NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2026年6月15日4:10

No CVSS レベル
攻撃区分		 ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
1701 - -
- - The path allowance check in GeneralUtility::isAllowedAbsPath() performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like /var/www/html-other/sec… CWE-22
パス・トラバーサル 		CVE-2026-49738 2026-06-9 22:46 2026-06-9 表示 GitHub Exploit DB Packet Storm
1702 - -
- - TYPO3's cache frontend (VariableFrontend) and persistent key-value store (Registry) deserialized PHP payloads without integrity validation or class restrictions. An attacker with write access to the … CWE-502
信頼性のないデータのデシリアライゼーション 		CVE-2026-49740 2026-06-9 22:46 2026-06-9 表示 GitHub Exploit DB Packet Storm
1703 - -
- - Backend users with write access to the form_definition database table were able to directly create, update, or delete form definition records via DataHandler, bypassing the Form Framework's persisten… CWE-89
CWE-862
SQLインジェクション
認証の欠如 		CVE-2026-49741 2026-06-9 22:46 2026-06-9 表示 GitHub Exploit DB Packet Storm
1704 - -
- - Backend users with file download permissions were able to download files from the fallback storage of the file abstraction layer (FAL) via the Media Module. Since the fallback storage resolves paths … CWE-22
CWE-200
パス・トラバーサル
情報漏えい 		CVE-2026-49742 2026-06-9 22:46 2026-06-9 表示 GitHub Exploit DB Packet Storm
1705 7.5 HIGH
ネットワーク 		google chrome Inappropriate implementation in ImageCapture in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted H… CWE-269
不適切な権限管理 		CVE-2026-11296 2026-06-9 22:45 2026-06-5 表示 GitHub Exploit DB Packet Storm
1706 4.3 MEDIUM
ネットワーク 		google chrome Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severi… CWE-346
同一生成元ポリシー違反 		CVE-2026-11298 2026-06-9 22:44 2026-06-5 表示 GitHub Exploit DB Packet Storm
1707 6.5 MEDIUM
ネットワーク 		google chrome Integer overflow in Fonts in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security… CWE-125
CWE-190
境界外読み取り
整数オーバーフローまたはラップアラウンド 		CVE-2026-11299 2026-06-9 22:43 2026-06-5 表示 GitHub Exploit DB Packet Storm
1708 6.3 MEDIUM
ローカル 		- - Permission management vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect service integrity. CWE-701
設計時に取り込まれた脆弱性 		CVE-2026-41975 2026-06-9 22:34 2026-06-9 表示 GitHub Exploit DB Packet Storm
1709 4.4 MEDIUM
ローカル 		- - Permission control vulnerability in the clone module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. CWE-275
パーミッションの問題 		CVE-2026-41978 2026-06-9 22:34 2026-06-9 表示 GitHub Exploit DB Packet Storm
1710 5.5 MEDIUM
ローカル 		- - Permission control vulnerability in the print module. Impact: Successful exploitation of this vulnerability may affect integrity and confidentiality. CWE-701
設計時に取り込まれた脆弱性 		CVE-2026-41979 2026-06-9 22:34 2026-06-9 表示 GitHub Exploit DB Packet Storm
1711 5.5 MEDIUM
ローカル 		- - Permission control vulnerability in the file preview module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. CWE-200
情報漏えい 		CVE-2026-41980 2026-06-9 22:34 2026-06-9 表示 GitHub Exploit DB Packet Storm
1712 5.4 MEDIUM
ネットワーク 		- - Path traversal vulnerability in the SMS app. Impact: Successful exploitation of this vulnerability may affect availability. CWE-22
パス・トラバーサル 		CVE-2026-41972 2026-06-9 22:34 2026-06-9 表示 GitHub Exploit DB Packet Storm
1713 5.9 MEDIUM
ローカル 		- - Permission control vulnerability in calls. Impact: Successful exploitation of this vulnerability may affect availability. CWE-840
ビジネスロジックエラー 		CVE-2026-41973 2026-06-9 22:34 2026-06-9 表示 GitHub Exploit DB Packet Storm
1714 3.6 LOW
ローカル 		- - Permission control vulnerability in service notifications. Impact: Successful exploitation of this vulnerability may affect availability. CWE-264
認可・権限・アクセス制御 		CVE-2026-41974 2026-06-9 22:34 2026-06-9 表示 GitHub Exploit DB Packet Storm
1715 6.6 MEDIUM
ローカル 		- - Permission control vulnerability in the audio framework. Impact: Successful exploitation of this vulnerability may affect service confidentiality. CWE-275
パーミッションの問題 		CVE-2026-41976 2026-06-9 22:34 2026-06-9 表示 GitHub Exploit DB Packet Storm
1716 5.0 MEDIUM
ローカル 		- - DoS vulnerability in the log service. Impact: Successful exploitation of this vulnerability may affect availability. CWE-190
整数オーバーフローまたはラップアラウンド 		CVE-2026-41977 2026-06-9 22:34 2026-06-9 表示 GitHub Exploit DB Packet Storm
1717 5.3 MEDIUM
ローカル 		- - Out-of-bounds write vulnerability in the IPC module. Impact: Successful exploitation of this vulnerability may affect availability. CWE-122
ヒープオーバーフロー 		CVE-2026-41981 2026-06-9 22:34 2026-06-9 表示 GitHub Exploit DB Packet Storm
1718 6.4 MEDIUM
ネットワーク 		- - Race condition vulnerability in the IPC module. Impact: Successful exploitation of this vulnerability may affect availability. CWE-416
解放済みメモリの使用 		CVE-2026-41982 2026-06-9 22:34 2026-06-9 表示 GitHub Exploit DB Packet Storm
1719 4.3 MEDIUM
ネットワーク 		- - DoS vulnerability in the browser kernel. Impact: Successful exploitation of this vulnerability may affect availability. CWE-399
リソース管理の問題 		CVE-2026-41983 2026-06-9 22:34 2026-06-9 表示 GitHub Exploit DB Packet Storm
1720 5.2 MEDIUM
ローカル 		- - UAF vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service integrity. CWE-284
不適切なアクセス制御 		CVE-2026-41984 2026-06-9 22:34 2026-06-9 表示 GitHub Exploit DB Packet Storm
1721 5.1 MEDIUM
ローカル 		- - UAF vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service integrity. CWE-284
不適切なアクセス制御 		CVE-2026-41985 2026-06-9 22:34 2026-06-9 表示 GitHub Exploit DB Packet Storm
1722 2.4 LOW
物理 		- - Logic bypass vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect availability. CWE-606
チェックされていないループ条件の入力値 		CVE-2026-41986 2026-06-9 22:34 2026-06-9 表示 GitHub Exploit DB Packet Storm
1723 9.0 CRITICAL
ネットワーク 		- - Improper neutralization of triple-quote characters during Python code generation in AgentCore CLI before v0.14.2 might allow an authenticated remote threat actor to execute arbitrary code on AWS Agen… CWE-94
コード・インジェクション 		CVE-2026-11393 2026-06-9 22:34 2026-06-9 表示 GitHub Exploit DB Packet Storm
1724 6.4 MEDIUM
ネットワーク 		- - The Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion body field in all versions up to, and including, 2.3.23 due to insufficient input sanitization and o… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-10862 2026-06-9 22:33 2026-06-9 表示 GitHub Exploit DB Packet Storm
1725 5.3 MEDIUM
ネットワーク 		- - A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege v… CWE-266
CWE-272
不適切な権限設定
最小権限の違反 		CVE-2026-11620 2026-06-9 22:33 2026-06-9 表示 GitHub Exploit DB Packet Storm
1726 4.7 MEDIUM
ネットワーク 		- - A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulat… CWE-284
CWE-434
不適切なアクセス制御
危険なタイプのファイルの無制限アップロード 		CVE-2026-11621 2026-06-9 22:33 2026-06-9 表示 GitHub Exploit DB Packet Storm
1727 6.4 MEDIUM
ネットワーク 		- - The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘location_dir’ parameter in all versions up to, and including, 4.1.8 due to insufficient input sanit… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-5714 2026-06-9 22:33 2026-06-9 表示 GitHub Exploit DB Packet Storm
1728 6.4 MEDIUM
ネットワーク 		- - The TinyMCE shortcode Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'btnrel' Shortcode Attribute in all versions up to, and including, 1.0.0 due to insufficient input sa… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-10024 2026-06-9 22:33 2026-06-9 表示 GitHub Exploit DB Packet Storm
1729 7.2 HIGH
ネットワーク 		- - The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment text in all versions up to, and including, 7.5.49.7212 due to insufficient input sanit… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-7556 2026-06-9 22:33 2026-06-9 表示 GitHub Exploit DB Packet Storm
1730 4.3 MEDIUM
ネットワーク 		- - The jQuery Hover Footnotes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the jqFo… CWE-352
同一生成元ポリシー違反 		CVE-2026-10553 2026-06-9 22:33 2026-06-9 表示 GitHub Exploit DB Packet Storm
1731 6.4 MEDIUM
ネットワーク 		- - The jQuery Hover Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Footnote Qualifier ('{{...}}' Syntax) in all versions up to, and including, 1.4 due to insufficient in… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-10738 2026-06-9 22:33 2026-06-9 表示 GitHub Exploit DB Packet Storm
1732 6.1 MEDIUM
ネットワーク 		- - The Product Filter Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via 'args[filterFormArray]' Parameter in all versions up to, and including, 1.0.6 due to i… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-11603 2026-06-9 22:33 2026-06-9 表示 GitHub Exploit DB Packet Storm
1733 4.5 MEDIUM
ローカル 		- - A security vulnerability has been detected in tmux up to 3.6a. Affected is the function image_free of the file image.c. Such manipulation leads to use after free. Local access is required to approach… CWE-119
CWE-416
バッファエラー
解放済みメモリの使用 		CVE-2026-11623 2026-06-9 22:33 2026-06-9 表示 GitHub Exploit DB Packet Storm
1734 6.4 MEDIUM
ネットワーク 		- - The ePaperFlip Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'publicationid' attribute of the `epaperflip_embed` shortcode in all versions up to, and including, … CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-7662 2026-06-9 22:33 2026-06-9 表示 GitHub Exploit DB Packet Storm
1735 6.4 MEDIUM
ネットワーク 		- - The Extra Settings for RocketChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rocketchat' shortcode's 'title' attribute in versions up to, and including, 0.1. This is d… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-8841 2026-06-9 22:33 2026-06-9 表示 GitHub Exploit DB Packet Storm
1736 6.4 MEDIUM
ネットワーク 		- - The RomanCart Ecommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blclass' attribute (and other attributes) of the romancart_button shortcode in versions up to, and i… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-8880 2026-06-9 22:33 2026-06-9 表示 GitHub Exploit DB Packet Storm
1737 5.3 MEDIUM
ネットワーク 		- - The Helpfulcrowd Product Reviews plugin for WordPress is vulnerable to Authorization Bypass via PHP Type Juggling in versions up to, and including, 1.2.9. This is due to the `helpfulcrowd_validate_to… CWE-843
型の取り違え 		CVE-2026-8499 2026-06-9 22:33 2026-06-9 表示 GitHub Exploit DB Packet Storm
1738 6.4 MEDIUM
ネットワーク 		- - The WP ApplicantStack Jobs Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.1.1 due to insufficient input san… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-8882 2026-06-9 22:33 2026-06-9 表示 GitHub Exploit DB Packet Storm
1739 6.4 MEDIUM
ネットワーク 		- - The Global Body Mass Index Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gbmicalc' shortcode in versions up to, and including, 1.2. This is due to insufficient… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-8883 2026-06-9 22:33 2026-06-9 表示 GitHub Exploit DB Packet Storm
1740 6.4 MEDIUM
ネットワーク 		- - The kk blog card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'blog-card' shortcode in all versions up to, and including, 1.3. This is due to insufficient input … CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-8895 2026-06-9 22:33 2026-06-9 表示 GitHub Exploit DB Packet Storm
1741 4.3 MEDIUM
ネットワーク 		- - The AJAX Report Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect nonce validation on the rc_o… CWE-352
同一生成元ポリシー違反 		CVE-2026-8902 2026-06-9 22:33 2026-06-9 表示 GitHub Exploit DB Packet Storm
1742 4.3 MEDIUM
ネットワーク 		- - The FastPicker, an order picker and order management system (oms) for WooCommerce on steroids plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.… CWE-352
同一生成元ポリシー違反 		CVE-2026-8904 2026-06-9 22:33 2026-06-9 表示 GitHub Exploit DB Packet Storm
1743 6.1 MEDIUM
ネットワーク 		- - The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function… CWE-352
同一生成元ポリシー違反 		CVE-2026-8910 2026-06-9 22:33 2026-06-9 表示 GitHub Exploit DB Packet Storm
1744 4.3 MEDIUM
ネットワーク 		- - The WP Meta Sort Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or incorrect nonce validation on the top-leve… CWE-352
同一生成元ポリシー違反 		CVE-2026-8940 2026-06-9 22:33 2026-06-9 表示 GitHub Exploit DB Packet Storm
1745 8.1 HIGH
ネットワーク 		- - The Recover Exit For WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to and including 1.0.3. This is due to insufficient validation and sanitization of the u… CWE-98
PHP リモートファイルインクルージョン 		CVE-2026-9662 2026-06-9 22:33 2026-06-9 表示 GitHub Exploit DB Packet Storm
1746 6.1 MEDIUM
ネットワーク 		- - The WP-Ultimate-Map plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This is due to missing nonce validation on the process_init() function hook… CWE-352
同一生成元ポリシー違反 		CVE-2026-8907 2026-06-9 22:33 2026-06-9 表示 GitHub Exploit DB Packet Storm
1747 4.3 MEDIUM
ネットワーク 		- - The WpMobi plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.3. This is due to missing or incorrect nonce validation on the handleSaveGeneralS… CWE-352
同一生成元ポリシー違反 		CVE-2026-8909 2026-06-9 22:33 2026-06-9 表示 GitHub Exploit DB Packet Storm
1748 6.4 MEDIUM
ネットワーク 		- - The WP GDPR Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ninja_gdpr_ajax_actions' AJAX action in versions up to, and including, 1.0.0. This is due to miss… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-8977 2026-06-9 22:33 2026-06-9 表示 GitHub Exploit DB Packet Storm
1749 7.5 HIGH
ネットワーク 		- - The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.22.0 via the `userId` parameter of the `six_storage_g… CWE-639
ユーザ制御の鍵による認証回避 		CVE-2026-9185 2026-06-9 22:33 2026-06-9 表示 GitHub Exploit DB Packet Storm
1750 8.8 HIGH
ネットワーク 		- - The Events Calendar for GeoDirectory plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 2.3.28. This is due to the ajax_ayi_action() handler only applying str… CWE-269
不適切な権限管理 		CVE-2026-11616 2026-06-9 22:33 2026-06-9 表示 GitHub Exploit DB Packet Storm