NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月26日4:00

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
2901	8.8	HIGH ネットワーク	-	-	The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug) plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and includ…	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2026-5411	2026-06-6 04:20	2026-06-6	表示	GitHub Exploit DB Packet Storm

2902	8.8	HIGH ネットワーク	-	-	The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the same slug) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and includ…	CWE-288 代替パスまたはチャネルを使用した認証回避	CVE-2026-5415	2026-06-6 04:20	2026-06-6	表示	GitHub Exploit DB Packet Storm

2903	8.8	HIGH ネットワーク	-	-	Markdown Preview Enhanced before 0.8.28 opens external files and links from the preview through a shell and does not validate untrusted inputs taken from the markdown document - the diagram filename …	CWE-78 OSコマンド・インジェクション	CVE-2026-49492	2026-06-6 03:59	2026-06-6	表示	GitHub Exploit DB Packet Storm

2904	8.8	HIGH ネットワーク	-	-	Markdown Preview Enhanced before 0.8.28 parses Bitfield fenced code blocks with interpretJS(), which evaluates the block content as code via vm.runInNewContext(), allowing arbitrary code execution. A…	CWE-94 コード・インジェクション	CVE-2026-49493	2026-06-6 03:59	2026-06-6	表示	GitHub Exploit DB Packet Storm

2905	8.8	HIGH ネットワーク	-	-	Markdown Preview Enhanced before 0.8.28 parses WaveDrom diagrams by evaluating untrusted markdown content with eval(), allowing arbitrary JavaScript execution. The flaw affects every render path - th…	CWE-95 Evalインジェクション	CVE-2026-50733	2026-06-6 03:59	2026-06-6	表示	GitHub Exploit DB Packet Storm

2906	4.3	MEDIUM ネットワーク	strawberry	strawberry_graphql	Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.288.4 through 0.315.3, Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser U…	CWE-200 CWE-201 情報漏えい送信データへの重要な情報の挿入	CVE-2026-45739	2026-06-6 03:43	2026-06-5	表示	GitHub Exploit DB Packet Storm

2907	4.3	MEDIUM ネットワーク	synology	hyper_backup	An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup Task functionality in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated use…	CWE-22 パス・トラバーサル	CVE-2024-47273	2026-06-6 03:32	2026-06-3	表示	GitHub Exploit DB Packet Storm

2908	4.1	MEDIUM ネットワーク	synology	hyper_backup	An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup.Repository webapi component in Synology Hyper Backup before 4.1.2-4036 allows remote authenti…	CWE-22 パス・トラバーサル	CVE-2024-47263	2026-06-6 03:31	2026-06-3	表示	GitHub Exploit DB Packet Storm

2909	5.9	MEDIUM ネットワーク	synology	note_station_client	A cleartext transmission of sensitive information vulnerability in Synology Note Station Client before 2.2.4-703 allows man-in-the-middle attackers to obtain user credential.	CWE-319 重要な情報の平文での送信	CVE-2023-52951	2026-06-6 03:20	2026-06-3	表示	GitHub Exploit DB Packet Storm

2910	7.8	HIGH ローカル	synology	hyper_backup_explorer	An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in Synology Hyper Backup Explorer before 3.0.1-0156 allows local users to execute arbitrary code via u…	CWE-829 信頼性のない制御領域からの機能の組み込み	CVE-2022-49042	2026-06-6 03:19	2026-06-3	表示	GitHub Exploit DB Packet Storm

2911	-	-	-	-	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.	-	CVE-2026-6209	2026-06-6 03:17	2026-06-6	表示	GitHub Exploit DB Packet Storm

2912	-	-	-	-	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.	-	CVE-2026-6208	2026-06-6 03:17	2026-06-6	表示	GitHub Exploit DB Packet Storm

2913	-	-	-	-	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.	-	CVE-2026-6207	2026-06-6 03:17	2026-06-6	表示	GitHub Exploit DB Packet Storm

2914	8.2	HIGH ネットワーク	-	-	TinyIce is a streaming server for audio and video. In versions 0.8.95 through 2.4.1, missing authentication on WebRTC ingest endpoint allows unauthenticated stream injection. Version 2.5.0 fixes the …	CWE-306 重要な機能に対する認証の欠如解説	CVE-2026-45327	2026-06-6 03:17	2026-06-6	表示	GitHub Exploit DB Packet Storm

2915	7.5	HIGH ネットワーク	-	-	Cloudburst Network provides network components used within Cloudburst projects. A vulnerability in versions prior to `1.0.0.CR3-20260418.124334-32` impacts publicly accessible software depending on t…	CWE-20 不適切な入力確認	CVE-2026-45291	2026-06-6 03:17	2026-06-6	表示	GitHub Exploit DB Packet Storm

2916	7.5	HIGH ネットワーク	-	-	Cloudburst Network provides network components used within Cloudburst projects. A vulnerability in versions prior to `1.0.0.CR3-20260417.085727-30` impacts publicly accessible software depending on t…	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2026-45290	2026-06-6 03:17	2026-06-6	表示	GitHub Exploit DB Packet Storm

2917	5.3	MEDIUM ネットワーク	-	-	transmission through 4.1.1 was found to have a clickjacking weakness in the browser-facing WebUI and RPC response paths.	CWE-113 HTTP レスポンスの分割	CVE-2026-38978	2026-06-6 03:17	2026-06-3	表示	GitHub Exploit DB Packet Storm

2918	7.5	HIGH ネットワーク	-	-	Missing input validation in the rfapiRibBi2Ri() function (rfapi_rib.c) of FRRouting (FRR) stable/10.0 to stable/10.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UP…	CWE-20 不適切な入力確認	CVE-2026-37460	2026-06-6 03:17	2026-06-3	表示	GitHub Exploit DB Packet Storm

2919	5.9	MEDIUM ネットワーク	-	-	On affected platforms with hardware IPSec support running Arista EOS with certain IPsec features enabled, EOS may exhibit unexpected behavior in specific cases. Physical interface flaps and certain a…	CWE-672 有効期限後または解放後のリソースの操作	CVE-2026-2379	2026-06-6 03:17	2026-06-6	表示	GitHub Exploit DB Packet Storm

2920	7.5	HIGH ネットワーク	solarwinds	serv-u	SolarWinds Serv-U is susceptible to specially crafted POST requests that crash the Serv-U service without authentication using Content-Encoding: deflate. Mitigation steps are provided to secure custo…	CWE-400 リソースの枯渇	CVE-2026-28318	2026-06-6 03:17	2026-06-5	表示	GitHub Exploit DB Packet Storm

2921	7.3	HIGH ネットワーク	-	-	A vulnerability was found in code-projects Vehicle Management System 1.0. This impacts an unknown function of the file newdriver.php of the component New Driver Registration Form. Performing a manipu…	CWE-284 CWE-434 不適切なアクセス制御危険なタイプのファイルの無制限アップロード	CVE-2026-11344	2026-06-6 03:17	2026-06-6	表示	GitHub Exploit DB Packet Storm

2922	7.3	HIGH ネットワーク	-	-	A vulnerability has been found in code-projects Hotel and Tourism Reservation System 1.0. This affects an unknown function of the file /details.php. Such manipulation of the argument room leads to sq…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11342	2026-06-6 03:17	2026-06-6	表示	GitHub Exploit DB Packet Storm

2923	6.3	MEDIUM ネットワーク	-	-	A flaw has been found in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_412DA0 of the file /boafrm/formIMEISetup. This manipulation of the argument IMEI_value causes os comman…	CWE-77 CWE-78 コマンドインジェクション OSコマンド・インジェクション	CVE-2026-11341	2026-06-6 03:17	2026-06-6	表示	GitHub Exploit DB Packet Storm

2924	-	-	-	-	OpenAI Atlas before 1.2025.288.15 exposed privileged browser APIs to web content on *.openai.com origins. A cross-site scripting vulnerability in forum.openai.com could be used to access these functi…	CWE-284 不適切なアクセス制御	CVE-2026-11326	2026-06-6 03:17	2026-06-5	表示	GitHub Exploit DB Packet Storm

2925	6.5	MEDIUM ネットワーク	-	-	Out of bounds read in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: High)	CWE-125 境界外読み取り	CVE-2026-10985	2026-06-6 03:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2926	5.4	MEDIUM ネットワーク	-	-	Inappropriate implementation in Accessibility in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity:…	CWE-451 ユーザインターフェースにおける重要情報の誤った表示	CVE-2026-10984	2026-06-6 03:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2927	9.6	CRITICAL ネットワーク	-	-	Insufficient validation of untrusted input in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium securit…	CWE-20 不適切な入力確認	CVE-2026-10983	2026-06-6 03:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2928	9.8	CRITICAL ネットワーク	-	-	NetMan 204 fails to enforce authentication on its administrative pages and command endpoints. A remote, unauthenticated attacker can directly request administrative pages (such as administration.html…	CWE-306 重要な機能に対する認証の欠如解説	CVE-2025-71318	2026-06-6 03:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

2929	9.8	CRITICAL ネットワーク	-	-	NetMan 204 contains a hard-coded backdoor account with the username and password 'eurek' that grants administrative access. A remote, unauthenticated attacker can authenticate through the cgi-bin/log…	CWE-798 ハードコードされた認証情報の使用	CVE-2025-71317	2026-06-6 03:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

2930	8.8	HIGH ネットワーク	amazon	kiro_ide	Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote unauthenticated actors to execute arbitrary commands via crafted instructions…	CWE-732 重要なリソースに対する不適切なパーミッションの割り当て	CVE-2026-10591	2026-06-6 02:45	2026-06-3	表示	GitHub Exploit DB Packet Storm

2931	9.6	CRITICAL ネットワーク	google	chrome	Use after free in FileSystem in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)	CWE-416 解放済みメモリの使用	CVE-2026-10886	2026-06-6 02:42	2026-06-5	表示	GitHub Exploit DB Packet Storm

2932	8.8	HIGH ネットワーク	google	chrome	Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)	CWE-416 解放済みメモリの使用	CVE-2026-10885	2026-06-6 02:42	2026-06-5	表示	GitHub Exploit DB Packet Storm

2933	8.3	HIGH ネットワーク	google	chrome	Use after free in Chromecast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page…	CWE-416 解放済みメモリの使用	CVE-2026-10884	2026-06-6 02:41	2026-06-5	表示	GitHub Exploit DB Packet Storm

2934	8.8	HIGH ネットワーク	google	chrome	Type Confusion in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical)	CWE-787 境界外書き込み	CVE-2026-10883	2026-06-6 02:41	2026-06-5	表示	GitHub Exploit DB Packet Storm

2935	8.8	HIGH ネットワーク	google	chrome	Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical)	CWE-416 解放済みメモリの使用	CVE-2026-10882	2026-06-6 02:41	2026-06-5	表示	GitHub Exploit DB Packet Storm

2936	5.3	MEDIUM ネットワーク	strawberry	strawberry_graphql	Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.172.0 through0.315.6, the MaxAliasesLimiter extension in Strawberry fails to account for the multiplicative/amplification effe…	CWE-400 リソースの枯渇	CVE-2026-47707	2026-06-6 02:38	2026-06-5	表示	GitHub Exploit DB Packet Storm

2937	5.3	MEDIUM ネットワーク	strawberry	strawberry_graphql	Strawberry GraphQL is a library for creating GraphQL APIs. In versions 0.71.0 through 0.315.6, the QueryDepthLimiter extension is vulnerable to an Application-level DOS due to a lack of cycle detecti…	CWE-400 CWE-674 リソースの枯渇不適切な再帰制御	CVE-2026-47706	2026-06-6 02:37	2026-06-5	表示	GitHub Exploit DB Packet Storm

2938	7.3	HIGH ネットワーク	rurban	cpanel\	Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeys_as_arrayref is enabled. decode_hv() collapses duplicate object keys into an array reference…	CWE-843 型の取り違え	CVE-2026-9334	2026-06-6 02:36	2026-06-3	表示	GitHub Exploit DB Packet Storm

2939	7.5	HIGH ネットワーク	rurban	cpanel\	Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback throws. To skip a leading 3-byte UTF-8 BOM, decode_json() advances t…	CWE-755 CWE-763 例外的な状態における不適切な処理無効なポインタや参照の解放	CVE-2026-9516	2026-06-6 02:35	2026-06-3	表示	GitHub Exploit DB Packet Storm

2940	-	-	-	-	A denial-of-service vulnerability exists in the RTSP server component of TP-Link Tapo C520WS v2 due to improper handling of syntactically invalid input. Crafted inputs can trigger a processing error…	CWE-20 不適切な入力確認	CVE-2026-8714	2026-06-6 02:17	2026-06-6	表示	GitHub Exploit DB Packet Storm

2941	4.3	MEDIUM ネットワーク	-	-	A vulnerability was found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. Affected by this vulnerability is an unknown func…	CWE-79 CWE-94 クロスサイト・スクリプティング（XSS）コード・インジェクション	CVE-2026-11337	2026-06-6 02:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

2942	9.6	CRITICAL ネットワーク	-	-	Insufficient validation of untrusted input in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape…	CWE-20 不適切な入力確認	CVE-2026-11095	2026-06-6 02:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2943	9.6	CRITICAL ネットワーク	-	-	Integer overflow in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (…	CWE-472 CWE-190 不変と仮定される Web パラメータの外部制御整数オーバーフローまたはラップアラウンド	CVE-2026-11088	2026-06-6 02:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2944	8.8	HIGH ネットワーク	-	-	Use after free in Views in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted H…	CWE-416 解放済みメモリの使用	CVE-2026-11042	2026-06-6 02:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2945	8.3	HIGH ネットワーク	-	-	Use after free in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch…	CWE-416 解放済みメモリの使用	CVE-2026-11040	2026-06-6 02:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2946	6.5	MEDIUM ネットワーク	-	-	Insufficient policy enforcement in Subresource Integrity in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass content security policy via malicious network traffic. (Chromium s…	CWE-20 不適切な入力確認	CVE-2026-11038	2026-06-6 02:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2947	9.6	CRITICAL ネットワーク	-	-	Out of bounds write in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium security severity: Medium)	CWE-787 境界外書き込み	CVE-2026-11037	2026-06-6 02:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2948	6.5	MEDIUM ネットワーク	-	-	CVX is not resilient to unexpected messages from a connected switch. This leads to agent crashes on CVX causing instability in the CVX cluster. An attacker could use this behavior to create a denial …	CWE-20 不適切な入力確認	CVE-2025-5090	2026-06-6 02:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

2949	6.5	MEDIUM ネットワーク	-	-	In a CVX cluster, an EOS switch connected to a CVX server is not resilient to certain malformed messages received from the connected CVX server. Similarly, the CVX server is not resilient to certain …	CWE-20 不適切な入力確認	CVE-2025-5089	2026-06-6 02:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

2950	8.3	HIGH ネットワーク	-	-	An authenticated Redis session could be used to obtain full root access to all servers in the CVX cluster. Note that this would require an attacker to have both network access to the Redis service on…	CWE-269 不適切な権限管理	CVE-2025-5088	2026-06-6 02:16	2026-06-6	表示	GitHub Exploit DB Packet Storm