NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月20日4:01

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
2051	9.6	CRITICAL ネットワーク	google	chrome	Use after free in Gamepad in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: C…	CWE-416 解放済みメモリの使用	CVE-2026-11634	2026-06-10 01:56	2026-06-9	表示	GitHub Exploit DB Packet Storm

2052	8.3	HIGH ネットワーク	google	chrome	Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HT…	CWE-416 解放済みメモリの使用	CVE-2026-11635	2026-06-10 01:56	2026-06-9	表示	GitHub Exploit DB Packet Storm

2053	7.5	HIGH ネットワーク	google	chrome	Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption …	CWE-416 解放済みメモリの使用	CVE-2026-11636	2026-06-10 01:50	2026-06-9	表示	GitHub Exploit DB Packet Storm

2054	8.8	HIGH ネットワーク	google	chrome	Use after free in Views in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)	CWE-416 解放済みメモリの使用	CVE-2026-11637	2026-06-10 01:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

2055	8.8	HIGH ネットワーク	samlify_project	samlify	samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element text (e.g., <saml:Attribut…	CWE-91 ブラインド XPath インジェクション	CVE-2026-46490	2026-06-10 01:48	2026-06-9	表示	GitHub Exploit DB Packet Storm

2056	7.1	HIGH ネットワーク	snipeitapp	snipe-it	Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular `users.edit` permission to lock every admin out of the …	CWE-863 不正な認証	CVE-2026-48507	2026-06-10 01:41	2026-06-9	表示	GitHub Exploit DB Packet Storm

2057	9.8	CRITICAL ネットワーク	apache	http_server	Use After Free vulnerability in Apache HTTP Server with mod_ldap in per-directory configuration This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to…	CWE-416 解放済みメモリの使用	CVE-2026-29167	2026-06-10 01:29	2026-06-9	表示	GitHub Exploit DB Packet Storm

2058	6.1	MEDIUM ネットワーク	apache	http_server	A cross-site scripting vulnerability exists in mod_proxy_ftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or revers…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-29170	2026-06-10 01:21	2026-06-9	表示	GitHub Exploit DB Packet Storm

2059	7.5	HIGH ネットワーク	apache	http_server	A buffer overflow in mod_proxy_html in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to version 2.4.68, which fixes this issue.	CWE-122 ヒープオーバーフロー	CVE-2026-34355	2026-06-10 01:20	2026-06-9	表示	GitHub Exploit DB Packet Storm

2060	8.8	HIGH ネットワーク	dlink	dwr-m920_firmware	A vulnerability was detected in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_41CF20 of the file /boafrm/formUSSDSetup. The manipulation of the argument ussdValue results in …	CWE-74 CWE-77 インジェクションコマンドインジェクション	CVE-2026-11339	2026-06-10 01:17	2026-06-6	表示	GitHub Exploit DB Packet Storm

2061	7.5	HIGH ネットワーク	apache	http_server	Heap-based Buffer Overflow vulnerability in Apache HTTP Server with malicious backend servers and ProxyPassReverseCookie* This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are…	CWE-122 ヒープオーバーフロー	CVE-2026-34356	2026-06-10 01:17	2026-06-9	表示	GitHub Exploit DB Packet Storm

2062	8.8	HIGH ネットワーク	dlink	dir-823g_firmware	A security flaw has been discovered in D-Link DIR-823G 1.0.2B05. The affected element is an unknown function of the file /etc/vsftpd.conf of the component vsftpd. Performing a manipulation results in…	CWE-266 CWE-272 不適切な権限設定最小権限の違反	CVE-2026-11492	2026-06-10 01:17	2026-06-8	表示	GitHub Exploit DB Packet Storm

2063	7.5	HIGH ネットワーク	dlink	dgs-1100-08pd_firmware	A vulnerability was identified in D-Link DGS-1100-08PD 1.00.006. This issue affects some unknown processing of the file /etc/boa.conf of the component Web Interface. Such manipulation leads to least …	CWE-266 CWE-272 不適切な権限設定最小権限の違反	CVE-2026-11555	2026-06-10 01:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2064	8.8	HIGH ネットワーク	dlink	dcs-5615_firmware	A vulnerability has been found in D-Link DCS-5615 1.01.00. Affected by this vulnerability is an unknown functionality of the file /etc/conf.d/boa/boa.conf of the component Boa Webserver. Such manipul…	CWE-266 CWE-272 不適切な権限設定最小権限の違反	CVE-2026-11497	2026-06-10 01:16	2026-06-8	表示	GitHub Exploit DB Packet Storm

2065	-	-	-	-	CWE-611 Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure of server-side file contents when an attacker with a Data Center Expert user…	CWE-611 XML 外部エンティティ参照の不適切な制限	CVE-2026-8045	2026-06-10 01:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

2066	9.8	CRITICAL ネットワーク	-	-	Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in MOSK Information Technologies Ltd. CBS Platform allows SQL Injection. This issue affects CBS Pla…	CWE-89 SQLインジェクション	CVE-2026-8025	2026-06-10 01:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

2067	5.3	MEDIUM ネットワーク	-	-	In OpenStack Ironic 32 before 37.0.0, an unauthenticated malicious user could submit a crafted JSON string to some endpoints on the API or JSON-RPC service and effect a service crash.	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2026-50589	2026-06-10 01:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2068	8.1	HIGH ネットワーク	-	-	Mem0 versions through 0.2.8, fixed in commit ae7f406, contain a missing authorization vulnerability in the self-hosted server component where the POST /configure endpoint modifies global LLM provider…	CWE-862 認証の欠如	CVE-2026-49948	2026-06-10 01:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

2069	-	-	-	-	HAX CMS helps manage microsite universe with PHP or NodeJs backends. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 26.0.0 due to improper sanitization of `<iframe>` el…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-46396	2026-06-10 01:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

2070	-	-	-	-	HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 2.0.0 and prior to version 26.0.0, the gitlist plugin is exposed to unauthenticated users, allowing unauthenti…	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-46390	2026-06-10 01:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

2071	6.5	MEDIUM ネットワーク	-	-	HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, the HAX CMS NodeJS application crashes when an authenticated attacker sends a specially crafted site crea…	CWE-20 不適切な入力確認	CVE-2026-46357	2026-06-10 01:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

2072	9.0	CRITICAL ネットワーク	termix	termix	Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the File Manager functionality in Termix contains a critical Brok…	CWE-284 CWE-639 不適切なアクセス制御ユーザ制御の鍵による認証回避	CVE-2026-45746	2026-06-10 01:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

2073	7.5	HIGH ネットワーク	-	-	An issue in the Externalizable.readExternal() component of Controller v12.0.5 allows attackers to cause a Denial of Service (DoS) via a crafted input.	CWE-20 不適切な入力確認	CVE-2026-36501	2026-06-10 01:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

2074	6.3	MEDIUM ネットワーク	-	-	A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. The impacted element is an unknown function of the file htdocs/core/filemanagerdol/connectors/php/config.inc.php of the component Lega…	CWE-266 CWE-285 不適切な権限設定不適切な認可	CVE-2026-11619	2026-06-10 01:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2075	7.3	HIGH ネットワーク	-	-	A vulnerability was determined in DTStack Taier up to 1.4.0. The affected element is the function preHandle of the file taier-data-develop/src/main/java/com/dtstack/taier/develop/interceptor/LoginInt…	CWE-287 不適切な認証	CVE-2026-11618	2026-06-10 01:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2076	8.8	HIGH ネットワーク	-	-	A vulnerability was determined in UTT HiPER 2610G up to 3.0.0-171107. This impacts the function strcpy of the file /goform/formConfigDnsFilterGlobal. Executing a manipulation of the argument GroupNam…	CWE-119 CWE-120 バッファエラー古典的バッファオーバーフロー	CVE-2026-11517	2026-06-10 01:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2077	6.3	MEDIUM ネットワーク	-	-	A vulnerability has been found in NousResearch hermes-agent up to 0.12.0. This affects the function resolve_session_by_title of the file hermes_state.py of the component resume Endpoint. Such manipul…	CWE-285 CWE-639 不適切な認可ユーザ制御の鍵による認証回避	CVE-2026-11461	2026-06-10 01:16	2026-06-8	表示	GitHub Exploit DB Packet Storm

2078	6.3	MEDIUM ネットワーク	-	-	A security vulnerability has been detected in GL.iNet GL-MT3000 4.4.5. The impacted element is the function rpc_sys of the file /cgi-bin/luci/rpc of the component LuCI JSON-RPC Interface. Such manipu…	CWE-74 CWE-77 インジェクションコマンドインジェクション	CVE-2026-11449	2026-06-10 01:16	2026-06-7	表示	GitHub Exploit DB Packet Storm

2079	7.2	HIGH ネットワーク	-	-	An OS command injection vulnerability in Ivanti EPMM before 12.9.0.1, 12.8.0.3 and 12.7.0.2 versions allows a remote authenticated attacker to execute arbitrary commands as root	CWE-78 OSコマンド・インジェクション	CVE-2026-10727	2026-06-10 01:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

2080	9.9	CRITICAL ネットワーク	-	-	An Authentication Bypass vulnerability (CWE-288) in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated attacker to create arbitrary administrative accounts…	CWE-288 代替パスまたはチャネルを使用した認証回避	CVE-2026-10523	2026-06-10 01:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

2081	9.1	CRITICAL ネットワーク	-	-	Catalyst::Plugin::Authentication versions before 0.10_027 for Perl is susceptible to session fixation attacks. Catalyst::Plugin::Authentication does not automatically change the session id after aut…	CWE-384 セッションの固定化	CVE-2009-10007	2026-06-10 01:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2082	9.1	CRITICAL ネットワーク	apache	http_server	A path handling issue in mod_dav_fs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing child process crashes. User…	CWE-668 誤った領域へのリソースの漏えい	CVE-2026-42535	2026-06-10 01:00	2026-06-9	表示	GitHub Exploit DB Packet Storm

2083	7.5	HIGH ネットワーク	apache	http_server	Heap-based Buffer Overflow vulnerability in Apache HTTP Server with mod_xml2enc, xml2StartParse, and untrusted content This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are re…	CWE-122 ヒープオーバーフロー	CVE-2026-42536	2026-06-10 00:55	2026-06-9	表示	GitHub Exploit DB Packet Storm

2084	4.3	MEDIUM ネットワーク	google	chrome	Insufficient validation of untrusted input in Wallet in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HT…	CWE-20 CWE-451 不適切な入力確認ユーザインターフェースにおける重要情報の誤った表示	CVE-2026-11286	2026-06-10 00:42	2026-06-5	表示	GitHub Exploit DB Packet Storm

2085	4.3	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Lo…	CWE-451 ユーザインターフェースにおける重要情報の誤った表示	CVE-2026-11285	2026-06-10 00:37	2026-06-5	表示	GitHub Exploit DB Packet Storm

2086	6.5	MEDIUM ネットワーク	google	chrome	Side-channel information leakage in PerformanceAPIs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: L…	CWE-1300 CWE-203 物理サイドチャネルの不適切な保護セキュリティ関連の処理に対するレスポンスの違いに起因する情報漏えい	CVE-2026-11284	2026-06-10 00:27	2026-06-5	表示	GitHub Exploit DB Packet Storm

2087	9.6	CRITICAL ネットワーク	google	chrome	Insufficient policy enforcement in Sandbox in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium securi…	CWE-693 保護メカニズムの不具合	CVE-2026-11282	2026-06-10 00:26	2026-06-5	表示	GitHub Exploit DB Packet Storm

2088	-	-	-	-	phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4, attachment passwords are hashed using SHA-1, a cryptographically broken algorithm. SHA-1 has been vulnerable to collision attac…	CWE-328 脆弱なハッシュの使用	CVE-2026-48488	2026-06-10 00:25	2026-06-9	表示	GitHub Exploit DB Packet Storm

2089	5.5	MEDIUM ローカル	-	-	fabric-chaincode-java is a Java based implementation of Hyperledger Fabric chaincode shim APIs. From version 2.3.1 to before version 2.5.10, when chaincode is deployed in chaincode-as-a-service mode …	CWE-532 ログファイルからの情報漏えい	CVE-2026-45581	2026-06-10 00:25	2026-06-9	表示	GitHub Exploit DB Packet Storm

2090	8.3	HIGH ネットワーク	-	-	OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TEST_CONNECTION workflow for a Database Service and receive, in the HTTP 201 response of POST …	CWE-201 送信データへの重要な情報の挿入	CVE-2026-46481	2026-06-10 00:25	2026-06-9	表示	GitHub Exploit DB Packet Storm

2091	-	-	-	-	MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise. Prior to version 2026.5.12, there is a path traversal vulnerabili…	CWE-22 パス・トラバーサル	CVE-2026-46486	2026-06-10 00:25	2026-06-9	表示	GitHub Exploit DB Packet Storm

2092	8.1	HIGH ネットワーク	-	-	Headplane is a feature-complete Web UI for Headscale. Prior to versions 0.6.3 and 0.7.0-beta.3, Headplane was vulnerable to a path traversal / authorization bypass in the Headscale API client used by…	CWE-22 CWE-285 パス・トラバーサル不適切な認可	CVE-2026-46484	2026-06-10 00:25	2026-06-9	表示	GitHub Exploit DB Packet Storm

2093	-	-	-	-	Fides is an open-source privacy engineering platform. From version 2.33.0 to before version 2.84.5, there is a DOM-based XSS vulnerability in fides.js via the fides_description override. This issue h…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-44541	2026-06-10 00:25	2026-06-9	表示	GitHub Exploit DB Packet Storm

2094	5.6	MEDIUM ネットワーク	-	-	Check for certificate revocation only considers the first matching CRL and ignores other valid CRLs of the same CA in the CycloneCrypto cryptographic wrapper of S2OPC library. It might allow connecti…	CWE-299 証明書失効の不適切なチェック	CVE-2026-6899	2026-06-10 00:25	2026-06-9	表示	GitHub Exploit DB Packet Storm

2095	-	-	-	-	Routinator exits on any error when accepting incoming HTTP or RTR connections, including ones it can recover from such as running out of file descriptors. This condition can be triggered maliciously …	CWE-755 例外的な状態における不適切な処理	CVE-2026-49232	2026-06-10 00:20	2026-06-9	表示	GitHub Exploit DB Packet Storm

2096	-	-	-	-	Origin Validation Error vulnerability in ninenines gun (gun_http2 module) allows cross-origin cookie injection via unvalidated HTTP/2 PUSH_PROMISE authority. In gun_http2:push_promise_frame/7, the :…	CWE-346 同一生成元ポリシー違反	CVE-2026-43972	2026-06-10 00:20	2026-06-9	表示	GitHub Exploit DB Packet Storm

2097	-	-	-	-	Uncontrolled Resource Consumption vulnerability in ninenines gun (gun_http module) allows a malicious server to exhaust client memory via unbounded HTTP/1.1 response buffering. In gun_http:handle/5,…	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2026-43973	2026-06-10 00:20	2026-06-9	表示	GitHub Exploit DB Packet Storm

2098	-	-	-	-	Unexpected Status Code or Return Value vulnerability in ninenines gun (gun_http module) allows a malicious HTTP server to force the client into raw protocol mode via an unsolicited 101 Switching Prot…	CWE-841 行動ワークフローの不適切な実施	CVE-2026-43974	2026-06-10 00:20	2026-06-9	表示	GitHub Exploit DB Packet Storm

2099	-	-	-	-	Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in wojtekmach Req allows attacker-controlled HTTP servers to exhaust memory in a Req client via decompression-bomb respo…	CWE-409 高圧縮データの不適切な処理 (データ増幅)	CVE-2026-49755	2026-06-10 00:20	2026-06-9	表示	GitHub Exploit DB Packet Storm

2100	-	-	-	-	Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in wojtekmach Req allows multipart parameter smuggling via attacker-influenced part metadata. Req.Utils.encode_form_part/2 …	CWE-93 CRLF インジェクション	CVE-2026-49756	2026-06-10 00:20	2026-06-9	表示	GitHub Exploit DB Packet Storm