NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月23日4:00

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
2451	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: tpm: Use kfree_sensitive() to free auth session in tpm_dev_release() tpm_dev_release() uses plain kfree() to free chip->auth, whi…	-	CVE-2026-46283	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2452	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: iio: frequency: admv1013: fix NULL pointer dereference on str When device_property_read_string() fails, str is left uninitialized…	-	CVE-2026-46282	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2453	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: vmalloc: fix buffer overflow in vrealloc_node_align() Commit 4c5d3365882d ("mm/vmalloc: allow to set node and align in vrealloc")…	-	CVE-2026-46281	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2454	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: mm/alloc_tag: clear codetag for pages allocated before page_ext initialization Due to initialization ordering, page_ext is alloca…	-	CVE-2026-46279	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2455	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Fix segfault when updating ftrace mask Fix invalid data access by passing right data for debugfs entry. [ 171.…	-	CVE-2026-46278	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2456	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix zero-size GDS range init on RDNA4 RDNA4 (GFX 12) hardware removes the GDS, GWS, and OA on-chip memory resources. …	-	CVE-2026-46276	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2457	9.0	CRITICAL ネットワーク	termix	termix	Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/file_manager/ssh/resolvePath endpoint in the Termix …	CWE-78 CWE-639 OSコマンド・インジェクションユーザ制御の鍵による認証回避	CVE-2026-45750	2026-06-9 02:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

2458	9.8	CRITICAL ネットワーク	termix	termix	Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The `POST /ssh/tunnel/connect` endpoint in Termix prior to version 2.3.2 builds an SSH tu…	CWE-78 OSコマンド・インジェクション	CVE-2026-45748	2026-06-9 02:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

2459	8.1	HIGH ネットワーク	termix	termix	Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. 16 file-manager endpoints in Termix prior to version 2.3.2 do not verify that the request…	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-45743	2026-06-9 02:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

2460	6.5	MEDIUM ネットワーク	-	-	IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required fo…	CWE-201 送信データへの重要な情報の挿入	CVE-2026-42539	2026-06-9 02:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2461	7.5	HIGH ネットワーク	-	-	Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the page parameter of the fromDhcpListClient function. This vulnerability allows attackers to cau…	CWE-121 スタックオーバーフロー	CVE-2026-36785	2026-06-9 02:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

2462	9.1	CRITICAL ネットワーク	-	-	An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted request.	CWE-22 パス・トラバーサル	CVE-2026-36500	2026-06-9 02:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

2463	4.8	MEDIUM ネットワーク	-	-	Dovestones Softwares ADPhonebook before v4.0.1.1 is vulnerable to a Cross Site Scripting vulnerability. The /Admin/Save API allows an authenticated admin user to store malicious JavaScript payloads i…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-36460	2026-06-9 02:16	2026-06-4	表示	GitHub Exploit DB Packet Storm

2464	5.3	MEDIUM ネットワーク	libxls_project	libxls	A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xls_parseWorkBook() and is triggered by uninitialized heap memory origi…	CWE-908 初期化されていないリソースの使用	CVE-2026-26825	2026-06-9 02:16	2026-06-4	表示	GitHub Exploit DB Packet Storm

2465	7.3	HIGH ネットワーク	-	-	A flaw has been found in GL.iNet GL-MT3000 4.4.5. This impacts the function snprintf of the file /cgi-bin/glc of the component FTP Protocol Handler. Executing a manipulation of the argument media_dir…	CWE-74 CWE-77 インジェクションコマンドインジェクション	CVE-2026-11451	2026-06-9 02:16	2026-06-7	表示	GitHub Exploit DB Packet Storm

2466	8.1	HIGH ネットワーク	-	-	MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating the configured down…	CWE-22 パス・トラバーサル	CVE-2026-11416	2026-06-9 02:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

2467	2.4	LOW ネットワーク	-	-	A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System 1.0. Impacted is an unknown function of the file /admin/?page=user/manage_user. The manipulation of t…	CWE-79 CWE-94 クロスサイト・スクリプティング（XSS）コード・インジェクション	CVE-2026-11338	2026-06-9 02:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

2468	6.5	MEDIUM ネットワーク	google	chrome	Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control …	CWE-732 重要なリソースに対する不適切なパーミッションの割り当て	CVE-2026-10997	2026-06-9 02:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2469	6.5	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in Workers in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium)	NVD-CWE-noinfo CWE-346 同一生成元ポリシー違反	CVE-2026-10996	2026-06-9 02:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2470	8.8	HIGH ネットワーク	google	chrome	Heap buffer overflow in TabStrip in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a …	CWE-122 ヒープオーバーフロー	CVE-2026-10995	2026-06-9 02:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2471	8.8	HIGH ネットワーク	google	chrome	Type Confusion in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security sev…	CWE-843 型の取り違え	CVE-2026-10955	2026-06-9 02:10	2026-06-5	表示	GitHub Exploit DB Packet Storm

2472	8.3	HIGH ネットワーク	google	chrome	Use after free in Core in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML…	CWE-416 解放済みメモリの使用	CVE-2026-10953	2026-06-9 02:09	2026-06-5	表示	GitHub Exploit DB Packet Storm

2473	8.8	HIGH ネットワーク	google	chrome	Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: …	CWE-416 解放済みメモリの使用	CVE-2026-10952	2026-06-9 02:09	2026-06-5	表示	GitHub Exploit DB Packet Storm

2474	8.8	HIGH ネットワーク	google	chrome	Use after free in Autofill in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a…	CWE-416 解放済みメモリの使用	CVE-2026-10951	2026-06-9 02:09	2026-06-5	表示	GitHub Exploit DB Packet Storm

2475	6.5	MEDIUM ネットワーク	google	chrome	Insufficient policy enforcement in Autofill in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Hi…	CWE-693 保護メカニズムの不具合	CVE-2026-10950	2026-06-9 02:08	2026-06-5	表示	GitHub Exploit DB Packet Storm

2476	8.1	HIGH ネットワーク	google	chrome	Out of bounds read in WebGPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium)	CWE-125 境界外読み取り	CVE-2026-11015	2026-06-9 02:07	2026-06-5	表示	GitHub Exploit DB Packet Storm

2477	6.5	MEDIUM ネットワーク	google	chrome	Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive inform…	CWE-20 不適切な入力確認	CVE-2026-11013	2026-06-9 02:07	2026-06-5	表示	GitHub Exploit DB Packet Storm

2478	6.5	MEDIUM ネットワーク	google	chrome	Insufficient policy enforcement in Autofill in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Hi…	CWE-693 保護メカニズムの不具合	CVE-2026-10944	2026-06-9 02:07	2026-06-5	表示	GitHub Exploit DB Packet Storm

2479	7.8	HIGH ローカル	google	chrome	Inappropriate implementation in UI in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: High)	CWE-20 NVD-CWE-noinfo 不適切な入力確認	CVE-2026-10942	2026-06-9 02:04	2026-06-5	表示	GitHub Exploit DB Packet Storm

2480	8.3	HIGH ネットワーク	google	chrome	Race in Codecs in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (…	CWE-362 競合状態	CVE-2026-10940	2026-06-9 02:04	2026-06-5	表示	GitHub Exploit DB Packet Storm

2481	7.8	HIGH ローカル	x.org redhat	x_server xwayland enterprise_linux	A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers sized XkbMaxShiftLevel * XkbNumKbdGroups but CheckKeyTypes() does not verify o…	CWE-121 スタックオーバーフロー	CVE-2026-50258	2026-06-9 01:46	2026-06-5	表示	GitHub Exploit DB Packet Storm

2482	7.8	HIGH ローカル	x.org redhat	x_server xwayland enterprise_linux	A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence(). A client that sets up multiple fence triggers can trigger a use-after-free function pointer call. An attack…	CWE-416 解放済みメモリの使用	CVE-2026-50257	2026-06-9 01:45	2026-06-5	表示	GitHub Exploit DB Packet Storm

2483	7.8	HIGH ローカル	x.org redhat	x_server xwayland enterprise_linux	A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow…	CWE-121 スタックオーバーフロー	CVE-2026-50256	2026-06-9 01:45	2026-06-5	表示	GitHub Exploit DB Packet Storm

2484	4.3	MEDIUM ネットワーク	google	chrome	Insufficient policy enforcement in History in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)	CWE-346 同一生成元ポリシー違反	CVE-2026-11309	2026-06-9 01:40	2026-06-5	表示	GitHub Exploit DB Packet Storm

2485	6.5	MEDIUM ネットワーク	team	net\	Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inj…	CWE-93 CRLF インジェクション	CVE-2026-8722	2026-06-9 01:39	2026-06-4	表示	GitHub Exploit DB Packet Storm

2486	7.7	HIGH ローカル	google	chrome	Insufficient validation of untrusted input in Reader Mode in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to bypass navigation restrictions via a malicious file. (Chromium…	CWE-20 不適切な入力確認	CVE-2026-11297	2026-06-9 01:37	2026-06-5	表示	GitHub Exploit DB Packet Storm

2487	7.5	HIGH ネットワーク	rrwo	net\	Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses. The add method called the _encode method to parse addresses. If the addresses did not look like netmasks or network range…	CWE-674 CWE-1287 不適切な再帰制御指定されたタイプの入力に対する不適切な検証	CVE-2026-49941	2026-06-9 01:37	2026-06-5	表示	GitHub Exploit DB Packet Storm

2488	8.8	HIGH ネットワーク	google	chrome	Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severi…	CWE-269 不適切な権限管理	CVE-2026-11295	2026-06-9 01:37	2026-06-5	表示	GitHub Exploit DB Packet Storm

2489	7.3	HIGH ネットワーク	rrwo	net\	Net::CIDR::Set versions through 0.20 for Perl did not validate network masks. The mask portion of a network mask could contain Unicode digits such as the Arabic-Indic One (U+0661), or non-digits, wh…	CWE-1289 安全でない等式による入力の不適切な検証	CVE-2026-49942	2026-06-9 01:37	2026-06-5	表示	GitHub Exploit DB Packet Storm

2490	4.3	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in Android Autofill in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security …	CWE-346 同一生成元ポリシー違反	CVE-2026-11291	2026-06-9 01:37	2026-06-5	表示	GitHub Exploit DB Packet Storm

2491	6.5	MEDIUM ネットワーク	rrwo	net\	Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks. Unicode digits such as the Arabic-Indic One (U+0661) were accepted but not properly parsed as numbers. This…	CWE-1289 安全でない等式による入力の不適切な検証	CVE-2026-49940	2026-06-9 01:35	2026-06-5	表示	GitHub Exploit DB Packet Storm

2492	7.5	HIGH ネットワーク	sanbeg	etsy\	Etsy::StatsD versions through 1.002002 for Perl allow metric injections. The metric names and values are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inj…	CWE-93 CRLF インジェクション	CVE-2026-46741	2026-06-9 01:33	2026-06-5	表示	GitHub Exploit DB Packet Storm

2493	6.5	MEDIUM ネットワーク	google	chrome	Insufficient policy enforcement in Navigation in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions v…	CWE-20 CWE-602 不適切な入力確認サーバ側のセキュリティのクライアント側での実施	CVE-2026-11287	2026-06-9 01:31	2026-06-5	表示	GitHub Exploit DB Packet Storm

2494	5.3	MEDIUM ネットワーク	cosimo	net\	Net::Statsd versions before 0.13 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional st…	CWE-93 CRLF インジェクション	CVE-2026-46739	2026-06-9 01:31	2026-06-5	表示	GitHub Exploit DB Packet Storm

2495	7.5	HIGH ネットワーク	oalders	html\	HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities. The XS routine backing HTML::Entities::_decode_entities cached a pointer (repl) into the entity-value SV retu…	CWE-416 解放済みメモリの使用	CVE-2026-8829	2026-06-9 01:29	2026-06-4	表示	GitHub Exploit DB Packet Storm

2496	5.0	MEDIUM ローカル	google	chrome	Integer overflow in Chromoting in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted ETW event. (Ch…	CWE-472 CWE-190 不変と仮定される Web パラメータの外部制御整数オーバーフローまたはラップアラウンド	CVE-2026-11281	2026-06-9 01:27	2026-06-5	表示	GitHub Exploit DB Packet Storm

2497	5.4	MEDIUM ネットワーク	-	-	IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assi…	CWE-863 不正な認証	CVE-2026-42547	2026-06-9 01:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2498	4.7	MEDIUM ネットワーク	-	-	Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redir…	CWE-602 サーバ側のセキュリティのクライアント側での実施	CVE-2026-42329	2026-06-9 01:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2499	8.8	HIGH ネットワーク	-	-	Froxlor is open source server administration software. Version 2.3.6 contains a symlink-following flaw in the root-owned SSH key synchronization path used for customer FTP users. The provisioning cod…	CWE-59 リンク解釈の問題	CVE-2026-41236	2026-06-9 01:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2500	7.3	HIGH ネットワーク	-	-	A vulnerability was detected in GL.iNet GL-MT3000 4.4.5. This affects the function dlopen in the library /usr/lib/oui-httpd/rpc/ of the component Path Normalization Handler. Performing a manipulation…	CWE-74 CWE-77 インジェクションコマンドインジェクション	CVE-2026-11450	2026-06-9 01:16	2026-06-7	表示	GitHub Exploit DB Packet Storm