NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月25日4:04

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
2601	5.3	MEDIUM ネットワーク	-	-	The Debug Log Manager – Conveniently Monitor and Inspect Errors plugin for WordPress is vulnerable to Improper Output Neutralization for Logs in all versions up to, and including, 2.5.0. This is due …	CWE-117 不適切なログ出力の無効化	CVE-2026-9016	2026-06-8 23:57	2026-06-6	表示	GitHub Exploit DB Packet Storm

2602	4.4	MEDIUM ネットワーク	-	-	The WP Maps – Google Maps,OpenStreetMap,Mapbox,Store Locator,Listing,Directory & Filters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'location_messages' parameter in all…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-9594	2026-06-8 23:57	2026-06-6	表示	GitHub Exploit DB Packet Storm

2603	6.5	MEDIUM ネットワーク	-	-	The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to time-based SQL Injection via 'compact_album_order_by' Shortcode Parameter in all versions up to, and i…	CWE-89 SQLインジェクション	CVE-2026-9829	2026-06-8 23:57	2026-06-6	表示	GitHub Exploit DB Packet Storm

2604	7.2	HIGH ネットワーク	-	-	The Booking Package plugin for WordPress is vulnerable to Privilege Escalation via Account Takeover in versions up to, and including, 1.7.16. This is due to a missing capability check on the 'updateU…	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-9851	2026-06-8 23:57	2026-06-6	表示	GitHub Exploit DB Packet Storm

2605	6.3	MEDIUM ネットワーク	-	-	A vulnerability was determined in GL.iNet MT3000 up to 4.4.5. This vulnerability affects unknown code of the file ovpnclient.sh of the component OpenVPN Client Import Workflow. This manipulation caus…	CWE-74 CWE-77 インジェクションコマンドインジェクション	CVE-2026-11406	2026-06-8 23:57	2026-06-6	表示	GitHub Exploit DB Packet Storm

2606	7.3	HIGH ネットワーク	-	-	A flaw has been found in perfree go-fastdfs-web up to 1.3.7. Affected is the function checkServer of the file /install/checkServer of the component Installation Endpoint. Executing a manipulation can…	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-11437	2026-06-8 23:57	2026-06-7	表示	GitHub Exploit DB Packet Storm

2607	6.3	MEDIUM ネットワーク	-	-	A vulnerability has been found in theonedev onedev up to 15.0.5. Affected by this vulnerability is an unknown functionality of the file /projects. The manipulation of the argument project.forkedFromI…	CWE-266 CWE-285 不適切な権限設定不適切な認可	CVE-2026-11438	2026-06-8 23:57	2026-06-7	表示	GitHub Exploit DB Packet Storm

2608	6.3	MEDIUM ネットワーク	-	-	A vulnerability was found in theonedev onedev up to 15.0.5. Affected by this issue is some unknown functionality of the file /projects/ of the component Parent Project Handler. The manipulation of th…	CWE-266 CWE-285 不適切な権限設定不適切な認可	CVE-2026-11439	2026-06-8 23:57	2026-06-7	表示	GitHub Exploit DB Packet Storm

2609	6.3	MEDIUM ネットワーク	-	-	A vulnerability was determined in theonedev onedev up to 15.0.5. This affects an unknown part of the file /repositories/{projectId}/default-branch of the component REST API. This manipulation of the …	CWE-266 CWE-285 不適切な権限設定不適切な認可	CVE-2026-11440	2026-06-8 23:57	2026-06-7	表示	GitHub Exploit DB Packet Storm

2610	6.3	MEDIUM ネットワーク	-	-	A vulnerability was identified in theonedev onedev up to 15.0.5. This vulnerability affects the function canAccessIssue of the file /issues/ of the component Pull Request Handler. Such manipulation o…	CWE-266 CWE-285 不適切な権限設定不適切な認可	CVE-2026-11441	2026-06-8 23:57	2026-06-7	表示	GitHub Exploit DB Packet Storm

2611	6.3	MEDIUM ネットワーク	-	-	A security flaw has been discovered in GL.iNet GL-MT3000 up to 4.4.5. Impacted is the function iwinfo_backend of the file iwinfo.so of the component MTK Backend. The manipulation of the argument devi…	CWE-74 CWE-77 インジェクションコマンドインジェクション	CVE-2026-11447	2026-06-8 23:57	2026-06-7	表示	GitHub Exploit DB Packet Storm

2612	6.3	MEDIUM ネットワーク	-	-	A vulnerability was found in Tiobon Employee Self-Service System up to 7.2. Affected by this vulnerability is an unknown functionality of the file /Blog/BlogSearch.aspx of the component Login Endpoin…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11453	2026-06-8 23:57	2026-06-7	表示	GitHub Exploit DB Packet Storm

2613	7.3	HIGH ネットワーク	-	-	A vulnerability was identified in Chanjet CRM 1.0. This affects an unknown part of the file /tools/jxf_dump_systable.php of the component HTTP GET Request Handler. Such manipulation of the argument g…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11456	2026-06-8 23:57	2026-06-7	表示	GitHub Exploit DB Packet Storm

2614	7.3	HIGH ネットワーク	-	-	A vulnerability has been found in GL.iNet GL-MT3000 up to 4.4.5. Affected is the function FUN_0042e200 of the file /cgi-bin/glc of the component SET_USER_PWD Handler. The manipulation of the argument…	CWE-74 CWE-77 インジェクションコマンドインジェクション	CVE-2026-11452	2026-06-8 23:57	2026-06-7	表示	GitHub Exploit DB Packet Storm

2615	5.0	MEDIUM ネットワーク	-	-	A vulnerability was determined in FoundationAgents MetaGPT up to 0.8.2. Affected by this issue is the function check_cmd_exists of the file metagpt/utils/common.py. This manipulation of the argument …	CWE-74 CWE-77 インジェクションコマンドインジェクション	CVE-2026-11455	2026-06-8 23:57	2026-06-7	表示	GitHub Exploit DB Packet Storm

2616	7.3	HIGH ネットワーク	-	-	A security flaw has been discovered in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This vulnerability affects unknown code of the file /base-boot/jmreport/testConnection of the …	CWE-74 CWE-707 インジェクションメッセージまたはデータ構造の不適切な強制	CVE-2026-11457	2026-06-8 23:57	2026-06-7	表示	GitHub Exploit DB Packet Storm

2617	5.3	MEDIUM ネットワーク	-	-	A weakness has been identified in erzhongxmu JeeWMS up to 141740afb2ba14d441c82a833d0a418d07ca2d69. This issue affects some unknown processing of the file /base-boot/actuator of the component Boot Ac…	CWE-200 CWE-284 情報漏えい不適切なアクセス制御	CVE-2026-11458	2026-06-8 23:57	2026-06-7	表示	GitHub Exploit DB Packet Storm

2618	7.3	HIGH ネットワーク	-	-	A flaw has been found in Boost Serialization up to 1.91. The impacted element is an unknown function. This manipulation causes improper validation of specified type of input. It is possible to initia…	CWE-20 CWE-1287 不適切な入力確認指定されたタイプの入力に対する不適切な検証	CVE-2026-11460	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2619	7.3	HIGH ネットワーク	-	-	A vulnerability was determined in USCiLab Cereal up to 1.3.2. Affected is an unknown function of the component Shared Pointer Handler. Executing a manipulation can lead to type confusion. The attack …	CWE-843 型の取り違え	CVE-2026-11463	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2620	3.1	LOW ネットワーク	-	-	A security flaw has been discovered in songquanpeng one-api up to 0.6.11-preview.7. Affected by this issue is the function Redeem of the file model/redemption.go of the component Redemption Code Top-…	CWE-840 ビジネスロジックエラー	CVE-2026-11465	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2621	5.4	MEDIUM ネットワーク	-	-	A weakness has been identified in zilliztech deep-searcher up to 0.0.2. This affects the function CollectionRouter.invoke of the file deepsearcher/agent/collection_router.py. This manipulation of the…	CWE-266 CWE-284 不適切な権限設定不適切なアクセス制御	CVE-2026-11466	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2622	7.3	HIGH ネットワーク	-	-	A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. This impacts the function callback of the file plugins/Stripe/Controllers/StripeController.php of the compo…	CWE-266 CWE-285 不適切な権限設定不適切な認可	CVE-2026-11462	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2623	3.1	LOW ネットワーク	-	-	A vulnerability was identified in JeecgBoot up to 3.9.2. Affected by this vulnerability is the function queryPageList of the file src\main\java\org\jeecg\modules\system\controller\SysUserController.j…	CWE-200 CWE-284 情報漏えい不適切なアクセス制御	CVE-2026-11464	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2624	5.4	MEDIUM ネットワーク	-	-	A security vulnerability has been detected in jishenghua jshERP up to 3.6. This vulnerability affects the function addAccountHeadAndDetail of the file jshERP-boot/src/main/java/com/jsh/erp/service/Ac…	CWE-22 パス・トラバーサル	CVE-2026-11467	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2625	2.4	LOW ネットワーク	-	-	A vulnerability was detected in SourceCodester Hospitals Patient Records Management System 1.0. This issue affects some unknown processing of the file /admin/?page=room_types. Performing a manipulati…	CWE-79 CWE-94 クロスサイト・スクリプティング（XSS）コード・インジェクション	CVE-2026-11468	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2626	4.7	MEDIUM ネットワーク	-	-	A flaw has been found in jishenghua jshERP up to 3.6. Impacted is the function insertPlatformConfig of the file jshERP-boot/src/main/java/com/jsh/erp/service/PlatformConfigService.java of the compone…	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-11469	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2627	6.3	MEDIUM ネットワーク	-	-	A vulnerability has been found in hs-web hsweb-framework up to 5.0.1. The affected element is the function denied of the file hsweb-system/hsweb-system-file/src/main/java/org/hswebframework/web/file/…	CWE-22 パス・トラバーサル	CVE-2026-11470	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2628	7.3	HIGH ネットワーク	-	-	A vulnerability was found in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /index2.php. The manipulation of the argument Password resul…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11471	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2629	7.3	HIGH ネットワーク	-	-	A vulnerability was determined in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /index1.php. This manipulation of the argument Password causes sql…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11472	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2630	6.3	MEDIUM ネットワーク	-	-	A vulnerability was identified in jflyfox jfinal_cms up to 5.1.0. This impacts the function list of the file AdvicefeedbackController.java. Such manipulation of the argument orderBy leads to sql inje…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11473	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2631	7.3	HIGH ネットワーク	-	-	A security flaw has been discovered in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected is an unknown function of the file service/RegisterService.php of th…	CWE-284 CWE-434 不適切なアクセス制御危険なタイプのファイルの無制限アップロード	CVE-2026-11474	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2632	4.3	MEDIUM ネットワーク	-	-	A vulnerability was detected in hs-web hsweb-framework up to 5.0.1. This affects the function OAuth2Client of the file hsweb-authorization/hsweb-authorization-oauth2/src/main/java/org/hswebframework/…	CWE-601 オープンリダイレクト	CVE-2026-11477	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2633	4.2	MEDIUM ネットワーク	-	-	A vulnerability has been found in yoanbernabeu grepai 0.35.0. This issue affects some unknown processing of the file indexer/chunker.go of the component Qdrant Backend. Such manipulation leads to use…	CWE-327 CWE-328 不完全、または危険な暗号アルゴリズムの使用脆弱なハッシュの使用	CVE-2026-11479	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2634	7.3	HIGH ネットワーク	-	-	A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0. The impacted element is an unknown function of the file /archive5.php. The manipulation of the argument sy lead…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11482	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2635	7.3	HIGH ネットワーク	-	-	A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0. This affects an unknown function of the file /archive4.php. The manipulation of the argument sy results in…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11483	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2636	6.3	MEDIUM ネットワーク	-	-	A weakness has been identified in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected by this vulnerability is the function getStatus of the file controllers/G…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11475	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2637	6.3	MEDIUM ネットワーク	-	-	A security vulnerability has been detected in Kushan2k student-management-system up to f16a4ceaddd6729c4b306ed4641cda3176c1ef2a. Affected by this issue is the function edit-admin of the file controll…	CWE-266 CWE-285 不適切な権限設定不適切な認可	CVE-2026-11476	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2638	3.3	LOW ローカル	-	-	A flaw has been found in kokke tiny-regex-c up to f2632c6d9ed25272987471cdb8b70395c2460bdb. This vulnerability affects the function matchstar of the file re.c of the component Pattern Handler. This m…	CWE-400 CWE-1333 リソースの枯渇非効率的な正規表現の複雑さ	CVE-2026-11478	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2639	6.3	MEDIUM ネットワーク	-	-	A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. Impacted is an unknown function of the file beike/Admin/Routes/admin.php of the component Admin Design Buil…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11480	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2640	2.5	LOW ローカル	-	-	A vulnerability was determined in yoanbernabeu grepai up to 0.35.0. The affected element is the function PostgresStore.LookupByContentHash of the file indexer/chunker.go of the component Postgres Emb…	CWE-327 CWE-328 不完全、または危険な暗号アルゴリズムの使用脆弱なハッシュの使用	CVE-2026-11481	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2641	7.3	HIGH ネットワーク	-	-	A weakness has been identified in SourceCodester Class and Exam Timetabling System 1.0. This impacts an unknown function of the file /archive3.php. This manipulation of the argument sy causes sql inj…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11484	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2642	7.3	HIGH ネットワーク	-	-	A security vulnerability has been detected in SourceCodester Class and Exam Timetabling System 1.0. Affected is an unknown function of the file /archive2.php. Such manipulation of the argument sy lea…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11485	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2643	7.3	HIGH ネットワーク	-	-	A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. Affected by this vulnerability is an unknown functionality of the file /archive1.php. Performing a manipulation o…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11486	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2644	5.3	MEDIUM ローカル	-	-	A flaw has been found in Neovim up to 0.12.2. Affected by this issue is the function M.read of the file runtime/lua/vim/secure.lua of the component View Branch. Executing a manipulation of the argume…	CWE-74 CWE-77 インジェクションコマンドインジェクション	CVE-2026-11487	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2645	7.3	HIGH ネットワーク	-	-	A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. This affects an unknown part of the file checkUser.php of the component POST Parameter Handler. The manipulati…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11488	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2646	7.3	HIGH ネットワーク	-	-	A vulnerability was found in code-projects Online Music Site 1.0. This vulnerability affects unknown code of the file /Administrator/PHP/AdminDeleteAlbum.php. The manipulation of the argument ID resu…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11489	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2647	7.3	HIGH ネットワーク	-	-	A vulnerability was determined in code-projects Online Music Site 1.0. This issue affects some unknown processing of the file /Frontend/Search.php. This manipulation of the argument Category causes s…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11490	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2648	2.4	LOW ネットワーク	-	-	A vulnerability was identified in CodeAstro Human Resource Management System 1.0. Impacted is an unknown function of the file /notice/All_notice of the component Notice Board Management. Such manipul…	CWE-79 CWE-94 クロスサイト・スクリプティング（XSS）コード・インジェクション	CVE-2026-11491	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2649	5.0	MEDIUM 隣接	-	-	A weakness has been identified in Tenda AC15 15.03.05.19. The impacted element is an unknown function of the file /etc_ro/smb.conf of the component Samba. Executing a manipulation can lead to weak pa…	CWE-521 脆弱なパスワードポリシー	CVE-2026-11493	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2650	6.3	MEDIUM ネットワーク	-	-	A vulnerability was detected in CodeAstro Ingredients Stock Management System 1.0. This impacts an unknown function of the file /Ingredients-Stock/add_stock.php. The manipulation of the argument ID r…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11495	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm