NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月11日5:13

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
201	7.1	HIGH ネットワーク	-	-	libnfs through 6.0.2 before 55c18ea does not validate a string size, leading to an integer overflow during a connection to a crafted NFS server. This occurs in libnfs_zdr_string in lib/libnfs-zdr.c. New	CWE-1284 入力で指定された数量の不適切な検証	CVE-2026-53689	2026-06-11 00:16	2026-06-11	表示	GitHub Exploit DB Packet Storm

202	9.6	CRITICAL 隣接	-	-	A flaw was found in assisted-migration-agent. An unauthenticated attacker, located on the same local area network (LAN), can exploit a path traversal vulnerability. By crafting a specially designed g… New	CWE-59 リンク解釈の問題	CVE-2026-53476	2026-06-11 00:16	2026-06-11	表示	GitHub Exploit DB Packet Storm

203	9.3	CRITICAL 隣接	-	-	A flaw was found in assisted-migration-agent. The application hardcodes insecure Transport Layer Security (TLS) connections when communicating with vCenter. This vulnerability allows a Man-in-the-Mid… New	CWE-295 不正な証明書検証	CVE-2026-53475	2026-06-11 00:16	2026-06-11	表示	GitHub Exploit DB Packet Storm

204	9.6	CRITICAL ネットワーク	-	-	A flaw was found in migration-planner. A remote authenticated attacker could exploit this vulnerability by uploading a specially crafted RVTools .xlsx file. Due to improper input sanitization, malici… New	CWE-89 SQLインジェクション	CVE-2026-53474	2026-06-11 00:16	2026-06-11	表示	GitHub Exploit DB Packet Storm

205	7.3	HIGH ネットワーク	-	-	A flaw was found in migration-planner-ui-app. An attacker can register a malicious discovery agent with a specially crafted credentialUrl containing JavaScript code. When an organizational user click… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-53473	2026-06-11 00:16	2026-06-11	表示	GitHub Exploit DB Packet Storm

206	9.6	CRITICAL ネットワーク	-	-	A flaw was found in migration-planner. An authenticated attacker could exploit an improper access control vulnerability in the `/api/v1/sources/{id}/image-url` endpoint. This flaw allows the attacker… New	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-53470	2026-06-11 00:16	2026-06-11	表示	GitHub Exploit DB Packet Storm

207	9.1	CRITICAL ネットワーク	-	-	A flaw was found in migration-planner. An authenticated user can exploit this vulnerability by sending a DELETE request to the /api/v1/sources route, which lacks proper authorization and filtering. T… New	CWE-306 重要な機能に対する認証の欠如解説	CVE-2026-53469	2026-06-11 00:16	2026-06-11	表示	GitHub Exploit DB Packet Storm

208	8.8	HIGH ネットワーク	-	-	Ghidra before 12.1 contains a SQL injection vulnerability in BSim filter types that concatenate user-supplied values directly into SQL queries without escaping or parameterization. Remote attackers c… New	CWE-89 SQLインジェクション	CVE-2026-52758	2026-06-11 00:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

209	4.8	MEDIUM ネットワーク	-	-	Ghidra before 12.2 contains an unauthenticated path traversal vulnerability in the IsfServer that accepts TCP connections and passes client-supplied namespace strings directly to filesystem operation… New	CWE-22 パス・トラバーサル	CVE-2026-52756	2026-06-11 00:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

210	6.1	MEDIUM ローカル	-	-	Ghidra before 12.1 contains a heap-use-after-free vulnerability in SleighBuilder::generatePointerAdd caused by iterator invalidation when PcodeCacher::allocateInstruction reallocates the issued vecto… New	CWE-416 解放済みメモリの使用	CVE-2026-49496	2026-06-11 00:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

211	9.9	CRITICAL ネットワーク	-	-	Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the install blueprint declares only bp.before_request → @jwt_required() (app/rout… New	CWE-639 CWE-862 CWE-863 ユーザ制御の鍵による認証回避認証の欠如不正な認証	CVE-2026-45552	2026-06-11 00:16	2026-06-11	表示	GitHub Exploit DB Packet Storm

212	8.8	HIGH ネットワーク	-	-	Issue summary: A specially crafted PKCS#7 or S/MIME signed message could trigger a use-after-free during PKCS#7 signature verification. Impact summary: A use-after-free may result in process crashes… New	CWE-416 解放済みメモリの使用	CVE-2026-45447	2026-06-11 00:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

213	9.8	CRITICAL ネットワーク	-	-	DedeCMS V5.7.118 is vulnerable to Command Execution in file_manage_control.php. New	CWE-78 OSコマンド・インジェクション	CVE-2026-38615	2026-06-11 00:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

214	9.8	CRITICAL ネットワーク	-	-	A lack of cryptographic signature verification in the validateAccessToken function of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token. New	CWE-347 デジタル署名の不適切な検証	CVE-2026-36721	2026-06-11 00:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

215	7.5	HIGH ネットワーク	-	-	An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0 allows unauthenticated attackers to obtain sensitive information, including SHA256 password hashes, via e… New	CWE-200 情報漏えい	CVE-2026-36719	2026-06-11 00:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

216	8.4	HIGH ローカル	-	-	Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.too… New	CWE-367 Time-of-check Time-of-use (TOCTOU) 競合状態	CVE-2026-24067	2026-06-11 00:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

217	8.4	HIGH ローカル	-	-	Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which exposes the XPC service com.slatedigital.connect.privileged.helper.too… New	CWE-296 証明書のトラストチェーンの不適切な追跡	CVE-2026-24066	2026-06-11 00:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

218	7.8	HIGH ローカル	-	-	Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime ent… New	CWE-426 信頼性のない検索パス	CVE-2026-24064	2026-06-11 00:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

219	6.5	MEDIUM ネットワーク	-	-	A heap buffer overflow flaw was found in 389 Directory Server. When serializing objectclass definitions, the oc_superior (SUP) field length is omitted from buffer size calculations in read_schema_dse… New	CWE-122 ヒープオーバーフロー	CVE-2026-11884	2026-06-11 00:16	2026-06-11	表示	GitHub Exploit DB Packet Storm

220	8.3	HIGH ネットワーク	google	chrome	Insufficient validation of untrusted input in Drag and Drop in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perfor… Update	CWE-20 不適切な入力確認	CVE-2026-11029	2026-06-11 00:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

221	5.5	MEDIUM ローカル	-	-	A NULL pointer dereference in the gf_isom_get_user_data_count function (isomedia/isom_read.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. New	CWE-476 NULL ポインタデリファレンス	CVE-2025-55651	2026-06-11 00:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

222	6.7	MEDIUM ローカル	-	-	During an internal security assessment, a potential out-of-bounds write vulnerability was discovered in the BIOS of some ThinkPad products could allow a privileged local user to execute code in Syste… New	CWE-787 境界外書き込み	CVE-2025-10238	2026-06-11 00:16	2026-06-11	表示	GitHub Exploit DB Packet Storm

223	6.7	MEDIUM ローカル	-	-	During an internal security assessment, a potential vulnerability was discovered in some ThinkPad embedded controller firmware that could allow a privileged local user to perform arbitrary reads or w… New	CWE-327 不完全、または危険な暗号アルゴリズムの使用	CVE-2025-10237	2026-06-11 00:16	2026-06-11	表示	GitHub Exploit DB Packet Storm

224	7.9	HIGH ローカル	microsoft	windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2012 windows_server_2016 w…	Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. New	CWE-693 保護メカニズムの不具合	CVE-2026-48575	2026-06-11 00:15	2026-06-10	表示	GitHub Exploit DB Packet Storm

225	7.9	HIGH ローカル	microsoft	windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2012 windows_server_2016 w…	Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. New	CWE-1329 アップデートができないコンポーネントへの依存	CVE-2026-48576	2026-06-11 00:14	2026-06-10	表示	GitHub Exploit DB Packet Storm

226	7.9	HIGH ローカル	microsoft	windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2012 windows_server_2016 w…	Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. New	CWE-284 不適切なアクセス制御	CVE-2026-48578	2026-06-11 00:13	2026-06-10	表示	GitHub Exploit DB Packet Storm

227	5.4	MEDIUM ネットワーク	adobe	experience_manager	Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the D… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-47935	2026-06-11 00:08	2026-06-10	表示	GitHub Exploit DB Packet Storm

228	7.8	HIGH ローカル	microsoft	windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2016 windows_server_2019 w…	Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. New	CWE-416 解放済みメモリの使用	CVE-2026-48583	2026-06-11 00:08	2026-06-10	表示	GitHub Exploit DB Packet Storm

229	5.4	MEDIUM ネットワーク	adobe	experience_manager	Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject ma… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-47936	2026-06-11 00:08	2026-06-10	表示	GitHub Exploit DB Packet Storm

230	9.8	CRITICAL ネットワーク	freeswitch	freeswitch	FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version… New	CWE-122 CWE-131 ヒープオーバーフロー正しくないバッファサイズ計算	CVE-2026-49841	2026-06-11 00:07	2026-06-10	表示	GitHub Exploit DB Packet Storm

231	5.3	MEDIUM ネットワーク	freeswitch	freeswitch	FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version… New	CWE-287 不適切な認証	CVE-2026-49843	2026-06-11 00:07	2026-06-10	表示	GitHub Exploit DB Packet Storm

232	7.5	HIGH ネットワーク	microsoft	windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2016 windows_server_2019 w…	Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network. New	CWE-400 リソースの枯渇	CVE-2026-49160	2026-06-11 00:07	2026-06-10	表示	GitHub Exploit DB Packet Storm

233	4.3	MEDIUM ネットワーク	freeswitch	freeswitch	FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version… New	CWE-287 不適切な認証	CVE-2026-49848	2026-06-11 00:06	2026-06-10	表示	GitHub Exploit DB Packet Storm

234	7.5	HIGH ネットワーク	freeswitch	freeswitch	FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version… New	CWE-674 不適切な再帰制御	CVE-2026-49847	2026-06-11 00:06	2026-06-10	表示	GitHub Exploit DB Packet Storm

235	7.5	HIGH ネットワーク	freeswitch	freeswitch	FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version… New	CWE-400 リソースの枯渇	CVE-2026-49842	2026-06-11 00:06	2026-06-10	表示	GitHub Exploit DB Packet Storm

236	9.1	CRITICAL ネットワーク	freeswitch	freeswitch	FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version… New	CWE-20 CWE-122 CWE-195 CWE-787 不適切な入力確認ヒープオーバーフロー符号付き型から符号無し型への変換エラー境界外書き込み	CVE-2026-49840	2026-06-11 00:06	2026-06-10	表示	GitHub Exploit DB Packet Storm

237	7.5	HIGH ネットワーク	freeswitch	freeswitch	FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version… New	CWE-20 CWE-125 CWE-787 不適切な入力確認境界外読み取り境界外書き込み	CVE-2026-49475	2026-06-11 00:06	2026-06-10	表示	GitHub Exploit DB Packet Storm

238	5.3	MEDIUM ネットワーク	freeswitch	freeswitch	FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version… New	CWE-116 不適切なエンコード、または出力のエスケープ	CVE-2026-49472	2026-06-11 00:06	2026-06-10	表示	GitHub Exploit DB Packet Storm

239	5.4	MEDIUM ネットワーク	adobe	experience_manager	Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject ma… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-47939	2026-06-11 00:05	2026-06-10	表示	GitHub Exploit DB Packet Storm

240	7.5	HIGH ネットワーク	freeswitch	freeswitch	FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version… New	CWE-776 DTD の再帰的なエンティティ参照の不適切な制限	CVE-2026-45771	2026-06-11 00:04	2026-06-10	表示	GitHub Exploit DB Packet Storm

241	5.4	MEDIUM ネットワーク	adobe	experience_manager	Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the D… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-47946	2026-06-11 00:03	2026-06-10	表示	GitHub Exploit DB Packet Storm

242	5.4	MEDIUM ネットワーク	adobe	experience_manager	Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject ma… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-47945	2026-06-11 00:03	2026-06-10	表示	GitHub Exploit DB Packet Storm

243	5.4	MEDIUM ネットワーク	adobe	experience_manager	Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject ma… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-47944	2026-06-11 00:03	2026-06-10	表示	GitHub Exploit DB Packet Storm

244	9.8	CRITICAL ネットワーク	perl	dbi	DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the for… Update	CWE-787 境界外書き込み	CVE-2026-10879	2026-06-11 00:02	2026-06-6	表示	GitHub Exploit DB Packet Storm

245	9.8	CRITICAL ネットワーク	binary	datadog\	DataDog::DogStatsd versions through 0.07 for Perl allow metric injections from event tags. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sour… Update	CWE-93 CWE-150 CRLF インジェクションエスケープ、メタ、またはコントロールシーケンスの不適切な無効化	CVE-2026-11362	2026-06-11 00:01	2026-06-6	表示	GitHub Exploit DB Packet Storm

246	9.1	CRITICAL ネットワーク	binary	datadog\	DataDog::DogStatsd versions through 0.07 for Perl allow metric injections. DataDog::DogStatsd does not properly sanitise input, allowing metric injections of data from untrusted sources. The send_s… Update	CWE-93 CWE-150 CRLF インジェクションエスケープ、メタ、またはコントロールシーケンスの不適切な無効化	CVE-2026-9270	2026-06-11 00:01	2026-06-6	表示	GitHub Exploit DB Packet Storm

247	5.4	MEDIUM ネットワーク	adobe	experience_manager	Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject ma… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-47941	2026-06-11 00:00	2026-06-10	表示	GitHub Exploit DB Packet Storm

248	5.4	MEDIUM ネットワーク	adobe	experience_manager	Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the D… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-47947	2026-06-10 23:59	2026-06-10	表示	GitHub Exploit DB Packet Storm

249	5.4	MEDIUM ネットワーク	adobe	experience_manager	Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject ma… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-47948	2026-06-10 23:59	2026-06-10	表示	GitHub Exploit DB Packet Storm

250	5.4	MEDIUM ネットワーク	adobe	experience_manager	Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject ma… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-47949	2026-06-10 23:58	2026-06-10	表示	GitHub Exploit DB Packet Storm