NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月11日5:13

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
351	-	-	-	-	Debusine is an integrated solution to build, distribute and maintain a Debian-based distribution. Files managed by debusine are organized into artifacts. The endpoints that create and delete relation… New	-	CVE-2026-11852	2026-06-10 19:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

352	7.5	HIGH ネットワーク	-	-	Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key unwrap) processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap out-of-bounds read in… New	CWE-125 境界外読み取り	CVE-2026-9076	2026-06-10 17:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

353	8.1	HIGH ネットワーク	-	-	Issue summary: A signed integer overflow when sizing the destination buffer for Unicode output in ASN1_mbstring_ncopy() can lead to a heap buffer overflow. Impact summary: A heap buffer overflow may… New	CWE-787 境界外書き込み	CVE-2026-7383	2026-06-10 17:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

354	4.8	MEDIUM ネットワーク	-	-	Issue summary: The implementations of AES-SIV (RFC 5297) and AES-GCM-SIV (RFC 8452) mishandle the authentication of AAD (Additional Authenticated Data) with an empty ciphertext allowing a forgery of … New	CWE-325 暗号化処理の不備	CVE-2026-45446	2026-06-10 17:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

355	7.5	HIGH ネットワーク	-	-	Issue summary: When an application drives an AES-OCB context through the public EVP_Cipher() one-shot interface, the application-supplied initialisation vector (IV) is silently discarded. Impact sum… New	CWE-325 暗号化処理の不備	CVE-2026-45445	2026-06-10 17:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

356	6.2	MEDIUM ローカル	-	-	Issue summary: When the X509_VERIFY_PARAM_set1_email is called by an application to validate a crafted e-mail address, such as during S/MIME message validation, an out of bounds read can happen. Imp… New	CWE-125 境界外読み取り	CVE-2026-42771	2026-06-10 17:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

357	3.7	LOW ネットワーク	-	-	Issue summary: When EVP_PKEY_derive_set_peer() is called with a DHX (X9.42) peer key, the peer key is not properly checked for the subgroup membership. Impact summary: A malicious peer which present… New	CWE-325 暗号化処理の不備	CVE-2026-42770	2026-06-10 17:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

358	5.3	MEDIUM ネットワーク	-	-	Issue Summary: An error in the callback used to verify the certificate provided in a Root CA key update Certificate Management Protocol (CMP) message response rendered the certificate validation inef… New	CWE-295 不正な証明書検証	CVE-2026-42769	2026-06-10 17:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

359	3.7	LOW ネットワーク	-	-	Issue summary: The CMS_decrypt and PKCS7_decrypt functions are vulnerable to Bleichenbacher-style attack when an attacker is able to provide the CMS or S/MIME messages and observe the error code and/… New	CWE-514	CVE-2026-42768	2026-06-10 17:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

360	5.9	MEDIUM ネットワーク	-	-	Issue summary: An attacker-controlled CMP (Certificate Management Protocol) server could trigger a NULL pointer dereference in a CMP client application. Impact summary: A NULL pointer dereference ca… New	CWE-476 NULL ポインタデリファレンス	CVE-2026-42767	2026-06-10 17:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

361	5.9	MEDIUM ネットワーク	-	-	Issue summary: A specially crafted password-encrypted CMS message can trigger a NULL pointer dereference during CMS decryption. Impact summary: This NULL pointer dereference leads to an application … New	CWE-476 NULL ポインタデリファレンス	CVE-2026-42766	2026-06-10 17:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

362	7.5	HIGH ネットワーク	-	-	Issue summary: When a partial-chain certificate verification is enabled together with OCSP response checking for the whole chain, a NULL dereference will happen if the verified chain does not have a … New	CWE-476 NULL ポインタデリファレンス	CVE-2026-42765	2026-06-10 17:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

363	7.5	HIGH ネットワーク	-	-	Issue summary: Receiving a QUIC initial packet with an invalid token may trigger a NULL pointer dereference in the OpenSSL QUIC server with address validation disabled. Impact summary: NULL pointer … New	CWE-476 NULL ポインタデリファレンス	CVE-2026-42764	2026-06-10 17:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

364	-	-	-	-	Issue summary: A malicious server can exploit TLS OCSP stapling by delivering a crafted response through the status_request extension, triggering a double-free in the client's certificate verificatio… New	CWE-415 二重解放	CVE-2026-35188	2026-06-10 17:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

365	7.5	HIGH ネットワーク	-	-	Issue summary: Parsing a crafted DER-encoded ASN.1 structure with a primitive element whose content exceeds 2 gigabytes in length may cause a heap buffer over-read on 64-bit Unix and Unix-like platfo… New	CWE-125 境界外読み取り	CVE-2026-34180	2026-06-10 17:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

366	-	-	-	-	Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the in Permission, Cache, and Search components. An unauthenticated attacker may trigger arbitrary PHP objec… New	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2026-10721	2026-06-10 17:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

367	-	-	-	-	A vulnerability has been found in some Dahua products could allow an unauthenticated remote attacker to send a specially crafted packet, triggering an exception that causes the system to reboot unexp… New	CWE-617 到達可能なアサーション	CVE-2026-29116	2026-06-10 16:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

368	-	-	-	-	A vulnerability has been found in some Dahua products could allow an authenticated remote attacker to send a specially crafted packet, triggering an exception that causes the system to reboot unexpec… New	CWE-617 到達可能なアサーション	CVE-2026-29115	2026-06-10 16:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

369	-	-	-	-	A vulnerability has been found in some Dahua products. An attacker may obtain the device’s CA root certificate. If that CA is installed and trusted on client systems, the attacker could issue fraudul… New	CWE-538 ファイルおよびディレクトリ情報の漏えい	CVE-2026-29114	2026-06-10 16:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

370	-	-	-	-	An attacker who intercepts and tampers with traffic between the client application and the API Gateway server could potentially deserialize arbitrary objects. This vulnerability could lead to broken … New	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2026-11815	2026-06-10 16:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

371	-	-	-	-	A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vul… New	CWE-121 スタックオーバーフロー	CVE-2026-26241	2026-06-10 14:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

372	-	-	-	-	A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vul… New	CWE-121 スタックオーバーフロー	CVE-2026-26240	2026-06-10 14:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

373	7.3	HIGH ローカル	-	-	A local privilege escalation vulnerability was found in the ansible.posix authorized_key module. The module's keyfile() function uses os.chown() instead of os.lchown() and opens files without O_NOFOL… New	CWE-59 リンク解釈の問題	CVE-2026-11837	2026-06-10 14:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

374	2.4	LOW ネットワーク	-	-	A weakness has been identified in FluentCMS 0.0.5. The impacted element is an unknown function of the file /admin/blocks of the component Blocks Plugin. This manipulation causes cross site scripting.… Update	CWE-79 CWE-94 クロスサイト・スクリプティング（XSS）コード・インジェクション	CVE-2026-11434	2026-06-10 14:16	2026-06-7	表示	GitHub Exploit DB Packet Storm

375	-	-	-	-	A buffer overflow vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We… New	CWE-121 スタックオーバーフロー	CVE-2026-26239	2026-06-10 13:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

376	-	-	-	-	A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions. We hav… New	CWE-359 CWE-862 認可されていないアクターへの個人情報の漏えい認証の欠如	CVE-2026-26237	2026-06-10 13:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

377	-	-	-	-	An incorrect authorization vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass intended access restr… New	CWE-863 不正な認証	CVE-2026-24724	2026-06-10 13:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

378	-	-	-	-	An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to… New	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2026-24720	2026-06-10 13:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

379	-	-	-	-	A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to e… New	CWE-78 OSコマンド・インジェクション	CVE-2026-24719	2026-06-10 13:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

380	-	-	-	-	A path traversal vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to read… New	CWE-22 パス・トラバーサル	CVE-2026-24717	2026-06-10 13:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

381	-	-	-	-	A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerabili… New	CWE-476 NULL ポインタデリファレンス	CVE-2026-24716	2026-06-10 13:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

382	-	-	-	-	A NULL pointer dereference vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service (… New	CWE-476 NULL ポインタデリファレンス	CVE-2026-22899	2026-06-10 13:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

383	-	-	-	-	A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to e… New	CWE-78 OSコマンド・インジェクション	CVE-2026-22893	2026-06-10 13:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

384	-	-	-	-	A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. The remote attackers can then exploit the vulnerability to launch a denial-of-service (DoS… New	CWE-476 NULL ポインタデリファレンス	CVE-2025-66281	2026-06-10 13:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

385	-	-	-	-	An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vuln… New	CWE-121 CWE-190 スタックオーバーフロー整数オーバーフローまたはラップアラウンド	CVE-2025-66280	2026-06-10 13:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

386	-	-	-	-	A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to e… New	CWE-78 OSコマンド・インジェクション	CVE-2025-66279	2026-06-10 13:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

387	-	-	-	-	A command injection vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to e… New	CWE-78 OSコマンド・インジェクション	CVE-2025-66273	2026-06-10 13:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

388	-	-	-	-	A path traversal vulnerability has been reported to affect License Center. If a local attacker gains an administrator account, they can then exploit the vulnerability to read the contents of unexpect… New	CWE-22 パス・トラバーサル	CVE-2025-62851	2026-06-10 13:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

389	-	-	-	-	A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerabili… New	CWE-476 NULL ポインタデリファレンス	CVE-2025-62850	2026-06-10 13:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

390	-	-	-	-	QuTS hero is not affected. We have already fixed the vulnerability in the following version: QTS 5.2.7.3256 build 20250913 and later New	-	CVE-2025-66276	2026-06-10 12:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

391	-	-	-	-	QTS, QuTS hero, QuTScloud are not affected. We have already fixed the vulnerability in the following version: New	CWE-472 不変と仮定される Web パラメータの外部制御	CVE-2025-59382	2026-06-10 12:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

392	-	-	-	-	A cross-site request forgery (CSRF) vulnerability has been reported to affect Notification Center. The remote attackers can then exploit the vulnerability to gain privileges or hijack user identities… New	CWE-352 同一生成元ポリシー違反	CVE-2025-58468	2026-06-10 12:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

393	4.6	MEDIUM 隣接	-	-	ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.3, and 6.0, an out-of-bounds read exists in the BlueDroid AVRCP vendor-command parser (av… New	CWE-125 境界外読み取り	CVE-2026-46532	2026-06-10 11:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

394	7.1	HIGH 隣接	-	-	ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a heap buffer overflow exists in the Security Scheme 2 (SRP6a) session-setup … New	CWE-122 ヒープオーバーフロー	CVE-2026-45542	2026-06-10 11:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

395	7.5	HIGH ネットワーク	-	-	ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a NULL-pointer dereference exists in the WebSocket subprotocol-negotiation pa… New	CWE-476 NULL ポインタデリファレンス	CVE-2026-45541	2026-06-10 11:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

396	7.1	HIGH ローカル	-	-	ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c val… New	CWE-20 CWE-125 CWE-200 不適切な入力確認境界外読み取り情報漏えい	CVE-2026-45329	2026-06-10 11:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

397	9.3	CRITICAL ローカル	-	-	ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, the esp_tee component exposes secure-service wrappers in esp_secure_services.c and esp_secure_servi… New	CWE-20 CWE-787 不適切な入力確認境界外書き込み	CVE-2026-45328	2026-06-10 11:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

398	6.5	MEDIUM 隣接	-	-	ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the DHCP server option parser (parse_o… New	CWE-125 境界外読み取り	CVE-2026-45160	2026-06-10 11:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

399	5.4	MEDIUM ネットワーク	-	-	WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of option tags in the post_title … Update	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2019-25744	2026-06-10 11:16	2026-06-4	表示	GitHub Exploit DB Packet Storm

400	5.4	MEDIUM ネットワーク	-	-	WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script tags in the post title fiel… Update	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2019-25743	2026-06-10 11:16	2026-06-4	表示	GitHub Exploit DB Packet Storm