NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年4月21日4:10

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
151	5.5	MEDIUM ローカル	microsoft	windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2012 windows_server_2016 w…	Improper link resolution before file access ('link following') in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally. Update	CWE-59 CWE-269 リンク解釈の問題不適切な権限管理	CVE-2026-32212	2026-04-20 23:55	2026-04-15	表示	GitHub Exploit DB Packet Storm

152	9.0	CRITICAL ネットワーク	b3log	siyuan	SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, Mermaid diagrams are rendered with securityLevel set to "loose", and the resulting SVG is injected into the… Update	CWE-79 CWE-94 クロスサイト・スクリプティング（XSS）コード・インジェクション	CVE-2026-40322	2026-04-20 23:51	2026-04-17	表示	GitHub Exploit DB Packet Storm

153	7.2	HIGH ネットワーク	cubecart	cubecart	An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to execute an arbitrary OS command. Update	CWE-78 OSコマンド・インジェクション	CVE-2026-21719	2026-04-20 23:45	2026-04-17	表示	GitHub Exploit DB Packet Storm

154	9.8	CRITICAL ネットワーク	cubecart	cubecart	An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to execute an arbitrary SQL statement on the product. Update	CWE-89 SQLインジェクション	CVE-2026-34018	2026-04-20 23:44	2026-04-17	表示	GitHub Exploit DB Packet Storm

155	5.5	MEDIUM ローカル	microsoft	windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2012 windows_server_2016 w…	Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally. Update	CWE-284 不適切なアクセス制御	CVE-2026-32214	2026-04-20 23:43	2026-04-15	表示	GitHub Exploit DB Packet Storm

156	2.7	LOW ネットワーク	cubecart	cubecart	A path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to access higher-level directories that should not be accessible. Update	CWE-22 パス・トラバーサル	CVE-2026-35496	2026-04-20 23:43	2026-04-17	表示	GitHub Exploit DB Packet Storm

157	6.5	MEDIUM ネットワーク	pac4j	pac4j	PAC4J is vulnerable to Cross-Site Request Forgery (CSRF). A malicious attacker can craft a specially designed website which, when visited by a user, will automatically submit a forged cross-site requ… Update	CWE-352 同一生成元ポリシー違反	CVE-2026-40458	2026-04-20 23:41	2026-04-17	表示	GitHub Exploit DB Packet Storm

158	8.8	HIGH ネットワーク	pac4j	pac4j	PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP syntax into ID-based search parameters, potentially resulting in unauthorized LDAP … Update	CWE-90 LDAP インジェクション	CVE-2026-40459	2026-04-20 23:38	2026-04-17	表示	GitHub Exploit DB Packet Storm

159	5.5	MEDIUM ローカル	microsoft	windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2019 windows_server_2022 windows_server_2022_…	Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally. Update	CWE-532 ログファイルからの情報漏えい	CVE-2026-32215	2026-04-20 23:35	2026-04-15	表示	GitHub Exploit DB Packet Storm

160	5.5	MEDIUM ローカル	microsoft	windows_11_26h1	Null pointer dereference in Windows Redirected Drive Buffering allows an authorized attacker to deny service locally. Update	CWE-476 NULL ポインタデリファレンス	CVE-2026-32216	2026-04-20 23:34	2026-04-15	表示	GitHub Exploit DB Packet Storm

161	5.5	MEDIUM ローカル	microsoft	windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2012 windows_server_2016 w…	Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally. Update	CWE-532 ログファイルからの情報漏えい	CVE-2026-32217	2026-04-20 23:34	2026-04-15	表示	GitHub Exploit DB Packet Storm

162	5.5	MEDIUM ローカル	microsoft	windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2022 windows_server_2022_23h2 windows_server_2025	Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally. Update	CWE-532 ログファイルからの情報漏えい	CVE-2026-32218	2026-04-20 23:33	2026-04-15	表示	GitHub Exploit DB Packet Storm

163	7.0	HIGH ローカル	microsoft	windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2025	Double free in Microsoft Brokering File System allows an authorized attacker to elevate privileges locally. Update	CWE-362 CWE-415 競合状態二重解放	CVE-2026-32219	2026-04-20 23:32	2026-04-15	表示	GitHub Exploit DB Packet Storm

164	5.1	MEDIUM ローカル	-	-	Double-Free / Use-After-Free (UAF) in the `IntoIter::drop` and `ThinVec::clear` functions in the thin_vec crate. A panic in `ptr::drop_in_place` skips setting the length to zero. New	CWE-415 CWE-416 二重解放解放済みメモリの使用	CVE-2026-6654	2026-04-20 23:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

165	6.3	MEDIUM ネットワーク	-	-	A vulnerability was determined in Qibo CMS 1.0. Affected by this issue is some unknown functionality of the file /index/image/headers. Executing a manipulation of the argument starts can lead to serv… New	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-6649	2026-04-20 23:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

166	-	-	-	-	An improper access control vulnerability in the canonical-livepatch snap client prior to version 10.15.0 allows a local unprivileged user to obtain a sensitive, root-level authentication token by sen… New	CWE-306 CWE-732 重要な機能に対する認証の欠如解説重要なリソースに対する不適切なパーミッションの割り当て	CVE-2026-6369	2026-04-20 23:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

167	8.4	HIGH 隣接	-	-	OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster applian… New	CWE-77 コマンドインジェクション	CVE-2026-4048	2026-04-20 23:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

168	8.4	HIGH 隣接	-	-	OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the Loa… New	CWE-77 コマンドインジェクション	CVE-2026-3519	2026-04-20 23:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

169	8.4	HIGH 隣接	-	-	OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster applia… New	CWE-77 コマンドインジェクション	CVE-2026-3518	2026-04-20 23:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

170	8.4	HIGH 隣接	-	-	OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the Lo… New	CWE-77 コマンドインジェクション	CVE-2026-3517	2026-04-20 23:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

171	3.5	LOW ネットワーク	-	-	The Email Encoder WordPress plugin before 2.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2024-7083	2026-04-20 23:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

172	3.5	LOW ネットワーク	-	-	A vulnerability was found in Qibo CMS 1.0. Affected by this vulnerability is an unknown functionality of the component Internal Message Module. Performing a manipulation results in cross site scripti… New	CWE-79 CWE-94 クロスサイト・スクリプティング（XSS）コード・インジェクション	CVE-2026-6648	2026-04-20 22:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

173	4.3	MEDIUM ネットワーク	-	-	A vulnerability was detected in p2r3 convert up to 6998584ace3e11db66dff0b423612a5cf91de75b. Affected is the function Bun.serve of the file buildCache.js of the component API. Performing a manipulati… New	CWE-22 パス・トラバーサル	CVE-2026-6636	2026-04-20 21:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

174	7.3	HIGH ネットワーク	-	-	A security vulnerability has been detected in rowboatlabs rowboat up to 0.1.67. This impacts the function tool_call of the file apps/experimental/tools_webhook/app.py of the component tools_webhook. … New	CWE-287 不適切な認証	CVE-2026-6635	2026-04-20 21:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

175	6.3	MEDIUM ネットワーク	-	-	A weakness has been identified in usememos memos up to 0.22.1. This affects the function memos_access_token of the file src/App.tsx of the component UpdateInstanceSetting. This manipulation of the ar… New	CWE-266 CWE-285 不適切な権限設定不適切な認可	CVE-2026-6634	2026-04-20 21:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

176	3.5	LOW ネットワーク	-	-	A security flaw has been discovered in Yifang CMS up to 2.0.5. The impacted element is the function store of the file plugins/yifang_backend_account/logic/admin/L_rbac_admin.php of the component Exte… New	CWE-79 CWE-94 クロスサイト・スクリプティング（XSS）コード・インジェクション	CVE-2026-6633	2026-04-20 21:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

177	-	-	-	-	When sed is invoked with both -i (in-place edit) and --follow-symlinks, the function open_next_file() performs two separate, non-atomic filesystem operations on the same path: 1. resolves symlink to… New	CWE-367 Time-of-check Time-of-use (TOCTOU) 競合状態	CVE-2026-5958	2026-04-20 21:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

178	8.8	HIGH ネットワーク	-	-	A vulnerability was identified in Tenda F451 1.0.0.7_cn_svn7958. The affected element is the function fromSafeClientFilter of the file /goform/SafeClientFilter of the component httpd. The manipulatio… New	CWE-119 CWE-120 バッファエラー古典的バッファオーバーフロー	CVE-2026-6632	2026-04-20 20:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

179	8.8	HIGH ネットワーク	-	-	A vulnerability was determined in Tenda F451 1.0.0.7_cn_svn7958. Impacted is the function fromwebExcptypemanFilter of the file /goform/webExcptypemanFilter of the component httpd. Executing a manipul… New	CWE-119 CWE-120 バッファエラー古典的バッファオーバーフロー	CVE-2026-6631	2026-04-20 20:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

180	8.8	HIGH ネットワーク	-	-	A vulnerability was found in Tenda F451 1.0.0.7_cn_svn7958. This issue affects the function fromGstDhcpSetSer of the file /goform/GstDhcpSetSer of the component httpd. Performing a manipulation of th… New	CWE-119 CWE-120 バッファエラー古典的バッファオーバーフロー	CVE-2026-6630	2026-04-20 20:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

181	7.3	HIGH ネットワーク	-	-	A vulnerability has been found in Metasoft 美特软件 MetaCRM up to 6.4.0. This vulnerability affects the function Statement.executeUpdate of the file sql.jsp of the component Interface. Such manipulation … New	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-6629	2026-04-20 20:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

182	6.3	MEDIUM ネットワーク	-	-	A flaw has been found in phili67 Ecclesia CRM up to 8.0.0. This affects the function ValidateInput of the file /v2/query/view/ of the component Query Viewer Component. This manipulation of the argume… New	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-6628	2026-04-20 19:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

183	6.3	MEDIUM ネットワーク	-	-	A vulnerability was detected in Cockpit-HQ Cockpit up to 2.13.5. Affected by this issue is some unknown functionality of the component Asset Handler/Aggregate Handler. The manipulation results in imp… New	CWE-20 CWE-943 不適切な入力確認データクエリロジックの特殊要素の不適切な中立化	CVE-2026-6626	2026-04-20 19:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

184	7.3	HIGH ネットワーク	-	-	A security vulnerability has been detected in moxi624 Mogu Blog v2 up to 5.2. Affected by this vulnerability is the function LocalFileServiceImpl.uploadPictureByUrl of the file mogu_picture/src/main/… New	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-6625	2026-04-20 19:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

185	2.4	LOW ネットワーク	-	-	A weakness has been identified in BichitroGan ISP Billing Software 2025.3.20. Affected is an unknown function of the file /?\_route=pool/add of the component Pool List Interface. Executing a manipula… New	CWE-79 CWE-94 クロスサイト・スクリプティング（XSS）コード・インジェクション	CVE-2026-6624	2026-04-20 19:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

186	2.4	LOW ネットワーク	-	-	A security flaw has been discovered in BichitroGan ISP Billing Software 2025.3.20. This impacts an unknown function of the file /?_route=settings/users-view/ of the component Profile Page Handler. Pe… New	CWE-79 CWE-94 クロスサイト・スクリプティング（XSS）コード・インジェクション	CVE-2026-6623	2026-04-20 19:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

187	2.4	LOW ネットワーク	-	-	A vulnerability was identified in BichitroGan ISP Billing Software 2025.3.20. This affects an unknown function of the file /?\_route=customers/edit/ of the component Customer Handler. Such manipulati… New	CWE-79 CWE-94 クロスサイト・スクリプティング（XSS）コード・インジェクション	CVE-2026-6622	2026-04-20 19:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

188	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: X.509: Fix out-of-bounds access when parsing extensions Leo reports an out-of-bounds access when parsing a certificate with empty… New	-	CVE-2026-31430	2026-04-20 19:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

189	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: net: skb: fix cross-cache free of KFENCE-allocated skb head SKB_SMALL_HEAD_CACHE_SIZE is intentionally set to a non-power-of-2 va… New	-	CVE-2026-31429	2026-04-20 19:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

190	-	-	-	-	Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain administrator-only resources via improperly protected API endpoints. This includes sensitive informa… New	CWE-863 不正な認証	CVE-2025-13480	2026-04-20 19:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

191	7.3	HIGH ネットワーク	-	-	A vulnerability was determined in 1024bit extend-deep up to 0.1.6. The impacted element is an unknown function of the file index.js. This manipulation of the argument __proto__ causes improperly cont… New	CWE-94 CWE-1321 コード・インジェクションオブジェクトプロトタイプ属性の不適切に制御された変更 (プロトタイプの汚染)	CVE-2026-6621	2026-04-20 18:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

192	6.3	MEDIUM ネットワーク	-	-	A vulnerability was found in SonicCloudOrg sonic-server up to 2.0.0. The affected element is the function Upload of the file FileTool.java of the component File Upload Endpoint. The manipulation of t… New	CWE-22 パス・トラバーサル	CVE-2026-6620	2026-04-20 18:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

193	3.5	LOW ネットワーク	-	-	A vulnerability has been found in langgenius dify up to 1.13.3. Impacted is the function openInNewTab of the file web/app/components/base/image-uploader/image-preview.tsx of the component ImagePrevie… New	CWE-79 CWE-94 クロスサイト・スクリプティング（XSS）コード・インジェクション	CVE-2026-6619	2026-04-20 18:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

194	6.3	MEDIUM ネットワーク	-	-	A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parse_openai_plugin_json_to_tool_bundle of the file api/core/tools/utils/parser.py of the component ApiBasedTool… New	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-6618	2026-04-20 18:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

195	8.8	HIGH ネットワーク	-	-	ThreatSonar Anti-Ransomware developed by TeamT5 has an Privilege Escalation vulnerability. Authenticated remote attackers with shell access can inject OS commands and execute them with root privilege… New	CWE-78 OSコマンド・インジェクション	CVE-2026-5967	2026-04-20 18:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

196	7.8	HIGH ローカル	-	-	SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or plac… New	CWE-276 不適切なデフォルトパーミッション	CVE-2026-39454	2026-04-20 18:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

197	6.3	MEDIUM ネットワーク	-	-	A vulnerability was detected in langgenius dify up to 0.6.9. This vulnerability affects the function get_api_tool_provider_remote_schema of the file api/services/tools/api_tools_manage_service.py of … New	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-6617	2026-04-20 17:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

198	6.3	MEDIUM ネットワーク	-	-	A security vulnerability has been detected in TransformerOptimus SuperAGI up to 0.0.14. This affects the function extract_with_bs4/extract_with_3k/extract_with_lxml of the file superagi/helper/webpag… New	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-6616	2026-04-20 17:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

199	7.3	HIGH ネットワーク	-	-	A weakness has been identified in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function Upload of the file superagi/controllers/resources.py of the component Multipart Uplo… New	CWE-22 パス・トラバーサル	CVE-2026-6615	2026-04-20 17:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

200	8.1	HIGH ネットワーク	-	-	ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files on th… New	CWE-23 相対的パストラバーサル	CVE-2026-5966	2026-04-20 17:16	2026-04-20	表示	GitHub Exploit DB Packet Storm