NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月24日4:00

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
2551	6.4	MEDIUM ネットワーク	-	-	WordPress Plugin WP-Paginate 2.1.3 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by manipulating the preset parameter. Attackers…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2021-47982	2026-06-8 23:59	2026-06-8	表示	GitHub Exploit DB Packet Storm

2552	6.4	MEDIUM ネットワーク	-	-	WordPress Plugin Stripe Payments 2.0.39 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the AcceptStripePayments-settings[…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2021-47983	2026-06-8 23:59	2026-06-8	表示	GitHub Exploit DB Packet Storm

2553	6.4	MEDIUM ネットワーク	-	-	WordPress Plugin WP24 Domain Check 1.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the fieldn…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2021-47984	2026-06-8 23:59	2026-06-8	表示	GitHub Exploit DB Packet Storm

2554	6.2	MEDIUM ローカル	-	-	WordPress Plugin admin-word-count-column 2.2 contains a local file read vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting null byte injection in the path param…	CWE-22 パス・トラバーサル	CVE-2022-50953	2026-06-8 23:59	2026-06-8	表示	GitHub Exploit DB Packet Storm

2555	7.5	HIGH ネットワーク	-	-	WordPress Augmented-Reality plugin contains a remote code execution vulnerability in the elFinder connector that allows unauthenticated attackers to upload and execute arbitrary PHP files. Attackers …	CWE-306 重要な機能に対する認証の欠如解説	CVE-2023-54350	2026-06-8 23:59	2026-06-8	表示	GitHub Exploit DB Packet Storm

2556	7.2	HIGH ネットワーク	-	-	WordPress Sonaar Music Plugin 4.7 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the comment functionality. Attackers c…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2023-54351	2026-06-8 23:59	2026-06-8	表示	GitHub Exploit DB Packet Storm

2557	9.8	CRITICAL ネットワーク	-	-	WordPress Seotheme contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by uploading malicious files to the theme directory. Attackers ca…	CWE-306 重要な機能に対する認証の欠如解説	CVE-2023-54352	2026-06-8 23:59	2026-06-8	表示	GitHub Exploit DB Packet Storm

2558	9.8	CRITICAL ネットワーク	-	-	WordPress Background Image Cropper version 1.2 contains a remote code execution vulnerability that allows unauthenticated attackers to upload arbitrary files by accessing the ups.php endpoint. Attack…	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2024-58348	2026-06-8 23:59	2026-06-8	表示	GitHub Exploit DB Packet Storm

2559	9.8	CRITICAL ネットワーク	-	-	WordPress Theme Travelscape 1.0.3 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by exploiting insufficient validation in the theme's …	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2024-58349	2026-06-8 23:59	2026-06-8	表示	GitHub Exploit DB Packet Storm

2560	7.5	HIGH ネットワーク	-	-	A flaw was found in Samba’s WINS server component when running as an Active Directory Domain Controller. The WINS protocol handlers for certain request types did not properly validate incoming packet…	CWE-476 NULL ポインタデリファレンス	CVE-2026-3238	2026-06-8 23:59	2026-06-8	表示	GitHub Exploit DB Packet Storm

2561	5.4	MEDIUM ネットワーク	-	-	A flaw was found in Quay. The filedrop endpoint accepts any mime type without validation, allowing an authenticated user with repository write access to upload a malicious SVG file containing JavaScr…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-11569	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2562	-	-	-	-	## Summary The iOS implementation of `cordova-plugin-inappbrowser` passes the `id` field from a `WKScriptMessage` body to `commandDelegate sendPluginResult:callbackId:` with no format validation (`C…	CWE-20 不適切な入力確認	CVE-2026-47430	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2563	7.4	HIGH ネットワーク	-	-	A weakness in the certificate validation logic of the deprecated IKEv1 key exchange may allow an unauthenticated attacker positioned as a man-in-the-middle to bypass certificate validation in VPN sit…	CWE-295 不正な証明書検証	CVE-2026-50752	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2564	3.8	LOW ネットワーク	-	-	The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the delete_cancel_staging_si…	CWE-73 ファイル名やパス名の外部制御	CVE-2025-12656	2026-06-8 23:57	2026-06-6	表示	GitHub Exploit DB Packet Storm

2565	4.3	MEDIUM ネットワーク	-	-	The Alba Board plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.1.3. This is due to the plugin not properly verifying that a user is authorized to pe…	CWE-862 認証の欠如	CVE-2026-7523	2026-06-8 23:57	2026-06-6	表示	GitHub Exploit DB Packet Storm

2566	7.5	HIGH ネットワーク	-	-	The WP User Manager – User Profile Builder & Membership plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.17 via the (profile template scope) functi…	CWE-22 パス・トラバーサル	CVE-2026-9290	2026-06-8 23:57	2026-06-6	表示	GitHub Exploit DB Packet Storm

2567	4.3	MEDIUM ネットワーク	-	-	The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missin…	CWE-352 同一生成元ポリシー違反	CVE-2026-9719	2026-06-8 23:57	2026-06-6	表示	GitHub Exploit DB Packet Storm

2568	8.8	HIGH ネットワーク	-	-	The Admin Columns plugin for WordPress is vulnerable to PHP Object Injection leading to Remote Code Execution in versions up to and including 7.0.18. This is due to the use of `unserialize()` without…	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2026-7654	2026-06-8 23:57	2026-06-6	表示	GitHub Exploit DB Packet Storm

2569	4.3	MEDIUM ネットワーク	-	-	The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insecure Direct Object Reference / Authorization Bypass leading to A…	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-10038	2026-06-8 23:57	2026-06-6	表示	GitHub Exploit DB Packet Storm

2570	4.9	MEDIUM ネットワーク	-	-	The Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'order' parameter in all versions up to, and including, 11.1…	CWE-89 SQLインジェクション	CVE-2026-6448	2026-06-8 23:57	2026-06-6	表示	GitHub Exploit DB Packet Storm

2571	4.3	MEDIUM ネットワーク	-	-	The Frontend User Notes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the funp_…	CWE-352 同一生成元ポリシー違反	CVE-2026-7047	2026-06-8 23:57	2026-06-6	表示	GitHub Exploit DB Packet Storm

2572	5.3	MEDIUM ネットワーク	-	-	The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 2.1.0. This is du…	CWE-345 データの信頼性についての不十分な検証	CVE-2026-8608	2026-06-8 23:57	2026-06-6	表示	GitHub Exploit DB Packet Storm

2573	7.2	HIGH ネットワーク	-	-	The MDJM Event Management plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7.8.3 via the mdjm_send_comm_email function. This is due to no file type,…	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2026-7537	2026-06-8 23:57	2026-06-6	表示	GitHub Exploit DB Packet Storm

2574	4.9	MEDIUM ネットワーク	-	-	The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to Arbitrary File Read via Directory Traversal in all versions up to, and including, 4.1.4 via the 'import-user-file' param…	CWE-22 パス・トラバーサル	CVE-2026-7565	2026-06-8 23:57	2026-06-6	表示	GitHub Exploit DB Packet Storm

2575	5.3	MEDIUM ネットワーク	-	-	The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.6.4 via the ajax_load_mor…	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-7665	2026-06-8 23:57	2026-06-6	表示	GitHub Exploit DB Packet Storm

2576	6.4	MEDIUM ネットワーク	-	-	The Express Payment For Stripe plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'type' attribute of the [stripe-express] shortcode in versions up to, and including, 1.28.0. T…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-8893	2026-06-8 23:57	2026-06-6	表示	GitHub Exploit DB Packet Storm

2577	6.4	MEDIUM ネットワーク	-	-	The Simple SEO Slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Shortcode Attributes in all versions up to, and including, 1.2.8 due to insufficient input sanitization …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-8900	2026-06-8 23:57	2026-06-6	表示	GitHub Exploit DB Packet Storm

2578	4.3	MEDIUM ネットワーク	-	-	The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.7…	CWE-862 認証の欠如	CVE-2026-8976	2026-06-8 23:57	2026-06-6	表示	GitHub Exploit DB Packet Storm

2579	7.2	HIGH ネットワーク	-	-	The All-In-One Security (AIOS) – Security and Firewall plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.4.7. This is due to insufficient input sanit…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-8438	2026-06-8 23:57	2026-06-6	表示	GitHub Exploit DB Packet Storm

2580	7.2	HIGH ネットワーク	-	-	The Integration for Freshsales – Contact Form 7, WPForms, Elementor, Gravity Forms and More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Form Submission Data in all versions …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-8901	2026-06-8 23:57	2026-06-6	表示	GitHub Exploit DB Packet Storm

2581	6.4	MEDIUM ネットワーク	-	-	The EmbedPress – PDF Embedder, Embed PDF viewer, YouTube Videos, 3D FlipBook, Social feeds & more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the block 'url' attribute in al…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-7796	2026-06-8 23:57	2026-06-6	表示	GitHub Exploit DB Packet Storm

2582	4.9	MEDIUM ネットワーク	-	-	The OptinCraft – Drag & Drop Optins & Popup Builder for WordPress plugin for WordPress is vulnerable to generic SQL Injection via the 'order_by' parameter in all versions up to, and including, 1.2.0 …	CWE-89 SQLインジェクション	CVE-2026-8978	2026-06-8 23:57	2026-06-6	表示	GitHub Exploit DB Packet Storm

2583	4.4	MEDIUM ネットワーク	-	-	The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'drag_n_drop_text' and 'drag_n_drop_browse_text' Settings in all versio…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-8991	2026-06-8 23:57	2026-06-6	表示	GitHub Exploit DB Packet Storm

2584	4.9	MEDIUM ネットワーク	-	-	The Smart Slider 3 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.5.1.36 via the replaceHTMLImage function. This makes it possible for authenticated…	CWE-22 パス・トラバーサル	CVE-2026-9197	2026-06-8 23:57	2026-06-6	表示	GitHub Exploit DB Packet Storm

2585	4.3	MEDIUM ネットワーク	-	-	The Page-list plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 6.2. This is due to the pagelist_unqprfx_ext_shortcode() function (the [pagelist_ext] /…	CWE-862 認証の欠如	CVE-2026-9008	2026-06-8 23:57	2026-06-6	表示	GitHub Exploit DB Packet Storm

2586	6.4	MEDIUM ネットワーク	-	-	The Master Addons For Elementor – Widgets, Extensions, Theme Builder, Popup Builder & Template Kits plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'jtlma_custom_js' Page Settin…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-9281	2026-06-8 23:57	2026-06-6	表示	GitHub Exploit DB Packet Storm

2587	4.4	MEDIUM ネットワーク	-	-	The Quick Playground plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.4. This is due to the `qckply_data()` function passing the user-supplied `filename`…	CWE-22 パス・トラバーサル	CVE-2026-2500	2026-06-8 23:57	2026-06-6	表示	GitHub Exploit DB Packet Storm

2588	6.6	MEDIUM ネットワーク	-	-	The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.1.4 via deserialization of untrusted input . This makes it …	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2026-7566	2026-06-8 23:57	2026-06-6	表示	GitHub Exploit DB Packet Storm

2589	5.3	MEDIUM ネットワーク	-	-	The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to an…	CWE-345 データの信頼性についての不十分な検証	CVE-2026-7792	2026-06-8 23:57	2026-06-6	表示	GitHub Exploit DB Packet Storm

2590	4.3	MEDIUM ネットワーク	-	-	The Klamra Paycal for Aspaclaria plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.4 via the 'invoice_id' parameter due to missing valid…	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-8611	2026-06-8 23:57	2026-06-6	表示	GitHub Exploit DB Packet Storm

2591	6.3	MEDIUM ネットワーク	-	-	A vulnerability was identified in vertex-app vertex up to 2026.02.12. This issue affects some unknown processing of the file app/model/LogMod.js of the component Log Viewer Endpoint. Such manipulatio…	CWE-77 CWE-78 コマンドインジェクション OSコマンド・インジェクション	CVE-2026-11408	2026-06-8 23:57	2026-06-6	表示	GitHub Exploit DB Packet Storm

2592	4.4	MEDIUM ローカル	-	-	A security flaw has been discovered in iAI Lab PDF AI App 4.21.0 on Android. Impacted is the function getExternalCacheDir of the component chatpdf.pro. Performing a manipulation of the argument _disp…	CWE-22 パス・トラバーサル	CVE-2026-11411	2026-06-8 23:57	2026-06-6	表示	GitHub Exploit DB Packet Storm

2593	6.4	MEDIUM ネットワーク	-	-	The Click to Chat – WA Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the [chat] shortcode 'num' parameter in all versions up to, and including, 4.38. This is due to ins…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-7795	2026-06-8 23:57	2026-06-6	表示	GitHub Exploit DB Packet Storm

2594	5.3	MEDIUM ネットワーク	-	-	The LearnPress – WordPress LMS Plugin for Create and Sell Online Courses plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.6 via the 'retu…	CWE-862 認証の欠如	CVE-2026-8502	2026-06-8 23:57	2026-06-6	表示	GitHub Exploit DB Packet Storm

2595	6.1	MEDIUM ネットワーク	-	-	The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URL Parameters in iframe Mode in all versions up to, and including, 2.8.15 due to i…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-9280	2026-06-8 23:57	2026-06-6	表示	GitHub Exploit DB Packet Storm

2596	4.3	MEDIUM ネットワーク	-	-	The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due to the plugin not properly verifying that a user i…	CWE-862 認証の欠如	CVE-2026-7624	2026-06-8 23:57	2026-06-6	表示	GitHub Exploit DB Packet Storm

2597	5.3	MEDIUM ネットワーク	-	-	The MapPress Maps for WordPress plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and including, 2.96.6. This is due to missing ownership v…	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-8839	2026-06-8 23:57	2026-06-6	表示	GitHub Exploit DB Packet Storm

2598	6.3	MEDIUM ネットワーク	-	-	A weakness has been identified in Jinher OA C6. The affected element is an unknown function of the file /C6/JHSoft.Web.ModuleCount/GetFormSn.aspx. Executing a manipulation of the argument queryID can…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11412	2026-06-8 23:57	2026-06-6	表示	GitHub Exploit DB Packet Storm

2599	7.3	HIGH ネットワーク	-	-	A security vulnerability has been detected in Jinher OA 1.0. This affects an unknown function of the file nextselectplan.aspx. Such manipulation of the argument httpOID leads to sql injection. The at…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11435	2026-06-8 23:57	2026-06-7	表示	GitHub Exploit DB Packet Storm

2600	4.3	MEDIUM ネットワーク	-	-	A vulnerability was detected in Mage AI up to 0.9.79. This impacts the function useMutation of the file mage_ai/frontend/components/Sessions/SignForm/index.tsx of the component Sign-in Flow. Performi…	CWE-79 CWE-94 クロスサイト・スクリプティング（XSS）コード・インジェクション	CVE-2026-11436	2026-06-8 23:57	2026-06-7	表示	GitHub Exploit DB Packet Storm