NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月22日4:00

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
2151	5.3	MEDIUM ネットワーク	checkmk	checkmk	Incorrect authorization in the User Messages dashboard widget in Checkmk <2.5.0p5 causes the message-fetching endpoints to return the dashboard creator's messages rather than the viewer's, allowing a…	CWE-863 不正な認証	CVE-2026-7765	2026-06-9 23:49	2026-06-8	表示	GitHub Exploit DB Packet Storm

2152	5.4	MEDIUM ネットワーク	checkmk	checkmk	Improper neutralization of HTML-encoded characters in the URL validation function in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows an authenticated user to bypass URL validati…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-8833	2026-06-9 23:49	2026-06-8	表示	GitHub Exploit DB Packet Storm

2153	-	-	-	-	The Electron preload script in Logseq exposes an API method that allows the renderer process to invoke IPC handlers without proper path validation. An attacker with JavaScript execution in the render…	CWE-749 危険なメソッドや機能の公開	CVE-2026-47899	2026-06-9 23:47	2026-06-9	表示	GitHub Exploit DB Packet Storm

2154	-	-	-	-	Logseq is vulnerable to a stored cross-site scripting (XSS). A malicious plugin can include a JavaScript payload in the "name" field of its "package.json" file, which is rendered using "innerHTML" wi…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-47900	2026-06-9 23:47	2026-06-9	表示	GitHub Exploit DB Packet Storm

2155	-	-	-	-	Logseq is vulnerable to a sandbox escape flaw where plugins running in sandboxed iframes can inject arbitrary HTML attributes, such as event handlers, into their container element in the host DOM. Du…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-47901	2026-06-9 23:47	2026-06-9	表示	GitHub Exploit DB Packet Storm

2156	-	-	-	-	Uncontrolled Resource Consumption vulnerability in the Elixir standard library's Version module allows an attacker who controls a version string to cause a denial of service through CPU and memory ex…	CWE-400 リソースの枯渇	CVE-2026-49762	2026-06-9 23:47	2026-06-9	表示	GitHub Exploit DB Packet Storm

2157	9.8	CRITICAL ネットワーク	-	-	Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Netcad Software Inc. E-İmar allows SQL Injection. This issue affects E-İmar: from 2.10.1.0 befor…	CWE-89 SQLインジェクション	CVE-2026-7486	2026-06-9 23:47	2026-06-9	表示	GitHub Exploit DB Packet Storm

2158	-	-	-	-	Logseq exposes an IPC handler that allows the renderer process to execute shell commands. While an allowlist restricts the command name (e.g. `git`, `pandoc`, `grep`), the argument string is concaten…	CWE-78 OSコマンド・インジェクション	CVE-2026-9279	2026-06-9 23:47	2026-06-9	表示	GitHub Exploit DB Packet Storm

2159	8.8	HIGH ネットワーク	google	chrome	Use after free in File Input in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)	CWE-416 解放済みメモリの使用	CVE-2026-11630	2026-06-9 23:47	2026-06-9	表示	GitHub Exploit DB Packet Storm

2160	8.3	HIGH ネットワーク	google	chrome	Use after free in Aura in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTM…	CWE-416 解放済みメモリの使用	CVE-2026-11631	2026-06-9 23:45	2026-06-9	表示	GitHub Exploit DB Packet Storm

2161	3.3	LOW ネットワーク	-	-	A heap buffer overflow flaw was found in 389 Directory Server. When audit logging is enabled, the create_masked_entry_string() function in auditlog.c copies a fixed-length password mask into a precis…	CWE-122 ヒープオーバーフロー	CVE-2026-11792	2026-06-9 23:42	2026-06-9	表示	GitHub Exploit DB Packet Storm

2162	9.6	CRITICAL ネットワーク	google	chrome	Use after free in WebMIDI in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)	CWE-416 解放済みメモリの使用	CVE-2026-11165	2026-06-9 23:24	2026-06-5	表示	GitHub Exploit DB Packet Storm

2163	9.8	CRITICAL ネットワーク	-	-	A remote, unauthenticated attacker can trigger memory corruption in Zephyr's HTTP server WebSocket upgrade path by sending a crafted Sec-WebSocket-Key header. The HTTP/1 header parser copies the head…	CWE-170 CWE-787 不適切な NULL による終了境界外書き込み	CVE-2026-5067	2026-06-9 23:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2164	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: disallow non-power of two min_region_sz on damon_start() Commit d8f867fa0825 ("mm/damon: add damon_ctx->min_sz_reg…	-	CVE-2026-52905	2026-06-9 23:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2165	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix nvkm_device leak on aperture removal failure When aperture_remove_conflicting_pci_devices() fails during probe, …	-	CVE-2026-52904	2026-06-9 23:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2166	5.3	MEDIUM ネットワーク	-	-	The WPForms WordPress plugin before 1.10.0.5 does not verify the authenticity of incoming PayPal webhook events before processing them, allowing unauthenticated attackers to forge webhook payloads a…	CWE-862 認証の欠如	CVE-2026-4986	2026-06-9 23:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2167	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: erofs: handle end of filesystem properly for file-backed mounts I/O requests beyond the end of the filesystem should be zeroed ou…	-	CVE-2026-46329	2026-06-9 23:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2168	6.1	MEDIUM ネットワーク	-	-	Multiple reflected Cross-Site Scripting (XSS) vulnerabilities in damasac thaipalliative_lte through version 3.0 allow remote attackers to inject arbitrary web script or HTML via the idFormMain parame…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-38579	2026-06-9 23:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

2169	-	-	-	-	A vulnerability in the quarantine and restore workflow of the X-VPN macOS website versions 77.0 through 77.5 allow a local attacker to leverage a race condition and symlink manipulation to achieve pr…	CWE-367 Time-of-check Time-of-use (TOCTOU) 競合状態	CVE-2026-2638	2026-06-9 23:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2170	8.3	HIGH ネットワーク	-	-	Integer overflow in libyuv in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.…	CWE-472 不変と仮定される Web パラメータの外部制御	CVE-2026-11640	2026-06-9 23:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2171	8.8	HIGH ネットワーク	-	-	Versions of the package degit before 2.8.6, from 3.0.0 and before 3.3.1 are vulnerable to Command Injection due to improper sanitisation of user input for git shell commands directly invoked with exe…	CWE-78 CWE-77 OSコマンド・インジェクションコマンドインジェクション	CVE-2026-11572	2026-06-9 23:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2172	6.5	MEDIUM ネットワーク	google	chrome	Insufficient policy enforcement in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)	CWE-693 保護メカニズムの不具合	CVE-2026-11288	2026-06-9 22:59	2026-06-5	表示	GitHub Exploit DB Packet Storm

2173	6.5	MEDIUM ネットワーク	google	chrome	Side-channel information leakage in Paint in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)	CWE-1300 CWE-203 物理サイドチャネルの不適切な保護セキュリティ関連の処理に対するレスポンスの違いに起因する情報漏えい	CVE-2026-11289	2026-06-9 22:58	2026-06-5	表示	GitHub Exploit DB Packet Storm

2174	7.5	HIGH ネットワーク	-	-	Shenzhen Tenda Technology Co., Ltd Tenda AC1206 v15.03.06.23 was discovered to contain multiple stack overflows in the fromGstDhcpSetSer function via the username and password parameters. These vulne…	CWE-121 スタックオーバーフロー	CVE-2026-36789	2026-06-9 22:57	2026-06-9	表示	GitHub Exploit DB Packet Storm

2175	6.5	MEDIUM ネットワーク	-	-	OfflineIMAP before 8.0.3 trusts the server with their STARTTLS capability prior to authentication, which allows STRIPTLS/man-in-the-middle attacks, taking over the connection and extracting account c…	CWE-348 信頼性の低い送信元の使用	CVE-2020-37248	2026-06-9 22:57	2026-06-9	表示	GitHub Exploit DB Packet Storm

2176	7.5	HIGH ネットワーク	-	-	Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory. By creating resources of certain types and presenting a set of parameters t…	CWE-122 ヒープオーバーフロー	CVE-2026-22164	2026-06-9 22:57	2026-06-9	表示	GitHub Exploit DB Packet Storm

2177	7.1	HIGH ローカル	-	-	Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of a mapping state maintained for a sparse memory allocation. The product accidenta…	CWE-468	CVE-2026-34194	2026-06-9 22:57	2026-06-9	表示	GitHub Exploit DB Packet Storm

2178	7.5	HIGH ネットワーク	-	-	Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the list1 parameter of the fromDhcpListClient function. This vulnerability allows attackers to ca…	CWE-121 スタックオーバーフロー	CVE-2026-36786	2026-06-9 22:57	2026-06-9	表示	GitHub Exploit DB Packet Storm

2179	8.8	HIGH ネットワーク	-	-	Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user account has been physically del…	CWE-285 CWE-613 不適切な認可不適切なセッション期限	CVE-2026-46656	2026-06-9 22:57	2026-06-9	表示	GitHub Exploit DB Packet Storm

2180	7.1	HIGH ネットワーク	-	-	Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via persistent authentication tok…	CWE-212 CWE-613 保存または転送前の重要な情報の不適切な削除不適切なセッション期限	CVE-2026-46657	2026-06-9 22:57	2026-06-9	表示	GitHub Exploit DB Packet Storm

2181	8.7	HIGH ネットワーク	-	-	A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 (Build 63255) allows an authenticated remote attacker with low privileges to inject malicious JavaScrip…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-41031	2026-06-9 22:57	2026-06-9	表示	GitHub Exploit DB Packet Storm

2182	-	-	-	-	When creating an export of all reusable media, the secrets of connected gift cards were included in the export even if the user creating the export does not have permission to view gift cards. This…	CWE-280 権限管理不備	CVE-2026-11764	2026-06-9 22:57	2026-06-9	表示	GitHub Exploit DB Packet Storm

2183	4.3	MEDIUM ネットワーク	google	chrome	Insufficient policy enforcement in Blink in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)	CWE-693 保護メカニズムの不具合	CVE-2026-11292	2026-06-9 22:54	2026-06-5	表示	GitHub Exploit DB Packet Storm

2184	9.6	CRITICAL ネットワーク	google	chrome	Use after free in Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low)	CWE-416 解放済みメモリの使用	CVE-2026-11293	2026-06-9 22:53	2026-06-5	表示	GitHub Exploit DB Packet Storm

2185	7.6	HIGH 隣接	-	-	A remote, unauthenticated BLE peer can trigger a 2-byte out-of-bounds write in the Bluetooth host during L2CAP LE CoC SDU reassembly. When the application enables segmentation (via chan_ops.alloc_buf…	CWE-787 境界外書き込み	CVE-2026-5068	2026-06-9 22:53	2026-06-9	表示	GitHub Exploit DB Packet Storm

2186	6.0	MEDIUM ローカル	-	-	Dell iDRAC Tools, versions prior to 11.4.1.0, contains an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially e…	CWE-59 リンク解釈の問題	CVE-2026-28262	2026-06-9 22:53	2026-06-9	表示	GitHub Exploit DB Packet Storm

2187	4.8	MEDIUM ネットワーク	-	-	QloApps through 1.7.0 contains a stored cross-site scripting vulnerability in the admin file manager that allows authenticated administrators to inject malicious JavaScript by uploading crafted SVG f…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-25558	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

2188	9.8	CRITICAL ネットワーク	-	-	OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attackers to gain admin access by supplying an e…	CWE-305 根本の脆弱性による認証回避	CVE-2026-25555	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

2189	8.8	HIGH ネットワーク	-	-	OpenBullet2 through version 0.3.2 contains a path traversal vulnerability in the wordlist endpoint that allows authenticated attackers to perform arbitrary file read, write, and delete operations by …	CWE-22 パス・トラバーサル	CVE-2026-25559	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

2190	8.8	HIGH ネットワーク	-	-	OpenBullet2 through version 0.3.2 contains a remote code execution vulnerability that allows authenticated users to execute arbitrary commands by uploading script files (.bat.ps1.sh) through the File…	CWE-78 OSコマンド・インジェクション	CVE-2026-25855	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

2191	8.8	HIGH ネットワーク	-	-	OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C# code on the server host by creating or modifyin…	CWE-94 コード・インジェクション	CVE-2026-25856	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

2192	6.5	MEDIUM ネットワーク	-	-	OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the NTLMv2 hash of the process user by configuring a job proxy sour…	CWE-522 認証情報の不十分な保護	CVE-2026-39908	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

2193	9.8	CRITICAL ネットワーク	-	-	STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary…	CWE-862 認証の欠如	CVE-2026-39910	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

2194	9.4	CRITICAL ネットワーク	-	-	AdGuard Home, when started with the --glinet flag, contains an authentication bypass vulnerability that allows unauthenticated attackers to gain full admin access by supplying a path traversal sequen…	CWE-22 パス・トラバーサル	CVE-2026-41448	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

2195	-	-	-	-	A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutralization of user-controlled input within the web management interface. An authe…	CWE-78 OSコマンド・インジェクション	CVE-2026-8913	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

2196	7.5	HIGH ネットワーク	-	-	Nginx Proxy Manager versions 2.9.14 through 2.15.1, fixed in commit a5db5ed, contain an authenticated remote code execution vulnerability via OS command injection in the setupCertbotPlugins() functio…	CWE-78 OSコマンド・インジェクション	CVE-2026-40519	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

2197	7.1	HIGH ネットワーク	-	-	WACRM prior to commit 73041bf contain an authorization bypass vulnerability in the automation engine that allows authenticated attackers to access and modify contacts belonging to other tenants by su…	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-49141	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

2198	3.5	LOW ネットワーク	-	-	The Custom Block Builder WordPress plugin before 4.3.0 does not consistently check the unfiltered_html capability across all paths that write to its block template code fields, allowing administrato…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-8981	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

2199	-	-	-	-	SQL injection in the ‘two_steps_auth_code’ parameter processed by the ‘twoStepsAuthVerification’ function within the ‘/user-login’ endpoint. The two-factor authentication (2FA) functionality can be a…	CWE-89 SQLインジェクション	CVE-2026-10731	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

2200	8.2	HIGH ネットワーク	-	-	Simply Poll 1.4.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the 'pollid' POST pa…	CWE-89 SQLインジェクション	CVE-2016-20062	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm