NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月22日4:00

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
2251	5.5	MEDIUM ローカル	-	-	Permission control vulnerability in the print module. Impact: Successful exploitation of this vulnerability may affect integrity and confidentiality.	CWE-701 設計時に取り込まれた脆弱性	CVE-2026-41979	2026-06-9 22:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

2252	5.5	MEDIUM ローカル	-	-	Permission control vulnerability in the file preview module. Impact: Successful exploitation of this vulnerability may affect service confidentiality.	CWE-200 情報漏えい	CVE-2026-41980	2026-06-9 22:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

2253	5.4	MEDIUM ネットワーク	-	-	Path traversal vulnerability in the SMS app. Impact: Successful exploitation of this vulnerability may affect availability.	CWE-22 パス・トラバーサル	CVE-2026-41972	2026-06-9 22:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

2254	5.9	MEDIUM ローカル	-	-	Permission control vulnerability in calls. Impact: Successful exploitation of this vulnerability may affect availability.	CWE-840 ビジネスロジックエラー	CVE-2026-41973	2026-06-9 22:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

2255	3.6	LOW ローカル	-	-	Permission control vulnerability in service notifications. Impact: Successful exploitation of this vulnerability may affect availability.	CWE-264 認可・権限・アクセス制御	CVE-2026-41974	2026-06-9 22:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

2256	6.6	MEDIUM ローカル	-	-	Permission control vulnerability in the audio framework. Impact: Successful exploitation of this vulnerability may affect service confidentiality.	CWE-275 パーミッションの問題	CVE-2026-41976	2026-06-9 22:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

2257	5.0	MEDIUM ローカル	-	-	DoS vulnerability in the log service. Impact: Successful exploitation of this vulnerability may affect availability.	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2026-41977	2026-06-9 22:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

2258	5.3	MEDIUM ローカル	-	-	Out-of-bounds write vulnerability in the IPC module. Impact: Successful exploitation of this vulnerability may affect availability.	CWE-122 ヒープオーバーフロー	CVE-2026-41981	2026-06-9 22:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

2259	6.4	MEDIUM ネットワーク	-	-	Race condition vulnerability in the IPC module. Impact: Successful exploitation of this vulnerability may affect availability.	CWE-416 解放済みメモリの使用	CVE-2026-41982	2026-06-9 22:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

2260	4.3	MEDIUM ネットワーク	-	-	DoS vulnerability in the browser kernel. Impact: Successful exploitation of this vulnerability may affect availability.	CWE-399 リソース管理の問題	CVE-2026-41983	2026-06-9 22:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

2261	5.2	MEDIUM ローカル	-	-	UAF vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service integrity.	CWE-284 不適切なアクセス制御	CVE-2026-41984	2026-06-9 22:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

2262	5.1	MEDIUM ローカル	-	-	UAF vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service integrity.	CWE-284 不適切なアクセス制御	CVE-2026-41985	2026-06-9 22:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

2263	2.4	LOW 物理	-	-	Logic bypass vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect availability.	CWE-606 チェックされていないループ条件の入力値	CVE-2026-41986	2026-06-9 22:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

2264	9.0	CRITICAL ネットワーク	-	-	Improper neutralization of triple-quote characters during Python code generation in AgentCore CLI before v0.14.2 might allow an authenticated remote threat actor to execute arbitrary code on AWS Agen…	CWE-94 コード・インジェクション	CVE-2026-11393	2026-06-9 22:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

2265	6.4	MEDIUM ネットワーク	-	-	The Accordions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Accordion body field in all versions up to, and including, 2.3.23 due to insufficient input sanitization and o…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-10862	2026-06-9 22:33	2026-06-9	表示	GitHub Exploit DB Packet Storm

2266	5.3	MEDIUM ネットワーク	-	-	A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege v…	CWE-266 CWE-272 不適切な権限設定最小権限の違反	CVE-2026-11620	2026-06-9 22:33	2026-06-9	表示	GitHub Exploit DB Packet Storm

2267	4.7	MEDIUM ネットワーク	-	-	A weakness has been identified in Dcat-Admin up to 2.2.3-beta. This impacts the function editorMDUpload of the file /admin/dcat-api/editor-md/upload of the component User Setting Page. This manipulat…	CWE-284 CWE-434 不適切なアクセス制御危険なタイプのファイルの無制限アップロード	CVE-2026-11621	2026-06-9 22:33	2026-06-9	表示	GitHub Exploit DB Packet Storm

2268	6.4	MEDIUM ネットワーク	-	-	The Enable Media Replace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘location_dir’ parameter in all versions up to, and including, 4.1.8 due to insufficient input sanit…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-5714	2026-06-9 22:33	2026-06-9	表示	GitHub Exploit DB Packet Storm

2269	7.2	HIGH ネットワーク	-	-	The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment text in all versions up to, and including, 7.5.49.7212 due to insufficient input sanit…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-7556	2026-06-9 22:33	2026-06-9	表示	GitHub Exploit DB Packet Storm

2270	6.4	MEDIUM ネットワーク	-	-	The TinyMCE shortcode Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'btnrel' Shortcode Attribute in all versions up to, and including, 1.0.0 due to insufficient input sa…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-10024	2026-06-9 22:33	2026-06-9	表示	GitHub Exploit DB Packet Storm

2271	4.3	MEDIUM ネットワーク	-	-	The jQuery Hover Footnotes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the jqFo…	CWE-352 同一生成元ポリシー違反	CVE-2026-10553	2026-06-9 22:33	2026-06-9	表示	GitHub Exploit DB Packet Storm

2272	6.4	MEDIUM ネットワーク	-	-	The jQuery Hover Footnotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Footnote Qualifier ('{{...}}' Syntax) in all versions up to, and including, 1.4 due to insufficient in…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-10738	2026-06-9 22:33	2026-06-9	表示	GitHub Exploit DB Packet Storm

2273	6.1	MEDIUM ネットワーク	-	-	The Product Filter Widget for Elementor plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via 'args[filterFormArray]' Parameter in all versions up to, and including, 1.0.6 due to i…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-11603	2026-06-9 22:33	2026-06-9	表示	GitHub Exploit DB Packet Storm

2274	4.5	MEDIUM ローカル	-	-	A security vulnerability has been detected in tmux up to 3.6a. Affected is the function image_free of the file image.c. Such manipulation leads to use after free. Local access is required to approach…	CWE-119 CWE-416 バッファエラー解放済みメモリの使用	CVE-2026-11623	2026-06-9 22:33	2026-06-9	表示	GitHub Exploit DB Packet Storm

2275	6.4	MEDIUM ネットワーク	-	-	The ePaperFlip Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'publicationid' attribute of the `epaperflip_embed` shortcode in all versions up to, and including, …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-7662	2026-06-9 22:33	2026-06-9	表示	GitHub Exploit DB Packet Storm

2276	5.3	MEDIUM ネットワーク	-	-	The Helpfulcrowd Product Reviews plugin for WordPress is vulnerable to Authorization Bypass via PHP Type Juggling in versions up to, and including, 1.2.9. This is due to the `helpfulcrowd_validate_to…	CWE-843 型の取り違え	CVE-2026-8499	2026-06-9 22:33	2026-06-9	表示	GitHub Exploit DB Packet Storm

2277	6.4	MEDIUM ネットワーク	-	-	The Extra Settings for RocketChat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'rocketchat' shortcode's 'title' attribute in versions up to, and including, 0.1. This is d…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-8841	2026-06-9 22:33	2026-06-9	表示	GitHub Exploit DB Packet Storm

2278	6.4	MEDIUM ネットワーク	-	-	The RomanCart Ecommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'blclass' attribute (and other attributes) of the romancart_button shortcode in versions up to, and i…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-8880	2026-06-9 22:33	2026-06-9	表示	GitHub Exploit DB Packet Storm

2279	6.4	MEDIUM ネットワーク	-	-	The WP ApplicantStack Jobs Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.1.1 due to insufficient input san…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-8882	2026-06-9 22:33	2026-06-9	表示	GitHub Exploit DB Packet Storm

2280	6.4	MEDIUM ネットワーク	-	-	The kk blog card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'blog-card' shortcode in all versions up to, and including, 1.3. This is due to insufficient input …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-8895	2026-06-9 22:33	2026-06-9	表示	GitHub Exploit DB Packet Storm

2281	4.3	MEDIUM ネットワーク	-	-	The FastPicker, an order picker and order management system (oms) for WooCommerce on steroids plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.…	CWE-352 同一生成元ポリシー違反	CVE-2026-8904	2026-06-9 22:33	2026-06-9	表示	GitHub Exploit DB Packet Storm

2282	6.4	MEDIUM ネットワーク	-	-	The Global Body Mass Index Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gbmicalc' shortcode in versions up to, and including, 1.2. This is due to insufficient…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-8883	2026-06-9 22:33	2026-06-9	表示	GitHub Exploit DB Packet Storm

2283	4.3	MEDIUM ネットワーク	-	-	The AJAX Report Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect nonce validation on the rc_o…	CWE-352 同一生成元ポリシー違反	CVE-2026-8902	2026-06-9 22:33	2026-06-9	表示	GitHub Exploit DB Packet Storm

2284	6.1	MEDIUM ネットワーク	-	-	The WP-Ultimate-Map plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This is due to missing nonce validation on the process_init() function hook…	CWE-352 同一生成元ポリシー違反	CVE-2026-8907	2026-06-9 22:33	2026-06-9	表示	GitHub Exploit DB Packet Storm

2285	4.3	MEDIUM ネットワーク	-	-	The WpMobi plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.3. This is due to missing or incorrect nonce validation on the handleSaveGeneralS…	CWE-352 同一生成元ポリシー違反	CVE-2026-8909	2026-06-9 22:33	2026-06-9	表示	GitHub Exploit DB Packet Storm

2286	6.1	MEDIUM ネットワーク	-	-	The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on a function…	CWE-352 同一生成元ポリシー違反	CVE-2026-8910	2026-06-9 22:33	2026-06-9	表示	GitHub Exploit DB Packet Storm

2287	4.3	MEDIUM ネットワーク	-	-	The WP Meta Sort Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or incorrect nonce validation on the top-leve…	CWE-352 同一生成元ポリシー違反	CVE-2026-8940	2026-06-9 22:33	2026-06-9	表示	GitHub Exploit DB Packet Storm

2288	8.1	HIGH ネットワーク	-	-	The Recover Exit For WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to and including 1.0.3. This is due to insufficient validation and sanitization of the u…	CWE-98 PHP リモートファイルインクルージョン	CVE-2026-9662	2026-06-9 22:33	2026-06-9	表示	GitHub Exploit DB Packet Storm

2289	6.4	MEDIUM ネットワーク	-	-	The WP GDPR Cookie Consent plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ninja_gdpr_ajax_actions' AJAX action in versions up to, and including, 1.0.0. This is due to miss…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-8977	2026-06-9 22:33	2026-06-9	表示	GitHub Exploit DB Packet Storm

2290	7.5	HIGH ネットワーク	-	-	The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.22.0 via the `userId` parameter of the `six_storage_g…	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-9185	2026-06-9 22:33	2026-06-9	表示	GitHub Exploit DB Packet Storm

2291	8.8	HIGH ネットワーク	-	-	The Events Calendar for GeoDirectory plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 2.3.28. This is due to the ajax_ayi_action() handler only applying str…	CWE-269 不適切な権限管理	CVE-2026-11616	2026-06-9 22:33	2026-06-9	表示	GitHub Exploit DB Packet Storm

2292	6.5	MEDIUM ネットワーク	-	-	The Slider Revolution plugin for WordPress is vulnerable to Sensitive Information Disclosure in versions up to and including 7.0.10. This is due to three compounding design flaws: (1) the plugin leak…	CWE-200 情報漏えい	CVE-2026-7542	2026-06-9 22:33	2026-06-9	表示	GitHub Exploit DB Packet Storm

2293	8.8	HIGH ネットワーク	-	-	The Blocksy theme for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution via the 'blocksy_meta' REST API field and the V200 database migration in versions up to and incl…	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2026-8365	2026-06-9 22:33	2026-06-9	表示	GitHub Exploit DB Packet Storm

2294	6.4	MEDIUM ネットワーク	-	-	The MailerPress – Email Marketing, Newsletter, Email Automation & WooCommerce Emails plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Campaign HTML Content Field in all versions …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-8599	2026-06-9 22:33	2026-06-9	表示	GitHub Exploit DB Packet Storm

2295	6.4	MEDIUM ネットワーク	-	-	The Prime Elementor Addons – Lightweight Elementor Widgets for Faster Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Widget HTML Tag Settings in all versions up to, and i…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-8677	2026-06-9 22:33	2026-06-9	表示	GitHub Exploit DB Packet Storm

2296	4.3	MEDIUM ネットワーク	-	-	The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capabi…	CWE-862 認証の欠如	CVE-2026-4058	2026-06-9 22:33	2026-06-9	表示	GitHub Exploit DB Packet Storm

2297	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: Revert "mm/hugetlbfs: update hugetlbfs to use mmap_prepare" This reverts commit ea52cb24cd3f ("mm/hugetlbfs: update hugetlbfs to …	-	CVE-2026-46318	2026-06-9 22:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2298	8.0	HIGH ネットワーク	-	-	VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scri…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-41723	2026-06-9 22:16	2026-06-8	表示	GitHub Exploit DB Packet Storm

2299	8.0	HIGH ネットワーク	-	-	VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scri…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-41722	2026-06-9 22:16	2026-06-8	表示	GitHub Exploit DB Packet Storm

2300	6.5	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via…	CWE-284 不適切なアクセス制御	CVE-2026-11190	2026-06-9 21:51	2026-06-5	表示	GitHub Exploit DB Packet Storm