NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月23日4:00

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
2401	6.5	MEDIUM ネットワーク	google	chrome	Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a cra…	CWE-20 不適切な入力確認	CVE-2026-11016	2026-06-9 03:08	2026-06-5	表示	GitHub Exploit DB Packet Storm

2402	8.8	HIGH ネットワーク	google	chrome	Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low)	CWE-416 解放済みメモリの使用	CVE-2026-11305	2026-06-9 03:04	2026-06-5	表示	GitHub Exploit DB Packet Storm

2403	8.8	HIGH ネットワーク	google	chrome	Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low)	CWE-416 解放済みメモリの使用	CVE-2026-11306	2026-06-9 03:04	2026-06-5	表示	GitHub Exploit DB Packet Storm

2404	8.8	HIGH ネットワーク	google	chrome	Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low)	CWE-416 解放済みメモリの使用	CVE-2026-11307	2026-06-9 03:04	2026-06-5	表示	GitHub Exploit DB Packet Storm

2405	4.2	MEDIUM ネットワーク	7-zip	7-zip	7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain an uninitialized heap read in the SquashFS archive handler caused by a sparsely populated index array. In t…	CWE-125 CWE-908 境界外読み取り初期化されていないリソースの使用	CVE-2026-48104	2026-06-9 03:03	2026-06-6	表示	GitHub Exploit DB Packet Storm

2406	8.8	HIGH ネットワーク	google	chrome	Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Low)	CWE-416 解放済みメモリの使用	CVE-2026-11304	2026-06-9 03:02	2026-06-5	表示	GitHub Exploit DB Packet Storm

2407	8.8	HIGH ネットワーク	google	chrome	Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low)	CWE-416 解放済みメモリの使用	CVE-2026-11303	2026-06-9 03:01	2026-06-5	表示	GitHub Exploit DB Packet Storm

2408	6.5	MEDIUM ネットワーク	7-zip	7-zip	7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain a heap out-of-bounds read in 7-Zip Ar handler BSD SYMDEF parser. A 4-byte heap out-of-bounds read exists in…	CWE-125 CWE-190 境界外読み取り整数オーバーフローまたはラップアラウンド	CVE-2026-48112	2026-06-9 03:00	2026-06-6	表示	GitHub Exploit DB Packet Storm

2409	7.1	HIGH ネットワーク	7-zip	7-zip	7-Zip is a file archiver with a high compression ratio. Versions 9.34 through 26.00 contain an off-by-one heap out-of-bounds read in the WIM (Windows Imaging) archive handler's security descriptor lo…	CWE-125 境界外読み取り	CVE-2026-48103	2026-06-9 02:54	2026-06-6	表示	GitHub Exploit DB Packet Storm

2410	6.3	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to perform privilege escalation via a craf…	CWE-269 不適切な権限管理	CVE-2026-11308	2026-06-9 02:43	2026-06-5	表示	GitHub Exploit DB Packet Storm

2411	9.8	CRITICAL ネットワーク	mbs-solutions	universal_gateway_firmware	An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices.	CWE-1393 デフォルトのパスワードの使用	CVE-2026-35075	2026-06-9 02:17	2026-06-3	表示	GitHub Exploit DB Packet Storm

2412	8.1	HIGH ネットワーク	mbs-solutions	universal_gateway_firmware	The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.	CWE-73 ファイル名やパス名の外部制御	CVE-2026-35076	2026-06-9 02:17	2026-06-3	表示	GitHub Exploit DB Packet Storm

2413	8.1	HIGH ネットワーク	mbs-solutions	universal_gateway_firmware	The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.	CWE-73 ファイル名やパス名の外部制御	CVE-2026-35077	2026-06-9 02:17	2026-06-3	表示	GitHub Exploit DB Packet Storm

2414	8.1	HIGH ネットワーク	mbs-solutions	universal_gateway_firmware	The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.	CWE-73 ファイル名やパス名の外部制御	CVE-2026-35078	2026-06-9 02:17	2026-06-3	表示	GitHub Exploit DB Packet Storm

2415	8.1	HIGH ネットワーク	mbs-solutions	universal_gateway_firmware	The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.	CWE-73 ファイル名やパス名の外部制御	CVE-2026-35079	2026-06-9 02:17	2026-06-3	表示	GitHub Exploit DB Packet Storm

2416	8.1	HIGH ネットワーク	mbs-solutions	universal_gateway_firmware	The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input.	CWE-73 ファイル名やパス名の外部制御	CVE-2026-35080	2026-06-9 02:17	2026-06-3	表示	GitHub Exploit DB Packet Storm

2417	8.1	HIGH ネットワーク	mbs-solutions	universal_gateway_firmware	The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input.	CWE-20 不適切な入力確認	CVE-2026-35081	2026-06-9 02:17	2026-06-3	表示	GitHub Exploit DB Packet Storm

2418	8.8	HIGH ネットワーク	mbs-solutions	universal_gateway_firmware	The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input.	CWE-22 パス・トラバーサル	CVE-2026-35082	2026-06-9 02:17	2026-06-3	表示	GitHub Exploit DB Packet Storm

2419	8.8	HIGH ネットワーク	mbs-solutions	universal_gateway_firmware	A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root.	CWE-121 スタックオーバーフロー	CVE-2026-35083	2026-06-9 02:17	2026-06-3	表示	GitHub Exploit DB Packet Storm

2420	8.8	HIGH ネットワーク	mbs-solutions	universal_gateway_firmware	A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root.	CWE-121 スタックオーバーフロー	CVE-2026-35084	2026-06-9 02:17	2026-06-3	表示	GitHub Exploit DB Packet Storm

2421	10.0	CRITICAL ネットワーク	-	-	Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro fo…	CWE-1284 入力で指定された数量の不適切な検証	CVE-2026-49777	2026-06-9 02:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2422	-	-	-	-	HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an attack chain utilizing Stored XSS alongside dynamic token exposure in the `/system/api/connectionSetti…	CWE-79 CWE-522 CWE-922 クロスサイト・スクリプティング（XSS）認証情報の不十分な保護重要な情報のセキュアでない格納	CVE-2026-46511	2026-06-9 02:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

2423	-	-	-	-	HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 11.0.6 and prior to version 25.0.0, the file upload functionality in HAXCMS PHP only validates file extensions…	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2026-46400	2026-06-9 02:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

2424	-	-	-	-	HAX CMS helps manage microsite universe with PHP or NodeJs backends. The PHP version of HAX CMS prior to version 26.0.0 has an authenticated file overwrite vulnerability. An attacker can exploit this…	CWE-15 CWE-73 CWE-78 システム構成または設定の外部制御ファイル名やパス名の外部制御 OSコマンド・インジェクション	CVE-2026-46399	2026-06-9 02:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

2425	6.5	MEDIUM ネットワーク	-	-	HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an Authenticated Local File Inclusion (LFI) vulnerability in the HAXCMS saveOutline endpoint allows a low…	CWE-22 CWE-73 パス・トラバーサルファイル名やパス名の外部制御	CVE-2026-46397	2026-06-9 02:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

2426	-	-	-	-	HAX CMS helps manage microsite universe with PHP or NodeJs backends. An authenticated Server-Side Request Forgery (SSRF) vulnerability in versions prior to 26.0.0 allows authenticated users to fetch …	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-46393	2026-06-9 02:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

2427	-	-	-	-	HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 9.0.1 and prior to version 26.0.0 of @haxtheweb/open-apis, multiple functions conduct substring-only matching …	CWE-183 CWE-918 許容された入力値の許可リストサーバサイドリクエストフォージェリ	CVE-2026-46391	2026-06-9 02:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

2428	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Reject empty multisync extension to prevent infinite loop v3d_get_extensions() walks a userspace-provided singly-linked …	-	CVE-2026-46314	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2429	8.8	HIGH ネットワーク	mbs-solutions	universal_gateway_firmware	A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root.	CWE-121 スタックオーバーフロー	CVE-2026-35085	2026-06-9 02:16	2026-06-3	表示	GitHub Exploit DB Packet Storm

2430	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: media: intel/ipu6: fix error pointer dereference In a error path isp->psys is confirmed to be an error pointer not NULL so this c…	-	CVE-2026-46313	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2431	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: media: videobuf2: Set vma_flags in vb2_dma_sg_mmap vb2_dma_contig sets VMA flags VM_DONTEXPAND and VM_DONTDUMP and I do not see a…	-	CVE-2026-46312	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2432	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: media: renesas: vsp1: Fix NULL pointer deref on module unload When unloading the module on gen 4, we hit a NULL pointer dereferen…	-	CVE-2026-46310	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2433	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: drm/xe/uapi: Reject coh_none PAT index for CPU cached memory in madvise Add validation in xe_vm_madvise_ioctl() to reject PAT ind…	-	CVE-2026-46309	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2434	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: pmdomain: mediatek: fix use-after-free in scpsys_get_bus_protection_legacy() In scpsys_get_bus_protection_legacy(), of_find_node_…	-	CVE-2026-46308	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2435	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: os_dep: avoid NULL pointer dereference in rtw_cbuf_alloc The return value of kzalloc_flex() is used without e…	-	CVE-2026-46305	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2436	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: selinux: allow multiple opens of /sys/fs/selinux/policy Currently there can only be a single open of /sys/fs/selinux/policy at an…	-	CVE-2026-46302	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2437	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: spi: topcliff-pch: fix use-after-free on unbind Give the driver a chance to flush its queue before releasing the DMA buffers on d…	-	CVE-2026-46301	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2438	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: pseries/papr-hvpipe: Fix race with interrupt handler While executing ->ioctl handler or ->release handler, if an interrupt fires …	-	CVE-2026-46298	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2439	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: net: libwx: use request_irq for VF misc interrupt Currently, request_threaded_irq() is used with a primary handler but a NULL thr…	-	CVE-2026-46297	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2440	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: spi: s3c64xx: fix NULL-deref on driver unbind A change moving DMA channel allocation from probe() back to s3c64xx_spi_prepare_tra…	-	CVE-2026-46296	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2441	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Do IRR scan in __kvm_apic_update_irr even if PIR is empty Fall back to apic_find_highest_vector() when PID.ON is set bu…	-	CVE-2026-46295	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2442	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: dm: fix a buffer overflow in ioctl processing Tony Asleson (using Claude) found a buffer overflow in dm-ioctl in the function ret…	-	CVE-2026-46294	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2443	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: clk: microchip: mpfs-ccc: fix out of bounds access during output registration UBSAN reported an out of bounds access during regis…	-	CVE-2026-46293	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2444	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: pmdomain: core: Fix detach procedure for virtual devices in genpd If a device is attached to a PM domain through genpd_dev_pm_att…	-	CVE-2026-46292	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2445	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: crypto: caam - guard HMAC key hex dumps in hash_digest_key Use print_hex_dump_devel() for dumping sensitive HMAC key bytes in has…	-	CVE-2026-46291	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2446	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: x86/efi: Fix graceful fault handling after FPU softirq changes Since commit d02198550423 ("x86/fpu: Improve crypto performance by…	-	CVE-2026-46290	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2447	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: net: txgbe: fix RTNL assertion warning when remove module For the copper NIC with external PHY, the driver called phylink_connect…	-	CVE-2026-46287	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2448	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: leds: qcom-lpg: Check for array overflow when selecting the high resolution When selecting the high resolution values from the ar…	-	CVE-2026-46286	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2449	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: mtd: docg3: fix use-after-free in docg3_release() In docg3_release(), the docg3 pointer is obtained from cascade->floors[0]->priv…	-	CVE-2026-46285	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2450	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix early boot crash on parameters without '=' separator If hugepages, hugepagesz, or default_hugepagesz are specifie…	-	CVE-2026-46284	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm