NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月22日4:00

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
2301	6.5	MEDIUM ネットワーク	google	chrome	Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass navigation restricti…	CWE-20 不適切な入力確認	CVE-2026-11189	2026-06-9 21:51	2026-06-5	表示	GitHub Exploit DB Packet Storm

2302	8.8	HIGH ネットワーク	google	chrome	Out of bounds memory access in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security s…	CWE-125 境界外読み取り	CVE-2026-11191	2026-06-9 21:50	2026-06-5	表示	GitHub Exploit DB Packet Storm

2303	4.3	MEDIUM ネットワーク	google	chrome	Insufficient validation of untrusted input in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via malicious network traffic. (Chromium securi…	CWE-20 不適切な入力確認	CVE-2026-11192	2026-06-9 21:49	2026-06-5	表示	GitHub Exploit DB Packet Storm

2304	6.5	MEDIUM ネットワーク	google	chrome	Insufficient policy enforcement in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium securit…	CWE-284 不適切なアクセス制御	CVE-2026-11193	2026-06-9 21:49	2026-06-5	表示	GitHub Exploit DB Packet Storm

2305	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: io_uring/waitid: clear waitid info before copying it to userspace IORING_OP_WAITID stores its result fields in struct io_waitid::…	-	CVE-2026-46315	2026-06-9 18:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2306	7.1	HIGH ネットワーク	-	-	A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources…	CWE-732 重要なリソースに対する不適切なパーミッションの割り当て	CVE-2026-10840	2026-06-9 18:16	2026-06-4	表示	GitHub Exploit DB Packet Storm

2307	6.5	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in WebAppInstalls in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HT…	CWE-20 不適切な入力確認	CVE-2026-11023	2026-06-9 12:08	2026-06-5	表示	GitHub Exploit DB Packet Storm

2308	8.8	HIGH ネットワーク	google	chrome	Stack buffer overflow in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: Medium)	CWE-121 スタックオーバーフロー	CVE-2026-11024	2026-06-9 12:07	2026-06-5	表示	GitHub Exploit DB Packet Storm

2309	6.5	MEDIUM ネットワーク	google	chrome	Insufficient policy enforcement in Navigation in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium securit…	CWE-602 サーバ側のセキュリティのクライアント側での実施	CVE-2026-11025	2026-06-9 12:07	2026-06-5	表示	GitHub Exploit DB Packet Storm

2310	6.5	MEDIUM ネットワーク	google	chrome	Out of bounds read in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium secur…	CWE-125 境界外読み取り	CVE-2026-11096	2026-06-9 12:07	2026-06-5	表示	GitHub Exploit DB Packet Storm

2311	6.5	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Me…	CWE-474 一貫性のない実装を含む機能の使用	CVE-2026-11097	2026-06-9 12:07	2026-06-5	表示	GitHub Exploit DB Packet Storm

2312	5.3	MEDIUM ネットワーク	google	chrome	Insufficient validation of untrusted input in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HT…	CWE-20 不適切な入力確認	CVE-2026-11098	2026-06-9 12:07	2026-06-5	表示	GitHub Exploit DB Packet Storm

2313	9.6	CRITICAL ネットワーク	google	chrome	Use after free in File Input in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially perform a sandbox escape vi…	CWE-416 解放済みメモリの使用	CVE-2026-11100	2026-06-9 12:06	2026-06-5	表示	GitHub Exploit DB Packet Storm

2314	6.5	MEDIUM ネットワーク	google	chrome	Insufficient validation of untrusted input in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted H…	CWE-20 不適切な入力確認	CVE-2026-11121	2026-06-9 12:06	2026-06-5	表示	GitHub Exploit DB Packet Storm

2315	6.1	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in Keyboard in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security sever…	CWE-358 不適切に実装されたセキュリティチェック	CVE-2026-11122	2026-06-9 12:06	2026-06-5	表示	GitHub Exploit DB Packet Storm

2316	6.5	MEDIUM ネットワーク	google	chrome	Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium securit…	CWE-457 初期化されていない変数の使用	CVE-2026-11123	2026-06-9 12:05	2026-06-5	表示	GitHub Exploit DB Packet Storm

2317	8.8	HIGH ネットワーク	google	chrome	Integer overflow in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium)	CWE-122 ヒープオーバーフロー	CVE-2026-11124	2026-06-9 12:05	2026-06-5	表示	GitHub Exploit DB Packet Storm

2318	4.3	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chro…	CWE-20 不適切な入力確認	CVE-2026-11126	2026-06-9 12:05	2026-06-5	表示	GitHub Exploit DB Packet Storm

2319	6.5	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in WebAPKs in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted WebAPK. (Chromium security severity: Medi…	CWE-358 不適切に実装されたセキュリティチェック	CVE-2026-11127	2026-06-9 12:05	2026-06-5	表示	GitHub Exploit DB Packet Storm

2320	6.5	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in Web Share in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a craf…	CWE-20 不適切な入力確認	CVE-2026-11128	2026-06-9 12:05	2026-06-5	表示	GitHub Exploit DB Packet Storm

2321	8.3	HIGH ネットワーク	-	-	Use after free in Printing in Google Chrome on Android prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted…	CWE-416 解放済みメモリの使用	CVE-2026-11647	2026-06-9 11:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2322	9.6	CRITICAL ネットワーク	-	-	Use after free in Printing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)	CWE-416 解放済みメモリの使用	CVE-2026-11638	2026-06-9 11:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2323	-	-	-	-	Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows authenticated attackers to trigger a fatal assertion and ca…	CWE-617 到達可能なアサーション	CVE-2026-35058	2026-06-9 11:08	2026-06-9	表示	GitHub Exploit DB Packet Storm

2324	-	-	-	-	A race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows remote attackers to potentially cause a server crash or leak heap memory via a use-after-free triggered during TLS…	CWE-125 CWE-416 境界外読み取り解放済みメモリの使用	CVE-2026-40215	2026-06-9 11:08	2026-06-9	表示	GitHub Exploit DB Packet Storm

2325	4.2	MEDIUM ネットワーク	-	-	SAP Fiori Launchpad allows attackers to craft malicious URLs that triggers arbitrary service calls on the Fiori domain, this when opened by the user could compromise accounts by stealing user credent…	CWE-35 パストラバーサル	CVE-2026-24315	2026-06-9 11:08	2026-06-9	表示	GitHub Exploit DB Packet Storm

2326	9.8	CRITICAL ネットワーク	-	-	Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an unauthenticated attacker can send a crafted RFC request that explo…	CWE-121 スタックオーバーフロー	CVE-2026-27671	2026-06-9 11:08	2026-06-9	表示	GitHub Exploit DB Packet Storm

2327	9.0	CRITICAL ネットワーク	-	-	SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft a malicious HTTP logon request that manipulates file inclusion parameters, enabling path traversal an…	CWE-35 パストラバーサル	CVE-2026-40128	2026-06-9 11:08	2026-06-9	表示	GitHub Exploit DB Packet Storm

2328	3.7	LOW ネットワーク	-	-	Under certain conditions, when an unauthorized attacker accesses a specific endpoint, SAP Business Objects application leaks sensitive information .This has a low impact on the confidentiality of the…	CWE-497 認可されていない制御領域への重要情報の漏えい	CVE-2026-44743	2026-06-9 11:08	2026-06-9	表示	GitHub Exploit DB Packet Storm

2329	6.5	MEDIUM ネットワーク	-	-	SAP S/4HANA(On-Premise) contains SQL injection vulnerability in a remote-enabled function module component that could be exploited by an authenticated attacker to potentially execute unauthorized dat…	CWE-89 SQLインジェクション	CVE-2026-44744	2026-06-9 11:08	2026-06-9	表示	GitHub Exploit DB Packet Storm

2330	6.1	MEDIUM ネットワーク	-	-	Due to a reflected cross-site scripting (XSS) vulnerability in SAP NetWeaver JAVA (JDBC Test Servlet), an unauthenticated attacker could craft a URL that embeds a malicious script. If a victim clicks…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-44746	2026-06-9 11:08	2026-06-9	表示	GitHub Exploit DB Packet Storm

2331	9.9	CRITICAL ネットワーク	-	-	SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid signed message and send modified signed XML documents to the verifier…	CWE-347 デジタル署名の不適切な検証	CVE-2026-44748	2026-06-9 11:08	2026-06-9	表示	GitHub Exploit DB Packet Storm

2332	4.3	MEDIUM ネットワーク	-	-	SAP MDG (Review Match Groups Application) does not perform the necessary authorization checks for authenticated users. This could allow a low-privileged user to perform actions that would otherwise b…	CWE-862 認証の欠如	CVE-2026-44750	2026-06-9 11:08	2026-06-9	表示	GitHub Exploit DB Packet Storm

2333	7.1	HIGH ネットワーク	-	-	Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a report generation command which could overwrite information belongi…	CWE-862 認証の欠如	CVE-2026-44751	2026-06-9 11:08	2026-06-9	表示	GitHub Exploit DB Packet Storm

2334	6.6	MEDIUM ネットワーク	-	-	The Remote Function Call (RFC) modules of the Operational Data Provisioning Data Replication API (ODP-RFC) are missing caller identification of permitted SAP-internal applications and are being used …	CWE-862 認証の欠如	CVE-2026-44754	2026-06-9 11:08	2026-06-9	表示	GitHub Exploit DB Packet Storm

2335	4.3	MEDIUM ネットワーク	-	-	SAP Business Objects Business Intelligence Platform does not sufficiently validate email sending parameters supplied by authenticated users, resulting in an email spoofing vulnerability.This vulnerab…	CWE-346 同一生成元ポリシー違反	CVE-2026-44755	2026-06-9 11:08	2026-06-9	表示	GitHub Exploit DB Packet Storm

2336	4.7	MEDIUM ネットワーク	-	-	SAP Wily Introscope Enterprise Manager allows an unauthenticated attacker to craft a specially crafted URL. Under certain conditions, when accessed by a victim, the injected script could execute in t…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-44757	2026-06-9 11:08	2026-06-9	表示	GitHub Exploit DB Packet Storm

2337	7.5	HIGH ネットワーク	-	-	Use after free in Compositing in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)	CWE-416 解放済みメモリの使用	CVE-2026-11639	2026-06-9 10:37	2026-06-9	表示	GitHub Exploit DB Packet Storm

2338	7.5	HIGH ネットワーク	-	-	Use after free in Bluetooth in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafte…	CWE-416 解放済みメモリの使用	CVE-2026-11641	2026-06-9 10:37	2026-06-9	表示	GitHub Exploit DB Packet Storm

2339	5.5	MEDIUM 隣接	-	-	A vulnerability was found in UTT HiPER 2610G up to 3.0.0-171107. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBinds results in b…	CWE-119 CWE-120 バッファエラー古典的バッファオーバーフロー	CVE-2026-11516	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

2340	4.3	MEDIUM ネットワーク	-	-	A vulnerability was identified in SourceCodester Inventory System 1.0. Affected is an unknown function of the file /users.php of the component User Management Page. The manipulation of the argument f…	CWE-79 CWE-94 クロスサイト・スクリプティング（XSS）コード・インジェクション	CVE-2026-11518	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

2341	6.3	MEDIUM ネットワーク	-	-	A security flaw has been discovered in SourceCodester Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /Product_Inventory/api/users_handler.php of the comp…	CWE-266 CWE-285 不適切な権限設定不適切な認可	CVE-2026-11519	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

2342	3.5	LOW ネットワーク	-	-	A weakness has been identified in SourceCodester Inventory System 1.0. Affected by this issue is some unknown functionality of the file header.php. This manipulation causes cross site scripting. It i…	CWE-79 CWE-94 クロスサイト・スクリプティング（XSS）コード・インジェクション	CVE-2026-11520	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

2343	6.3	MEDIUM ネットワーク	-	-	A security vulnerability has been detected in Mohammed-eid35 bank-management-system-springboot up to 7b9bcc65ad7df3db29af71aed9bb500e5f24d948. This affects an unknown part of the file src/main/java/c…	CWE-266 CWE-285 不適切な権限設定不適切な認可	CVE-2026-11521	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

2344	8.8	HIGH ネットワーク	-	-	A vulnerability was detected in Tenda W20E 15.11.0.6. This vulnerability affects the function formSetPortMirror of the file /goform/setPortMirror. Performing a manipulation of the argument portMirror…	CWE-119 CWE-121 バッファエラースタックオーバーフロー	CVE-2026-11522	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

2345	8.8	HIGH ネットワーク	-	-	A flaw has been found in Tenda W20E 15.11.0.6. This issue affects the function formPortalAuth of the file /goform/PortalAuth of the component Web Management Interface. Executing a manipulation of the…	CWE-119 CWE-121 バッファエラースタックオーバーフロー	CVE-2026-11523	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

2346	8.8	HIGH ネットワーク	-	-	A vulnerability has been found in Tenda W20E 15.11.0.6. Impacted is the function modifyWifiFilterRules of the file /goform/modifyWifiFilterRules of the component Web Management Interface. The manipul…	CWE-119 CWE-121 バッファエラースタックオーバーフロー	CVE-2026-11524	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

2347	8.8	HIGH ネットワーク	-	-	A vulnerability was found in Tenda AC18 15.03.05.05. The affected element is the function sub_45304 of the file /goform/getRebootStatus of the component Web Management Interface. The manipulation of …	CWE-119 CWE-121 バッファエラースタックオーバーフロー	CVE-2026-11528	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

2348	6.3	MEDIUM ネットワーク	-	-	A vulnerability was determined in designcomputer mysql-mcp-server up to 0.2.2. The impacted element is the function read_resource of the file src/mysql_mcp_server/server.py of the component mysql URI…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11529	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

2349	7.3	HIGH ネットワーク	-	-	A vulnerability was identified in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This affects an unknown function of the file /index.ph of the component Login. Suc…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11530	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

2350	6.3	MEDIUM ネットワーク	-	-	A weakness has been identified in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected is an unknown function of the file /add.php of the component Student Reco…	CWE-266 CWE-284 不適切な権限設定不適切なアクセス制御	CVE-2026-11532	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm