NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月26日4:00

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
3001	8.8	HIGH ネットワーク	google	chrome	Use after free in Glic in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)	CWE-416 解放済みメモリの使用	CVE-2026-10957	2026-06-6 00:34	2026-06-5	表示	GitHub Exploit DB Packet Storm

3002	8.3	HIGH ネットワーク	google	chrome	Uninitialized Use in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.…	CWE-457 初期化されていない変数の使用	CVE-2026-10960	2026-06-6 00:34	2026-06-5	表示	GitHub Exploit DB Packet Storm

3003	8.8	HIGH ネットワーク	google	chrome	Type Confusion in Media in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)	CWE-843 型の取り違え	CVE-2026-10962	2026-06-6 00:34	2026-06-5	表示	GitHub Exploit DB Packet Storm

3004	8.8	HIGH ネットワーク	google	chrome	Integer overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)	CWE-472 不変と仮定される Web パラメータの外部制御	CVE-2026-10963	2026-06-6 00:34	2026-06-5	表示	GitHub Exploit DB Packet Storm

3005	8.8	HIGH ネットワーク	google	chrome	Integer overflow in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)	CWE-472 不変と仮定される Web パラメータの外部制御	CVE-2026-10964	2026-06-6 00:33	2026-06-5	表示	GitHub Exploit DB Packet Storm

3006	8.8	HIGH ネットワーク	google	chrome	Integer overflow in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)	CWE-472 不変と仮定される Web パラメータの外部制御	CVE-2026-10965	2026-06-6 00:33	2026-06-5	表示	GitHub Exploit DB Packet Storm

3007	3.1	LOW ネットワーク	google	chrome	Insufficient policy enforcement in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass discretionary access control v…	CWE-20 不適切な入力確認	CVE-2026-11251	2026-06-6 00:33	2026-06-5	表示	GitHub Exploit DB Packet Storm

3008	8.3	HIGH ネットワーク	google	chrome	Integer overflow in GPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch…	CWE-125 境界外読み取り	CVE-2026-11256	2026-06-6 00:33	2026-06-5	表示	GitHub Exploit DB Packet Storm

3009	7.5	HIGH ネットワーク	google	chrome	Insufficient validation of untrusted input in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via…	CWE-20 不適切な入力確認	CVE-2026-10969	2026-06-6 00:33	2026-06-5	表示	GitHub Exploit DB Packet Storm

3010	7.5	HIGH ネットワーク	google	chrome	Insufficient validation of untrusted input in Storage Access API in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data v…	CWE-20 不適切な入力確認	CVE-2026-11255	2026-06-6 00:33	2026-06-5	表示	GitHub Exploit DB Packet Storm

3011	8.3	HIGH ネットワーク	google	chrome	Insufficient validation of untrusted input in InterestGroups in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbo…	CWE-20 不適切な入力確認	CVE-2026-10970	2026-06-6 00:33	2026-06-5	表示	GitHub Exploit DB Packet Storm

3012	4.3	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)	CWE-451 ユーザインターフェースにおける重要情報の誤った表示	CVE-2026-11254	2026-06-6 00:31	2026-06-5	表示	GitHub Exploit DB Packet Storm

3013	4.3	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)	CWE-362 競合状態	CVE-2026-11253	2026-06-6 00:31	2026-06-5	表示	GitHub Exploit DB Packet Storm

3014	5.9	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to obtain potentially sensitive information …	CWE-306 重要な機能に対する認証の欠如解説	CVE-2026-11238	2026-06-6 00:30	2026-06-5	表示	GitHub Exploit DB Packet Storm

3015	7.5	HIGH ネットワーク	google	chrome	Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTM…	CWE-20 不適切な入力確認	CVE-2026-11239	2026-06-6 00:29	2026-06-5	表示	GitHub Exploit DB Packet Storm

3016	3.1	LOW ネットワーク	google	chrome	Insufficient validation of untrusted input in Loader in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted …	CWE-20 不適切な入力確認	CVE-2026-11240	2026-06-6 00:29	2026-06-5	表示	GitHub Exploit DB Packet Storm

3017	8.0	HIGH 隣接	google	chrome	Insufficient validation of untrusted input in Cast in Google Chrome prior to 149.0.7827.53 allowed an attacker on the local network segment to perform privilege escalation via a crafted HTML page. (C…	CWE-20 不適切な入力確認	CVE-2026-11241	2026-06-6 00:29	2026-06-5	表示	GitHub Exploit DB Packet Storm

3018	7.5	HIGH ネットワーク	google	chrome	Insufficient validation of untrusted input in Plugins in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafte…	CWE-20 不適切な入力確認	CVE-2026-11242	2026-06-6 00:28	2026-06-5	表示	GitHub Exploit DB Packet Storm

3019	4.3	MEDIUM ネットワーク	google	chrome	Insufficient policy enforcement in Content Settings in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium securit…	CWE-284 不適切なアクセス制御	CVE-2026-11252	2026-06-6 00:27	2026-06-5	表示	GitHub Exploit DB Packet Storm

3020	9.6	CRITICAL ネットワーク	google	chrome	Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from pr…	CWE-416 解放済みメモリの使用	CVE-2026-11250	2026-06-6 00:26	2026-06-5	表示	GitHub Exploit DB Packet Storm

3021	8.8	HIGH ネットワーク	-	-	Use after free in Chromoting in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: Low)	CWE-416 解放済みメモリの使用	CVE-2026-11224	2026-06-6 00:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

3022	6.5	MEDIUM ネットワーク	-	-	Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a cra…	CWE-20 不適切な入力確認	CVE-2026-11223	2026-06-6 00:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

3023	6.5	MEDIUM ネットワーク	-	-	Incorrect security UI in Tab Strip in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted HTML page. (Chromium security severity: Low)	CWE-451 ユーザインターフェースにおける重要情報の誤った表示	CVE-2026-11222	2026-06-6 00:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

3024	4.3	MEDIUM ネットワーク	-	-	Insufficient validation of untrusted input in PointerLock in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a craft…	CWE-20 不適切な入力確認	CVE-2026-11221	2026-06-6 00:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

3025	6.5	MEDIUM ネットワーク	-	-	Insufficient validation of untrusted input in Navigation in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a craf…	CWE-20 不適切な入力確認	CVE-2026-11220	2026-06-6 00:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

3026	4.3	MEDIUM ネットワーク	-	-	Inappropriate implementation in Navigation in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Lo…	CWE-693 保護メカニズムの不具合	CVE-2026-11219	2026-06-6 00:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

3027	8.1	HIGH ネットワーク	-	-	Inappropriate implementation in PlatformIntegration in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbi…	CWE-20 CWE-94 不適切な入力確認コード・インジェクション	CVE-2026-11218	2026-06-6 00:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

3028	6.5	MEDIUM ネットワーク	-	-	Inappropriate implementation in Fenced Frames in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML pa…	CWE-346 同一生成元ポリシー違反	CVE-2026-11217	2026-06-6 00:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

3029	4.3	MEDIUM ネットワーク	-	-	Incorrect security UI in File Input in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML …	CWE-451 ユーザインターフェースにおける重要情報の誤った表示	CVE-2026-11216	2026-06-6 00:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

3030	6.5	MEDIUM ネットワーク	-	-	Inappropriate implementation in Cronet in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: …	CWE-451 ユーザインターフェースにおける重要情報の誤った表示	CVE-2026-11215	2026-06-6 00:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

3031	6.5	MEDIUM ネットワーク	-	-	Inappropriate implementation in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity:…	CWE-346 CWE-352 同一生成元ポリシー違反同一生成元ポリシー違反	CVE-2026-11214	2026-06-6 00:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

3032	9.6	CRITICAL ネットワーク	-	-	Insufficient validation of untrusted input in Reading Mode in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox …	CWE-20 不適切な入力確認	CVE-2026-11213	2026-06-6 00:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

3033	5.5	MEDIUM ローカル	ni	ni-pal	Improper input validation in the NI-PAL kernel driver may allow a local authenticated user to cause a denial of service by triggering a crash due to a NULL pointer dereference. This vulnerability aff…	CWE-476 NULL ポインタデリファレンス	CVE-2026-8035	2026-06-6 00:11	2026-06-3	表示	GitHub Exploit DB Packet Storm

3034	7.8	HIGH ローカル	ni	ni-pal	Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escalation. This vulnerability affects NI-PAL 26.3.0 and p…	CWE-1285 入力で指定されたインデックス、位置、またはオフセットの不適切な検証	CVE-2026-8036	2026-06-6 00:10	2026-06-3	表示	GitHub Exploit DB Packet Storm

3035	-	-	-	-	Froxlor is open source server administration software. In version 2.3.6 and earlier, the LOC record regex uses `\s+` which matches newlines (allowing embedded newlines to pass), TLSA `matchingType=0`…	CWE-74 インジェクション	CVE-2026-41237	2026-06-6 00:09	2026-06-5	表示	GitHub Exploit DB Packet Storm

3036	7.6	HIGH ネットワーク	-	-	Froxlor is open source server administration software. Prior to version 2.3.7, the `DomainZones.add` API endpoint does not sanitize newline characters in TXT record content. An authenticated customer…	CWE-74 インジェクション	CVE-2026-41234	2026-06-6 00:09	2026-06-5	表示	GitHub Exploit DB Packet Storm

3037	8.8	HIGH ネットワーク	-	-	Inappropriate implementation in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: H…	CWE-20 CWE-94 CWE-119 不適切な入力確認コード・インジェクションバッファエラー	CVE-2026-10904	2026-06-6 00:02	2026-06-5	表示	GitHub Exploit DB Packet Storm

3038	-	-	-	-	Insufficient validation of untrusted input in Codecs in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted…	CWE-20 不適切な入力確認	CVE-2026-10981	2026-06-6 00:02	2026-06-5	表示	GitHub Exploit DB Packet Storm

3039	-	-	-	-	Type Confusion in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium)	CWE-125 境界外読み取り	CVE-2026-11061	2026-06-6 00:02	2026-06-5	表示	GitHub Exploit DB Packet Storm

3040	-	-	-	-	Use after free in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch…	CWE-416 解放済みメモリの使用	CVE-2026-11065	2026-06-6 00:02	2026-06-5	表示	GitHub Exploit DB Packet Storm

3041	-	-	-	-	Insufficient validation of untrusted input in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium securi…	CWE-20 不適切な入力確認	CVE-2026-11066	2026-06-6 00:02	2026-06-5	表示	GitHub Exploit DB Packet Storm

3042	8.1	HIGH ネットワーク	-	-	Use after free in V8 in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to execute arbitrary code inside a sandbox via a crafted Chrome …	CWE-416 解放済みメモリの使用	CVE-2026-11185	2026-06-6 00:02	2026-06-5	表示	GitHub Exploit DB Packet Storm

3043	4.3	MEDIUM ネットワーク	-	-	Inappropriate implementation in Payments in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low)	CWE-451 ユーザインターフェースにおける重要情報の誤った表示	CVE-2026-11245	2026-06-6 00:02	2026-06-5	表示	GitHub Exploit DB Packet Storm

3044	5.3	MEDIUM ネットワーク	-	-	Insufficient validation of untrusted input in IndexedDB in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a c…	CWE-20 不適切な入力確認	CVE-2026-11246	2026-06-6 00:02	2026-06-5	表示	GitHub Exploit DB Packet Storm

3045	3.1	LOW ネットワーク	-	-	Insufficient policy enforcement in CustomTabs in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severi…	CWE-693 保護メカニズムの不具合	CVE-2026-11247	2026-06-6 00:02	2026-06-5	表示	GitHub Exploit DB Packet Storm

3046	8.8	HIGH ネットワーク	-	-	Inappropriate implementation in Google Lens in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: L…	CWE-693 保護メカニズムの不具合	CVE-2026-11248	2026-06-6 00:02	2026-06-5	表示	GitHub Exploit DB Packet Storm

3047	4.7	MEDIUM ネットワーク	-	-	Use after free in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory vi…	CWE-416 解放済みメモリの使用	CVE-2026-11249	2026-06-6 00:02	2026-06-5	表示	GitHub Exploit DB Packet Storm

3048	-	-	-	-	In Arista’s EOS when in 802.1X mode, multi-auth unauthenticated hosts might be allowed access to a switch port if there exists an EAPOL capable device in the fallback VLAN.	CWE-1287 指定されたタイプの入力に対する不適切な検証	CVE-2024-6858	2026-06-6 00:02	2026-06-5	表示	GitHub Exploit DB Packet Storm

3049	5.9	MEDIUM ネットワーク	-	-	On affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, and routing enabled on the access VLAN of the ports, a malicious supplicant may be able to by…	CWE-287 不適切な認証	CVE-2023-5502	2026-06-6 00:02	2026-06-5	表示	GitHub Exploit DB Packet Storm

3050	9.6	CRITICAL ネットワーク	-	-	Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the swi…	CWE-306 重要な機能に対する認証の欠如解説	CVE-2024-27890	2026-06-6 00:02	2026-06-5	表示	GitHub Exploit DB Packet Storm