NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月25日4:04

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
2651	8.8	HIGH ネットワーク	-	-	A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. Affected by this issue is the function asp_voip_OtherSet of the file /boaform/voip_other_set of the component Web Management Inte…	CWE-119 CWE-121 バッファエラースタックオーバーフロー	CVE-2026-11498	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2652	9.8	CRITICAL ネットワーク	-	-	A vulnerability was determined in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formDOMAINBLK of the file /boaform/formDOMAINBLK. Executing a manipulation of the argument blkDoma…	CWE-119 CWE-121 バッファエラースタックオーバーフロー	CVE-2026-11499	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2653	7.3	HIGH ネットワーク	-	-	A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. This issue affects some unknown processing of the file /classes/Master.php?f=save_patient. The m…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11501	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2654	8.8	HIGH ネットワーク	-	-	A security vulnerability has been detected in Tenda CX12L 16.03.53.12. The affected element is the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set of the component Wi-Fi…	CWE-119 CWE-121 バッファエラースタックオーバーフロー	CVE-2026-11503	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2655	5.0	MEDIUM ネットワーク	-	-	A vulnerability was identified in Weaviate up to 1.37.7. This vulnerability affects the function validateConfig of the file usecases/auth/authentication/apikey/client.go of the component Static API K…	CWE-285 CWE-639 不適切な認可ユーザ制御の鍵による認証回避	CVE-2026-11500	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2656	3.1	LOW ネットワーク	-	-	A weakness has been identified in JeecgBoot up to 3.9.2. Impacted is the function HttpServletResponse.sendRedirect of the file jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/sys…	CWE-601 オープンリダイレクト	CVE-2026-11502	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2657	8.8	HIGH ネットワーク	-	-	A vulnerability was detected in Tenda CX12L 16.03.53.12. The impacted element is the function setSchedWifi of the file /goform/openSchedWifi of the component Wi-Fi Schedule Configuration Endpoint. Pe…	CWE-119 CWE-121 バッファエラースタックオーバーフロー	CVE-2026-11504	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2658	5.0	MEDIUM ネットワーク	-	-	A flaw has been found in GL.iNet A1300, AX1800, AXT1800, MT2500, MT3000, MT6000, X3000 and XE3000 4.8.x. This affects an unknown function of the component glnassys. Executing a manipulation can lead …	CWE-320 CWE-321 鍵管理のエラーハードコードされた暗号鍵の使用	CVE-2026-11505	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2659	6.3	MEDIUM ネットワーク	-	-	A vulnerability has been found in CodeAstro Leave Management System 1.0. This impacts an unknown function of the file /admin/search_staff_for_deletion.php. The manipulation of the argument Name leads…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11506	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2660	6.3	MEDIUM ネットワーク	-	-	A vulnerability was found in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /admin/delete_leave_type.php. The manipulation of the argument leave_type results in sq…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11507	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2661	6.3	MEDIUM ネットワーク	-	-	A vulnerability was determined in CodeAstro Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/search_staff_to_assign_pc.php. This manipulation…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11508	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2662	6.3	MEDIUM ネットワーク	-	-	A vulnerability was identified in CodeAstro Leave Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/search_staff_for_updation.php. Such manipulation of th…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11509	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2663	6.3	MEDIUM ネットワーク	-	-	A security flaw has been discovered in CodeAstro Leave Management System 1.0. This affects an unknown part of the file /admin/add_leave.php. Performing a manipulation of the argument type_of_leave re…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11510	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2664	6.4	MEDIUM ネットワーク	-	-	The Recipe Card Blocks Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the recipe block's 'summary' and 'notes' attributes in all versions up to, and including, 3.4.13. Thi…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-3011	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2665	4.3	MEDIUM ネットワーク	-	-	A security vulnerability has been detected in itsourcecode Hospital Management System 1.0. This issue affects some unknown processing of the file /billing.php. The manipulation of the argument patien…	CWE-79 CWE-94 クロスサイト・スクリプティング（XSS）コード・インジェクション	CVE-2026-11512	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2666	6.3	MEDIUM ネットワーク	-	-	A vulnerability was detected in itsourcecode Hospital Management System 1.0. Impacted is an unknown function of the file /adminaccount.php. The manipulation of the argument Date results in sql inject…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11513	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2667	6.3	MEDIUM ネットワーク	-	-	A flaw has been found in itsourcecode Hospital Management System 1.0. The affected element is an unknown function of the file /addpatient.php. This manipulation of the argument admissiontme causes sq…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11514	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2668	5.3	MEDIUM ネットワーク	-	-	A vulnerability has been found in SourceCodester Barangay Resident Profiling and Information Management System 1.0. The impacted element is an unknown function of the file passsword_reset.php of the …	CWE-255 CWE-259 証明書・パスワード管理パスワードがハードコーディングされている	CVE-2026-11515	2026-06-8 23:57	2026-06-8	表示	GitHub Exploit DB Packet Storm

2669	9.6	CRITICAL ネットワーク	google	chrome	Object lifecycle issue in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)	CWE-416 解放済みメモリの使用	CVE-2026-11152	2026-06-8 23:56	2026-06-5	表示	GitHub Exploit DB Packet Storm

2670	9.1	CRITICAL ネットワーク	google	chrome	Side-channel information leakage in Forms in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)	CWE-1300 物理サイドチャネルの不適切な保護	CVE-2026-11153	2026-06-8 23:56	2026-06-5	表示	GitHub Exploit DB Packet Storm

2671	7.5	HIGH ネットワーク	google	chrome	Use after free in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chr…	CWE-416 解放済みメモリの使用	CVE-2026-11154	2026-06-8 23:55	2026-06-5	表示	GitHub Exploit DB Packet Storm

2672	8.1	HIGH ネットワーク	google	chrome	Inappropriate implementation in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a malicious file. (Chromium security severity: Low)	CWE-94 コード・インジェクション	CVE-2026-11231	2026-06-8 23:55	2026-06-5	表示	GitHub Exploit DB Packet Storm

2673	6.5	MEDIUM ネットワーク	google	chrome	Insufficient validation of untrusted input in Shortcuts in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a malicious file. (Chromium secu…	CWE-20 不適切な入力確認	CVE-2026-11283	2026-06-8 23:55	2026-06-5	表示	GitHub Exploit DB Packet Storm

2674	6.5	MEDIUM ネットワーク	google	chrome	Uninitialized Use in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory vi…	CWE-457 初期化されていない変数の使用	CVE-2026-11057	2026-06-8 23:52	2026-06-5	表示	GitHub Exploit DB Packet Storm

2675	4.3	MEDIUM ネットワーク	google	chrome	Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privil…	CWE-602 サーバ側のセキュリティのクライアント側での実施	CVE-2026-11062	2026-06-8 23:52	2026-06-5	表示	GitHub Exploit DB Packet Storm

2676	9.6	CRITICAL ネットワーク	google	chrome	Insufficient validation of untrusted input in WebNN in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sand…	CWE-20 不適切な入力確認	CVE-2026-11063	2026-06-8 23:51	2026-06-5	表示	GitHub Exploit DB Packet Storm

2677	6.5	MEDIUM ネットワーク	google	chrome	Race in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security…	CWE-457 初期化されていない変数の使用	CVE-2026-11064	2026-06-8 23:51	2026-06-5	表示	GitHub Exploit DB Packet Storm

2678	6.5	MEDIUM ネットワーク	google	chrome	Uninitialized Use in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security…	CWE-457 初期化されていない変数の使用	CVE-2026-11067	2026-06-8 23:51	2026-06-5	表示	GitHub Exploit DB Packet Storm

2679	6.5	MEDIUM ネットワーク	google	chrome	Uninitialized Use in Dawn in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)	CWE-457 初期化されていない変数の使用	CVE-2026-11101	2026-06-8 23:47	2026-06-5	表示	GitHub Exploit DB Packet Storm

2680	9.6	CRITICAL ネットワーク	google	chrome	Insufficient validation of untrusted input in Chromoting in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a s…	CWE-20 不適切な入力確認	CVE-2026-11112	2026-06-8 23:47	2026-06-5	表示	GitHub Exploit DB Packet Storm

2681	9.6	CRITICAL ネットワーク	google	chrome	Use after free in Device Trust in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted …	CWE-416 解放済みメモリの使用	CVE-2026-11114	2026-06-8 23:47	2026-06-5	表示	GitHub Exploit DB Packet Storm

2682	6.5	MEDIUM ネットワーク	google	chrome	Out of bounds read in Extensions in Google Chrome on Linux prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information…	CWE-122 ヒープオーバーフロー	CVE-2026-11143	2026-06-8 23:47	2026-06-5	表示	GitHub Exploit DB Packet Storm

2683	8.8	HIGH ネットワーク	google	chrome	Use after free in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted video file. (Chromium security severity: Medium)	CWE-416 解放済みメモリの使用	CVE-2026-11144	2026-06-8 23:47	2026-06-5	表示	GitHub Exploit DB Packet Storm

2684	6.5	MEDIUM ネットワーク	google	chrome	Race in Geolocation in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)	CWE-362 競合状態	CVE-2026-11145	2026-06-8 23:47	2026-06-5	表示	GitHub Exploit DB Packet Storm

2685	9.6	CRITICAL ネットワーク	google	chrome	Insufficient validation of untrusted input in Chromoting in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox es…	CWE-20 不適切な入力確認	CVE-2026-11146	2026-06-8 23:46	2026-06-5	表示	GitHub Exploit DB Packet Storm

2686	4.3	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)	CWE-352 同一生成元ポリシー違反	CVE-2026-11155	2026-06-8 23:46	2026-06-5	表示	GitHub Exploit DB Packet Storm

2687	6.5	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in Payments in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Me…	CWE-352 同一生成元ポリシー違反	CVE-2026-11148	2026-06-8 23:46	2026-06-5	表示	GitHub Exploit DB Packet Storm

2688	4.3	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in CSS in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)	CWE-352 同一生成元ポリシー違反	CVE-2026-11156	2026-06-8 23:46	2026-06-5	表示	GitHub Exploit DB Packet Storm

2689	6.1	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. (Chromium security severity: …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-11150	2026-06-8 23:46	2026-06-5	表示	GitHub Exploit DB Packet Storm

2690	7.5	HIGH ネットワーク	google	chrome	Insufficient validation of untrusted input in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sand…	CWE-20 不適切な入力確認	CVE-2026-11151	2026-06-8 23:46	2026-06-5	表示	GitHub Exploit DB Packet Storm

2691	5.4	MEDIUM ネットワーク	google	chrome	Script injection in Accessibility in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to inject arbitrary scripts or HTML (UXSS) via a cr…	CWE-94 コード・インジェクション	CVE-2026-11157	2026-06-8 23:45	2026-06-5	表示	GitHub Exploit DB Packet Storm

2692	7.8	HIGH ローカル	google	chrome	Inappropriate implementation in Installer in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security…	CWE-269 不適切な権限管理	CVE-2026-11103	2026-06-8 23:45	2026-06-5	表示	GitHub Exploit DB Packet Storm

2693	6.5	MEDIUM ネットワーク	google	chrome	Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory v…	CWE-457 初期化されていない変数の使用	CVE-2026-11104	2026-06-8 23:45	2026-06-5	表示	GitHub Exploit DB Packet Storm

2694	8.6	HIGH ローカル	google	chrome	Insufficient validation of untrusted input in Downloads in Google Chrome on Mac prior to 149.0.7827.53 allowed a local attacker to potentially perform a sandbox escape via a crafted AppleScript comma…	CWE-20 不適切な入力確認	CVE-2026-11158	2026-06-8 23:45	2026-06-5	表示	GitHub Exploit DB Packet Storm

2695	6.5	MEDIUM ネットワーク	google	chrome	Insufficient validation of untrusted input in WebUI in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted …	CWE-20 不適切な入力確認	CVE-2026-11105	2026-06-8 23:45	2026-06-5	表示	GitHub Exploit DB Packet Storm

2696	6.5	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)	CWE-352 同一生成元ポリシー違反	CVE-2026-11106	2026-06-8 23:45	2026-06-5	表示	GitHub Exploit DB Packet Storm

2697	4.3	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in Downloads in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)	CWE-451 ユーザインターフェースにおける重要情報の誤った表示	CVE-2026-11107	2026-06-8 23:45	2026-06-5	表示	GitHub Exploit DB Packet Storm

2698	8.8	HIGH ネットワーク	google	chrome	Inappropriate implementation in NFC in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: …	CWE-269 不適切な権限管理	CVE-2026-11108	2026-06-8 23:44	2026-06-5	表示	GitHub Exploit DB Packet Storm

2699	6.5	MEDIUM ネットワーク	google	chrome	Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)	CWE-457 初期化されていない変数の使用	CVE-2026-11109	2026-06-8 23:44	2026-06-5	表示	GitHub Exploit DB Packet Storm

2700	6.5	MEDIUM ネットワーク	google	chrome	Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)	CWE-457 初期化されていない変数の使用	CVE-2026-11110	2026-06-8 23:44	2026-06-5	表示	GitHub Exploit DB Packet Storm