NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年4月21日4:10

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
201	9.8	CRITICAL ネットワーク	-	-	EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. New	CWE-89 SQLインジェクション	CVE-2026-5964	2026-04-20 17:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

202	9.8	CRITICAL ネットワーク	-	-	EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. New	CWE-89 SQLインジェクション	CVE-2026-5963	2026-04-20 17:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

203	-	-	-	-	A command injection vulnerability was found in the PPTP VPN Clients on the ADM. The vulnerability allows an administrative user to break out of the restricted web environment and execute arbitrary co… New	CWE-78 OSコマンド・インジェクション	CVE-2026-6644	2026-04-20 16:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

204	-	-	-	-	A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf() and passing user-controlled data directly to printf(). Due to t… New	CWE-121 スタックオーバーフロー	CVE-2026-6643	2026-04-20 16:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

205	6.3	MEDIUM ネットワーク	-	-	A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this vulnerability is the function get_project/update_project/get_projects_organisation of the file supera… New	CWE-285 CWE-639 不適切な認可ユーザ制御の鍵による認証回避	CVE-2026-6614	2026-04-20 16:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

206	6.3	MEDIUM ネットワーク	-	-	A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function delete_agent/stop_schedule/get_schedule_data of the file superagi/controllers/agent.py. The manipu… New	CWE-285 CWE-639 不適切な認可ユーザ制御の鍵による認証回避	CVE-2026-6613	2026-04-20 16:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

207	6.3	MEDIUM ネットワーク	-	-	A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This impacts the function get_agent_execution/update_agent_execution of the file superagi/controllers/agent_execution.py of… New	CWE-285 CWE-639 不適切な認可ユーザ制御の鍵による認証回避	CVE-2026-6612	2026-04-20 16:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

208	3.1	LOW ネットワーク	-	-	A vulnerability was found in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component File Upload Endpoint. Performing a manipulatio… New	CWE-320 CWE-321 鍵管理のエラーハードコードされた暗号鍵の使用	CVE-2026-6611	2026-04-20 16:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

209	3.7	LOW ネットワーク	-	-	A vulnerability has been found in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file djangoblog/settings.py of the component Setting Handler. Such manipula… New	CWE-259 CWE-798 パスワードがハードコーディングされているハードコードされた認証情報の使用	CVE-2026-6610	2026-04-20 15:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

210	6.3	MEDIUM ネットワーク	-	-	A flaw has been found in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function form_valid of the file oauth/views.py. This manipulation of the argument oauthid causes improper a… New	CWE-266 CWE-285 不適切な権限設定不適切な認可	CVE-2026-6609	2026-04-20 15:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

211	5.3	MEDIUM ネットワーク	-	-	A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function add_text of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. T… New	CWE-670 常に不適切な制御フローの実装	CVE-2026-6608	2026-04-20 15:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

212	5.3	MEDIUM ネットワーク	-	-	A security vulnerability has been detected in lm-sys fastchat up to 0.2.36. This issue affects the function api_generate of the component Worker API Endpoint. The manipulation leads to resource consu… New	CWE-400 CWE-404 リソースの枯渇リソースの不適切なシャットダウンおよびリリース	CVE-2026-6607	2026-04-20 14:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

213	7.3	HIGH ネットワーク	-	-	A weakness has been identified in modelscope agentscope up to 1.0.18. This vulnerability affects the function _process_audio_block of the file src/agentscope/agent/_agent_base.py. Executing a manipul… New	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-6606	2026-04-20 14:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

214	7.3	HIGH ネットワーク	-	-	A security flaw has been discovered in modelscope agentscope up to 1.0.18. This affects the function _get_bytes_from_web_url of the file src/agentscope/_utils/_common.py of the component Internal Ser… New	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-6605	2026-04-20 14:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

215	7.3	HIGH ネットワーク	-	-	A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the function _parse_url/prepare_image/openai_audio_to_text of the file src/agentscope/tool/_multi_modal… New	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-6604	2026-04-20 14:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

216	7.3	HIGH ネットワーク	-	-	A vulnerability was determined in modelscope agentscope up to 1.0.18. Affected by this vulnerability is the function execute_python_code/execute_shell_command of the file src/AgentScope/tool/_coding/… New	CWE-74 CWE-94 インジェクションコード・インジェクション	CVE-2026-6603	2026-04-20 14:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

217	7.3	HIGH ネットワーク	-	-	A vulnerability was found in rickxy Hospital Management System up to 88a4290d957dc5bdde8a56e5ad451ad14f7f90f4. Affected is an unknown function of the file /backend/admin/his_admin_account.php. The ma… New	CWE-284 CWE-434 不適切なアクセス制御危険なタイプのファイルの無制限アップロード	CVE-2026-6602	2026-04-20 13:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

218	4.3	MEDIUM ネットワーク	-	-	A vulnerability has been found in Lagom WHMCS Template up to 2.4.2. This impacts an unknown function of the component Datatables. The manipulation leads to resource consumption. Remote exploitation o… New	CWE-400 CWE-404 リソースの枯渇リソースの不適切なシャットダウンおよびリリース	CVE-2026-6601	2026-04-20 13:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

219	3.5	LOW ネットワーク	-	-	A flaw has been found in langflow-ai langflow up to 1.8.3. This affects an unknown function of the file src/frontend/src/modals/IOModal/components/chatView/chatMessage/components/edit-message.tsx of … New	CWE-79 CWE-94 クロスサイト・スクリプティング（XSS）コード・インジェクション	CVE-2026-6600	2026-04-20 13:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

220	6.3	MEDIUM ネットワーク	-	-	A vulnerability was detected in langflow-ai langflow up to 1.8.3. The impacted element is the function get_client_ip/install_mcp_config of the file src/backend/base/langflow/api/v1/mcp_projects.py of… New	CWE-74 CWE-707 インジェクションメッセージまたはデータ構造の不適切な強制	CVE-2026-6599	2026-04-20 13:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

221	4.3	MEDIUM ネットワーク	-	-	A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function create_project/encrypt_auth_settings of the file src/backend/base/Langflow/api/v1/… New	CWE-312 CWE-313 重要な情報の平文保存ファイル内またはディスク上の平文保存	CVE-2026-6598	2026-04-20 13:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

222	7.5	HIGH ネットワーク	-	-	Initialization of a resource with an insecure default vulnerability exists in SD-330AC and AMC Manager provided by silex technology, Inc. When the affected device is connected to the network with the… New	CWE-1188 リソースの安全ではないデフォルト値への初期化	CVE-2026-32965	2026-04-20 13:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

223	6.5	MEDIUM ネットワーク	-	-	SD-330AC and AMC Manager provided by silex technology, Inc. contain an improper neutralization of CRLF sequences ('CRLF Injection') vulnerability. Processing some crafted configuration data may lead … New	CWE-93 CRLF インジェクション	CVE-2026-32964	2026-04-20 13:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

224	6.1	MEDIUM ネットワーク	-	-	SD-330AC and AMC Manager provided by silex technology, Inc. contain a reflected cross-site scripting vulnerability. When a user logs in to the affected device and access some crafted web page, arbitr… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-32963	2026-04-20 13:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

225	5.3	MEDIUM ネットワーク	-	-	SD-330AC and AMC Manager provided by silex technology, Inc. contain a missing authentication for critical function issue. The device configuration may be altered without authentication. New	CWE-306 重要な機能に対する認証の欠如解説	CVE-2026-32962	2026-04-20 13:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

226	5.3	MEDIUM ネットワーク	-	-	SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based buffer overflow vulnerability in packet data processing of sx_smpd. Processing a crafted packet may cause a temporary … New	CWE-122 ヒープオーバーフロー	CVE-2026-32961	2026-04-20 13:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

227	6.5	MEDIUM ネットワーク	-	-	SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a sensitive information in resource not removed before reuse. An attacker may login to the device without knowing th… New	CWE-226 再利用前に削除されていないリソース内重要情報	CVE-2026-32960	2026-04-20 13:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

228	5.9	MEDIUM ネットワーク	-	-	SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a use of a broken or risky cryptographic algorithm. Information in the traffic may be retrieved via man-in-the-middle… New	CWE-327 不完全、または危険な暗号アルゴリズムの使用	CVE-2026-32959	2026-04-20 13:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

229	6.5	MEDIUM ネットワーク	-	-	SD-330AC and AMC Manager provided by silex technology, Inc. use a hard-coded cryptographic key. An administrative user may be directed to apply a fake firmware update. New	CWE-321 ハードコードされた暗号鍵の使用	CVE-2026-32958	2026-04-20 13:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

230	5.3	MEDIUM ネットワーク	-	-	SD-330AC and AMC Manager provided by silex technology, Inc. contain a missing authentication for critical function issue on firmware maintenance. Arbitrary file may be uploaded on the device without … New	CWE-306 重要な機能に対する認証の欠如解説	CVE-2026-32957	2026-04-20 13:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

231	9.8	CRITICAL ネットワーク	-	-	SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device. New	CWE-122 ヒープオーバーフロー	CVE-2026-32956	2026-04-20 13:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

232	8.8	HIGH ネットワーク	-	-	SD-330AC and AMC Manager provided by silex technology, Inc. contain a stack-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device. New	CWE-121 スタックオーバーフロー	CVE-2026-32955	2026-04-20 13:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

233	2.7	LOW ネットワーク	-	-	A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function remove_api_keys/has_api_terms of the file src/backend/base/langflow/api/utils/core.py of the component Flo… New	CWE-255 CWE-256 証明書・パスワード管理平文でパスワードを保存	CVE-2026-6597	2026-04-20 12:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

234	7.3	HIGH ネットワーク	-	-	A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the function create_upload_file of the file src/backend/base/Langflow/api/v1/endpoints.py of the component … New	CWE-284 CWE-434 不適切なアクセス制御危険なタイプのファイルの無制限アップロード	CVE-2026-6596	2026-04-20 12:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

235	7.3	HIGH ネットワーク	-	-	A vulnerability was identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This vulnerability affects unknown code of the file buslocation.php of t… New	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-6595	2026-04-20 12:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

236	7.3	HIGH ネットワーク	-	-	A vulnerability was determined in brikcss merge up to 1.3.0. This affects an unknown part. Executing a manipulation of the argument __proto__/constructor.prototype/prototype can lead to improperly co… New	CWE-94 CWE-1321 コード・インジェクションオブジェクトプロトタイプ属性の不適切に制御された変更 (プロトタイプの汚染)	CVE-2026-6594	2026-04-20 11:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

237	3.5	LOW ネットワーク	-	-	A vulnerability was found in ComfyUI up to 0.13.0. Affected by this issue is some unknown functionality of the file server.py of the component View Endpoint. Performing a manipulation results in cros… New	CWE-79 CWE-94 クロスサイト・スクリプティング（XSS）コード・インジェクション	CVE-2026-6593	2026-04-20 11:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

238	3.5	LOW ネットワーク	-	-	A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/user_manager.py of the component userdata Endpoint. Such manipulatio… New	CWE-79 CWE-94 クロスサイト・スクリプティング（XSS）コード・インジェクション	CVE-2026-6592	2026-04-20 11:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

239	4.3	MEDIUM ネットワーク	-	-	A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folder_paths.get_annotated_filepath of the file folder_paths.py of the component LoadImage Node. This manipulation of the argum… New	CWE-22 パス・トラバーサル	CVE-2026-6591	2026-04-20 10:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

240	4.3	MEDIUM ネットワーク	-	-	A vulnerability was detected in ComfyUI up to 0.13.0. This impacts the function get_model_preview of the file app/model_manager.py of the component Model Preview Endpoint. The manipulation results in… New	CWE-22 パス・トラバーサル	CVE-2026-6590	2026-04-20 10:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

241	4.3	MEDIUM ネットワーク	-	-	A security vulnerability has been detected in ComfyUI up to 0.13.0. This affects the function create_origin_only_middleware of the file server.py. The manipulation leads to cross-site request forgery… New	CWE-352 CWE-862 同一生成元ポリシー違反認証の欠如	CVE-2026-6589	2026-04-20 10:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

242	6.5	MEDIUM ネットワーク	-	-	A weakness has been identified in serge-chat serge up to 1.4TB. The impacted element is the function download_model/delete_model of the file api/src/serge/routers/model.py of the component Model API … New	CWE-287 CWE-306 不適切な認証重要な機能に対する認証の欠如解説	CVE-2026-6588	2026-04-20 10:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

243	6.3	MEDIUM ネットワーク	-	-	A security flaw has been discovered in vibrantlabsai RAGAS up to 0.4.3. The affected element is the function _try_process_local_file/_try_process_url of the file src/ragas/metrics/collections/multi_m… New	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-6587	2026-04-20 09:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

244	6.3	MEDIUM ネットワーク	-	-	A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Impacted is the function get_budget/update_budget of the file superagi/controllers/budget.py of the component Budget Endpoi… New	CWE-285 CWE-639 不適切な認可ユーザ制御の鍵による認証回避	CVE-2026-6586	2026-04-20 09:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

245	5.4	MEDIUM ネットワーク	-	-	A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This issue affects the function update_organisation of the file superagi/controllers/organisation.py of the component Organ… New	CWE-285 CWE-639 不適切な認可ユーザ制御の鍵による認証回避	CVE-2026-6585	2026-04-20 09:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

246	5.4	MEDIUM ネットワーク	-	-	A vulnerability was found in TransformerOptimus SuperAGI up to 0.0.14. This vulnerability affects the function update_user of the file superagi/controllers/user.py of the component User Update Endpoi… New	CWE-285 CWE-639 不適切な認可ユーザ制御の鍵による認証回避	CVE-2026-6584	2026-04-20 09:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

247	5.4	MEDIUM ネットワーク	-	-	A vulnerability has been found in TransformerOptimus SuperAGI up to 0.0.14. This affects the function delete_api_key/edit_api_key of the file superagi/controllers/api_key.py of the component API Key … New	CWE-285 CWE-639 不適切な認可ユーザ制御の鍵による認証回避	CVE-2026-6583	2026-04-20 08:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

248	7.3	HIGH ネットワーク	-	-	A flaw has been found in TransformerOptimus SuperAGI up to 0.0.14. Affected by this issue is the function get_vector_db_details of the file superagi/controllers/vector_dbs.py of the component Vector … New	CWE-287 CWE-306 不適切な認証重要な機能に対する認証の欠如解説	CVE-2026-6582	2026-04-20 08:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

249	8.8	HIGH ネットワーク	-	-	A vulnerability was detected in H3C Magic B1 up to 100R004. Affected by this vulnerability is the function SetMobileAPInfoById of the file /goform/aspForm. Performing a manipulation of the argument p… New	CWE-119 CWE-120 バッファエラー古典的バッファオーバーフロー	CVE-2026-6581	2026-04-20 08:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

250	7.3	HIGH ネットワーク	-	-	A security vulnerability has been detected in liangliangyy DjangoBlog up to 2.1.0.0. Affected is an unknown function of the file owntracks/views.py of the component Amap API Call Handler. Such manipu… New	CWE-320 CWE-321 鍵管理のエラーハードコードされた暗号鍵の使用	CVE-2026-6580	2026-04-20 08:16	2026-04-20	表示	GitHub Exploit DB Packet Storm