NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月15日4:10

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
1801	-	-	-	-	Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluation create and update mass-assignment allows cross-workspace evaluation takeove…	CWE-915 動的に決定されたオブジェクト属性の不適切に制御された変更	CVE-2026-46479	2026-06-9 11:06	2026-06-9	表示	GitHub Exploit DB Packet Storm

1802	7.5	HIGH ネットワーク	-	-	Use after free in Compositing in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)	CWE-416 解放済みメモリの使用	CVE-2026-11639	2026-06-9 10:37	2026-06-9	表示	GitHub Exploit DB Packet Storm

1803	7.5	HIGH ネットワーク	-	-	Use after free in Bluetooth in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafte…	CWE-416 解放済みメモリの使用	CVE-2026-11641	2026-06-9 10:37	2026-06-9	表示	GitHub Exploit DB Packet Storm

1804	5.5	MEDIUM 隣接	-	-	A vulnerability was found in UTT HiPER 2610G up to 3.0.0-171107. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBinds results in b…	CWE-119 CWE-120 バッファエラー古典的バッファオーバーフロー	CVE-2026-11516	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

1805	4.3	MEDIUM ネットワーク	-	-	A vulnerability was identified in SourceCodester Inventory System 1.0. Affected is an unknown function of the file /users.php of the component User Management Page. The manipulation of the argument f…	CWE-79 CWE-94 クロスサイト・スクリプティング（XSS）コード・インジェクション	CVE-2026-11518	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

1806	6.3	MEDIUM ネットワーク	-	-	A security flaw has been discovered in SourceCodester Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /Product_Inventory/api/users_handler.php of the comp…	CWE-266 CWE-285 不適切な権限設定不適切な認可	CVE-2026-11519	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

1807	3.5	LOW ネットワーク	-	-	A weakness has been identified in SourceCodester Inventory System 1.0. Affected by this issue is some unknown functionality of the file header.php. This manipulation causes cross site scripting. It i…	CWE-79 CWE-94 クロスサイト・スクリプティング（XSS）コード・インジェクション	CVE-2026-11520	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

1808	6.3	MEDIUM ネットワーク	-	-	A security vulnerability has been detected in Mohammed-eid35 bank-management-system-springboot up to 7b9bcc65ad7df3db29af71aed9bb500e5f24d948. This affects an unknown part of the file src/main/java/c…	CWE-266 CWE-285 不適切な権限設定不適切な認可	CVE-2026-11521	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

1809	8.8	HIGH ネットワーク	-	-	A vulnerability was detected in Tenda W20E 15.11.0.6. This vulnerability affects the function formSetPortMirror of the file /goform/setPortMirror. Performing a manipulation of the argument portMirror…	CWE-119 CWE-121 バッファエラースタックオーバーフロー	CVE-2026-11522	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

1810	8.8	HIGH ネットワーク	-	-	A flaw has been found in Tenda W20E 15.11.0.6. This issue affects the function formPortalAuth of the file /goform/PortalAuth of the component Web Management Interface. Executing a manipulation of the…	CWE-119 CWE-121 バッファエラースタックオーバーフロー	CVE-2026-11523	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

1811	8.8	HIGH ネットワーク	-	-	A vulnerability has been found in Tenda W20E 15.11.0.6. Impacted is the function modifyWifiFilterRules of the file /goform/modifyWifiFilterRules of the component Web Management Interface. The manipul…	CWE-119 CWE-121 バッファエラースタックオーバーフロー	CVE-2026-11524	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

1812	8.8	HIGH ネットワーク	-	-	A vulnerability was found in Tenda AC18 15.03.05.05. The affected element is the function sub_45304 of the file /goform/getRebootStatus of the component Web Management Interface. The manipulation of …	CWE-119 CWE-121 バッファエラースタックオーバーフロー	CVE-2026-11528	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

1813	6.3	MEDIUM ネットワーク	-	-	A vulnerability was determined in designcomputer mysql-mcp-server up to 0.2.2. The impacted element is the function read_resource of the file src/mysql_mcp_server/server.py of the component mysql URI…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11529	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

1814	7.3	HIGH ネットワーク	-	-	A vulnerability was identified in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This affects an unknown function of the file /index.ph of the component Login. Suc…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11530	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

1815	6.3	MEDIUM ネットワーク	-	-	A weakness has been identified in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected is an unknown function of the file /add.php of the component Student Reco…	CWE-266 CWE-284 不適切な権限設定不適切なアクセス制御	CVE-2026-11532	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

1816	5.4	MEDIUM ネットワーク	-	-	A security vulnerability has been detected in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this vulnerability is an unknown functionality of the file…	CWE-266 CWE-285 不適切な権限設定不適切な認可	CVE-2026-11533	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

1817	3.5	LOW ネットワーク	-	-	A vulnerability was detected in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this issue is some unknown functionality of the file /add.php. The manip…	CWE-79 CWE-94 クロスサイト・スクリプティング（XSS）コード・インジェクション	CVE-2026-11534	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

1818	5.3	MEDIUM ネットワーク	-	-	A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affected by this issue is some unk…	CWE-255 CWE-259 証明書・パスワード管理パスワードがハードコーディングされている	CVE-2026-11552	2026-06-9 10:32	2026-06-9	表示	GitHub Exploit DB Packet Storm

1819	8.8	HIGH ネットワーク	-	-	A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formPPPEdit of the file /boaform/formPPPEdit. The manipulation of the argument encodename results in st…	CWE-119 CWE-121 バッファエラースタックオーバーフロー	CVE-2026-11553	2026-06-9 10:32	2026-06-9	表示	GitHub Exploit DB Packet Storm

1820	4.3	MEDIUM ネットワーク	-	-	A vulnerability was determined in TOTOLINK CP450 4.1.0cu.747. This vulnerability affects unknown code of the file /etc/vsftpd.conf of the component vsftpd. This manipulation causes least privilege vi…	CWE-266 CWE-272 不適切な権限設定最小権限の違反	CVE-2026-11554	2026-06-9 10:32	2026-06-9	表示	GitHub Exploit DB Packet Storm

1821	8.8	HIGH ネットワーク	-	-	A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file /goform/WriteFacMac of the component Web Management Interface. Performing a man…	CWE-77 CWE-78 コマンドインジェクション OSコマンド・インジェクション	CVE-2026-11556	2026-06-9 10:32	2026-06-9	表示	GitHub Exploit DB Packet Storm

1822	8.8	HIGH ネットワーク	-	-	A weakness has been identified in Tenda F451 1.0.0.7/1.0.0.9. The affected element is the function fromNatlimit of the file /goform/Natlimit of the component Web Management Interface. Executing a man…	CWE-119 CWE-121 バッファエラースタックオーバーフロー	CVE-2026-11557	2026-06-9 10:32	2026-06-9	表示	GitHub Exploit DB Packet Storm

1823	6.3	MEDIUM ネットワーク	-	-	A security vulnerability has been detected in CodeAstro Payroll System 1.0. The impacted element is an unknown function of the file /home_salary.php. The manipulation of the argument rate/salary_rate…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11558	2026-06-9 10:32	2026-06-9	表示	GitHub Exploit DB Packet Storm

1824	6.3	MEDIUM ネットワーク	-	-	A vulnerability was detected in CodeAstro Payroll System 1.0. This affects an unknown function of the file /view_account.php. The manipulation of the argument ID results in sql injection. The attack …	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11559	2026-06-9 10:32	2026-06-9	表示	GitHub Exploit DB Packet Storm

1825	7.3	HIGH ネットワーク	-	-	A flaw has been found in CodeAstro Student Attendance Management System 1.0. The impacted element is an unknown function of the file /attendance-php/index.php. Executing a manipulation of the argumen…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11582	2026-06-9 10:32	2026-06-9	表示	GitHub Exploit DB Packet Storm

1826	6.3	MEDIUM ネットワーク	-	-	A vulnerability has been found in CodeAstro Student Attendance Management System 1.0. This affects an unknown function of the file /attendance-php/Admin/createClass.php. The manipulation of the argum…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11583	2026-06-9 10:32	2026-06-9	表示	GitHub Exploit DB Packet Storm

1827	6.3	MEDIUM ネットワーク	-	-	A vulnerability was found in CodeAstro Student Attendance Management System 1.0. This impacts an unknown function of the file /attendance-php/Admin/createClass.php?action=edit. The manipulation of th…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11584	2026-06-9 10:32	2026-06-9	表示	GitHub Exploit DB Packet Storm

1828	6.3	MEDIUM ネットワーク	-	-	A vulnerability was determined in CodeAstro Student Attendance Management System 1.0. Affected is an unknown function of the file /attendance-php/Admin/createClassArms.php. This manipulation of the a…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11585	2026-06-9 10:32	2026-06-9	表示	GitHub Exploit DB Packet Storm

1829	-	-	-	-	HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.0 suffer from an improper session termination vulnerability where authentication tokens remain valid after …	CWE-613 不適切なセッション期限	CVE-2026-46401	2026-06-9 05:17	2026-06-6	表示	GitHub Exploit DB Packet Storm

1830	8.2	HIGH ネットワーク	-	-	CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow (`.github/workflows/static.yml`) uses the `pull_request_target` trigger but dan…	CWE-94 コード・インジェクション	CVE-2026-41249	2026-06-9 05:17	2026-06-5	表示	GitHub Exploit DB Packet Storm

1831	9.8	CRITICAL ネットワーク	-	-	Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality N…	CWE-287 CWE-306 CWE-1390 不適切な認証重要な機能に対する認証の欠如解説脆弱な認証	CVE-2026-6274	2026-06-9 04:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

1832	7.5	HIGH ネットワーク	-	-	Lyrion Music Server 9.2.0 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting directory traversal in the web server context. Attackers …	CWE-22 パス・トラバーサル	CVE-2026-50234	2026-06-9 04:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

1833	-	-	-	-	HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an OS command injection vulnerability exists in the Git.php library of the HAXcms PHP backend. The applic…	CWE-78 OSコマンド・インジェクション	CVE-2026-46394	2026-06-9 04:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

1834	-	-	-	-	OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, `go.opentelemetry.io/otel/schema/v1.0` and `go.opentelemetry.io/otel/schema/v1.1` leaks one file descriptor on eac…	CWE-772 CWE-775 有効なライフタイム後のリソースの解放の欠如有効期限後のファイル記述子またはハンドルの解放の欠如	CVE-2026-45287	2026-06-9 04:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

1835	4.3	MEDIUM ネットワーク	-	-	IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request forgery attack, beca…	CWE-650 サーバーサイドにおける許可された HTTP メソッドの信頼	CVE-2026-42543	2026-06-9 04:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

1836	-	-	-	-	Froxlor is open source server administration software. Version 2.3.6 lets administrators configure `system.available_shells` as the approved shell list that customers may assign to FTP users. However…	CWE-863 不正な認証	CVE-2026-41235	2026-06-9 04:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

1837	7.8	HIGH ローカル	-	-	A DLL hijacking vulnerability in Wassimulator (GitHub) CactusViewer v2.3.0 allows attackers to escalate privileges and execute arbitrary code via a crafted DLL.	CWE-427 制御されていない検索パスの要素	CVE-2026-36574	2026-06-9 04:16	2026-06-4	表示	GitHub Exploit DB Packet Storm

1838	9.6	CRITICAL ネットワーク	google	chrome	Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape …	CWE-20 不適切な入力確認	CVE-2026-11113	2026-06-9 04:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

1839	7.4	HIGH ネットワーク	google	chrome	Uninitialized Use in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)	CWE-457 初期化されていない変数の使用	CVE-2026-10973	2026-06-9 04:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

1840	9.6	CRITICAL ネットワーク	google	chrome	Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)	CWE-416 解放済みメモリの使用	CVE-2026-10972	2026-06-9 04:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

1841	7.4	HIGH ネットワーク	google	chrome	Insufficient validation of untrusted input in Dawn in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via …	CWE-20 不適切な入力確認	CVE-2026-10968	2026-06-9 04:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

1842	9.6	CRITICAL ネットワーク	google	chrome	Inappropriate implementation in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity:…	CWE-20 不適切な入力確認	CVE-2026-10966	2026-06-9 04:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

1843	6.0	MEDIUM ネットワーク	arista	ng_firewall	An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). This issue uniquely…	CWE-78 OSコマンド・インジェクション	CVE-2026-25620	2026-06-9 04:15	2026-06-6	表示	GitHub Exploit DB Packet Storm

1844	6.0	MEDIUM ネットワーク	arista	ng_firewall	A Reports application infrastructure vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW) due to insecure input validation. This issue uniquely affects versi…	CWE-78 OSコマンド・インジェクション	CVE-2026-25621	2026-06-9 04:13	2026-06-6	表示	GitHub Exploit DB Packet Storm

1845	6.0	MEDIUM ネットワーク	arista	ng_firewall	A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). On affected platforms, an administrative account logg…	CWE-78 OSコマンド・インジェクション	CVE-2026-25622	2026-06-9 04:10	2026-06-6	表示	GitHub Exploit DB Packet Storm

1846	6.0	MEDIUM ネットワーク	arista	ng_firewall	An input validation command execution vulnerability exists in the browser management pipeline of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Authenticated administrators c…	CWE-78 OSコマンド・インジェクション	CVE-2026-25623	2026-06-9 04:10	2026-06-6	表示	GitHub Exploit DB Packet Storm

1847	4.8	MEDIUM ネットワーク	arista	ng_firewall	An administrative cross-site scripting (XSS) vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Unvalidated use…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-25624	2026-06-9 04:08	2026-06-6	表示	GitHub Exploit DB Packet Storm

1848	7.4	HIGH ネットワーク	asynchttpclient_project	async-http-client	The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. Versions on the 2.x branch prior to 2.15.0 and the 3.x branch pri…	CWE-200 情報漏えい	CVE-2026-45300	2026-06-9 03:37	2026-06-6	表示	GitHub Exploit DB Packet Storm

1849	6.5	MEDIUM ネットワーク	google	chrome	Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a cr…	CWE-20 NVD-CWE-noinfo 不適切な入力確認	CVE-2026-11022	2026-06-9 03:37	2026-06-5	表示	GitHub Exploit DB Packet Storm

1850	7.8	HIGH ローカル	x.org redhat	x_server xwayland enterprise_linux	A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() declares a fixed-size stack buffer mapWidths[256] indexed by key type index. The helper function Ch…	CWE-121 スタックオーバーフロー	CVE-2026-50259	2026-06-9 03:28	2026-06-5	表示	GitHub Exploit DB Packet Storm