGH ネットワーク	-	-	Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory. By creating resources of certain types and presenting a set of parameters t…	CWE-122 ヒープオーバーフロー	CVE-2026-22164	2026-06-9 22:57	2026-06-9	表示	GitHub Exploit DB Packet Storm

1602	7.1	HIGH ローカル	-	-	Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of a mapping state maintained for a sparse memory allocation. The product accidenta…	CWE-468	CVE-2026-34194	2026-06-9 22:57	2026-06-9	表示	GitHub Exploit DB Packet Storm

1603	7.5	HIGH ネットワーク	-	-	Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the list1 parameter of the fromDhcpListClient function. This vulnerability allows attackers to ca…	CWE-121 スタックオーバーフロー	CVE-2026-36786	2026-06-9 22:57	2026-06-9	表示	GitHub Exploit DB Packet Storm

1604	8.8	HIGH ネットワーク	-	-	Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user account has been physically del…	CWE-285 CWE-613 不適切な認可不適切なセッション期限	CVE-2026-46656	2026-06-9 22:57	2026-06-9	表示	GitHub Exploit DB Packet Storm

1605	7.1	HIGH ネットワーク	-	-	Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via persistent authentication tok…	CWE-212 CWE-613 保存または転送前の重要な情報の不適切な削除不適切なセッション期限	CVE-2026-46657	2026-06-9 22:57	2026-06-9	表示	GitHub Exploit DB Packet Storm

1606	8.7	HIGH ネットワーク	-	-	A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 (Build 63255) allows an authenticated remote attacker with low privileges to inject malicious JavaScrip…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-41031	2026-06-9 22:57	2026-06-9	表示	GitHub Exploit DB Packet Storm

1607	-	-	-	-	When creating an export of all reusable media, the secrets of connected gift cards were included in the export even if the user creating the export does not have permission to view gift cards. This…	CWE-280 権限管理不備	CVE-2026-11764	2026-06-9 22:57	2026-06-9	表示	GitHub Exploit DB Packet Storm

1608	4.3	MEDIUM ネットワーク	google	chrome	Insufficient policy enforcement in Blink in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)	CWE-693 保護メカニズムの不具合	CVE-2026-11292	2026-06-9 22:54	2026-06-5	表示	GitHub Exploit DB Packet Storm

1609	9.6	CRITICAL ネットワーク	google	chrome	Use after free in Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)	CWE-416 解放済みメモリの使用	CVE-2026-11293	2026-06-9 22:53	2026-06-5	表示	GitHub Exploit DB Packet Storm

1610	7.6	HIGH 隣接	-	-	A remote, unauthenticated BLE peer can trigger a 2-byte out-of-bounds write in the Bluetooth host during L2CAP LE CoC SDU reassembly. When the application enables segmentation (via chan_ops.alloc_buf…	CWE-787 境界外書き込み	CVE-2026-5068	2026-06-9 22:53	2026-06-9	表示	GitHub Exploit DB Packet Storm

1611	6.0	MEDIUM ローカル	-	-	Dell iDRAC Tools, versions prior to 11.4.1.0, contains an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially e…	CWE-59 リンク解釈の問題	CVE-2026-28262	2026-06-9 22:53	2026-06-9	表示	GitHub Exploit DB Packet Storm

1612	4.8	MEDIUM ネットワーク	-	-	QloApps through 1.7.0 contains a stored cross-site scripting vulnerability in the admin file manager that allows authenticated administrators to inject malicious JavaScript by uploading crafted SVG f…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-25558	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1613	9.8	CRITICAL ネットワーク	-	-	OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attackers to gain admin access by supplying an e…	CWE-305 根本の脆弱性による認証回避	CVE-2026-25555	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1614	8.8	HIGH ネットワーク	-	-	OpenBullet2 through version 0.3.2 contains a path traversal vulnerability in the wordlist endpoint that allows authenticated attackers to perform arbitrary file read, write, and delete operations by …	CWE-22 パス・トラバーサル	CVE-2026-25559	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1615	8.8	HIGH ネットワーク	-	-	OpenBullet2 through version 0.3.2 contains a remote code execution vulnerability that allows authenticated users to execute arbitrary commands by uploading script files (.bat.ps1.sh) through the File…	CWE-78 OSコマンド・インジェクション	CVE-2026-25855	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1616	8.8	HIGH ネットワーク	-	-	OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C# code on the server host by creating or modifyin…	CWE-94 コード・インジェクション	CVE-2026-25856	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1617	6.5	MEDIUM ネットワーク	-	-	OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the NTLMv2 hash of the process user by configuring a job proxy sour…	CWE-522 認証情報の不十分な保護	CVE-2026-39908	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1618	9.8	CRITICAL ネットワーク	-	-	STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary…	CWE-862 認証の欠如	CVE-2026-39910	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1619	9.4	CRITICAL ネットワーク	-	-	AdGuard Home, when started with the --glinet flag, contains an authentication bypass vulnerability that allows unauthenticated attackers to gain full admin access by supplying a path traversal sequen…	CWE-22 パス・トラバーサル	CVE-2026-41448	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1620	-	-	-	-	A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutralization of user-controlled input within the web management interface. An authe…	CWE-78 OSコマンド・インジェクション	CVE-2026-8913	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1621	7.5	HIGH ネットワーク	-	-	Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5db5ed, contain an authenticated remote code execution vulnerability via OS command injection in the setupCertbotPlugins() functio…	CWE-78 OSコマンド・インジェクション	CVE-2026-40519	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1622	7.1	HIGH ネットワーク	-	-	WACRM prior to commit 73041bf contain an authorization bypass vulnerability in the automation engine that allows authenticated attackers to access and modify contacts belonging to other tenants by su…	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-49141	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1623	3.5	LOW ネットワーク	-	-	The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfiltered_html capability across all paths that write to its block template code fields, allowing administrato…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-8981	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1624	-	-	-	-	SQL injection in the ‘two_steps_auth_code’ parameter processed by the ‘twoStepsAuthVerification’ function within the ‘/user-login’ endpoint. The two-factor authentication (2FA) functionality can be a…	CWE-89 SQLインジェクション	CVE-2026-10731	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1625	8.2	HIGH ネットワーク	-	-	Simply Poll 1.4.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the 'pollid' POST pa…	CWE-89 SQLインジェクション	CVE-2016-20062	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1626	7.1	HIGH ネットワーク	-	-	Single Personal Message 1.0.3 contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries by injecting malicious code through the message parameter. Attac…	CWE-89 SQLインジェクション	CVE-2016-20063	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1627	6.2	MEDIUM ローカル	-	-	WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Attacke…	CWE-98 PHP リモートファイルインクルージョン	CVE-2016-20064	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1628	8.2	HIGH ネットワーク	-	-	Product Catalog 8 1.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the selec…	CWE-89 SQLインジェクション	CVE-2016-20065	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1629	8.2	HIGH ネットワーク	-	-	WordPress Car Park Booking Plugin version 13 October 17 contains a time-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code th…	CWE-89 SQLインジェクション	CVE-2017-20243	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1630	8.2	HIGH ネットワーク	-	-	Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to read arbitrary database information by exploiting an unescaped POST parameter. …	CWE-89 SQLインジェクション	CVE-2017-20244	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1631	8.2	HIGH ネットワーク	-	-	Wow Viral Signups 2.1 WordPress plugin contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by exploiting the unescaped 'idsignup' POST parame…	CWE-89 SQLインジェクション	CVE-2017-20245	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1632	8.2	HIGH ネットワーク	-	-	KittyCatfish 2.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to read database contents by exploiting an unescaped GET parameter. Attackers can i…	CWE-89 SQLインジェクション	CVE-2017-20246	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1633	8.2	HIGH ネットワーク	-	-	WordPress Plugin PICA Photo Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid para…	CWE-89 SQLインジェクション	CVE-2017-20247	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1634	7.5	HIGH ネットワーク	-	-	Apptha Slider Gallery 1.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the imgname parameter. Attackers can send requests …	CWE-22 パス・トラバーサル	CVE-2017-20248	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1635	8.2	HIGH ネットワーク	-	-	Apptha Slider Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the albid parameter. Attac…	CWE-89 SQLインジェクション	CVE-2017-20249	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1636	7.5	HIGH ネットワーク	-	-	Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the albid parameter. Attackers can send requests to mac…	CWE-22 パス・トラバーサル	CVE-2017-20250	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1637	9.8	CRITICAL ネットワーク	-	-	WordPress Insert PHP plugin versions before 3.3.1 contain a PHP code injection vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious shortcodes thro…	CWE-94 コード・インジェクション	CVE-2017-20251	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1638	7.8	HIGH ローカル	-	-	A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in client_info.json inside a collection ZIP is inse…	CWE-74 CWE-94 CWE-116 インジェクションコード・インジェクション不適切なエンコード、または出力のエスケープ	CVE-2026-8795	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

1639	7.5	HIGH ネットワーク	-	-	In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may cause a denial-of-service (DoS) condition. Affected versions: Micrometer 1.16.0 through 1.16.5; 1.15.0 th…	CWE-400 リソースの枯渇	CVE-2026-40983	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

1640	7.5	HIGH ネットワーク	-	-	In Micrometer, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Affected versions: micrometer-core 1.16.0 through 1.16.5; 1.15…	CWE-400 リソースの枯渇	CVE-2026-40984	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

1641	5.9	MEDIUM ネットワーク	-	-	An attacker can craft a large number of unique requests that trigger a failure, exhausting the capacity of the application-wide stateful retry cache. Once the cache is full, it permanently rejects an…	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2026-41710	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

1642	6.1	MEDIUM ネットワーク	-	-	In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials. In order for this to happen, the HTTP client must have been e…	CWE-522 認証情報の不十分な保護	CVE-2026-41715	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

1643	7.4	HIGH ネットワーク	-	-	Spring LDAP's DirContextAuthenticationStrategy implementations do not reject a bind request where a non-empty username is paired with an empty or null password. Affected versions: Spring LDAP 2.4.0 …	CWE-287 不適切な認証	CVE-2026-41720	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

1644	4.2	MEDIUM ネットワーク	-	-	A WebFlux application with a compromised subdomain (for example, compromised via cross-site scripting (XSS)) is vulnerable to an escalation attack exchanging a known session ID for that of an authent…	CWE-384 セッションの固定化	CVE-2026-41839	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

1645	5.9	MEDIUM ネットワーク	-	-	Spring WebFlux applications are vulnerable to Denial of Service (DoS) attacks when processing multipart requests. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0…	CWE-400 リソースの枯渇	CVE-2026-41840	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

1646	5.9	MEDIUM ネットワーク	-	-	Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6…	CWE-524 重要な情報を含むキャッシュの使用	CVE-2026-41841	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

1647	7.5	HIGH ネットワーク	-	-	Spring MVC and WebFlux applications are vulnerable to Denial of Service (DoS) attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; …	CWE-400 リソースの枯渇	CVE-2026-41842	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

1648	5.9	MEDIUM ネットワーク	-	-	Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 thr…	CWE-22 パス・トラバーサル	CVE-2026-41843	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

1649	7.5	HIGH ネットワーク	-	-	An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language (SpEL). An attacker can exploit this by supplying a specially crafted SpEL expression that triggers …	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2026-41849	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

1650	7.5	HIGH ネットワーク	-	-	Applications that evaluate user-supplied Spring Expression Language (SpEL) expressions are vulnerable to an Algorithmic Denial of Service (DoS). By providing a specially crafted expression, an attack…	CWE-407 アルゴリズムの複雑性	CVE-2026-41850	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm