NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年4月22日4:00

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
401	6.5	MEDIUM ネットワーク	juniper	junos_os_evolved	A Function Call With Incorrect Argument Type vulnerability in the sensor interface of Juniper Networks Junos OS Evolved on PTX Series allows a network-based, authenticated attacker with low privilege…	CWE-686 不適切な引数の型での関数呼び出し	CVE-2026-33783	2026-04-18 03:27	2026-04-10	表示	GitHub Exploit DB Packet Storm

402	7.5	HIGH ネットワーク	praison	praisonaiagents	PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, read_skill_file() in skill_tools.py allows reading arbitrary files from the filesystem by accepting an unrestricted skill_path paramet…	CWE-862 認証の欠如	CVE-2026-40117	2026-04-18 03:23	2026-04-10	表示	GitHub Exploit DB Packet Storm

403	7.0	HIGH ローカル	microsoft	windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2012 windows_server_2016 w…	Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally.	CWE-362 CWE-416 競合状態解放済みメモリの使用	CVE-2026-33104	2026-04-18 03:20	2026-04-15	表示	GitHub Exploit DB Packet Storm

404	8.1	HIGH ネットワーク	-	-	The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.3.9.6. This is due to insufficient file type …	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2026-5718	2026-04-18 03:16	2026-04-18	表示	GitHub Exploit DB Packet Storm

405	7.5	HIGH ネットワーク	-	-	The Drag and Drop Multiple File Upload for Contact Form 7 plugin for WordPress is vulnerable to Path Traversal leading to Arbitrary File Read in versions up to and including 1.3.9.6. This is due to t…	CWE-22 パス・トラバーサル	CVE-2026-5710	2026-04-18 03:16	2026-04-18	表示	GitHub Exploit DB Packet Storm

406	-	-	-	-	Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the ConformityCheck class rendered the rule parameter through Jinja2's default Template() constructor, silentl…	CWE-1336 テンプレートエンジンで使用される特殊な要素の不適切な無効化	CVE-2026-40320	2026-04-18 03:16	2026-04-18	表示	GitHub Exploit DB Packet Storm

407	-	-	-	-	Giskard is an open-source testing framework for AI models. In versions prior to 1.0.2b1, the RegexMatching check passes a user-supplied regular expression pattern directly to Python's re.search() wit…	CWE-1333 非効率的な正規表現の複雑さ	CVE-2026-40319	2026-04-18 03:16	2026-04-18	表示	GitHub Exploit DB Packet Storm

408	7.3	HIGH ローカル	-	-	Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory and files. This is caused by improper handlin…	CWE-280 権限管理不備	CVE-2026-21733	2026-04-18 03:16	2026-04-18	表示	GitHub Exploit DB Packet Storm

409	7.9	HIGH ローカル	-	-	Firebird is an open-source relational database management system. In versions FB3 of the client library placed incorrect data length values into XSQLDA fields when communicating with FB4 or higher se…	CWE-200 情報漏えい	CVE-2025-65104	2026-04-18 03:16	2026-04-18	表示	GitHub Exploit DB Packet Storm

410	4.3	MEDIUM ネットワーク	microsoft	windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_23h2 windows_11_24h2 windows_11_25h2 windows_11_26h1 windows_server_2012 windows_server_2016 w…	Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network.	CWE-200 情報漏えい	CVE-2026-33829	2026-04-18 03:15	2026-04-15	表示	GitHub Exploit DB Packet Storm

411	7.3	HIGH ローカル	juniper	junos	A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which wi…	CWE-61 UNIX Symbolic Link のフォロー	CVE-2026-21916	2026-04-18 03:05	2026-04-10	表示	GitHub Exploit DB Packet Storm

412	6.5	MEDIUM ネットワーク	juniper	junos junos_os_evolved	An Incorrect Synchronization vulnerability in the management daemon (mgd) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based attacker with low privileges to cause a complete Den…	CWE-821 不正な同期	CVE-2026-21919	2026-04-18 03:04	2026-04-10	表示	GitHub Exploit DB Packet Storm

413	6.5	MEDIUM 隣接	juniper	junos junos_os_evolved	A Missing Release of Memory after Effective Lifetime vulnerability in the Layer 2 Address Learning Daemon (l2ald) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent, unauthenticated…	CWE-401 有効期限後のメモリの解放の欠如	CVE-2026-33780	2026-04-18 02:59	2026-04-10	表示	GitHub Exploit DB Packet Storm

414	5.8	MEDIUM ネットワーク	juniper	junos	An Incorrect Initialization of Resource vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX Series and QFX Series device allows an unauthenticated, network…	NVD-CWE-Other	CVE-2026-33773	2026-04-18 02:56	2026-04-10	表示	GitHub Exploit DB Packet Storm

415	6.5	MEDIUM 隣接	juniper	junos	An Improper Check for Unusual or Exceptional Conditions vulnerability in the packet forwarding engine (pfe) of Juniper Networks Junos OS on specific EX and QFX Series devices allow an unauthenticated…	CWE-754 例外的な状態における不適切なチェック	CVE-2026-33781	2026-04-18 02:53	2026-04-10	表示	GitHub Exploit DB Packet Storm

416	6.5	MEDIUM 隣接	juniper	junos	A Missing Release of Memory after Effective Lifetime vulnerability in the BroadBand Edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an adjacent, unauthen…	CWE-401 有効期限後のメモリの解放の欠如	CVE-2026-33775	2026-04-18 02:40	2026-04-10	表示	GitHub Exploit DB Packet Storm

417	6.5	MEDIUM 隣接	juniper	junos	A Missing Release of Memory after Effective Lifetime vulnerability in the DHCP daemon (jdhcpd) of Juniper Networks Junos OS on MX Series, allows an adjacent, unauthenticated attacker to cause a memor…	CWE-401 有効期限後のメモリの解放の欠如	CVE-2026-33782	2026-04-18 02:39	2026-04-10	表示	GitHub Exploit DB Packet Storm

418	6.5	MEDIUM ネットワーク	praison	praisonai	PraisonAI is a multi-agent teams system. Prior to 4.5.128, the _safe_extractall() function in PraisonAI's recipe registry validates archive members against path traversal attacks but performs no chec…	CWE-409 高圧縮データの不適切な処理 (データ増幅)	CVE-2026-40148	2026-04-18 02:38	2026-04-10	表示	GitHub Exploit DB Packet Storm

419	8.8	HIGH ローカル	juniper	junos	A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a local, authenticated user with low privileges to execute specific commands which will lead to a com…	CWE-862 認証の欠如	CVE-2026-33785	2026-04-18 02:38	2026-04-10	表示	GitHub Exploit DB Packet Storm

420	3.1	LOW ネットワーク	beszel	beszel	Beszel is a server monitoring platform. Prior to 0.18.7, some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to t…	CWE-184 不完全なブラックリスト	CVE-2026-40077	2026-04-18 02:37	2026-04-10	表示	GitHub Exploit DB Packet Storm

421	8.1	HIGH ネットワーク	apollographql	apollo_mcp_server	Apollo MCP Server is a Model Context Protocol server that exposes GraphQL operations as MCP tools. Prior to version 1.7.0, the Apollo MCP Server did not validate the Host header on incoming HTTP requ…	CWE-346 同一生成元ポリシー違反	CVE-2026-35577	2026-04-18 02:31	2026-04-10	表示	GitHub Exploit DB Packet Storm

422	8.8	HIGH ネットワーク	google	chrome	Use after free in Video in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)	CWE-416 解放済みメモリの使用	CVE-2026-6302	2026-04-18 02:27	2026-04-16	表示	GitHub Exploit DB Packet Storm

423	8.8	HIGH ネットワーク	google	chrome	Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)	CWE-416 解放済みメモリの使用	CVE-2026-6303	2026-04-18 02:27	2026-04-16	表示	GitHub Exploit DB Packet Storm

424	8.3	HIGH ネットワーク	google	chrome	Use after free in Graphite in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.…	CWE-416 解放済みメモリの使用	CVE-2026-6304	2026-04-18 02:27	2026-04-16	表示	GitHub Exploit DB Packet Storm

425	8.8	HIGH ネットワーク	google	chrome	Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High)	CWE-122 CWE-787 ヒープオーバーフロー境界外書き込み	CVE-2026-6305	2026-04-18 02:27	2026-04-16	表示	GitHub Exploit DB Packet Storm

426	8.8	HIGH ネットワーク	google	chrome	Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)	CWE-843 型の取り違え	CVE-2026-6307	2026-04-18 02:27	2026-04-16	表示	GitHub Exploit DB Packet Storm

427	7.5	HIGH ネットワーク	google	chrome	Out of bounds read in Media in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code via a crafted HTML page…	CWE-125 境界外読み取り	CVE-2026-6308	2026-04-18 02:26	2026-04-16	表示	GitHub Exploit DB Packet Storm

428	8.3	HIGH ネットワーク	google	chrome	Use after free in Viz in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chr…	CWE-416 解放済みメモリの使用	CVE-2026-6309	2026-04-18 02:26	2026-04-16	表示	GitHub Exploit DB Packet Storm

429	8.3	HIGH ネットワーク	google	chrome	Use after free in Dawn in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Ch…	CWE-416 解放済みメモリの使用	CVE-2026-6310	2026-04-18 02:26	2026-04-16	表示	GitHub Exploit DB Packet Storm

430	8.3	HIGH ネットワーク	google	chrome	Uninitialized Use in Accessibility in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a…	CWE-457 初期化されていない変数の使用	CVE-2026-6311	2026-04-18 02:26	2026-04-16	表示	GitHub Exploit DB Packet Storm

431	3.1	LOW ネットワーク	google	chrome	Insufficient policy enforcement in Passwords in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML p…	NVD-CWE-noinfo	CVE-2026-6312	2026-04-18 02:26	2026-04-16	表示	GitHub Exploit DB Packet Storm

432	3.1	LOW ネットワーク	google	chrome	Insufficient policy enforcement in CORS in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. …	CWE-284 不適切なアクセス制御	CVE-2026-6313	2026-04-18 02:26	2026-04-16	表示	GitHub Exploit DB Packet Storm

433	8.3	HIGH ネットワーク	google	chrome	Out of bounds write in GPU in Google Chrome prior to 147.0.7727.101 allowed a remote attacker who had compromised the GPU process to potentially perform a sandbox escape via a crafted HTML page. (Chr…	CWE-787 境界外書き込み	CVE-2026-6314	2026-04-18 02:25	2026-04-16	表示	GitHub Exploit DB Packet Storm

434	7.5	HIGH ネットワーク	juniper	junos	An Improper Validation of Syntactic Correctness of Input vulnerability in the IPsec library used by kmd and iked of Juniper Networks Junos OS on SRX Series and MX Series allows an unauthenticated, n…	CWE-1286 入力の構文的正当性の不適切な検証	CVE-2026-33778	2026-04-18 02:23	2026-04-10	表示	GitHub Exploit DB Packet Storm

435	6.5	MEDIUM ネットワーク	juniper	junos	An Improper Following of a Certificate's Chain of Trust vulnerability in J-Web of Juniper Networks Junos OS on SRX Series allows a PITM to intercept the communication of the device and get access to …	CWE-296 証明書のトラストチェーンの不適切な追跡	CVE-2026-33779	2026-04-18 02:21	2026-04-10	表示	GitHub Exploit DB Packet Storm

436	7.1	HIGH ネットワーク	-	-	ByteDance DeerFlow before commit 2176b2b contains a path traversal and arbitrary file write vulnerability in bootstrap-mode custom-agent creation where the agent name validation is bypassed. Attacker…	CWE-22 パス・トラバーサル	CVE-2026-40518	2026-04-18 02:17	2026-04-18	表示	GitHub Exploit DB Packet Storm

437	8.3	HIGH ネットワーク	-	-	OpenHarness before commit bd4df81 contains a server-side request forgery vulnerability in the web_fetch and web_search tools that allows attackers to access private and localhost HTTP services by man…	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-40516	2026-04-18 02:17	2026-04-18	表示	GitHub Exploit DB Packet Storm

438	7.5	HIGH ネットワーク	-	-	OpenHarness before commit bd4df81 contains a permission bypass vulnerability that allows attackers to read sensitive files by exploiting incomplete path normalization in the permission checker. Attac…	CWE-863 不正な認証	CVE-2026-40515	2026-04-18 02:17	2026-04-18	表示	GitHub Exploit DB Packet Storm

439	3.3	LOW ローカル	-	-	MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious…	CWE-150 エスケープ、メタ、またはコントロールシーケンスの不適切な無効化	CVE-2026-40505	2026-04-18 02:17	2026-04-16	表示	GitHub Exploit DB Packet Storm

440	8.8	HIGH ネットワーク	-	-	The WP Customer Area plugin for WordPress is vulnerable to arbitrary file read and deletion due to insufficient file path validation in the 'ajax_attach_file' function in all versions up to, and incl…	CWE-22 パス・トラバーサル	CVE-2026-3464	2026-04-18 02:17	2026-04-18	表示	GitHub Exploit DB Packet Storm

441	5.5	MEDIUM ローカル	juniper	junos	An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon (chassisd) of Juniper Networks Junos OS on SRX1600, SRX2300 and SRX4300 allows a local attacker wit…	CWE-754 例外的な状態における不適切なチェック	CVE-2026-33786	2026-04-18 02:14	2026-04-10	表示	GitHub Exploit DB Packet Storm

442	5.5	MEDIUM ローカル	juniper	junos	An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon (chassisd) of Juniper Networks Junos OS on SRX1500, SRX4100, SRX4200 and SRX4600 allows a local att…	CWE-754 例外的な状態における不適切なチェック	CVE-2026-33787	2026-04-18 02:12	2026-04-10	表示	GitHub Exploit DB Packet Storm

443	7.5	HIGH ネットワーク	juniper	junos	An Improper Check for Unusual or Exceptional Conditions vulnerability in the flow daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an attacker sending a specific, malformed ICMPv6 pac…	CWE-754 例外的な状態における不適切なチェック	CVE-2026-33790	2026-04-18 02:11	2026-04-10	表示	GitHub Exploit DB Packet Storm

444	7.8	HIGH ローカル	ether_software	easy_video_to_ipod_converter	Easy Video to iPod Converter 1.6.20 contains a local buffer overflow vulnerability in the user registration field that allows local attackers to overwrite the structured exception handler. Attackers …	CWE-787 境界外書き込み	CVE-2019-25701	2026-04-18 02:01	2026-04-12	表示	GitHub Exploit DB Packet Storm

445	8.8	HIGH ネットワーク	impresscms	impresscms	ImpressCMS 1.3.11 contains a time-based blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the 'bid' parameter. Attacke…	CWE-89 SQLインジェクション	CVE-2019-25703	2026-04-18 01:51	2026-04-12	表示	GitHub Exploit DB Packet Storm

446	7.1	HIGH ネットワーク	gurkanuzunca	newsbull	Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authenticated attackers to extract database information through time-based, blind, and b…	CWE-89 SQLインジェクション	CVE-2019-25699	2026-04-18 01:43	2026-04-12	表示	GitHub Exploit DB Packet Storm

447	9.8	CRITICAL ネットワーク	victoralagwu	cmssite	CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat_id parameter. Attackers can send GET req…	CWE-89 SQLインジェクション	CVE-2019-25697	2026-04-18 01:41	2026-04-12	表示	GitHub Exploit DB Packet Storm

448	7.1	HIGH ネットワーク	montala	resourcespace	ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collection…	CWE-352 CWE-89 同一生成元ポリシー違反 SQLインジェクション	CVE-2019-25693	2026-04-18 01:37	2026-04-12	表示	GitHub Exploit DB Packet Storm

449	7.8	HIGH ローカル	socusoft	html5_video_player	HTML5 Video Player 1.2.5 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized key code string. Attackers can craft a malicious payl…	CWE-787 境界外書き込み	CVE-2019-25689	2026-04-18 01:19	2026-04-12	表示	GitHub Exploit DB Packet Storm

450	6.1	MEDIUM ネットワーク	dynalon	mdwiki	MDwiki contains a cross-site scripting vulnerability that allows remote attackers to execute arbitrary JavaScript by injecting malicious code through the location hash parameter. Attackers can craft …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2017-20239	2026-04-18 01:19	2026-04-12	表示	GitHub Exploit DB Packet Storm