NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年4月21日4:10

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
251	6.5	MEDIUM ネットワーク	-	-	A weakness has been identified in liangliangyy DjangoBlog up to 2.1.0.0. This impacts an unknown function of the file blog/views.py of the component Clean Endpoint. This manipulation causes missing a… New	CWE-287 CWE-306 不適切な認証重要な機能に対する認証の欠如解説	CVE-2026-6579	2026-04-20 07:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

252	5.6	MEDIUM ネットワーク	-	-	A security flaw has been discovered in liangliangyy DjangoBlog up to 2.1.0.0. This affects an unknown function of the file djangoblog/settings.py of the component Setting Handler. The manipulation of… New	CWE-259 CWE-798 パスワードがハードコーディングされているハードコードされた認証情報の使用	CVE-2026-6578	2026-04-20 07:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

253	7.3	HIGH ネットワーク	-	-	A vulnerability was identified in liangliangyy DjangoBlog up to 2.1.0.0. The impacted element is an unknown function of the file owntracks/views.py of the component logtracks Endpoint. The manipulati… New	CWE-287 CWE-306 不適切な認証重要な機能に対する認証の欠如解説	CVE-2026-6577	2026-04-20 05:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

254	6.3	MEDIUM ネットワーク	-	-	A vulnerability was determined in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function CommandHandler of the file servermanager/api/commonapi.py of the component WeChat Bot Int… New	CWE-74 CWE-77 インジェクションコマンドインジェクション	CVE-2026-6576	2026-04-20 04:16	2026-04-20	表示	GitHub Exploit DB Packet Storm

255	7.3	HIGH ネットワーク	-	-	A vulnerability has been found in osuuu LightPicture up to 1.2.2. This issue affects some unknown processing of the file /public/install/lp.sql of the component API Upload Endpoint. Such manipulation… New	CWE-259 CWE-798 パスワードがハードコーディングされているハードコードされた認証情報の使用	CVE-2026-6574	2026-04-19 23:16	2026-04-19	表示	GitHub Exploit DB Packet Storm

256	6.3	MEDIUM ネットワーク	-	-	A vulnerability was detected in PHPEMS 11.0. This affects the function temppage of the file /app/exam/controller/exams.master.php of the component Instant Exam Creation Handler. The manipulation of t… New	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-6573	2026-04-19 22:16	2026-04-19	表示	GitHub Exploit DB Packet Storm

257	5.6	MEDIUM ネットワーク	-	-	A security vulnerability has been detected in Collabora KodExplorer up to 4.52. Affected by this issue is some unknown functionality of the file /app/controller/share.class.php of the component fileU… New	CWE-266 CWE-285 不適切な権限設定不適切な認可	CVE-2026-6572	2026-04-19 22:16	2026-04-19	表示	GitHub Exploit DB Packet Storm

258	6.3	MEDIUM ネットワーク	-	-	A weakness has been identified in kodcloud KodExplorer up to 4.52. Affected by this vulnerability is the function roleGroupAction of the file /app/controller/systemRole.class.php. Executing a manipul… New	CWE-285 CWE-639 不適切な認可ユーザ制御の鍵による認証回避	CVE-2026-6571	2026-04-19 21:16	2026-04-19	表示	GitHub Exploit DB Packet Storm

259	2.7	LOW ネットワーク	-	-	A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function initInstall of the file /app/controller/systemMember.class.php. Performing a manipulation of the argum… New	CWE-285 CWE-639 不適切な認可ユーザ制御の鍵による認証回避	CVE-2026-6570	2026-04-19 21:16	2026-04-19	表示	GitHub Exploit DB Packet Storm

260	7.3	HIGH ネットワーク	-	-	A vulnerability was identified in kodcloud KodExplorer up to 4.52. This impacts the function fileGet of the file /app/controller/share.class.php of the component fileGet Endpoint. Such manipulation o… New	CWE-287 不適切な認証	CVE-2026-6569	2026-04-19 20:16	2026-04-19	表示	GitHub Exploit DB Packet Storm

261	7.3	HIGH ネットワーク	-	-	A vulnerability was determined in kodcloud KodExplorer up to 4.52. This affects the function share.class.php::initShareOld of the file /app/controller/share.class.php of the component Public Share Ha… New	CWE-22 パス・トラバーサル	CVE-2026-6568	2026-04-19 19:16	2026-04-19	表示	GitHub Exploit DB Packet Storm

262	4.3	MEDIUM ネットワーク	-	-	A vulnerability was found in EMQ EMQX Enterprise up to 6.1.0. The impacted element is an unknown function of the component Session Handling. The manipulation results in improper authorization. It is … New	CWE-266 CWE-285 不適切な権限設定不適切な認可	CVE-2026-6564	2026-04-19 19:16	2026-04-19	表示	GitHub Exploit DB Packet Storm

263	8.8	HIGH ネットワーク	-	-	A vulnerability has been found in H3C Magic B1 up to 100R004. The affected element is the function SetAPWifiorLedInfoById of the file /goform/aspForm. The manipulation of the argument param leads to … New	CWE-119 CWE-120 バッファエラー古典的バッファオーバーフロー	CVE-2026-6563	2026-04-19 18:16	2026-04-19	表示	GitHub Exploit DB Packet Storm

264	7.3	HIGH ネットワーク	-	-	A flaw has been found in dameng100 muucmf 1.9.5.20260309. Impacted is the function getListByPage of the file /index/Search/index.html. Executing a manipulation of the argument keyword can lead to sql… New	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-6562	2026-04-19 18:16	2026-04-19	表示	GitHub Exploit DB Packet Storm

265	4.7	MEDIUM ネットワーク	-	-	A vulnerability was detected in EyouCMS up to 1.7.1. This issue affects the function edit_adminlogo of the file application/admin/controller/Index.php. Performing a manipulation of the argument filen… New	CWE-284 CWE-434 不適切なアクセス制御危険なタイプのファイルの無制限アップロード	CVE-2026-6561	2026-04-19 17:16	2026-04-19	表示	GitHub Exploit DB Packet Storm

266	8.8	HIGH ネットワーク	-	-	A security vulnerability has been detected in H3C Magic B0 up to 100R002. This vulnerability affects the function Edit_BasicSSID of the file /goform/aspForm. Such manipulation of the argument param l… New	CWE-119 CWE-120 バッファエラー古典的バッファオーバーフロー	CVE-2026-6560	2026-04-19 16:16	2026-04-19	表示	GitHub Exploit DB Packet Storm

267	4.3	MEDIUM ネットワーク	-	-	A weakness has been identified in Wavlink WL-WN579A3 220323. This affects the function sub_401F80 of the file /cgi-bin/login.cgi. This manipulation of the argument Hostname causes cross site scriptin… New	CWE-79 CWE-94 クロスサイト・スクリプティング（XSS）コード・インジェクション	CVE-2026-6559	2026-04-19 15:16	2026-04-19	表示	GitHub Exploit DB Packet Storm

268	6.4	MEDIUM ネットワーク	-	-	The EMC – Easily Embed Calendly Scheduling Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's calendly shortcode in all versions up to, and including, 4.4 due… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-0868	2026-04-19 13:16	2026-04-19	表示	GitHub Exploit DB Packet Storm

269	-	-	-	-	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. New	-	CVE-2026-6056	2026-04-19 08:16	2026-04-19	表示	GitHub Exploit DB Packet Storm

270	8.1	HIGH ネットワーク	-	-	sagredo qmail before 2026.04.07 allows tls_quit remote code execution because of popen in notlshosts_auto in qmail-remote.c. Update	CWE-78 OSコマンド・インジェクション	CVE-2026-41113	2026-04-19 06:16	2026-04-17	表示	GitHub Exploit DB Packet Storm

271	-	-	-	-	protobufjs compiles protobuf definitions into JavaScript (JS) functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the "type" fields of protobuf definitions, which … New	CWE-94 コード・インジェクション	CVE-2026-41242	2026-04-19 02:16	2026-04-19	表示	GitHub Exploit DB Packet Storm

272	6.4	MEDIUM ネットワーク	-	-	The Contextual Related Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'other_attributes' parameter in versions up to, and including, 4.2.1 due to insufficient input s…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-2986	2026-04-18 21:16	2026-04-18	表示	GitHub Exploit DB Packet Storm

273	5.4	MEDIUM ネットワーク	-	-	The Categories Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 3.3.1, via the 'z_taxonomy_image' shortcode. This is due to the shortcode ren…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-2505	2026-04-18 19:16	2026-04-18	表示	GitHub Exploit DB Packet Storm

274	6.4	MEDIUM ネットワーク	-	-	The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's content_block shortcode in all versions up to, and including, 3.3.9 due to i…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-0894	2026-04-18 19:16	2026-04-18	表示	GitHub Exploit DB Packet Storm

275	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_log: fix uninitialized padding leak in NFULA_PAYLOAD __build_packet_message() manually constructs the NFULA_…	-	CVE-2026-31428	2026-04-18 18:16	2026-04-13	表示	GitHub Exploit DB Packet Storm

276	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp process_sdp() declares union nf_inet_addr rtp_addr …	-	CVE-2026-31427	2026-04-18 18:16	2026-04-13	表示	GitHub Exploit DB Packet Storm

277	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: rds: ib: reject FRMR registration before IB connection is established rds_ib_get_mr() extracts the rds_ib_connection from conn->c…	-	CVE-2026-31425	2026-04-18 18:16	2026-04-13	表示	GitHub Exploit DB Packet Storm

278	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: netfilter: x_tables: restrict xt_check_match/xt_check_target extensions for NFPROTO_ARP Weiming Shi says: xt_match and xt_target…	-	CVE-2026-31424	2026-04-18 18:16	2026-04-13	表示	GitHub Exploit DB Packet Storm

279	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_hfsc: fix divide-by-zero in rtsc_min() m2sm() converts a u32 slope to a u64 scaled value. For large inputs (e.g. …	-	CVE-2026-31423	2026-04-18 18:16	2026-04-13	表示	GitHub Exploit DB Packet Storm

280	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_flow: fix NULL pointer dereference on shared blocks flow_change() calls tcf_block_q() and dereferences q->handle t…	-	CVE-2026-31422	2026-04-18 18:16	2026-04-13	表示	GitHub Exploit DB Packet Storm

281	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_fw: fix NULL pointer dereference on shared blocks The old-method path in fw_classify() calls tcf_block_q() and der…	-	CVE-2026-31421	2026-04-18 18:16	2026-04-13	表示	GitHub Exploit DB Packet Storm

282	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: drop logically empty buckets in mtype_del mtype_del() counts empty slots below n->pos in k, but it only drops t…	-	CVE-2026-31418	2026-04-18 18:16	2026-04-13	表示	GitHub Exploit DB Packet Storm

283	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: net/x25: Fix overflow when accumulating packets Add a check to ensure that `x25_sock.fraglen` does not overflow. The `fraglen` a…	-	CVE-2026-31417	2026-04-18 18:16	2026-04-13	表示	GitHub Exploit DB Packet Storm

284	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_log: account for netlink header size This is a followup to an old bug fix: NLMSG_DONE needs to account for t…	-	CVE-2026-31416	2026-04-18 18:16	2026-04-13	表示	GitHub Exploit DB Packet Storm

285	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid overflows in ip6_datagram_send_ctl() Yiming Qian reported : <quote> I believe I found a locally triggerable kernel b…	-	CVE-2026-31415	2026-04-18 18:16	2026-04-13	表示	GitHub Exploit DB Packet Storm

286	4.0	MEDIUM ローカル	-	-	Little CMS (lcms2) through 2.18 has an integer overflow in CubeSize in cmslut.c because the overflow check is performed after the multiplication.	CWE-696 不適切な動作順序	CVE-2026-41254	2026-04-18 16:16	2026-04-18	表示	GitHub Exploit DB Packet Storm

287	6.9	MEDIUM ローカル	-	-	In iTerm2 through 3.6.9, displaying a .txt file can cause code execution via DCS 2000p and OSC 135 data, if the working directory contains a malicious file whose name is valid output from the conduct…	CWE-829 信頼性のない制御領域からの機能の組み込み	CVE-2026-41253	2026-04-18 15:16	2026-04-18	表示	GitHub Exploit DB Packet Storm

288	8.8	HIGH ネットワーク	-	-	The CMP – Coming Soon & Maintenance Plugin by NiteoThemes plugin for WordPress is vulnerable to arbitrary file upload and remote code execution in all versions up to, and including, 4.1.16 via the `c…	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2026-6518	2026-04-18 14:16	2026-04-18	表示	GitHub Exploit DB Packet Storm

289	6.4	MEDIUM ネットワーク	-	-	The Flipbox Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Flipbox widget's button URL `custom_attributes` field in all versions up to, and including, 2…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-6048	2026-04-18 14:16	2026-04-18	表示	GitHub Exploit DB Packet Storm

290	6.4	MEDIUM ネットワーク	-	-	The Page Builder Gutenberg Blocks – CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via external iCal feed data in all versions up to, and including, 3.1.16 due to insuffic…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-4801	2026-04-18 14:16	2026-04-18	表示	GitHub Exploit DB Packet Storm

291	7.5	HIGH ネットワーク	-	-	Hard-coded ASP.NET/IIS machineKey value in Digital Knowledge KnowledgeDeliver deployments prior to February 24, 2026 allows adversaries to circumvent ViewState validation mechanisms and achieve remot…	CWE-321 CWE-502 ハードコードされた暗号鍵の使用信頼性のないデータのデシリアライゼーション	CVE-2026-5426	2026-04-18 13:16	2026-04-17	表示	GitHub Exploit DB Packet Storm

292	7.5	HIGH ネットワーク	-	-	libexpat before 2.7.6 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document.	CWE-331 エントロピー不足	CVE-2026-41080	2026-04-18 13:16	2026-04-17	表示	GitHub Exploit DB Packet Storm

293	6.5	MEDIUM 隣接	-	-	An issue in the Bluetooth Low Energy (BLE) control interface of the Yamaha SR-B30A sound bar firmware 2.40 (Mobile App: Sound Bar Remote / version: 2.40) allows remote attackers within BLE radio rang…	CWE-284 不適切なアクセス制御	CVE-2026-37100	2026-04-18 13:16	2026-04-17	表示	GitHub Exploit DB Packet Storm

294	6.5	MEDIUM ネットワーク	-	-	gdown is a Google Drive public file/folder downloader. Versions prior to 5.2.2 are vulnerable to a Path Traversal attack within the extractall functionality. When extracting a maliciously crafted ZIP…	CWE-22 パス・トラバーサル	CVE-2026-40491	2026-04-18 12:16	2026-04-18	表示	GitHub Exploit DB Packet Storm

295	7.2	HIGH ネットワーク	-	-	SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_location.php.	CWE-89 SQLインジェクション	CVE-2026-37344	2026-04-18 12:16	2026-04-17	表示	GitHub Exploit DB Packet Storm

296	7.2	HIGH ネットワーク	-	-	SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_user.php.	CWE-89 SQLインジェクション	CVE-2026-37343	2026-04-18 12:16	2026-04-17	表示	GitHub Exploit DB Packet Storm

297	7.2	HIGH ネットワーク	-	-	SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/view_parked_details.php.	CWE-89 SQLインジェクション	CVE-2026-37342	2026-04-18 12:16	2026-04-17	表示	GitHub Exploit DB Packet Storm

298	7.2	HIGH ネットワーク	-	-	SourceCodester Vehicle Parking Area Management System v1.0 is vulnerable to SQL Injection in the file /parking/manage_category.php.	CWE-89 SQLインジェクション	CVE-2026-37341	2026-04-18 12:16	2026-04-17	表示	GitHub Exploit DB Packet Storm

299	9.8	CRITICAL ネットワーク	-	-	SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/edit_music.php.	CWE-89 SQLインジェクション	CVE-2026-37340	2026-04-18 12:16	2026-04-17	表示	GitHub Exploit DB Packet Storm

300	9.8	CRITICAL ネットワーク	-	-	SourceCodester Simple Music Cloud Community System v1.0 is vulnerable to SQL Injection in the file /music/view_genre.php.	CWE-89 SQLインジェクション	CVE-2026-37339	2026-04-18 12:16	2026-04-17	表示	GitHub Exploit DB Packet Storm