NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月26日4:00

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
2951	5.5	MEDIUM ローカル	linaro	op-tee	OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 4.3.0 and prior t…	CWE-843 型の取り違え	CVE-2026-45702	2026-06-6 01:56	2026-06-4	表示	GitHub Exploit DB Packet Storm

2952	7.5	HIGH ネットワーク	microsoft	exchange_online	Improper authorization in Microsoft Exchange Online allows an unauthorized attacker to disclose information over a network.	CWE-285 不適切な認可	CVE-2026-48579	2026-06-6 01:51	2026-06-5	表示	GitHub Exploit DB Packet Storm

2953	8.8	HIGH ネットワーク	dlink	dwr-m920_firmware	A vulnerability was detected in D-Link DWR-M920 1.1.50/1.1.70. Affected is the function sub_41C8E8 of the file /boafrm/formSmsManage. Performing a manipulation of the argument action_value results in…	CWE-74 CWE-77 インジェクションコマンドインジェクション	CVE-2026-10878	2026-06-6 01:48	2026-06-5	表示	GitHub Exploit DB Packet Storm

2954	3.1	LOW ネットワーク	google	chrome	Insufficient validation of untrusted input in WebAuthentication in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy…	CWE-20 不適切な入力確認	CVE-2026-11244	2026-06-6 01:43	2026-06-5	表示	GitHub Exploit DB Packet Storm

2955	5.4	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in Downloads in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low)	CWE-346 同一生成元ポリシー違反	CVE-2026-11243	2026-06-6 01:43	2026-06-5	表示	GitHub Exploit DB Packet Storm

2956	9.8	CRITICAL ネットワーク	microsoft	azure_horizondb	Authentication bypass by spoofing in Azure HorizonDB allows an unauthorized attacker to elevate privileges over a network.	CWE-290 スプーフィングによる認証回避	CVE-2026-48567	2026-06-6 01:30	2026-06-5	表示	GitHub Exploit DB Packet Storm

2957	6.1	MEDIUM ネットワーク	-	-	Insufficient validation of untrusted input in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to inject …	CWE-20 不適切な入力確認	CVE-2026-11205	2026-06-6 01:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2958	6.5	MEDIUM ネットワーク	-	-	Inappropriate implementation in WebRTC in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium)	CWE-346 CWE-352 同一生成元ポリシー違反同一生成元ポリシー違反	CVE-2026-11200	2026-06-6 01:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2959	9.6	CRITICAL ネットワーク	-	-	Insufficient validation of untrusted input in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted video file. (Chromium secu…	CWE-20 不適切な入力確認	CVE-2026-11198	2026-06-6 01:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2960	6.5	MEDIUM ネットワーク	-	-	Insufficient policy enforcement in Workers in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a crafted HTML p…	CWE-284 不適切なアクセス制御	CVE-2026-11197	2026-06-6 01:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2961	8.8	HIGH ネットワーク	-	-	Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin p…	CWE-20 不適切な入力確認	CVE-2026-10922	2026-06-6 01:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2962	8.8	HIGH ネットワーク	-	-	Inappropriate implementation in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Cri…	CWE-787 境界外書き込み	CVE-2026-10897	2026-06-6 01:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2963	8.8	HIGH ネットワーク	-	-	Use after free in Chromoting in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Critical)	CWE-416 解放済みメモリの使用	CVE-2026-10893	2026-06-6 01:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2964	9.6	CRITICAL ネットワーク	-	-	Out of bounds write in GPU in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: C…	CWE-787 境界外書き込み	CVE-2026-10892	2026-06-6 01:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

2965	-	-	-	-	sanic-cors version 2.2.0 and prior contains an improper regular expression in the try_match() function in sanic_cors/core.py that uses re.match without end-anchoring. This allows an attacker to bypas…	-	CVE-2026-37737	2026-06-6 01:07	2026-06-6	表示	GitHub Exploit DB Packet Storm

2966	-	-	-	-	The linqi application contains hardcoded cryptographic keys. Additionally, the application uses a weak algorithm with a limited ASCII charset to dynamically generate Initialization Vectors (IVs) for …	CWE-321 CWE-338 ハードコードされた暗号鍵の使用暗号における脆弱な PRNG の使用	CVE-2026-11347	2026-06-6 01:07	2026-06-5	表示	GitHub Exploit DB Packet Storm

2967	-	-	-	-	An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorre…	CWE-287 不適切な認証	CVE-2026-11345	2026-06-6 01:07	2026-06-5	表示	GitHub Exploit DB Packet Storm

2968	-	-	-	-	A Server-Side Request Forgery (SSRF) vulnerability in the custom process creation feature of linqi allows an authenticated attacker to probe internal network components. By crafting a specific proces…	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-11346	2026-06-6 01:07	2026-06-5	表示	GitHub Exploit DB Packet Storm

2969	-	-	-	-	The Comment API (GET /api/Comment and POST /api/Comment) in the affected application fails to perform authorization checks to verify that the requesting user has access to the object identified by th…	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-11369	2026-06-6 01:07	2026-06-5	表示	GitHub Exploit DB Packet Storm

2970	-	-	-	-	An integer underflow in bt_mesh_sol_recv() in the Bluetooth Mesh solicitation handling (subsys/bluetooth/mesh/solicitation.c) leads to an out-of-bounds write. When CONFIG_BT_MESH_OD_PRIV_PROXY_SRV is…	CWE-787 境界外書き込み	CVE-2026-5589	2026-06-6 01:06	2026-06-5	表示	GitHub Exploit DB Packet Storm

2971	6.3	MEDIUM ネットワーク	-	-	A potential out-of-bounds write/read exists in the TLS socket connect path of the network sockets subsystem (subsys/net/lib/sockets/sockets_tls.c). When the TLS session cache is enabled, tls_session_…	CWE-787 境界外書き込み	CVE-2026-5066	2026-06-6 01:06	2026-06-5	表示	GitHub Exploit DB Packet Storm

2972	4.5	MEDIUM ローカル	-	-	In Mimecast Incydr before 2.6.0, arbitrary file access can occur.	CWE-732 重要なリソースに対する不適切なパーミッションの割り当て	CVE-2026-50590	2026-06-6 01:06	2026-06-5	表示	GitHub Exploit DB Packet Storm

2973	7.3	HIGH ローカル	-	-	Graphite before 1.3.15 has an integer underflow and resultant out-of-bounds write via Graphite actions, because slotat does not ensure that an offset is within the allowed slot-map range.	CWE-191 整数アンダーフロー	CVE-2026-50593	2026-06-6 01:06	2026-06-5	表示	GitHub Exploit DB Packet Storm

2974	6.3	MEDIUM ローカル	-	-	NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation (SOAP) implementation. If the SOAP functionality is enabled, a local attacker can e…	CWE-798 ハードコードされた認証情報の使用	CVE-2026-21404	2026-06-6 01:05	2026-06-5	表示	GitHub Exploit DB Packet Storm

2975	-	-	-	-	A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution.	CWE-284 不適切なアクセス制御	CVE-2026-48907	2026-06-6 01:05	2026-06-5	表示	GitHub Exploit DB Packet Storm

2976	6.3	MEDIUM ネットワーク	-	-	Cross Site Scripting (XSS) vulnerability in the "Task in Progress / Recent" page in Arket Globe Document Intelligence 5.0.0.559 due to improper sanitization of user input in text fields when creating…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2025-65640	2026-06-6 01:04	2026-06-5	表示	GitHub Exploit DB Packet Storm

2977	5.3	MEDIUM ネットワーク	-	-	HelloTalk through 3.4.1 stores full-precision GPS coordinates even when the user had intended to share only a country or city. Furthermore, these coordinates are placed into a database on the client …	CWE-359 認可されていないアクターへの個人情報の漏えい	CVE-2020-25900	2026-06-6 01:04	2026-06-6	表示	GitHub Exploit DB Packet Storm

2978	6.3	MEDIUM ネットワーク	-	-	A security vulnerability has been detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. The impacted element is an unkno…	CWE-284 CWE-434 不適切なアクセス制御危険なタイプのファイルの無制限アップロード	CVE-2026-11333	2026-06-6 01:04	2026-06-6	表示	GitHub Exploit DB Packet Storm

2979	7.3	HIGH ネットワーク	-	-	A vulnerability was detected in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This affects an unknown function of the file d…	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11334	2026-06-6 01:04	2026-06-6	表示	GitHub Exploit DB Packet Storm

2980	6.3	MEDIUM ネットワーク	-	-	A flaw has been found in tittuvarghese CollegeManagementSystem 3e476335cfbfb9a049e09f474c7ec885f69a9df3/a38852979f7e27ae67b610dce5979500ef8ebe01. This impacts the function session_start of the file /…	CWE-384 セッションの固定化	CVE-2026-11335	2026-06-6 01:04	2026-06-6	表示	GitHub Exploit DB Packet Storm

2981	5.3	MEDIUM ネットワーク	-	-	quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.59.1, an attacker can cause excessive memory allocation in quic-go's HTTP/3 client and server implementations by sending a …	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2026-40898	2026-06-6 01:01	2026-06-5	表示	GitHub Exploit DB Packet Storm

2982	7.2	HIGH ローカル	-	-	Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via `PUT /containers/{id}/arc…	CWE-427 制御されていない検索パスの要素	CVE-2026-41567	2026-06-6 01:01	2026-06-5	表示	GitHub Exploit DB Packet Storm

2983	-	-	-	-	The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.22.FInal, the codec-ohttp implementation of draft-ietf-ohai-chunked-ohttp does not verify that a cryptograp…	CWE-325 暗号化処理の不備	CVE-2026-48480	2026-06-6 01:00	2026-06-5	表示	GitHub Exploit DB Packet Storm

2984	6.3	MEDIUM ネットワーク	-	-	IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 do not properly validate uploaded files. The application ca…	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2026-42538	2026-06-6 01:00	2026-06-5	表示	GitHub Exploit DB Packet Storm

2985	7.6	HIGH ネットワーク	-	-	Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In versions 4.9.0 through 5.0.0, an authenticated user with project-edit…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-41518	2026-06-6 01:00	2026-06-5	表示	GitHub Exploit DB Packet Storm

2986	-	-	-	-	Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at `/graphql…	CWE-285 不適切な認可	CVE-2026-41522	2026-06-6 01:00	2026-06-5	表示	GitHub Exploit DB Packet Storm

2987	4.3	MEDIUM ネットワーク	-	-	IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 allow a user to alter values in the database via manipulate…	CWE-915 動的に決定されたオブジェクト属性の不適切に制御された変更	CVE-2026-42540	2026-06-6 01:00	2026-06-5	表示	GitHub Exploit DB Packet Storm

2988	9.8	CRITICAL ネットワーク	-	-	SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option to load an arbitrary DLL wi…	CWE-176 Unicode エンコーディングの不適切な処理	CVE-2025-71316	2026-06-6 00:56	2026-06-5	表示	GitHub Exploit DB Packet Storm

2989	9.6	CRITICAL ネットワーク	google	chrome	Out of bounds read and write in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: C…	CWE-125 CWE-787 境界外読み取り境界外書き込み	CVE-2026-10881	2026-06-6 00:49	2026-06-5	表示	GitHub Exploit DB Packet Storm

2990	8.3	HIGH ネットワーク	google	chrome	Insufficient validation of untrusted input in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape …	CWE-20 不適切な入力確認	CVE-2026-10917	2026-06-6 00:48	2026-06-5	表示	GitHub Exploit DB Packet Storm

2991	8.3	HIGH ネットワーク	google	chrome	Use after free in Viz in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chro…	CWE-416 解放済みメモリの使用	CVE-2026-10918	2026-06-6 00:48	2026-06-5	表示	GitHub Exploit DB Packet Storm

2992	8.3	HIGH ネットワーク	google	chrome	Use after free in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch…	CWE-416 解放済みメモリの使用	CVE-2026-10919	2026-06-6 00:48	2026-06-5	表示	GitHub Exploit DB Packet Storm

2993	8.3	HIGH ネットワーク	google	chrome	Insufficient validation of untrusted input in WebShare in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandb…	CWE-20 不適切な入力確認	CVE-2026-10920	2026-06-6 00:47	2026-06-5	表示	GitHub Exploit DB Packet Storm

2994	8.3	HIGH ネットワーク	google	chrome	Integer overflow in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (C…	CWE-472 CWE-190 不変と仮定される Web パラメータの外部制御整数オーバーフローまたはラップアラウンド	CVE-2026-10921	2026-06-6 00:47	2026-06-5	表示	GitHub Exploit DB Packet Storm

2995	8.3	HIGH ネットワーク	google	chrome	Integer overflow in Chromecast in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML pa…	CWE-472 CWE-190 不変と仮定される Web パラメータの外部制御整数オーバーフローまたはラップアラウンド	CVE-2026-10924	2026-06-6 00:47	2026-06-5	表示	GitHub Exploit DB Packet Storm

2996	8.3	HIGH ネットワーク	google	chrome	Out of bounds write in Skia in Google Chrome on Mac prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTM…	CWE-787 境界外書き込み	CVE-2026-10925	2026-06-6 00:46	2026-06-5	表示	GitHub Exploit DB Packet Storm

2997	8.8	HIGH 隣接	google	chrome	Use after free in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to execute arbitrary code via malicious network traffic. (Chromium security severity: H…	CWE-416 解放済みメモリの使用	CVE-2026-10926	2026-06-6 00:46	2026-06-5	表示	GitHub Exploit DB Packet Storm

2998	8.3	HIGH ネットワーク	google	chrome	Out of bounds read in Dawn in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. …	CWE-125 境界外読み取り	CVE-2026-10927	2026-06-6 00:44	2026-06-5	表示	GitHub Exploit DB Packet Storm

2999	8.8	HIGH ネットワーク	google	chrome	Type Confusion in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)	CWE-843 型の取り違え	CVE-2026-10935	2026-06-6 00:35	2026-06-5	表示	GitHub Exploit DB Packet Storm

3000	8.8	HIGH ネットワーク	google	chrome	Type Confusion in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)	CWE-843 型の取り違え	CVE-2026-10936	2026-06-6 00:35	2026-06-5	表示	GitHub Exploit DB Packet Storm