NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月23日4:00

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
2351	5.4	MEDIUM ネットワーク	-	-	A security vulnerability has been detected in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this vulnerability is an unknown functionality of the file…	CWE-266 CWE-285 不適切な権限設定不適切な認可	CVE-2026-11533	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

2352	3.5	LOW ネットワーク	-	-	A vulnerability was detected in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this issue is some unknown functionality of the file /add.php. The manip…	CWE-79 CWE-94 クロスサイト・スクリプティング（XSS）コード・インジェクション	CVE-2026-11534	2026-06-9 10:34	2026-06-9	表示	GitHub Exploit DB Packet Storm

2353	5.3	MEDIUM ネットワーク	-	-	A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affected by this issue is some unk…	CWE-255 CWE-259 証明書・パスワード管理パスワードがハードコーディングされている	CVE-2026-11552	2026-06-9 10:32	2026-06-9	表示	GitHub Exploit DB Packet Storm

2354	8.8	HIGH ネットワーク	-	-	A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formPPPEdit of the file /boaform/formPPPEdit. The manipulation of the argument encodename results in st…	CWE-119 CWE-121 バッファエラースタックオーバーフロー	CVE-2026-11553	2026-06-9 10:32	2026-06-9	表示	GitHub Exploit DB Packet Storm

2355	4.3	MEDIUM ネットワーク	-	-	A vulnerability was determined in TOTOLINK CP450 4.1.0cu.747. This vulnerability affects unknown code of the file /etc/vsftpd.conf of the component vsftpd. This manipulation causes least privilege vi…	CWE-266 CWE-272 不適切な権限設定最小権限の違反	CVE-2026-11554	2026-06-9 10:32	2026-06-9	表示	GitHub Exploit DB Packet Storm

2356	8.8	HIGH ネットワーク	-	-	A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file /goform/WriteFacMac of the component Web Management Interface. Performing a man…	CWE-77 CWE-78 コマンドインジェクション OSコマンド・インジェクション	CVE-2026-11556	2026-06-9 10:32	2026-06-9	表示	GitHub Exploit DB Packet Storm

2357	8.8	HIGH ネットワーク	-	-	A weakness has been identified in Tenda F451 1.0.0.7/1.0.0.9. The affected element is the function fromNatlimit of the file /goform/Natlimit of the component Web Management Interface. Executing a man…	CWE-119 CWE-121 バッファエラースタックオーバーフロー	CVE-2026-11557	2026-06-9 10:32	2026-06-9	表示	GitHub Exploit DB Packet Storm

2358	6.3	MEDIUM ネットワーク	-	-	A security vulnerability has been detected in CodeAstro Payroll System 1.0. The impacted element is an unknown function of the file /home_salary.php. The manipulation of the argument rate/salary_rate…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11558	2026-06-9 10:32	2026-06-9	表示	GitHub Exploit DB Packet Storm

2359	6.3	MEDIUM ネットワーク	-	-	A vulnerability was detected in CodeAstro Payroll System 1.0. This affects an unknown function of the file /view_account.php. The manipulation of the argument ID results in sql injection. The attack …	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11559	2026-06-9 10:32	2026-06-9	表示	GitHub Exploit DB Packet Storm

2360	7.3	HIGH ネットワーク	-	-	A flaw has been found in CodeAstro Student Attendance Management System 1.0. The impacted element is an unknown function of the file /attendance-php/index.php. Executing a manipulation of the argumen…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11582	2026-06-9 10:32	2026-06-9	表示	GitHub Exploit DB Packet Storm

2361	6.3	MEDIUM ネットワーク	-	-	A vulnerability has been found in CodeAstro Student Attendance Management System 1.0. This affects an unknown function of the file /attendance-php/Admin/createClass.php. The manipulation of the argum…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11583	2026-06-9 10:32	2026-06-9	表示	GitHub Exploit DB Packet Storm

2362	6.3	MEDIUM ネットワーク	-	-	A vulnerability was found in CodeAstro Student Attendance Management System 1.0. This impacts an unknown function of the file /attendance-php/Admin/createClass.php?action=edit. The manipulation of th…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11584	2026-06-9 10:32	2026-06-9	表示	GitHub Exploit DB Packet Storm

2363	6.3	MEDIUM ネットワーク	-	-	A vulnerability was determined in CodeAstro Student Attendance Management System 1.0. Affected is an unknown function of the file /attendance-php/Admin/createClassArms.php. This manipulation of the a…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11585	2026-06-9 10:32	2026-06-9	表示	GitHub Exploit DB Packet Storm

2364	-	-	-	-	HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.0 suffer from an improper session termination vulnerability where authentication tokens remain valid after …	CWE-613 不適切なセッション期限	CVE-2026-46401	2026-06-9 05:17	2026-06-6	表示	GitHub Exploit DB Packet Storm

2365	8.2	HIGH ネットワーク	-	-	CoreShop is a Pimcore enhanced eCommerce solution. In versions 5.0.1 through 5.1.0-beta.1,, the GitHub Actions workflow (`.github/workflows/static.yml`) uses the `pull_request_target` trigger but dan…	CWE-94 コード・インジェクション	CVE-2026-41249	2026-06-9 05:17	2026-06-5	表示	GitHub Exploit DB Packet Storm

2366	9.8	CRITICAL ネットワーク	-	-	Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality N…	CWE-287 CWE-306 CWE-1390 不適切な認証重要な機能に対する認証の欠如解説脆弱な認証	CVE-2026-6274	2026-06-9 04:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2367	7.5	HIGH ネットワーク	-	-	Lyrion Music Server 9.2.0 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting directory traversal in the web server context. Attackers …	CWE-22 パス・トラバーサル	CVE-2026-50234	2026-06-9 04:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2368	-	-	-	-	HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an OS command injection vulnerability exists in the Git.php library of the HAXcms PHP backend. The applic…	CWE-78 OSコマンド・インジェクション	CVE-2026-46394	2026-06-9 04:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

2369	-	-	-	-	OpenTelemetry-Go is the Go implementation of OpenTelemetry. Prior to version 0.0.17, `go.opentelemetry.io/otel/schema/v1.0` and `go.opentelemetry.io/otel/schema/v1.1` leaks one file descriptor on eac…	CWE-772 CWE-775 有効なライフタイム後のリソースの解放の欠如有効期限後のファイル記述子またはハンドルの解放の欠如	CVE-2026-45287	2026-06-9 04:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2370	4.3	MEDIUM ネットワーク	-	-	IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 are vulnerable to a cross-site request forgery attack, beca…	CWE-650 サーバーサイドにおける許可された HTTP メソッドの信頼	CVE-2026-42543	2026-06-9 04:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2371	-	-	-	-	Froxlor is open source server administration software. Version 2.3.6 lets administrators configure `system.available_shells` as the approved shell list that customers may assign to FTP users. However…	CWE-863 不正な認証	CVE-2026-41235	2026-06-9 04:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2372	7.8	HIGH ローカル	-	-	A DLL hijacking vulnerability in Wassimulator (GitHub) CactusViewer v2.3.0 allows attackers to escalate privileges and execute arbitrary code via a crafted DLL.	CWE-427 制御されていない検索パスの要素	CVE-2026-36574	2026-06-9 04:16	2026-06-4	表示	GitHub Exploit DB Packet Storm

2373	9.6	CRITICAL ネットワーク	google	chrome	Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape …	CWE-20 不適切な入力確認	CVE-2026-11113	2026-06-9 04:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2374	7.4	HIGH ネットワーク	google	chrome	Uninitialized Use in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)	CWE-457 初期化されていない変数の使用	CVE-2026-10973	2026-06-9 04:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2375	9.6	CRITICAL ネットワーク	google	chrome	Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)	CWE-416 解放済みメモリの使用	CVE-2026-10972	2026-06-9 04:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2376	7.4	HIGH ネットワーク	google	chrome	Insufficient validation of untrusted input in Dawn in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via …	CWE-20 不適切な入力確認	CVE-2026-10968	2026-06-9 04:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2377	9.6	CRITICAL ネットワーク	google	chrome	Inappropriate implementation in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity:…	CWE-20 不適切な入力確認	CVE-2026-10966	2026-06-9 04:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2378	6.0	MEDIUM ネットワーク	arista	ng_firewall	An encrypted password command injection vulnerability exists in the Captive Portal application framework of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). This issue uniquely…	CWE-78 OSコマンド・インジェクション	CVE-2026-25620	2026-06-9 04:15	2026-06-6	表示	GitHub Exploit DB Packet Storm

2379	6.0	MEDIUM ネットワーク	arista	ng_firewall	A Reports application infrastructure vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW) due to insecure input validation. This issue uniquely affects versi…	CWE-78 OSコマンド・インジェクション	CVE-2026-25621	2026-06-9 04:13	2026-06-6	表示	GitHub Exploit DB Packet Storm

2380	6.0	MEDIUM ネットワーク	arista	ng_firewall	A Captive Portal Custom Handler command injection vulnerability exists in Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). On affected platforms, an administrative account logg…	CWE-78 OSコマンド・インジェクション	CVE-2026-25622	2026-06-9 04:10	2026-06-6	表示	GitHub Exploit DB Packet Storm

2381	6.0	MEDIUM ネットワーク	arista	ng_firewall	An input validation command execution vulnerability exists in the browser management pipeline of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Authenticated administrators c…	CWE-78 OSコマンド・インジェクション	CVE-2026-25623	2026-06-9 04:10	2026-06-6	表示	GitHub Exploit DB Packet Storm

2382	4.8	MEDIUM ネットワーク	arista	ng_firewall	An administrative cross-site scripting (XSS) vulnerability exists in the web user interface dashboard layout of Arista Edge Threat Management - Arista Next Generation Firewall (NGFW). Unvalidated use…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-25624	2026-06-9 04:08	2026-06-6	表示	GitHub Exploit DB Packet Storm

2383	7.4	HIGH ネットワーク	asynchttpclient_project	async-http-client	The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. Versions on the 2.x branch prior to 2.15.0 and the 3.x branch pri…	CWE-200 情報漏えい	CVE-2026-45300	2026-06-9 03:37	2026-06-6	表示	GitHub Exploit DB Packet Storm

2384	6.5	MEDIUM ネットワーク	google	chrome	Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a cr…	CWE-20 NVD-CWE-noinfo 不適切な入力確認	CVE-2026-11022	2026-06-9 03:37	2026-06-5	表示	GitHub Exploit DB Packet Storm

2385	7.8	HIGH ローカル	x.org redhat	x_server xwayland enterprise_linux	A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() declares a fixed-size stack buffer mapWidths[256] indexed by key type index. The helper function Ch…	CWE-121 スタックオーバーフロー	CVE-2026-50259	2026-06-9 03:28	2026-06-5	表示	GitHub Exploit DB Packet Storm

2386	6.5	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in Link Preview in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted…	CWE-284 不適切なアクセス制御	CVE-2026-11017	2026-06-9 03:17	2026-06-5	表示	GitHub Exploit DB Packet Storm

2387	6.5	MEDIUM ネットワーク	google	chrome	Insufficient policy enforcement in Actor in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medi…	CWE-602 サーバ側のセキュリティのクライアント側での実施	CVE-2026-11018	2026-06-9 03:17	2026-06-5	表示	GitHub Exploit DB Packet Storm

2388	6.5	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in Payments in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform domain spoofing via a crafted…	CWE-290 CWE-451 スプーフィングによる認証回避ユーザインターフェースにおける重要情報の誤った表示	CVE-2026-11019	2026-06-9 03:17	2026-06-5	表示	GitHub Exploit DB Packet Storm

2389	6.5	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted XML file. (Chromium security severity: Medium)	CWE-346 CWE-352 同一生成元ポリシー違反同一生成元ポリシー違反	CVE-2026-11020	2026-06-9 03:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2390	7.2	HIGH ネットワーク	-	-	Lyrion Music Server 9.2.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through media file metadata tags like GENRE, ARTIST, and ALBUM. Attack…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-50232	2026-06-9 03:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2391	7.1	HIGH ネットワーク	7-zip	7-zip	7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an off-by-one out-of-bounds read vulnerability in the ParseDepedencyExpression function of the UEFI firmwar…	CWE-125 境界外読み取り	CVE-2026-48111	2026-06-9 03:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

2392	8.1	HIGH ネットワーク	7-zip	7-zip	7-Zip is a file archiver with a high compression ratio. Versions 9.34 through 26.00 contain a heap memory disclosure via SquashFS fragment offset integer overflow on 32-bit builds. 32-bit integer ove…	CWE-125 境界外読み取り	CVE-2026-48092	2026-06-9 03:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

2393	9.6	CRITICAL ネットワーク	google	chrome	Insufficient validation of untrusted input in GPU in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbo…	CWE-20 不適切な入力確認	CVE-2026-11021	2026-06-9 03:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2394	4.3	MEDIUM ネットワーク	google	chrome	Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium se…	CWE-284 不適切なアクセス制御	CVE-2026-11302	2026-06-9 03:12	2026-06-5	表示	GitHub Exploit DB Packet Storm

2395	4.3	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)	CWE-451 ユーザインターフェースにおける重要情報の誤った表示	CVE-2026-11300	2026-06-9 03:10	2026-06-5	表示	GitHub Exploit DB Packet Storm

2396	6.5	MEDIUM ネットワーク	google	chrome	Insufficient validation of untrusted input in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data v…	CWE-20 不適切な入力確認	CVE-2026-11007	2026-06-9 03:09	2026-06-5	表示	GitHub Exploit DB Packet Storm

2397	6.5	MEDIUM ネットワーク	google	chrome	Insufficient validation of untrusted input in WebAppInstalls in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a…	CWE-20 不適切な入力確認	CVE-2026-11008	2026-06-9 03:09	2026-06-5	表示	GitHub Exploit DB Packet Storm

2398	8.1	HIGH ネットワーク	google	chrome	Insufficient policy enforcement in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted H…	CWE-602 サーバ側のセキュリティのクライアント側での実施	CVE-2026-11011	2026-06-9 03:09	2026-06-5	表示	GitHub Exploit DB Packet Storm

2399	6.5	MEDIUM ネットワーク	google	chrome	Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted …	CWE-602 サーバ側のセキュリティのクライアント側での実施	CVE-2026-11014	2026-06-9 03:08	2026-06-5	表示	GitHub Exploit DB Packet Storm

2400	8.8	HIGH ネットワーク	google	chrome	Inappropriate implementation in LiveCaption in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via malicious network traffic. (Chromi…	CWE-125 境界外読み取り	CVE-2026-11301	2026-06-9 03:08	2026-06-5	表示	GitHub Exploit DB Packet Storm