NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月16日4:13

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
1901	7.1	HIGH ネットワーク	-	-	Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite information belongi…	CWE-862 認証の欠如	CVE-2026-44751	2026-06-9 11:08	2026-06-9	表示	GitHub Exploit DB Packet Storm

1902	6.6	MEDIUM ネットワーク	-	-	The Remote Function Call (RFC) modules of the Operational Data Provisioning Data Replication API (ODP-RFC) are missing caller identification of permitted SAP-internal applications and are being used …	CWE-862 認証の欠如	CVE-2026-44754	2026-06-9 11:08	2026-06-9	表示	GitHub Exploit DB Packet Storm

1903	4.3	MEDIUM ネットワーク	-	-	SAP Business Objects Business Intelligence Platform does not sufficiently validate email sending parameters supplied by authenticated users, resulting in an email spoofing vulnerability.This vulnerab…	CWE-346 同一生成元ポリシー違反	CVE-2026-44755	2026-06-9 11:08	2026-06-9	表示	GitHub Exploit DB Packet Storm

1904	4.7	MEDIUM ネットワーク	-	-	SAP Wily Introscope Enterprise Manager allows an unauthenticated attacker to craft a specially crafted URL. Under certain conditions, when accessed by a victim, the injected script could execute in t…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-44757	2026-06-9 11:08	2026-06-9	表示	GitHub Exploit DB Packet Storm

1905	7.5	HIGH ネットワーク	-	-	Use after free in Compositing in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)	CWE-416 解放済みメモリの使用	CVE-2026-11639	2026-06-9 10:37	2026-06-9	表示	GitHub Exploit DB Packet Storm

1906	7.5	HIGH ネットワーク	-	-	Use after free in Bluetooth in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafte…	CWE-416 解放済みメモリの使用	CVE-2026-11641	2026-06-9 10:37	2026-06-9	表示	GitHub Exploit DB Packet Storm

1907	5.5	MEDIUM 隣接	-	-	A vulnerability was found in UTT HiPER 2610G up to 3.0.0-171107. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBinds results in b…	CWE-119 CWE-120 バッファエラー古典的バッファオーバーフロー	CVE-2026-11516	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

1908	4.3	MEDIUM ネットワーク	-	-	A vulnerability was identified in SourceCodester Inventory System 1.0. Affected is an unknown function of the file /users.php of the component User Management Page. The manipulation of the argument f…	CWE-79 CWE-94 クロスサイト・スクリプティング（XSS）コード・インジェクション	CVE-2026-11518	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

1909	6.3	MEDIUM ネットワーク	-	-	A security flaw has been discovered in SourceCodester Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /Product_Inventory/api/users_handler.php of the comp…	CWE-266 CWE-285 不適切な権限設定不適切な認可	CVE-2026-11519	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

1910	3.5	LOW ネットワーク	-	-	A weakness has been identified in SourceCodester Inventory System 1.0. Affected by this issue is some unknown functionality of the file header.php. This manipulation causes cross site scripting. It i…	CWE-79 CWE-94 クロスサイト・スクリプティング（XSS）コード・インジェクション	CVE-2026-11520	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

1911	6.3	MEDIUM ネットワーク	-	-	A security vulnerability has been detected in Mohammed-eid35 bank-management-system-springboot up to 7b9bcc65ad7df3db29af71aed9bb500e5f24d948. This affects an unknown part of the file src/main/java/c…	CWE-266 CWE-285 不適切な権限設定不適切な認可	CVE-2026-11521	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

1912	8.8	HIGH ネットワーク	-	-	A vulnerability was detected in Tenda W20E 15.11.0.6. This vulnerability affects the function formSetPortMirror of the file /goform/setPortMirror. Performing a manipulation of the argument portMirror…	CWE-119 CWE-121 バッファエラースタックオーバーフロー	CVE-2026-11522	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

1913	8.8	HIGH ネットワーク	-	-	A flaw has been found in Tenda W20E 15.11.0.6. This issue affects the function formPortalAuth of the file /goform/PortalAuth of the component Web Management Interface. Executing a manipulation of the…	CWE-119 CWE-121 バッファエラースタックオーバーフロー	CVE-2026-11523	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

1914	8.8	HIGH ネットワーク	-	-	A vulnerability has been found in Tenda W20E 15.11.0.6. Impacted is the function modifyWifiFilterRules of the file /goform/modifyWifiFilterRules of the component Web Management Interface. The manipul…	CWE-119 CWE-121 バッファエラースタックオーバーフロー	CVE-2026-11524	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

1915	8.8	HIGH ネットワーク	-	-	A vulnerability was found in Tenda AC18 15.03.05.05. The affected element is the function sub_45304 of the file /goform/getRebootStatus of the component Web Management Interface. The manipulation of …	CWE-119 CWE-121 バッファエラースタックオーバーフロー	CVE-2026-11528	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

1916	6.3	MEDIUM ネットワーク	-	-	A vulnerability was determined in designcomputer mysql-mcp-server up to 0.2.2. The impacted element is the function read_resource of the file src/mysql_mcp_server/server.py of the component mysql URI…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11529	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

1917	7.3	HIGH ネットワーク	-	-	A vulnerability was identified in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This affects an unknown function of the file /index.ph of the component Login. Suc…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11530	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

1918	6.3	MEDIUM ネットワーク	-	-	A weakness has been identified in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected is an unknown function of the file /add.php of the component Student Reco…	CWE-266 CWE-284 不適切な権限設定不適切なアクセス制御	CVE-2026-11532	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

1919	5.4	MEDIUM ネットワーク	-	-	A security vulnerability has been detected in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this vulnerability is an unknown functionality of the file…	CWE-266 CWE-285 不適切な権限設定不適切な認可	CVE-2026-11533	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

1920	3.5	LOW ネットワーク	-	-	A vulnerability was detected in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this issue is some unknown functionality of the file /add.php. The manip…	CWE-79 CWE-94 クロスサイト・スクリプティング（XSS）コード・インジェクション	CVE-2026-11534	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

1921	5.3	MEDIUM ネットワーク	-	-	A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affected by this issue is some unk…	CWE-255 CWE-259 証明書・パスワード管理パスワードがハードコーディングされている	CVE-2026-11552	2026-06-9 10:32	2026-06-9	表示	GitHub Exploit DB Packet Storm

1922	8.8	HIGH ネットワーク	-	-	A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formPPPEdit of the file /boaform/formPPPEdit. The manipulation of the argument encodename results in st…	CWE-119 CWE-121 バッファエラースタックオーバーフロー	CVE-2026-11553	2026-06-9 10:32	2026-06-9	表示	GitHub Exploit DB Packet Storm

1923	4.3	MEDIUM ネットワーク	-	-	A vulnerability was determined in TOTOLINK CP450 4.1.0cu.747. This vulnerability affects unknown code of the file /etc/vsftpd.conf of the component vsftpd. This manipulation causes least privilege vi…	CWE-266 CWE-272 不適切な権限設定最小権限の違反	CVE-2026-11554	2026-06-9 10:32	2026-06-9	表示	GitHub Exploit DB Packet Storm

1924	8.8	HIGH ネットワーク	-	-	A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file /goform/WriteFacMac of the component Web Management Interface. Performing a man…	CWE-77 CWE-78 コマンドインジェクション OSコマンド・インジェクション	CVE-2026-11556	2026-06-9 10:32	2026-06-9	表示	GitHub Exploit DB Packet Storm

1925	8.8	HIGH ネットワーク	-	-	A weakness has been identified in Tenda F451 1.0.0.7/1.0.0.9. The affected element is the function fromNatlimit of the file /goform/Natlimit of the component Web Management Interface. Executing a man…	CWE-119 CWE-121 バッファエラースタックオーバーフロー	CVE-2026-11557	2026-06-9 10:32	2026-06-9	表示	GitHub Exploit DB Packet Storm

1926	6.3	MEDIUM ネットワーク	-	-	A security vulnerability has been detected in CodeAstro Payroll System 1.0. The impacted element is an unknown function of the file /home_salary.php. The manipulation of the argument rate/salary_rate…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11558	2026-06-9 10:32	2026-06-9	表示	GitHub Exploit DB Packet Storm

1927	6.3	MEDIUM ネットワーク	-	-	A vulnerability was detected in CodeAstro Payroll System 1.0. This affects an unknown function of the file /view_account.php. The manipulation of the argument ID results in sql injection. The attack …	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11559	2026-06-9 10:32	2026-06-9	表示	GitHub Exploit DB Packet Storm

1928	7.3	HIGH ネットワーク	-	-	A flaw has been found in CodeAstro Student Attendance Management System 1.0. The impacted element is an unknown function of the file /attendance-php/index.php. Executing a manipulation of the argumen…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11582	2026-06-9 10:32	2026-06-9	表示	GitHub Exploit DB Packet Storm

1929	6.3	MEDIUM ネットワーク	-	-	A vulnerability has been found in CodeAstro Student Attendance Management System 1.0. This affects an unknown function of the file /attendance-php/Admin/createClass.php. The manipulation of the argum…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11583	2026-06-9 10:32	2026-06-9	表示	GitHub Exploit DB Packet Storm

1930	6.3	MEDIUM ネットワーク	-	-	A vulnerability was found in CodeAstro Student Attendance Management System 1.0. This impacts an unknown function of the file /attendance-php/Admin/createClass.php?action=edit. The manipulation of th…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11584	2026-06-9 10:32	2026-06-9	表示	GitHub Exploit DB Packet Storm

1931	6.3	MEDIUM ネットワーク	-	-	A vulnerability was determined in CodeAstro Student Attendance Management System 1.0. Affected is an unknown function of the file /attendance-php/Admin/createClassArms.php. This manipulation of the a…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11585	2026-06-9 10:32	2026-06-9	表示	GitHub Exploit DB Packet Storm

1932	-	-	-	-	HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.0 suffer from an improper session termination vulnerability where authentication tokens remain valid after …	CWE-613 不適切なセッション期限	CVE-2026-46401	2026-06-9 05:17	2026-06-6	表示	GitHub Exploit DB Packet Storm

1933	8.2	HIGH ネットワーク	-	-	CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow (`.github/workflows/static.yml`) uses the `pull_request_target` trigger but dan…	CWE-94 コード・インジェクション	CVE-2026-41249	2026-06-9 05:17	2026-06-5	表示	GitHub Exploit DB Packet Storm

1934	9.8	CRITICAL ネットワーク	-	-	Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality N…	CWE-287 CWE-306 CWE-1390 不適切な認証重要な機能に対する認証の欠如解説脆弱な認証	CVE-2026-6274	2026-06-9 04:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

1935	7.5	HIGH ネットワーク	-	-	Lyrion Music Server 9.2.0 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting directory traversal in the web server context. Attackers …	CWE-22 パス・トラバーサル	CVE-2026-50234	2026-06-9 04:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

1936	-	-	-	-	HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an OS command injection vulnerability exists in the Git.php library of the HAXcms PHP backend. The applic…	CWE-78 OSコマンド・インジェクション	CVE-2026-46394	2026-06-9 04:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

1937	-	-	-	-	OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, `go.opentelemetry.io/otel/schema/v1.0` and `go.opentelemetry.io/otel/schema/v1.1` leaks one file descriptor on eac…	CWE-772 CWE-775 有効なライフタイム後のリソースの解放の欠如有効期限後のファイル記述子またはハンドルの解放の欠如	CVE-2026-45287	2026-06-9 04:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

1938	4.3	MEDIUM ネットワーク	-	-	IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request forgery attack, beca…	CWE-650 サーバーサイドにおける許可された HTTP メソッドの信頼	CVE-2026-42543	2026-06-9 04:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

1939	-	-	-	-	Froxlor is open source server administration software. Version 2.3.6 lets administrators configure `system.available_shells` as the approved shell list that customers may assign to FTP users. However…	CWE-863 不正な認証	CVE-2026-41235	2026-06-9 04:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

1940	7.8	HIGH ローカル	-	-	A DLL hijacking vulnerability in Wassimulator (GitHub) CactusViewer v2.3.0 allows attackers to escalate privileges and execute arbitrary code via a crafted DLL.	CWE-427 制御されていない検索パスの要素	CVE-2026-36574	2026-06-9 04:16	2026-06-4	表示	GitHub Exploit DB Packet Storm

1941	9.6	CRITICAL ネットワーク	google	chrome	Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape …	CWE-20 不適切な入力確認	CVE-2026-11113	2026-06-9 04:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

1942	7.4	HIGH ネットワーク	google	chrome	Uninitialized Use in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)	CWE-457 初期化されていない変数の使用	CVE-2026-10973	2026-06-9 04:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

1943	9.6	CRITICAL ネットワーク	google	chrome	Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)	CWE-416 解放済みメモリの使用	CVE-2026-10972	2026-06-9 04:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

1944	7.4	HIGH ネットワーク	google	chrome	Insufficient validation of untrusted input in Dawn in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via …	CWE-20 不適切な入力確認	CVE-2026-10968	2026-06-9 04:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

1945	9.6	CRITICAL ネットワーク	google	chrome	Inappropriate implementation in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity:…	CWE-20 不適切な入力確認	CVE-2026-10966	2026-06-9 04:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

1946	6.0	MEDIUM ネットワーク	arista	ng_firewall	An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). This issue uniquely…	CWE-78 OSコマンド・インジェクション	CVE-2026-25620	2026-06-9 04:15	2026-06-6	表示	GitHub Exploit DB Packet Storm

1947	6.0	MEDIUM ネットワーク	arista	ng_firewall	A Reports application infrastructure vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW) due to insecure input validation. This issue uniquely affects versi…	CWE-78 OSコマンド・インジェクション	CVE-2026-25621	2026-06-9 04:13	2026-06-6	表示	GitHub Exploit DB Packet Storm

1948	6.0	MEDIUM ネットワーク	arista	ng_firewall	A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). On affected platforms, an administrative account logg…	CWE-78 OSコマンド・インジェクション	CVE-2026-25622	2026-06-9 04:10	2026-06-6	表示	GitHub Exploit DB Packet Storm

1949	6.0	MEDIUM ネットワーク	arista	ng_firewall	An input validation command execution vulnerability exists in the browser management pipeline of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Authenticated administrators c…	CWE-78 OSコマンド・インジェクション	CVE-2026-25623	2026-06-9 04:10	2026-06-6	表示	GitHub Exploit DB Packet Storm

1950	4.8	MEDIUM ネットワーク	arista	ng_firewall	An administrative cross-site scripting (XSS) vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Unvalidated use…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-25624	2026-06-9 04:08	2026-06-6	表示	GitHub Exploit DB Packet Storm