NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2026年6月26日4:00

No CVSS レベル
攻撃区分		 ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
2801 4.9 MEDIUM
ネットワーク 		acer connect_m6e_5g_firmware The web administration panel binds broadly to the public IPv6 address space on port [::]:8080 without default firewall limits, making internal API endpoints reachable over the WAN. CWE-200
情報漏えい 		CVE-2026-50224 2026-06-8 21:58 2026-06-4 表示 GitHub Exploit DB Packet Storm
2802 9.1 CRITICAL
ネットワーク 		acer connect_m6e_5g_firmware The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database. CWE-306
重要な機能に対する認証の欠如 解説 		CVE-2026-50225 2026-06-8 21:58 2026-06-4 表示 GitHub Exploit DB Packet Storm
2803 5.3 MEDIUM
ネットワーク 		acer connect_m6e_5g_firmware Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to list catalog items and extra… CWE-321
ハードコードされた暗号鍵の使用 		CVE-2026-50226 2026-06-8 21:57 2026-06-4 表示 GitHub Exploit DB Packet Storm
2804 9.8 CRITICAL
ネットワーク 		acer connect_m6e_5g_firmware The /v1/Plan service relies entirely on a shared global API token for full administrative management, allowing arbitrary creation of zero-cost network access plans. CWE-345
データの信頼性についての不十分な検証 		CVE-2026-50214 2026-06-8 21:56 2026-06-4 表示 GitHub Exploit DB Packet Storm
2805 - -
- - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. - CVE-2024-56123 2026-06-8 19:16 2026-06-8 表示 GitHub Exploit DB Packet Storm
2806 - -
- - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. - CVE-2024-56122 2026-06-8 19:16 2026-06-8 表示 GitHub Exploit DB Packet Storm
2807 - -
- - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. - CVE-2024-56121 2026-06-8 19:16 2026-06-8 表示 GitHub Exploit DB Packet Storm
2808 - -
- - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. - CVE-2024-56120 2026-06-8 19:16 2026-06-8 表示 GitHub Exploit DB Packet Storm
2809 - -
- - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. - CVE-2026-36229 2026-06-7 06:16 2026-06-7 表示 GitHub Exploit DB Packet Storm
2810 6.5 MEDIUM
ネットワーク 		- - A missing upper-bound check in the udpif_set_threads() function of Open vSwitch v3.6.90 allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads. T… CWE-770
制限またはスロットリング無しのリソースの割り当て 		CVE-2026-36499 2026-06-7 05:16 2026-06-5 表示 GitHub Exploit DB Packet Storm
2811 8.3 HIGH
ネットワーク 		google chrome Use after free in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. … CWE-416
解放済みメモリの使用 		CVE-2026-11002 2026-06-7 03:16 2026-06-5 表示 GitHub Exploit DB Packet Storm
2812 4.2 MEDIUM
ネットワーク 		google chrome Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted … CWE-290
CWE-451
スプーフィングによる認証回避
ユーザインターフェースにおける重要情報の誤った表示 		CVE-2026-11001 2026-06-7 02:16 2026-06-5 表示 GitHub Exploit DB Packet Storm
2813 6.5 MEDIUM
ネットワーク 		google chrome Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium securit… CWE-457
初期化されていない変数の使用 		CVE-2026-10994 2026-06-7 02:16 2026-06-5 表示 GitHub Exploit DB Packet Storm
2814 6.5 MEDIUM
ネットワーク 		google chrome Heap buffer overflow in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium secur… CWE-122
ヒープオーバーフロー 		CVE-2026-10993 2026-06-7 02:16 2026-06-5 表示 GitHub Exploit DB Packet Storm
2815 6.5 MEDIUM
ネットワーク 		google chrome Insufficient data validation in Animation in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (C… NVD-CWE-noinfo
CWE-20
不適切な入力確認 		CVE-2026-10992 2026-06-7 02:16 2026-06-5 表示 GitHub Exploit DB Packet Storm
2816 8.3 HIGH
ネットワーク 		google chrome Use after free in Glic in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chr… CWE-416
解放済みメモリの使用 		CVE-2026-10990 2026-06-7 02:16 2026-06-5 表示 GitHub Exploit DB Packet Storm
2817 5.9 MEDIUM
ネットワーク 		google chrome Inappropriate implementation in WebRTC in Google Chrome prior to 149.0.7827.53 allowed an attacker in a privileged network position to leak cross-origin data via malicious network traffic. (Chromium … CWE-20
不適切な入力確認 		CVE-2026-11199 2026-06-6 22:16 2026-06-5 表示 GitHub Exploit DB Packet Storm
2818 8.3 HIGH
ネットワーク 		google chrome Insufficient validation of untrusted input in Printing in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a s… CWE-20
不適切な入力確認 		CVE-2026-10971 2026-06-6 22:16 2026-06-5 表示 GitHub Exploit DB Packet Storm
2819 8.8 HIGH
ネットワーク 		google chrome Inappropriate implementation in Isolated Web Apps in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a malicious file. (Chromium security… NVD-CWE-noinfo
CWE-474
一貫性のない実装を含む機能の使用 		CVE-2026-11102 2026-06-6 13:17 2026-06-5 表示 GitHub Exploit DB Packet Storm
2820 5.5 MEDIUM
ローカル 		samsung android Improper handling of insufficient privileges in SecTelephonyProvider prior to SMR Jun-2026 Release 1 allows local attackers to access privileged files. NVD-CWE-Other
CVE-2026-21017 2026-06-6 11:01 2026-06-5 表示 GitHub Exploit DB Packet Storm
2821 5.5 MEDIUM
ローカル 		samsung android Incorrect privilege assignment in Telephony prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information. NVD-CWE-Other
CVE-2026-21025 2026-06-6 11:01 2026-06-5 表示 GitHub Exploit DB Packet Storm
2822 5.5 MEDIUM
ローカル 		samsung android Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information. NVD-CWE-Other
CVE-2026-21026 2026-06-6 11:00 2026-06-5 表示 GitHub Exploit DB Packet Storm
2823 3.3 LOW
ローカル 		samsung android Improper export of android application components in ImsSettings prior to SMR Jun-2026 Release 1 allows local attackers to trigger logging function. NVD-CWE-Other
CVE-2026-21027 2026-06-6 11:00 2026-06-5 表示 GitHub Exploit DB Packet Storm
2824 5.5 MEDIUM
ローカル 		samsung android Improper access control in AuditLogService prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information. NVD-CWE-noinfo
CVE-2026-21028 2026-06-6 11:00 2026-06-5 表示 GitHub Exploit DB Packet Storm
2825 7.8 HIGH
ローカル 		samsung android Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to execute privileged operations. NVD-CWE-Other
CVE-2026-21029 2026-06-6 11:00 2026-06-5 表示 GitHub Exploit DB Packet Storm
2826 7.8 HIGH
ローカル 		samsung android Improper access control in MediaTek Audio HAL prior to SMR Jun-2026 Release 1 allows local attackers to trigger privileged functions. NVD-CWE-noinfo
CVE-2026-21030 2026-06-6 11:00 2026-06-5 表示 GitHub Exploit DB Packet Storm
2827 7.8 HIGH
ローカル 		samsung android Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is required for triggering this vulnerability. CWE-863
不正な認証 		CVE-2026-21031 2026-06-6 10:59 2026-06-5 表示 GitHub Exploit DB Packet Storm
2828 6.5 MEDIUM
ネットワーク 		google chrome Inappropriate implementation in Signin in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity:… CWE-284
不適切なアクセス制御 		CVE-2026-11204 2026-06-6 10:59 2026-06-5 表示 GitHub Exploit DB Packet Storm
2829 6.5 MEDIUM
ネットワーク 		google chrome Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medi… CWE-693
保護メカニズムの不具合 		CVE-2026-11206 2026-06-6 10:59 2026-06-5 表示 GitHub Exploit DB Packet Storm
2830 9.6 CRITICAL
ネットワーク 		google chrome Insufficient validation of untrusted input in Autofill in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via malicious network traffic. (Chromi… CWE-20
不適切な入力確認 		CVE-2026-11207 2026-06-6 10:59 2026-06-5 表示 GitHub Exploit DB Packet Storm
2831 6.5 MEDIUM
ネットワーク 		google chrome Use after free in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security … CWE-416
解放済みメモリの使用 		CVE-2026-11208 2026-06-6 10:58 2026-06-5 表示 GitHub Exploit DB Packet Storm
2832 6.5 MEDIUM
ネットワーク 		google chrome Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from p… CWE-200
情報漏えい 		CVE-2026-11209 2026-06-6 10:58 2026-06-5 表示 GitHub Exploit DB Packet Storm
2833 6.5 MEDIUM
ネットワーク 		google chrome Inappropriate implementation in Safe Browsing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted RAR file. (Chromium security sever… CWE-284
不適切なアクセス制御 		CVE-2026-11210 2026-06-6 10:58 2026-06-5 表示 GitHub Exploit DB Packet Storm
2834 4.3 MEDIUM
ネットワーク 		google chrome Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted C… CWE-284
不適切なアクセス制御 		CVE-2026-11212 2026-06-6 10:58 2026-06-5 表示 GitHub Exploit DB Packet Storm
2835 6.5 MEDIUM
ネットワーク 		google chrome Inappropriate implementation in WebUI in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Low) CWE-451
ユーザインターフェースにおける重要情報の誤った表示 		CVE-2026-11225 2026-06-6 10:57 2026-06-5 表示 GitHub Exploit DB Packet Storm
2836 6.5 MEDIUM
ネットワーク 		google chrome Insufficient policy enforcement in PreviewTab in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin… CWE-346
同一生成元ポリシー違反 		CVE-2026-11226 2026-06-6 10:57 2026-06-5 表示 GitHub Exploit DB Packet Storm
2837 6.5 MEDIUM
ネットワーク 		google chrome Incorrect security UI in Tab Hover Cards in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Low) CWE-451
ユーザインターフェースにおける重要情報の誤った表示 		CVE-2026-11227 2026-06-6 10:57 2026-06-5 表示 GitHub Exploit DB Packet Storm
2838 8.8 HIGH
ネットワーク 		google chrome Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CWE-416
解放済みメモリの使用 		CVE-2026-10939 2026-06-6 10:56 2026-06-5 表示 GitHub Exploit DB Packet Storm
2839 8.8 HIGH
ネットワーク 		google chrome Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafte… CWE-416
解放済みメモリの使用 		CVE-2026-10958 2026-06-6 10:56 2026-06-5 表示 GitHub Exploit DB Packet Storm
2840 8.8 HIGH
ネットワーク 		google chrome Use after free in Input in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: H… CWE-416
解放済みメモリの使用 		CVE-2026-10959 2026-06-6 10:56 2026-06-5 表示 GitHub Exploit DB Packet Storm
2841 8.8 HIGH
ネットワーク 		google chrome Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) CWE-416
解放済みメモリの使用 		CVE-2026-11003 2026-06-6 10:54 2026-06-5 表示 GitHub Exploit DB Packet Storm
2842 4.0 MEDIUM
ローカル 		google chrome Out of bounds read in Media in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to perform an out of bounds memory read via malicious network traffic. (Chromium s… CWE-125
境界外読み取り 		CVE-2026-10998 2026-06-6 10:53 2026-06-5 表示 GitHub Exploit DB Packet Storm
2843 8.8 HIGH
ネットワーク 		google chrome Use after free in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted … CWE-416
解放済みメモリの使用 		CVE-2026-10991 2026-06-6 10:50 2026-06-5 表示 GitHub Exploit DB Packet Storm
2844 8.8 HIGH
ネットワーク 		google chrome Inappropriate implementation in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via … CWE-122
ヒープオーバーフロー 		CVE-2026-10989 2026-06-6 10:49 2026-06-5 表示 GitHub Exploit DB Packet Storm
2845 8.8 HIGH
ネットワーク 		google chrome Use after free in Views in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch… CWE-416
解放済みメモリの使用 		CVE-2026-10988 2026-06-6 10:49 2026-06-5 表示 GitHub Exploit DB Packet Storm
2846 8.8 HIGH
ネットワーク 		google chrome Integer overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CWE-472
不変と仮定される Web パラメータの外部制御 		CVE-2026-10987 2026-06-6 10:48 2026-06-5 表示 GitHub Exploit DB Packet Storm
2847 8.8 HIGH
ネットワーク 		google chrome Integer overflow in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a malicious file. (Chromium security severity: High) CWE-472
不変と仮定される Web パラメータの外部制御 		CVE-2026-10986 2026-06-6 10:48 2026-06-5 表示 GitHub Exploit DB Packet Storm
2848 8.8 HIGH
ネットワーク 		google chrome Use after free in WebXR in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CWE-416
解放済みメモリの使用 		CVE-2026-10982 2026-06-6 10:45 2026-06-5 表示 GitHub Exploit DB Packet Storm
2849 8.8 HIGH
ネットワーク 		google chrome Use after free in Chromoting in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: High) CWE-416
解放済みメモリの使用 		CVE-2026-10978 2026-06-6 10:45 2026-06-5 表示 GitHub Exploit DB Packet Storm
2850 8.8 HIGH
ネットワーク 		google chrome Use after free in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) CWE-416
解放済みメモリの使用 		CVE-2026-10975 2026-06-6 10:45 2026-06-5 表示 GitHub Exploit DB Packet Storm