NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月22日4:00

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
2201	7.1	HIGH ネットワーク	-	-	Single Personal Message 1.0.3 contains an SQL injection vulnerability that allows authenticated users to execute arbitrary SQL queries by injecting malicious code through the message parameter. Attac…	CWE-89 SQLインジェクション	CVE-2016-20063	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

2202	6.2	MEDIUM ローカル	-	-	WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Attacke…	CWE-98 PHP リモートファイルインクルージョン	CVE-2016-20064	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

2203	8.2	HIGH ネットワーク	-	-	Product Catalog 8 1.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the selec…	CWE-89 SQLインジェクション	CVE-2016-20065	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

2204	8.2	HIGH ネットワーク	-	-	WordPress Car Park Booking Plugin version 13 October 17 contains a time-based SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code th…	CWE-89 SQLインジェクション	CVE-2017-20243	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

2205	8.2	HIGH ネットワーク	-	-	Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to read arbitrary database information by exploiting an unescaped POST parameter. …	CWE-89 SQLインジェクション	CVE-2017-20244	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

2206	8.2	HIGH ネットワーク	-	-	Wow Viral Signups 2.1 WordPress plugin contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by exploiting the unescaped 'idsignup' POST parame…	CWE-89 SQLインジェクション	CVE-2017-20245	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

2207	8.2	HIGH ネットワーク	-	-	KittyCatfish 2.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to read database contents by exploiting an unescaped GET parameter. Attackers can i…	CWE-89 SQLインジェクション	CVE-2017-20246	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

2208	8.2	HIGH ネットワーク	-	-	WordPress Plugin PICA Photo Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid para…	CWE-89 SQLインジェクション	CVE-2017-20247	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

2209	7.5	HIGH ネットワーク	-	-	Apptha Slider Gallery 1.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the imgname parameter. Attackers can send requests …	CWE-22 パス・トラバーサル	CVE-2017-20248	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

2210	8.2	HIGH ネットワーク	-	-	Apptha Slider Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the albid parameter. Attac…	CWE-89 SQLインジェクション	CVE-2017-20249	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

2211	7.5	HIGH ネットワーク	-	-	Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the albid parameter. Attackers can send requests to mac…	CWE-22 パス・トラバーサル	CVE-2017-20250	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

2212	9.8	CRITICAL ネットワーク	-	-	WordPress Insert PHP plugin versions before 3.3.1 contain a PHP code injection vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by injecting malicious shortcodes thro…	CWE-94 コード・インジェクション	CVE-2017-20251	2026-06-9 22:51	2026-06-9	表示	GitHub Exploit DB Packet Storm

2213	7.8	HIGH ローカル	-	-	A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The hostname field in client_info.json inside a collection ZIP is inse…	CWE-74 CWE-94 CWE-116 インジェクションコード・インジェクション不適切なエンコード、または出力のエスケープ	CVE-2026-8795	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

2214	7.5	HIGH ネットワーク	-	-	In Micrometer, it is possible for a user to provide specially crafted gRPC requests that may cause a denial-of-service (DoS) condition. Affected versions: Micrometer 1.16.0 through 1.16.5; 1.15.0 th…	CWE-400 リソースの枯渇	CVE-2026-40983	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

2215	7.5	HIGH ネットワーク	-	-	In Micrometer, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Affected versions: micrometer-core 1.16.0 through 1.16.5; 1.15…	CWE-400 リソースの枯渇	CVE-2026-40984	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

2216	5.9	MEDIUM ネットワーク	-	-	An attacker can craft a large number of unique requests that trigger a failure, exhausting the capacity of the application-wide stateful retry cache. Once the cache is full, it permanently rejects an…	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2026-41710	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

2217	6.1	MEDIUM ネットワーク	-	-	In specific scenarios involving HTTP redirects from a secure to an insecure endpoint, the Reactor Netty HTTP client may leak credentials. In order for this to happen, the HTTP client must have been e…	CWE-522 認証情報の不十分な保護	CVE-2026-41715	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

2218	7.4	HIGH ネットワーク	-	-	Spring LDAP's DirContextAuthenticationStrategy implementations do not reject a bind request where a non-empty username is paired with an empty or null password. Affected versions: Spring LDAP 2.4.0 …	CWE-287 不適切な認証	CVE-2026-41720	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

2219	4.2	MEDIUM ネットワーク	-	-	A WebFlux application with a compromised subdomain (for example, compromised via cross-site scripting (XSS)) is vulnerable to an escalation attack exchanging a known session ID for that of an authent…	CWE-384 セッションの固定化	CVE-2026-41839	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

2220	5.9	MEDIUM ネットワーク	-	-	Spring WebFlux applications are vulnerable to Denial of Service (DoS) attacks when processing multipart requests. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0…	CWE-400 リソースの枯渇	CVE-2026-41840	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

2221	5.9	MEDIUM ネットワーク	-	-	Spring MVC and WebFlux applications are vulnerable to Information Disclosure attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6…	CWE-524 重要な情報を含むキャッシュの使用	CVE-2026-41841	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

2222	7.5	HIGH ネットワーク	-	-	Spring MVC and WebFlux applications are vulnerable to Denial of Service (DoS) attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; …	CWE-400 リソースの枯渇	CVE-2026-41842	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

2223	5.9	MEDIUM ネットワーク	-	-	Spring MVC and WebFlux applications are vulnerable to Path Traversal attacks when resolving static resources. Affected versions: Spring Framework 7.0.0 through 7.0.7; 6.2.0 through 6.2.18; 6.1.0 thr…	CWE-22 パス・トラバーサル	CVE-2026-41843	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

2224	7.5	HIGH ネットワーク	-	-	An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language (SpEL). An attacker can exploit this by supplying a specially crafted SpEL expression that triggers …	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2026-41849	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

2225	7.5	HIGH ネットワーク	-	-	Applications that evaluate user-supplied Spring Expression Language (SpEL) expressions are vulnerable to an Algorithmic Denial of Service (DoS). By providing a specially crafted expression, an attack…	CWE-407 アルゴリズムの複雑性	CVE-2026-41850	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

2226	5.3	MEDIUM ネットワーク	-	-	Applications which accept user-supplied Spring Expression Language (SpEL) expressions may be vulnerable to a Denial of Service (DoS) attack if the evaluation of a SpEL expression triggers unbounded c…	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2026-41851	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

2227	8.1	HIGH ネットワーク	-	-	In an untrusted JMS environment, org.springframework.jms.support.converter.MappingJackson2MessageConverter and org.springframework.jms.support.converter.JacksonJsonMessageConverter allow arbitrary cl…	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2026-41855	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

2228	7.1	HIGH ローカル	-	-	A vulnerability has been identified in SIMATIC WinCC Unified PC Runtime V16 (All versions), SIMATIC WinCC Unified PC Runtime V17 (All versions), SIMATIC WinCC Unified PC Runtime V18 (All versions), S…	CWE-313 ファイル内またはディスク上の平文保存	CVE-2026-24349	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

2229	6.1	MEDIUM 隣接	-	-	A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions), SIPROTEC 5 6MD85 (CP200) (All versions), SIPROTEC 5 6MD85 (CP300) (All versions), SIPROTEC 5 6MD86 (CP200) (All version…	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2025-40808	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

2230	4.7	MEDIUM ローカル	-	-	A path traversal vulnerability was found in awxkit, the CLI tool for AWX. The YAML !include directive does not sanitize file paths, allowing an attacker to craft a malicious YAML file that reads arbi…	CWE-22 パス・トラバーサル	CVE-2026-52902	2026-06-9 22:49	2026-06-9	表示	GitHub Exploit DB Packet Storm

2231	-	-	-	-	When ALLOW_INSECURE_RAW_TEXT is enabled, whitespace-variant closing tags (e.g., </style\t>) are not recognized by the sanitizer but accepted by browsers as valid end tags, allowing subsequent content…	CWE-79 CWE-436 クロスサイト・スクリプティング（XSS）解釈の競合	CVE-2026-47344	2026-06-9 22:46	2026-06-9	表示	GitHub Exploit DB Packet Storm

2232	-	-	-	-	Namespace attributes are not encoded correctly during HTML serialization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitizer before version 2.3.2.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-47345	2026-06-9 22:46	2026-06-9	表示	GitHub Exploit DB Packet Storm

2233	-	-	-	-	Backend users with access to the Form Framework were able to use files not ending in .form.yaml as form definitions, which were processed without denying the incorrect file extension. Maliciously cra…	CWE-862 認証の欠如	CVE-2026-11607	2026-06-9 22:46	2026-06-9	表示	GitHub Exploit DB Packet Storm

2234	-	-	-	-	Non-privileged backend users with file mount access were able to perform write operations (move, delete, rename) on folders representing the root of an active file mount due to missing authorization …	CWE-862 認証の欠如	CVE-2026-47343	2026-06-9 22:46	2026-06-9	表示	GitHub Exploit DB Packet Storm

2235	-	-	-	-	Backend users with file write permissions were able to upload form definition files with mixed-case extensions (e.g., .FORM.YAML) to bypass the Form Framework's upload restriction. Maliciously crafte…	CWE-178 CWE-862 大文字と小文字の区別の不適切な処理認証の欠如	CVE-2026-47346	2026-06-9 22:46	2026-06-9	表示	GitHub Exploit DB Packet Storm

2236	-	-	-	-	Applications that use GeneralUtility::sanitizeLocalUrl to allow only local URLs are vulnerable to open redirect attacks if the URL is used after it has passed the aforementioned sanitization checks. …	CWE-601 オープンリダイレクト	CVE-2026-47347	2026-06-9 22:46	2026-06-9	表示	GitHub Exploit DB Packet Storm

2237	-	-	-	-	Editors with access to create or modify page content were able to include HTML markup in page titles that were stored in the search index without sanitization. When displayed in frontend search resul…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-47348	2026-06-9 22:46	2026-06-9	表示	GitHub Exploit DB Packet Storm

2238	-	-	-	-	Backend users with access to the Recycler module were able to restore soft-deleted records on pages or for tables they were not authorized to modify. This issue affects TYPO3 CMS versions before 10.4…	CWE-862 認証の欠如	CVE-2026-47349	2026-06-9 22:46	2026-06-9	表示	GitHub Exploit DB Packet Storm

2239	-	-	-	-	Backend users were able to move records to a different page without having edit permissions on the source page. This issue affects TYPO3 CMS versions 13.0.0-13.4.31 and 14.0.0-14.3.3.	CWE-862 認証の欠如	CVE-2026-47350	2026-06-9 22:46	2026-06-9	表示	GitHub Exploit DB Packet Storm

2240	-	-	-	-	Backend users were able to insert arbitrary records and files into the TYPO3 clipboard without proper read permission checks, which allowed users to gather information about records and files they we…	CWE-200 CWE-862 情報漏えい認証の欠如	CVE-2026-47351	2026-06-9 22:46	2026-06-9	表示	GitHub Exploit DB Packet Storm

2241	-	-	-	-	Authenticated backend users were able to retrieve file metadata via several Backend API routes without proper permission checks, allowing access to files outside their permitted file mounts or storag…	CWE-862 認証の欠如	CVE-2026-47352	2026-06-9 22:46	2026-06-9	表示	GitHub Exploit DB Packet Storm

2242	-	-	-	-	The path allowance check in GeneralUtility::isAllowedAbsPath() performed a plain string prefix comparison without requiring a directory separator boundary, causing a path like /var/www/html-other/sec…	CWE-22 パス・トラバーサル	CVE-2026-49738	2026-06-9 22:46	2026-06-9	表示	GitHub Exploit DB Packet Storm

2243	-	-	-	-	TYPO3's cache frontend (VariableFrontend) and persistent key-value store (Registry) deserialized PHP payloads without integrity validation or class restrictions. An attacker with write access to the …	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2026-49740	2026-06-9 22:46	2026-06-9	表示	GitHub Exploit DB Packet Storm

2244	-	-	-	-	Backend users with write access to the form_definition database table were able to directly create, update, or delete form definition records via DataHandler, bypassing the Form Framework's persisten…	CWE-89 CWE-862 SQLインジェクション認証の欠如	CVE-2026-49741	2026-06-9 22:46	2026-06-9	表示	GitHub Exploit DB Packet Storm

2245	-	-	-	-	Backend users with file download permissions were able to download files from the fallback storage of the file abstraction layer (FAL) via the Media Module. Since the fallback storage resolves paths …	CWE-22 CWE-200 パス・トラバーサル情報漏えい	CVE-2026-49742	2026-06-9 22:46	2026-06-9	表示	GitHub Exploit DB Packet Storm

2246	7.5	HIGH ネットワーク	google	chrome	Inappropriate implementation in ImageCapture in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted H…	CWE-269 不適切な権限管理	CVE-2026-11296	2026-06-9 22:45	2026-06-5	表示	GitHub Exploit DB Packet Storm

2247	4.3	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severi…	CWE-346 同一生成元ポリシー違反	CVE-2026-11298	2026-06-9 22:44	2026-06-5	表示	GitHub Exploit DB Packet Storm

2248	6.5	MEDIUM ネットワーク	google	chrome	Integer overflow in Fonts in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security…	CWE-125 CWE-190 境界外読み取り整数オーバーフローまたはラップアラウンド	CVE-2026-11299	2026-06-9 22:43	2026-06-5	表示	GitHub Exploit DB Packet Storm

2249	6.3	MEDIUM ローカル	-	-	Permission management vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect service integrity.	CWE-701 設計時に取り込まれた脆弱性	CVE-2026-41975	2026-06-9 22:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

2250	4.4	MEDIUM ローカル	-	-	Permission control vulnerability in the clone module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.	CWE-275 パーミッションの問題	CVE-2026-41978	2026-06-9 22:34	2026-06-9	表示	GitHub Exploit DB Packet Storm