NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月15日4:10

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
1651	9.4	CRITICAL ネットワーク	-	-	AdGuard Home, when started with the --glinet flag, contains an authentication bypass vulnerability that allows unauthenticated attackers to gain full admin access by supplying a path traversal sequen…	CWE-22 パス・トラバーサル	CVE-2026-41448	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1652	-	-	-	-	A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutralization of user-controlled input within the web management interface. An authe…	CWE-78 OSコマンド・インジェクション	CVE-2026-8913	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1653	7.5	HIGH ネットワーク	-	-	Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5db5ed, contain an authenticated remote code execution vulnerability via OS command injection in the setupCertbotPlugins() functio…	CWE-78 OSコマンド・インジェクション	CVE-2026-40519	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1654	7.1	HIGH ネットワーク	-	-	WACRM prior to commit 73041bf contain an authorization bypass vulnerability in the automation engine that allows authenticated attackers to access and modify contacts belonging to other tenants by su…	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-49141	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1655	3.5	LOW ネットワーク	-	-	The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfiltered_html capability across all paths that write to its block template code fields, allowing administrato…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-8981	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1656	-	-	-	-	SQL injection in the ‘two_steps_auth_code’ parameter processed by the ‘twoStepsAuthVerification’ function within the ‘/user-login’ endpoint. The two-factor authentication (2FA) functionality can be a…	CWE-89 SQLインジェクション	CVE-2026-10731	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1657	8.2	HIGH ネットワーク	-	-	Simply Poll 1.4.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the 'pollid' POST pa…	CWE-89 SQLインジェクション	CVE-2016-20062	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1658	7.1	HIGH ネットワーク	-	-	Single Personal Message 1.0.3 contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries by injecting malicious code through the message parameter. Attac…	CWE-89 SQLインジェクション	CVE-2016-20063	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1659	6.2	MEDIUM ローカル	-	-	WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Attacke…	CWE-98 PHP リモートファイルインクルージョン	CVE-2016-20064	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1660	8.2	HIGH ネットワーク	-	-	Product Catalog 8 1.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the selec…	CWE-89 SQLインジェクション	CVE-2016-20065	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1661	8.2	HIGH ネットワーク	-	-	WordPress Car Park Booking Plugin version 13 October 17 contains a time-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code th…	CWE-89 SQLインジェクション	CVE-2017-20243	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1662	8.2	HIGH ネットワーク	-	-	Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to read arbitrary database information by exploiting an unescaped POST parameter. …	CWE-89 SQLインジェクション	CVE-2017-20244	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1663	8.2	HIGH ネットワーク	-	-	Wow Viral Signups 2.1 WordPress plugin contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by exploiting the unescaped 'idsignup' POST parame…	CWE-89 SQLインジェクション	CVE-2017-20245	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1664	8.2	HIGH ネットワーク	-	-	KittyCatfish 2.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to read database contents by exploiting an unescaped GET parameter. Attackers can i…	CWE-89 SQLインジェクション	CVE-2017-20246	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1665	8.2	HIGH ネットワーク	-	-	WordPress Plugin PICA Photo Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid para…	CWE-89 SQLインジェクション	CVE-2017-20247	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1666	7.5	HIGH ネットワーク	-	-	Apptha Slider Gallery 1.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the imgname parameter. Attackers can send requests …	CWE-22 パス・トラバーサル	CVE-2017-20248	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1667	8.2	HIGH ネットワーク	-	-	Apptha Slider Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the albid parameter. Attac…	CWE-89 SQLインジェクション	CVE-2017-20249	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1668	7.5	HIGH ネットワーク	-	-	Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the albid parameter. Attackers can send requests to mac…	CWE-22 パス・トラバーサル	CVE-2017-20250	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1669	9.8	CRITICAL ネットワーク	-	-	WordPress Insert PHP plugin versions before 3.3.1 contain a PHP code injection vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious shortcodes thro…	CWE-94 コード・インジェクション	CVE-2017-20251	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

1670	7.8	HIGH ローカル	-	-	A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in client_info.json inside a collection ZIP is inse…	CWE-74 CWE-94 CWE-116 インジェクションコード・インジェクション不適切なエンコード、または出力のエスケープ	CVE-2026-8795	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

1671	7.5	HIGH ネットワーク	-	-	In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may cause a denial-of-service (DoS) condition. Affected versions: Micrometer 1.16.0 through 1.16.5; 1.15.0 th…	CWE-400 リソースの枯渇	CVE-2026-40983	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

1672	7.5	HIGH ネットワーク	-	-	In Micrometer, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Affected versions: micrometer-core 1.16.0 through 1.16.5; 1.15…	CWE-400 リソースの枯渇	CVE-2026-40984	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

1673	5.9	MEDIUM ネットワーク	-	-	An attacker can craft a large number of unique requests that trigger a failure, exhausting the capacity of the application-wide stateful retry cache. Once the cache is full, it permanently rejects an…	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2026-41710	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

1674	6.1	MEDIUM ネットワーク	-	-	In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials. In order for this to happen, the HTTP client must have been e…	CWE-522 認証情報の不十分な保護	CVE-2026-41715	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

1675	7.4	HIGH ネットワーク	-	-	Spring LDAP's DirContextAuthenticationStrategy implementations do not reject a bind request where a non-empty username is paired with an empty or null password. Affected versions: Spring LDAP 2.4.0 …	CWE-287 不適切な認証	CVE-2026-41720	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

1676	4.2	MEDIUM ネットワーク	-	-	A WebFlux application with a compromised subdomain (for example, compromised via cross-site scripting (XSS)) is vulnerable to an escalation attack exchanging a known session ID for that of an authent…	CWE-384 セッションの固定化	CVE-2026-41839	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

1677	5.9	MEDIUM ネットワーク	-	-	Spring WebFlux applications are vulnerable to Denial of Service (DoS) attacks when processing multipart requests. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0…	CWE-400 リソースの枯渇	CVE-2026-41840	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

1678	5.9	MEDIUM ネットワーク	-	-	Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6…	CWE-524 重要な情報を含むキャッシュの使用	CVE-2026-41841	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

1679	7.5	HIGH ネットワーク	-	-	Spring MVC and WebFlux applications are vulnerable to Denial of Service (DoS) attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; …	CWE-400 リソースの枯渇	CVE-2026-41842	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

1680	5.9	MEDIUM ネットワーク	-	-	Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 thr…	CWE-22 パス・トラバーサル	CVE-2026-41843	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

1681	7.5	HIGH ネットワーク	-	-	An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language (SpEL). An attacker can exploit this by supplying a specially crafted SpEL expression that triggers …	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2026-41849	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

1682	7.5	HIGH ネットワーク	-	-	Applications that evaluate user-supplied Spring Expression Language (SpEL) expressions are vulnerable to an Algorithmic Denial of Service (DoS). By providing a specially crafted expression, an attack…	CWE-407 アルゴリズムの複雑性	CVE-2026-41850	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

1683	5.3	MEDIUM ネットワーク	-	-	Applications which accept user-supplied Spring Expression Language (SpEL) expressions may be vulnerable to a Denial of Service (DoS) attack if the evaluation of a SpEL expression triggers unbounded c…	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2026-41851	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

1684	5.3	MEDIUM ネットワーク	-	-	Spring MVC and WebFlux applications are vulnerable to Multipart request smuggling attacks. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 through 6.1.27; 5.3.0 …	CWE-444 HTTP リクエストスマグリング	CVE-2026-41853	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

1685	4.2	MEDIUM ネットワーク	-	-	Due to incorrect host parsing, applications that rely on UriComponentsBuilder to parse and validate an externally provided URL string may be exposed to a server-side request forgery (SSRF) attack. A…	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-41854	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

1686	8.1	HIGH ネットワーク	-	-	In an untrusted JMS environment, org.springframework.jms.support.converter.MappingJackson2MessageConverter and org.springframework.jms.support.converter.JacksonJsonMessageConverter allow arbitrary cl…	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2026-41855	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

1687	6.1	MEDIUM 隣接	-	-	A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC 5 6MD86 (CP200) (All version…	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2025-40808	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

1688	7.1	HIGH ローカル	-	-	A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 (All versions), SIMATIC WinCC Unified PC Runtime V17 (All versions), SIMATIC WinCC Unified PC Runtime V18 (All versions), S…	CWE-313 ファイル内またはディスク上の平文保存	CVE-2026-24349	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

1689	4.7	MEDIUM ローカル	-	-	A path traversal vulnerability was found in awxkit, the CLI tool for AWX. The YAML !include directive does not sanitize file paths, allowing an attacker to craft a malicious YAML file that reads arbi…	CWE-22 パス・トラバーサル	CVE-2026-52902	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

1690	-	-	-	-	When ALLOW_INSECURE_RAW_TEXT is enabled, whitespace-variant closing tags (e.g., </style\t>) are not recognized by the sanitizer but accepted by browsers as valid end tags, allowing subsequent content…	CWE-79 CWE-436 クロスサイト・スクリプティング（XSS）解釈の競合	CVE-2026-47344	2026-06-9 22:46	2026-06-9	表示	GitHub Exploit DB Packet Storm

1691	-	-	-	-	Namespace attributes are not encoded correctly during HTML serialization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitizer before version 2.3.2.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-47345	2026-06-9 22:46	2026-06-9	表示	GitHub Exploit DB Packet Storm

1692	-	-	-	-	Backend users with access to the Form Framework were able to use files not ending in .form.yaml as form definitions, which were processed without denying the incorrect file extension. Maliciously cra…	CWE-862 認証の欠如	CVE-2026-11607	2026-06-9 22:46	2026-06-9	表示	GitHub Exploit DB Packet Storm

1693	-	-	-	-	Non-privileged backend users with file mount access were able to perform write operations (move, delete, rename) on folders representing the root of an active file mount due to missing authorization …	CWE-862 認証の欠如	CVE-2026-47343	2026-06-9 22:46	2026-06-9	表示	GitHub Exploit DB Packet Storm

1694	-	-	-	-	Backend users with file write permissions were able to upload form definition files with mixed-case extensions (e.g., .FORM.YAML) to bypass the Form Framework's upload restriction. Maliciously crafte…	CWE-178 CWE-862 大文字と小文字の区別の不適切な処理認証の欠如	CVE-2026-47346	2026-06-9 22:46	2026-06-9	表示	GitHub Exploit DB Packet Storm

1695	-	-	-	-	Applications that use GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to open redirect attacks if the URL is used after it has passed the aforementioned sanitization checks. …	CWE-601 オープンリダイレクト	CVE-2026-47347	2026-06-9 22:46	2026-06-9	表示	GitHub Exploit DB Packet Storm

1696	-	-	-	-	Editors with access to create or modify page content were able to include HTML markup in page titles that were stored in the search index without sanitization. When displayed in frontend search resul…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-47348	2026-06-9 22:46	2026-06-9	表示	GitHub Exploit DB Packet Storm

1697	-	-	-	-	Backend users with access to the Recycler module were able to restore soft-deleted records on pages or for tables they were not authorized to modify. This issue affects TYPO3 CMS versions before 10.4…	CWE-862 認証の欠如	CVE-2026-47349	2026-06-9 22:46	2026-06-9	表示	GitHub Exploit DB Packet Storm

1698	-	-	-	-	Backend users were able to move records to a different page without having edit permissions on the source page. This issue affects TYPO3 CMS versions 13.0.0-13.4.31 and 14.0.0-14.3.3.	CWE-862 認証の欠如	CVE-2026-47350	2026-06-9 22:46	2026-06-9	表示	GitHub Exploit DB Packet Storm

1699	-	-	-	-	Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, which allowed users to gather information about records and files they we…	CWE-200 CWE-862 情報漏えい認証の欠如	CVE-2026-47351	2026-06-9 22:46	2026-06-9	表示	GitHub Exploit DB Packet Storm

1700	-	-	-	-	Authenticated backend users were able to retrieve file metadata via several Backend API routes without proper permission checks, allowing access to files outside their permitted file mounts or storag…	CWE-862 認証の欠如	CVE-2026-47352	2026-06-9 22:46	2026-06-9	表示	GitHub Exploit DB Packet Storm