NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月11日5:13

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
401	5.4	MEDIUM ネットワーク	-	-	WordPress Theme Zoner Real Estate 4.1.1 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through the Address input field when crea… Update	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2019-25742	2026-06-10 11:16	2026-06-4	表示	GitHub Exploit DB Packet Storm

402	5.4	MEDIUM ネットワーク	-	-	GigToDo 1.3 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript and HTML code through the proposal description field. Attackers… Update	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2019-25739	2026-06-10 11:16	2026-06-4	表示	GitHub Exploit DB Packet Storm

403	6.1	MEDIUM ネットワーク	-	-	Live Chat Unlimited 2.8.3 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts through the chat input field. Attackers can submit pay… Update	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2019-25737	2026-06-10 11:16	2026-06-4	表示	GitHub Exploit DB Packet Storm

404	6.1	MEDIUM ネットワーク	-	-	Zuz Music 2.1 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious JavaScript by submitting crafted contact form data. Attackers can inje… Update	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2019-25731	2026-06-10 11:16	2026-06-4	表示	GitHub Exploit DB Packet Storm

405	-	-	-	-	Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to version 2.53.0, an authenticated user could supply specially crafted content in certain… New	CWE-74 インジェクション	CVE-2026-46546	2026-06-10 10:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

406	-	-	-	-	SimpleBLE is a cross-platform library and bindings for Bluetooth Low Energy (BLE). Prior to version 0.14.0, there are multiple stack-based buffer overflow vulnerabilities in SimpleBLE. There is a sta… New	CWE-121 CWE-787 スタックオーバーフロー境界外書き込み	CVE-2026-44634	2026-06-10 10:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

407	4.3	MEDIUM ネットワーク	-	-	BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the friends REST API that allows any authenticated attacker to enumerate another user's complete friend list. Attackers… New	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-53675	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

408	7.1	HIGH ネットワーク	-	-	BuddyPress 14.4.0 contains a regular expression injection vulnerability in the activity mention resolver that, when username compatibility mode is enabled, allows attackers to manipulate a REGEXP dat… New	CWE-943 データクエリロジックの特殊要素の不適切な中立化	CVE-2026-53674	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

409	8.1	HIGH ネットワーク	-	-	BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the messages REST API that allows authenticated attackers to access arbitrary private message threads by supplying a us… New	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-53673	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

410	6.8	MEDIUM ネットワーク	-	-	SubjectDnX509PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the username. In a carefully crafted certificate… New	CWE-287 不適切な認証	CVE-2026-47838	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

411	7.5	HIGH ネットワーク	-	-	Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote, unauthenticated denial-of-service vulnerability in Me… New	CWE-248 キャッチされない例外	CVE-2026-46545	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

412	5.3	MEDIUM ネットワーク	-	-	Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.5.0, a remote peer can crash any full node by sending a RequestBatch… New	CWE-617 到達可能なアサーション	CVE-2026-46543	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

413	4.3	MEDIUM ネットワーク	-	-	Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a denial-of-service vulnerability exists in the Ed25519 multisi… New	CWE-617 到達可能なアサーション	CVE-2026-46542	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

414	7.5	HIGH ネットワーク	-	-	Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, iIn handle_dht_get(), the DhtResults accumulator is only initia… New	CWE-754 例外的な状態における不適切なチェック	CVE-2026-46541	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

415	6.5	MEDIUM ネットワーク	-	-	Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, when LightBlockchain::rebranch() adopts a fork chain whose tip … New	CWE-841 行動ワークフローの不適切な実施	CVE-2026-46540	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

416	5.9	MEDIUM ネットワーク	-	-	Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.4.0, a logic flaw in BlockInclusionProof::is_block_proven causes the… New	CWE-345 データの信頼性についての不十分な検証	CVE-2026-46539	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

417	8.6	HIGH ネットワーク	-	-	SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. Prior to version 7.0.3, simplesamlphp-module-casserver builds file paths for the file-based CA… New	CWE-22 パス・トラバーサル	CVE-2026-46491	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

418	6.5	MEDIUM ネットワーク	-	-	FlashMQ is a MQTT broker/server, designed for multi-CPU environments. Prior to version 1.26.2, authorized clients have the ability to exceed the permitted over-commit of their write buffer and trigge… New	CWE-248 キャッチされない例外	CVE-2026-46411	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

419	-	-	-	-	Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. From version 21.0 to before version 51.2, a guest can cause a use-after-free in the cloud-hypervisor process by submitting two virti… New	CWE-416 解放済みメモリの使用	CVE-2026-45782	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

420	7.5	HIGH ネットワーク	-	-	Pipecat is an open-source Python framework for building real-time voice and multimodal conversational agents. From version 0.0.90 to before version 1.2.0, a path traversal vulnerability exists in Pip… New	CWE-22 パス・トラバーサル	CVE-2026-44716	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

421	5.3	MEDIUM ネットワーク	-	-	Nimiq is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. network-libp2p handles kad get-record query progress in handle_dht_get (network-libp2p/… New	CWE-755 例外的な状態における不適切な処理	CVE-2026-44505	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

422	5.3	MEDIUM ネットワーク	-	-	Spring Data REST's Querydsl integration accepts arbitrary persistent property paths as request-parameter filter keys and does not consider Jackson customizations before handing them to Querydsl. Aff… New	CWE-284 不適切なアクセス制御	CVE-2026-41837	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

423	8.1	HIGH ネットワーク	-	-	JsonPulsarHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its subpackages. Additionally, an empty trusted-… New	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2026-41732	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

424	8.1	HIGH ネットワーク	-	-	JsonKafkaHeaderMapper and the deprecated DefaultKafkaHeaderMapper matched type headers against trusted packages using a prefix check, meaning that trusting any package implicitly trusted all of its s… New	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2026-41731	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

425	5.3	MEDIUM ネットワーク	-	-	Spring Data REST serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence-layer internals to HTTP clients. Affected versions: Spring Data REST 3.7.… New	CWE-209 エラーメッセージによる情報漏えい	CVE-2026-41730	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

426	8.1	HIGH ネットワーク	-	-	Spring Data REST is vulnerable to SpEL expression injection through map-typed properties when processing JSON Patch (application/json-patch+json) requests. When a persistent entity exposes a Map-type… New	CWE-917 言語構文の表現に使用される特殊な要素の不適切な無効化	CVE-2026-41729	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

427	7.5	HIGH ネットワーク	-	-	Spring Data REST's JSON Patch (application/json-patch+json) implementation does not apply the write-access filter to intermediate path segments when resolving a multi-segment JSON Pointer. Affected … New	CWE-284 不適切なアクセス制御	CVE-2026-41728	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

428	6.5	MEDIUM ネットワーク	-	-	Spring Kafka's retry topic infrastructure did not sufficiently validate user-controlled header values before acting on them. A producer could send a record with a crafted retry_topic-attempts header … New	CWE-20 不適切な入力確認	CVE-2026-41727	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

429	6.5	MEDIUM ネットワーク	-	-	When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by sending records with unique random spring.kafka.serialization.selector header values, ev… New	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2026-41726	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

430	5.9	MEDIUM ネットワーク	-	-	Spring Data Commons contains a vulnerability that can lead to a Denial of Service (DoS) condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload… New	CWE-400 リソースの枯渇	CVE-2026-41721	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

431	6.4	MEDIUM ネットワーク	-	-	A SpEL Injection vulnerability exists in the Spring Data KeyValue if unsanitized user input is passed as Sort into a repository query method that delegates evaluation to the SpelPropertyComparator. … New	CWE-917 言語構文の表現に使用される特殊な要素の不適切な無効化	CVE-2026-41719	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

432	8.1	HIGH ネットワーク	-	-	Spring Data MongoDB contains a SpEL (Spring Expression Language) expression injection vulnerability. The issue occurs during parameter binding when a user-defined repository query method is annotated… New	CWE-917 言語構文の表現に使用される特殊な要素の不適切な無効化	CVE-2026-41717	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

433	7.5	HIGH ネットワーク	-	-	Spring Data's internal property-lookup cache accepts and permanently retains attacker-supplied strings as cache keys, allowing heap exhaustion through repeated requests. Affected versions: Spring Da… New	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2026-41716	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

434	4.0	MEDIUM ネットワーク	-	-	Applications that configure their broker connection via RabbitConnectionFactoryBean.setUri("amqps://...") without also calling setUseSSL(true) get TLS encryption with no certificate validation and no… New	CWE-295 不正な証明書検証	CVE-2026-41714	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

435	5.9	MEDIUM ネットワーク	-	-	Applications using Spring Data Commons may be vulnerable to a Denial of Service (DoS) attack leading to a StackOverflowException when parsing Sort parameters. Affected versions: Spring Data Commons … New	CWE-400 リソースの枯渇	CVE-2026-41711	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

436	6.1	MEDIUM ネットワーク	-	-	Spring Security's CookieRequestCache and CookieServerRequestCache store the pre-authentication request URL in a browser cookie so that users can be redirected back to their intended destination after… New	CWE-601 オープンリダイレクト	CVE-2026-41706	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

437	4.4	MEDIUM ネットワーク	-	-	Correlation IDs for replies in the RabbitTemplate.sendAndReceive() with the fixed reply queue are predictable due to internal simple counter. Affected versions: Spring AMQP 4.0.0 through 4.0.3; 3.2.… New	CWE-330 不十分なランダム値の使用	CVE-2026-41701	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

438	4.8	MEDIUM ネットワーク	-	-	Spring Data Relational does not properly escape binding values of externally-controlled input when using StringMatcher (STARTING, ENDING, or CONTAINING) in Query By Example (QBE). An attacker can sup… New	CWE-943 データクエリロジックの特殊要素の不適切な中立化	CVE-2026-41697	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

439	5.9	MEDIUM ネットワーク	-	-	Spring Data MongoDB repository query methods annotated with @Query that use regex parameter binding perform insufficient validation of the bound parameter. An attacker can supply a crafted string to … New	CWE-943 データクエリロジックの特殊要素の不適切な中立化	CVE-2026-41696	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

440	7.5	HIGH ネットワーク	-	-	Spring Data Commons applications may be vulnerable to denial of service through resource exhaustion when attacker-controlled property path strings are passed to MappingContext property path resolutio… New	CWE-400 リソースの枯渇	CVE-2026-41695	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

441	3.7	LOW ネットワーク	-	-	Since Spring Security SAML decrypts SAML Responses as well as elements of SAML LogoutRequests and LogoutResponses without requiring a valid signature, attackers may be able to craft these SAML payloa… New	CWE-347 デジタル署名の不適切な検証	CVE-2026-41694	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

442	6.1	MEDIUM ネットワーク	-	-	Spring Security Authorization Server's authorization endpoint performs insufficient validation of the request_uri parameter. An attacker can craft a malicious authorization request containing an inva… New	CWE-601 オープンリダイレクト	CVE-2026-41008	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

443	7.6	HIGH ネットワーク	-	-	An attacker able to influence values in RelyingPartyRegistration may be able to run arbitrary code on HTML forms generated by Spring Security filters. Affected versions: Spring Security 5.7.0 throug… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-41003	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

444	7.3	HIGH 隣接	-	-	An attacker with write permissions to the database table managed by JdbcAssertingPartyMetadataRepository (saml2_asserting_party_metadata) may be able to store malicious serialized payloads in the col… New	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2026-40993	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

445	5.9	MEDIUM ネットワーク	-	-	When using spring-restdocs-webtestclient or spring-restdocs-restassured to document a remote API accessed over HTTP, an attacker who compromises the API or tricks the user into documenting a maliciou… New	CWE-611 XML 外部エンティティ参照の不適切な制限	CVE-2026-40991	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

446	7.5	HIGH ネットワーク	-	-	An application using spring-security-saml2-service-provider and the REDIRECT binding for SAML 2.0 Login or Logout may be vulnerable to a denial of service by way of an unbounded writer that inflates … New	CWE-400 リソースの枯渇	CVE-2026-40988	2026-06-10 09:16	2026-06-10	表示	GitHub Exploit DB Packet Storm

447	6.5	MEDIUM ネットワーク	-	-	An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command New	CWE-457 初期化されていない変数の使用	CVE-2026-9754	2026-06-10 08:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

448	8.1	HIGH ネットワーク	-	-	The $_internalApplyOplogUpdate aggregation pipeline stage can be used to execute a document diff containing a malformed binary diff to return memory out-of-bounds or crash the server. $_internalApply… New	CWE-1287 指定されたタイプの入力に対する不適切な検証	CVE-2026-9753	2026-06-10 08:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

449	6.5	MEDIUM ネットワーク	-	-	An authorized user could trigger a server crash by running a query with a 2dsphere index on a field that stores a GeoJSON GeometryCollection containing a Polygon with a strict-winding CRS. Strict-wi… New	CWE-476 NULL ポインタデリファレンス	CVE-2026-9752	2026-06-10 08:17	2026-06-10	表示	GitHub Exploit DB Packet Storm

450	5.5	MEDIUM ローカル	-	-	The ldapQueryPassword parameter, when set through the runtime setParameter command, will log the new password to the mongod.log file in plain text. New	CWE-532 ログファイルからの情報漏えい	CVE-2026-9751	2026-06-10 08:17	2026-06-10	表示	GitHub Exploit DB Packet Storm