NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2026年6月16日4:13

No CVSS レベル
攻撃区分		 ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
1851 4.3 MEDIUM
ネットワーク 		- - The FastPicker, an order picker and order management system (oms) for WooCommerce on steroids plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.… CWE-352
同一生成元ポリシー違反 		CVE-2026-8904 2026-06-9 22:33 2026-06-9 表示 GitHub Exploit DB Packet Storm
1852 6.1 MEDIUM
ネットワーク 		- - The WP-Ultimate-Map plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This is due to missing nonce validation on the process_init() function hook… CWE-352
同一生成元ポリシー違反 		CVE-2026-8907 2026-06-9 22:33 2026-06-9 表示 GitHub Exploit DB Packet Storm
1853 4.3 MEDIUM
ネットワーク 		- - The WpMobi plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.3. This is due to missing or incorrect nonce validation on the handleSaveGeneralS… CWE-352
同一生成元ポリシー違反 		CVE-2026-8909 2026-06-9 22:33 2026-06-9 表示 GitHub Exploit DB Packet Storm
1854 6.1 MEDIUM
ネットワーク 		- - The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function… CWE-352
同一生成元ポリシー違反 		CVE-2026-8910 2026-06-9 22:33 2026-06-9 表示 GitHub Exploit DB Packet Storm
1855 4.3 MEDIUM
ネットワーク 		- - The WP Meta Sort Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or incorrect nonce validation on the top-leve… CWE-352
同一生成元ポリシー違反 		CVE-2026-8940 2026-06-9 22:33 2026-06-9 表示 GitHub Exploit DB Packet Storm
1856 8.1 HIGH
ネットワーク 		- - The Recover Exit For WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to and including 1.0.3. This is due to insufficient validation and sanitization of the u… CWE-98
PHP リモートファイルインクルージョン 		CVE-2026-9662 2026-06-9 22:33 2026-06-9 表示 GitHub Exploit DB Packet Storm
1857 6.4 MEDIUM
ネットワーク 		- - The WP GDPR Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ninja_gdpr_ajax_actions' AJAX action in versions up to, and including, 1.0.0. This is due to miss… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-8977 2026-06-9 22:33 2026-06-9 表示 GitHub Exploit DB Packet Storm
1858 7.5 HIGH
ネットワーク 		- - The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.22.0 via the `userId` parameter of the `six_storage_g… CWE-639
ユーザ制御の鍵による認証回避 		CVE-2026-9185 2026-06-9 22:33 2026-06-9 表示 GitHub Exploit DB Packet Storm
1859 8.8 HIGH
ネットワーク 		- - The Events Calendar for GeoDirectory plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 2.3.28. This is due to the ajax_ayi_action() handler only applying str… CWE-269
不適切な権限管理 		CVE-2026-11616 2026-06-9 22:33 2026-06-9 表示 GitHub Exploit DB Packet Storm
1860 6.5 MEDIUM
ネットワーク 		- - The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to and including 7.0.10. This is due to three compounding design flaws: (1) the plugin leak… CWE-200
情報漏えい 		CVE-2026-7542 2026-06-9 22:33 2026-06-9 表示 GitHub Exploit DB Packet Storm
1861 8.8 HIGH
ネットワーク 		- - The Blocksy theme for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution via the 'blocksy_meta' REST API field and the V200 database migration in versions up to and incl… CWE-502
信頼性のないデータのデシリアライゼーション 		CVE-2026-8365 2026-06-9 22:33 2026-06-9 表示 GitHub Exploit DB Packet Storm
1862 6.4 MEDIUM
ネットワーク 		- - The MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Campaign HTML Content Field in all versions … CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-8599 2026-06-9 22:33 2026-06-9 表示 GitHub Exploit DB Packet Storm
1863 6.4 MEDIUM
ネットワーク 		- - The Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Widget HTML Tag Settings in all versions up to, and i… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-8677 2026-06-9 22:33 2026-06-9 表示 GitHub Exploit DB Packet Storm
1864 4.3 MEDIUM
ネットワーク 		- - The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capabi… CWE-862
認証の欠如 		CVE-2026-4058 2026-06-9 22:33 2026-06-9 表示 GitHub Exploit DB Packet Storm
1865 - -
- - In the Linux kernel, the following vulnerability has been resolved: Revert "mm/hugetlbfs: update hugetlbfs to use mmap_prepare" This reverts commit ea52cb24cd3f ("mm/hugetlbfs: update hugetlbfs to … - CVE-2026-46318 2026-06-9 22:16 2026-06-9 表示 GitHub Exploit DB Packet Storm
1866 8.0 HIGH
ネットワーク 		- - VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scri… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-41723 2026-06-9 22:16 2026-06-8 表示 GitHub Exploit DB Packet Storm
1867 8.0 HIGH
ネットワーク 		- - VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scri… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-41722 2026-06-9 22:16 2026-06-8 表示 GitHub Exploit DB Packet Storm
1868 6.5 MEDIUM
ネットワーク 		google chrome Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via… CWE-284
不適切なアクセス制御 		CVE-2026-11190 2026-06-9 21:51 2026-06-5 表示 GitHub Exploit DB Packet Storm
1869 6.5 MEDIUM
ネットワーク 		google chrome Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restricti… CWE-20
不適切な入力確認 		CVE-2026-11189 2026-06-9 21:51 2026-06-5 表示 GitHub Exploit DB Packet Storm
1870 8.8 HIGH
ネットワーク 		google chrome Out of bounds memory access in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security s… CWE-125
境界外読み取り 		CVE-2026-11191 2026-06-9 21:50 2026-06-5 表示 GitHub Exploit DB Packet Storm
1871 4.3 MEDIUM
ネットワーク 		google chrome Insufficient validation of untrusted input in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium securi… CWE-20
不適切な入力確認 		CVE-2026-11192 2026-06-9 21:49 2026-06-5 表示 GitHub Exploit DB Packet Storm
1872 6.5 MEDIUM
ネットワーク 		google chrome Insufficient policy enforcement in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium securit… CWE-284
不適切なアクセス制御 		CVE-2026-11193 2026-06-9 21:49 2026-06-5 表示 GitHub Exploit DB Packet Storm
1873 - -
- - In the Linux kernel, the following vulnerability has been resolved: io_uring/waitid: clear waitid info before copying it to userspace IORING_OP_WAITID stores its result fields in struct io_waitid::… - CVE-2026-46315 2026-06-9 18:16 2026-06-9 表示 GitHub Exploit DB Packet Storm
1874 7.1 HIGH
ネットワーク 		- - A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources… CWE-732
重要なリソースに対する不適切なパーミッションの割り当て 		CVE-2026-10840 2026-06-9 18:16 2026-06-4 表示 GitHub Exploit DB Packet Storm
1875 6.5 MEDIUM
ネットワーク 		google chrome Inappropriate implementation in WebAppInstalls in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HT… CWE-20
不適切な入力確認 		CVE-2026-11023 2026-06-9 12:08 2026-06-5 表示 GitHub Exploit DB Packet Storm
1876 8.8 HIGH
ネットワーク 		google chrome Stack buffer overflow in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: Medium) CWE-121
スタックオーバーフロー 		CVE-2026-11024 2026-06-9 12:07 2026-06-5 表示 GitHub Exploit DB Packet Storm
1877 6.5 MEDIUM
ネットワーク 		google chrome Insufficient policy enforcement in Navigation in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium securit… CWE-602
サーバ側のセキュリティのクライアント側での実施 		CVE-2026-11025 2026-06-9 12:07 2026-06-5 表示 GitHub Exploit DB Packet Storm
1878 6.5 MEDIUM
ネットワーク 		google chrome Out of bounds read in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium secur… CWE-125
境界外読み取り 		CVE-2026-11096 2026-06-9 12:07 2026-06-5 表示 GitHub Exploit DB Packet Storm
1879 6.5 MEDIUM
ネットワーク 		google chrome Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Me… CWE-474
一貫性のない実装を含む機能の使用 		CVE-2026-11097 2026-06-9 12:07 2026-06-5 表示 GitHub Exploit DB Packet Storm
1880 5.3 MEDIUM
ネットワーク 		google chrome Insufficient validation of untrusted input in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HT… CWE-20
不適切な入力確認 		CVE-2026-11098 2026-06-9 12:07 2026-06-5 表示 GitHub Exploit DB Packet Storm
1881 9.6 CRITICAL
ネットワーク 		google chrome Use after free in File Input in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape vi… CWE-416
解放済みメモリの使用 		CVE-2026-11100 2026-06-9 12:06 2026-06-5 表示 GitHub Exploit DB Packet Storm
1882 6.5 MEDIUM
ネットワーク 		google chrome Insufficient validation of untrusted input in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted H… CWE-20
不適切な入力確認 		CVE-2026-11121 2026-06-9 12:06 2026-06-5 表示 GitHub Exploit DB Packet Storm
1883 6.1 MEDIUM
ネットワーク 		google chrome Inappropriate implementation in Keyboard in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security sever… CWE-358
不適切に実装されたセキュリティチェック 		CVE-2026-11122 2026-06-9 12:06 2026-06-5 表示 GitHub Exploit DB Packet Storm
1884 6.5 MEDIUM
ネットワーク 		google chrome Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium securit… CWE-457
初期化されていない変数の使用 		CVE-2026-11123 2026-06-9 12:05 2026-06-5 表示 GitHub Exploit DB Packet Storm
1885 8.8 HIGH
ネットワーク 		google chrome Integer overflow in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) CWE-122
ヒープオーバーフロー 		CVE-2026-11124 2026-06-9 12:05 2026-06-5 表示 GitHub Exploit DB Packet Storm
1886 4.3 MEDIUM
ネットワーク 		google chrome Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chro… CWE-20
不適切な入力確認 		CVE-2026-11126 2026-06-9 12:05 2026-06-5 表示 GitHub Exploit DB Packet Storm
1887 6.5 MEDIUM
ネットワーク 		google chrome Inappropriate implementation in WebAPKs in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted WebAPK. (Chromium security severity: Medi… CWE-358
不適切に実装されたセキュリティチェック 		CVE-2026-11127 2026-06-9 12:05 2026-06-5 表示 GitHub Exploit DB Packet Storm
1888 6.5 MEDIUM
ネットワーク 		google chrome Inappropriate implementation in Web Share in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a craf… CWE-20
不適切な入力確認 		CVE-2026-11128 2026-06-9 12:05 2026-06-5 表示 GitHub Exploit DB Packet Storm
1889 8.3 HIGH
ネットワーク 		- - Use after free in Printing in Google Chrome on Android prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted… CWE-416
解放済みメモリの使用 		CVE-2026-11647 2026-06-9 11:16 2026-06-9 表示 GitHub Exploit DB Packet Storm
1890 9.6 CRITICAL
ネットワーク 		- - Use after free in Printing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) CWE-416
解放済みメモリの使用 		CVE-2026-11638 2026-06-9 11:16 2026-06-9 表示 GitHub Exploit DB Packet Storm
1891 - -
- - Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and ca… CWE-617
到達可能なアサーション 		CVE-2026-35058 2026-06-9 11:08 2026-06-9 表示 GitHub Exploit DB Packet Storm
1892 - -
- - A race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows remote attackers to potentially cause a server crash or leak heap memory via a use-after-free triggered during TLS… CWE-125
CWE-416
境界外読み取り
解放済みメモリの使用 		CVE-2026-40215 2026-06-9 11:08 2026-06-9 表示 GitHub Exploit DB Packet Storm
1893 4.2 MEDIUM
ネットワーク 		- - SAP Fiori Launchpad allows attackers to craft malicious URLs that triggers arbitrary service calls on the Fiori domain, this when opened by the user could compromise accounts by stealing user credent… CWE-35
パストラバーサル 		CVE-2026-24315 2026-06-9 11:08 2026-06-9 表示 GitHub Exploit DB Packet Storm
1894 9.8 CRITICAL
ネットワーク 		- - Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that explo… CWE-121
スタックオーバーフロー 		CVE-2026-27671 2026-06-9 11:08 2026-06-9 表示 GitHub Exploit DB Packet Storm
1895 9.0 CRITICAL
ネットワーク 		- - SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal an… CWE-35
パストラバーサル 		CVE-2026-40128 2026-06-9 11:08 2026-06-9 表示 GitHub Exploit DB Packet Storm
1896 3.7 LOW
ネットワーク 		- - Under certain conditions, when an unauthorized attacker accesses a specific endpoint, SAP Business Objects application leaks sensitive information .This has a low impact on the confidentiality of the… CWE-497
認可されていない制御領域への重要情報の漏えい 		CVE-2026-44743 2026-06-9 11:08 2026-06-9 表示 GitHub Exploit DB Packet Storm
1897 6.5 MEDIUM
ネットワーク 		- - SAP S/4HANA(On-Premise) contains SQL injection vulnerability in a remote-enabled function module component that could be exploited by an authenticated attacker to potentially execute unauthorized dat… CWE-89
SQLインジェクション 		CVE-2026-44744 2026-06-9 11:08 2026-06-9 表示 GitHub Exploit DB Packet Storm
1898 6.1 MEDIUM
ネットワーク 		- - Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver JAVA (JDBC Test Servlet), an unauthenticated attacker could craft a URL that embeds a malicious script. If a victim clicks… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2026-44746 2026-06-9 11:08 2026-06-9 表示 GitHub Exploit DB Packet Storm
1899 9.9 CRITICAL
ネットワーク 		- - SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier… CWE-347
デジタル署名の不適切な検証 		CVE-2026-44748 2026-06-9 11:08 2026-06-9 表示 GitHub Exploit DB Packet Storm
1900 4.3 MEDIUM
ネットワーク 		- - SAP MDG (Review Match Groups Application) does not perform the necessary authorization checks for authenticated users. This could allow a low-privileged user to perform actions that would otherwise b… CWE-862
認証の欠如 		CVE-2026-44750 2026-06-9 11:08 2026-06-9 表示 GitHub Exploit DB Packet Storm