NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月24日4:00

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
2501	4.7	MEDIUM ネットワーク	-	-	A weakness has been identified in GL.iNet GL-MT3000 up to 4.4.5. The affected element is the function realpath of the file /rpc of the component Minidlna Service. This manipulation of the argument ku…	CWE-74 CWE-77 インジェクションコマンドインジェクション	CVE-2026-11448	2026-06-9 01:16	2026-06-7	表示	GitHub Exploit DB Packet Storm

2502	9.6	CRITICAL ネットワーク	google	chrome	Insufficient validation of untrusted input in Enterprise Reporting in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a …	CWE-20 不適切な入力確認	CVE-2026-11120	2026-06-9 01:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2503	7.2	HIGH ネットワーク	-	-	A flaw has been found in Shibby Tomato 1.28.0000. This affects the function start_dhcpc of the file /sbin/rc of the component Web UI. This manipulation causes os command injection. It is possible to …	CWE-77 CWE-78 コマンドインジェクション OSコマンド・インジェクション	CVE-2026-10870	2026-06-9 01:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2504	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Convert to DRM's vblank timer Replace vkms' vblank timer with the DRM implementation. The DRM code is identical in conc…	-	CVE-2025-71315	2026-06-9 01:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

2505	4.8	MEDIUM ネットワーク	checkmk	checkmk	Stored cross-site scripting in the global settings change log in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows an administrator who can change global settings to store malicio…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-8078	2026-06-9 00:53	2026-06-8	表示	GitHub Exploit DB Packet Storm

2506	5.4	MEDIUM ネットワーク	checkmk	checkmk	Stored cross-site scripting in the URL dashboard widget in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows a user with dashboard editing permissions to store a URL with a danger…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-7186	2026-06-9 00:53	2026-06-8	表示	GitHub Exploit DB Packet Storm

2507	4.8	MEDIUM ネットワーク	checkmk	checkmk	Stored cross-site scripting in the service discovery active check output in Checkmk <2.5.0p5, <2.4.0p31, <2.3.0p48, and all 2.2.0 versions allows an administrator who can configure active or custom c…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-9549	2026-06-9 00:53	2026-06-8	表示	GitHub Exploit DB Packet Storm

2508	9.6	CRITICAL ネットワーク	google	chrome	Insufficient validation of untrusted input in SiteIsolation in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perfor…	CWE-20 不適切な入力確認	CVE-2026-11056	2026-06-9 00:52	2026-06-5	表示	GitHub Exploit DB Packet Storm

2509	6.5	MEDIUM ネットワーク	google	chrome	Insufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity:…	CWE-20 不適切な入力確認	CVE-2026-11069	2026-06-9 00:52	2026-06-5	表示	GitHub Exploit DB Packet Storm

2510	9.6	CRITICAL ネットワーク	google	chrome	Insufficient validation of untrusted input in Chromoting in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the network process to potentially perform a …	CWE-20 不適切な入力確認	CVE-2026-11070	2026-06-9 00:52	2026-06-5	表示	GitHub Exploit DB Packet Storm

2511	8.8	HIGH ネットワーク	google	chrome	Use after free in Base in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process mem…	CWE-416 解放済みメモリの使用	CVE-2026-11071	2026-06-9 00:51	2026-06-5	表示	GitHub Exploit DB Packet Storm

2512	7.8	HIGH ローカル	google	chrome	Use after free in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to execute arbitrary code via a malicious file. (Chromium security severity: Medium)	CWE-416 解放済みメモリの使用	CVE-2026-11072	2026-06-9 00:51	2026-06-5	表示	GitHub Exploit DB Packet Storm

2513	6.5	MEDIUM ネットワーク	google	chrome	Use after free in WebGL in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security s…	CWE-416 解放済みメモリの使用	CVE-2026-11073	2026-06-9 00:51	2026-06-5	表示	GitHub Exploit DB Packet Storm

2514	6.5	MEDIUM ネットワーク	google	chrome	Out of bounds read in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security …	CWE-125 境界外読み取り	CVE-2026-11075	2026-06-9 00:51	2026-06-5	表示	GitHub Exploit DB Packet Storm

2515	6.5	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML p…	CWE-20 CWE-284 不適切な入力確認不適切なアクセス制御	CVE-2026-11078	2026-06-9 00:51	2026-06-5	表示	GitHub Exploit DB Packet Storm

2516	6.5	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in Printing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. …	CWE-20 不適切な入力確認	CVE-2026-11093	2026-06-9 00:51	2026-06-5	表示	GitHub Exploit DB Packet Storm

2517	9.6	CRITICAL ネットワーク	google	chrome	Use after free in Codecs in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HT…	CWE-416 解放済みメモリの使用	CVE-2026-11094	2026-06-9 00:51	2026-06-5	表示	GitHub Exploit DB Packet Storm

2518	9.9	CRITICAL ネットワーク	termix	termix	Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/file_manager/ssh/resolvePath endpoint in Termix is v…	CWE-78 OSコマンド・インジェクション	CVE-2026-45744	2026-06-9 00:25	2026-06-6	表示	GitHub Exploit DB Packet Storm

2519	9.6	CRITICAL ネットワーク	guardrailsai	guardrails_ai	Guardrails AI is a Python framework that helps build AI applications. On May 11, 2026 at approximately 6:00 PM Pacific, an attacker published a malicious version of `guardrails-ai` (0.10.1) to PyPI. …	CWE-506 埋め込まれた悪意のあるコード	CVE-2026-45758	2026-06-9 00:22	2026-06-6	表示	GitHub Exploit DB Packet Storm

2520	7.8	HIGH ローカル	bitdefender	napoca	Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the BIOS INT 0x15 / E820 memory map handler, implemented in napoca/guests/bios_handlers.c. The handler comput…	CWE-787 境界外書き込み	CVE-2026-10046	2026-06-9 00:18	2026-06-3	表示	GitHub Exploit DB Packet Storm

2521	7.8	HIGH ローカル	bitdefender	napoca	The Bitdefender Napoca bare-metal hypervisor contains an out-of-bounds write vulnerability in the real-mode hook handler, implemented in napoca/kernel/handler.c. The handler uses a guest-controlled S…	CWE-787 境界外書き込み	CVE-2026-10047	2026-06-9 00:17	2026-06-3	表示	GitHub Exploit DB Packet Storm

2522	7.0	HIGH ローカル	-	-	Rejected reason: This CVE ID was assigned as a duplicate of CVE-2026-50292	-	CVE-2026-50265	2026-06-9 00:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2523	7.5	HIGH ネットワーク	-	-	bacnet_stack 1.3.1 contains an Out-of-bounds Read in bacnet_tag_number_decode which allows attackers to cause a denial of service.	CWE-125 境界外読み取り	CVE-2026-38570	2026-06-9 00:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2524	9.8	CRITICAL ネットワーク	-	-	GNCC GP5 v7.1.76 was discovered to utilize a weak hashing algorithm to protect the root password, possibly allowing attackers to obtain root credentials and privileges via a bruteforce attack.	CWE-328 脆弱なハッシュの使用	CVE-2026-36182	2026-06-9 00:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2525	4.6	MEDIUM 物理	-	-	A lack of runtime integrity in GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass file system read-only protections and modify system files and binaries for the duration of a boot sessi…	-	CVE-2026-36180	2026-06-9 00:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2526	4.6	MEDIUM 物理	-	-	GNCC GP5 v7.1.76 was discovered to store sensitive wireless network information in plaintext during routine operations to the serial console. This issue allows physically-proximate attackers to obtai…	CWE-256 平文でパスワードを保存	CVE-2026-36174	2026-06-9 00:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2527	9.8	CRITICAL ネットワーク	-	-	T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 were discovered to contain a hardcoded password for root access under the "superadmin" account.	CWE-259 パスワードがハードコーディングされている	CVE-2026-35905	2026-06-9 00:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2528	9.8	CRITICAL ネットワーク	-	-	Incorrect access control in the web management interface of T3 Technology CPE models T625Pro v1.0.07, T6825G v1.0.03, and T7281 v1.0.03 allows unauthorized attackers to enable the Telnet service via …	CWE-284 不適切なアクセス制御	CVE-2026-35904	2026-06-9 00:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2529	8.4	HIGH ローカル	-	-	clash-verge-service-ipc before 2.3.0 has a world-reachable IPC endpoint, leading to local privilege escalation.	CWE-732 重要なリソースに対する不適切なパーミッションの割り当て	CVE-2026-26422	2026-06-9 00:16	2026-06-7	表示	GitHub Exploit DB Packet Storm

2530	3.5	LOW ネットワーク	-	-	A weakness has been identified in Bolt CMS up to 3.7.5. This vulnerability affects unknown code of the file src/Storage/Field/Type/TextType.php of the component HTML Attribute Handler. Executing a ma…	CWE-74 CWE-80 インジェクションクロスサイトスクリプティング (Basic XSS)	CVE-2026-11511	2026-06-9 00:16	2026-06-8	表示	GitHub Exploit DB Packet Storm

2531	7.1	HIGH ローカル	-	-	Markdown Preview Enhanced 0.8.x with crossnote engine 0.9.28 contains a code injection vulnerability in the WaveDrom rendering pipeline that allows attackers to execute arbitrary JavaScript by embedd…	CWE-95 Evalインジェクション	CVE-2026-11422	2026-06-9 00:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

2532	9.6	CRITICAL ネットワーク	google	chrome	Type Confusion in GPU in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML …	CWE-843 型の取り違え	CVE-2026-11052	2026-06-9 00:08	2026-06-5	表示	GitHub Exploit DB Packet Storm

2533	6.5	MEDIUM ネットワーク	google	chrome	Out of bounds read in ANGLE in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromi…	CWE-125 境界外読み取り	CVE-2026-11051	2026-06-9 00:08	2026-06-5	表示	GitHub Exploit DB Packet Storm

2534	6.5	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass same origin policy via a crafted…	CWE-346 同一生成元ポリシー違反	CVE-2026-11048	2026-06-9 00:04	2026-06-5	表示	GitHub Exploit DB Packet Storm

2535	9.6	CRITICAL ネットワーク	google	chrome	Inappropriate implementation in Base in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via …	CWE-20 不適切な入力確認	CVE-2026-11047	2026-06-9 00:03	2026-06-5	表示	GitHub Exploit DB Packet Storm

2536	7.5	HIGH ネットワーク	-	-	Comodo Internet Security's firewall driver Inspect.sys contains an integer underflow in its IPv6 packet parser. The parser decrements an unsigned 64-bit payload-length value (taken from the IPv6 fixe…	CWE-191 整数アンダーフロー	CVE-2026-49494	2026-06-9 00:03	2026-06-7	表示	GitHub Exploit DB Packet Storm

2537	6.5	MEDIUM ネットワーク	google	chrome	Insufficient validation of untrusted input in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive informatio…	CWE-20 不適切な入力確認	CVE-2026-11045	2026-06-9 00:02	2026-06-5	表示	GitHub Exploit DB Packet Storm

2538	8.0	HIGH ネットワーク	termix	termix	Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Starting in version 1.7.0, Termix Desktop (Electron) disables TLS certificate validation,…	CWE-295 不正な証明書検証	CVE-2026-45745	2026-06-9 00:02	2026-06-6	表示	GitHub Exploit DB Packet Storm

2539	-	-	-	-	Internationalized Domain Names in Applications (IDNA) for Python provides support for Internationalized Domain Names in Applications (IDNA) and Unicode IDNA Compatibility Processing. In versions prio…	CWE-1333 非効率的な正規表現の複雑さ	CVE-2026-45409	2026-06-9 00:02	2026-06-6	表示	GitHub Exploit DB Packet Storm

2540	6.5	MEDIUM ネットワーク	google	chrome	Integer overflow in ANGLE in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium s…	CWE-472 CWE-190 不変と仮定される Web パラメータの外部制御整数オーバーフローまたはラップアラウンド	CVE-2026-11044	2026-06-9 00:01	2026-06-5	表示	GitHub Exploit DB Packet Storm

2541	-	-	-	-	A stack‑based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF CreateUsers service, where the device fails to properly validate the number of XML user nodes during request processi…	CWE-121 スタックオーバーフロー	CVE-2026-6239	2026-06-9 00:01	2026-06-6	表示	GitHub Exploit DB Packet Storm

2542	-	-	-	-	A stack-based buffer overflow vulnerability exists in Tapo C520WS v2 in the ONVIF DeleteUsers service, due to insufficient boundary checks when handling multiple user deletion parameters. An authenti…	CWE-121 スタックオーバーフロー	CVE-2026-6240	2026-06-9 00:01	2026-06-6	表示	GitHub Exploit DB Packet Storm

2543	-	-	-	-	An authenticated format string vulnerability is present in the ONVIF AddScopes in Tapo C520WS v2, where user-controlled input is improperly passed to formatting functions without adequate sanitizatio…	CWE-134 書式文字列の問題	CVE-2026-6241	2026-06-9 00:01	2026-06-6	表示	GitHub Exploit DB Packet Storm

2544	-	-	-	-	An authenticated format string vulnerability exists in the ONVIF Subscribe service in Tapo C520WS v2 due to improper handling of externally supplied parameters within formatting functions. An attacke…	CWE-134 書式文字列の問題	CVE-2026-6242	2026-06-9 00:01	2026-06-6	表示	GitHub Exploit DB Packet Storm

2545	-	-	-	-	On Tapo C520WS v2, restricted accounts (for example, hub users) are intended to execute only a limited set of low‑sensitivity operations. Due to a logic flaw in the device’s API authorization mechani…	CWE-287 不適切な認証	CVE-2026-34123	2026-06-9 00:01	2026-06-6	表示	GitHub Exploit DB Packet Storm

2546	-	-	-	-	This vulnerability exists in Bagisto due to improper validation of user-supplied input in the ImageCacheController component. An unauthenticated remote attacker could exploit this vulnerability by se…	CWE-22 パス・トラバーサル	CVE-2026-9506	2026-06-9 00:01	2026-06-8	表示	GitHub Exploit DB Packet Storm

2547	-	-	-	-	A path traversal vulnerability exists in the Altium Enterprise Server Collaboration Service due to improper handling of user-supplied filenames in the MCAD and Simulation file download flows. A regul…	CWE-22 CWE-269 パス・トラバーサル不適切な権限管理	CVE-2026-11423	2026-06-9 00:00	2026-06-6	表示	GitHub Exploit DB Packet Storm

2548	-	-	-	-	A server-side request forgery (SSRF) vulnerability exists in a GraphQL service component shared by Altium Enterprise Server and Altium 365. An authenticated user can submit a request whose input is t…	CWE-200 CWE-918 情報漏えいサーバサイドリクエストフォージェリ	CVE-2026-11424	2026-06-9 00:00	2026-06-6	表示	GitHub Exploit DB Packet Storm

2549	-	-	-	-	A path traversal vulnerability exists in the Projects Service download endpoint shared by Altium Enterprise Server and Altium 365. An authenticated user can supply a crafted path parameter that bypas…	CWE-22 CWE-200 パス・トラバーサル情報漏えい	CVE-2026-11431	2026-06-9 00:00	2026-06-6	表示	GitHub Exploit DB Packet Storm

2550	8.1	HIGH ネットワーク	termix	termix	Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The `POST /users/totp/disable` and `POST /users/totp/backup-codes` endpoints in Termix pr…	CWE-308 単一要素認証の使用	CVE-2026-45749	2026-06-8 23:59	2026-06-6	表示	GitHub Exploit DB Packet Storm