NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2025年8月20日4:10

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
51	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix double destruction of rsv_qp rsv_qp may be double destroyed in error flow, first in free_mr_init(), and then in hns…	-	CVE-2025-38582	2025-08-20 02:15	2025-08-20	表示	GitHub Exploit DB Packet Storm

52	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix crash when rebind ccp device for ccp.ko When CONFIG_CRYPTO_DEV_CCP_DEBUGFS is enabled, rebinding the ccp device…	-	CVE-2025-38581	2025-08-20 02:15	2025-08-20	表示	GitHub Exploit DB Packet Storm

53	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: ext4: fix inode use after free in ext4_end_io_rsv_work() In ext4_io_end_defer_completion(), check if io_end->list_vec is empty to…	-	CVE-2025-38580	2025-08-20 02:15	2025-08-20	表示	GitHub Exploit DB Packet Storm

54	-	-	-	-	A security issue has been identified in Appian Enterprise Business Process Management version 25.3. The vulnerability is related to incorrect access control, which under certain conditions could allo…	-	CVE-2025-50434	2025-08-20 02:15	2025-08-20	表示	GitHub Exploit DB Packet Storm

55	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid UAF in f2fs_sync_inode_meta() syzbot reported an UAF issue as below: [1] [2] [1] https://syzkaller.appspot.co…	-	CVE-2025-38578	2025-08-20 02:15	2025-08-20	表示	GitHub Exploit DB Packet Storm

56	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: pptp: ensure minimal skb length in pptp_xmit() Commit aabc6596ffb3 ("net: ppp: Add bound checking for skb data on ppp_sync_txmung…	-	CVE-2025-38574	2025-08-20 02:15	2025-08-20	表示	GitHub Exploit DB Packet Storm

57	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid panic in f2fs_evict_inode As syzbot [1] reported as below: R10: 0000000000000100 R11: 0000000000000206 R12: 0…	-	CVE-2025-38577	2025-08-20 02:15	2025-08-20	表示	GitHub Exploit DB Packet Storm

58	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: ipv6: reject malicious packets in ipv6_gso_segment() syzbot was able to craft a packet with very long IPv6 extension headers lead…	-	CVE-2025-38572	2025-08-20 02:15	2025-08-20	表示	GitHub Exploit DB Packet Storm

59	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over TLS in tls_alert_recv due to its ass…	-	CVE-2025-38571	2025-08-20 02:15	2025-08-20	表示	GitHub Exploit DB Packet Storm

60	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: benet: fix BUG when creating VFs benet crashes as soon as SRIOV VFs are created: kernel BUG at mm/vmalloc.c:3457! Oops: invali…	-	CVE-2025-38569	2025-08-20 02:15	2025-08-20	表示	GitHub Exploit DB Packet Storm

61	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tls_alert_recv() due…	-	CVE-2025-38566	2025-08-20 02:15	2025-08-20	表示	GitHub Exploit DB Packet Storm

62	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: perf/core: Handle buffer mapping fail correctly in perf_mmap() After successful allocation of a buffer or a successful attachment…	-	CVE-2025-38564	2025-08-20 02:15	2025-08-20	表示	GitHub Exploit DB Packet Storm

63	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: perf/core: Prevent VMA split of buffer mappings The perf mmap code is careful about mmap()'ing the user page with the ringbuffer …	-	CVE-2025-38563	2025-08-20 02:15	2025-08-20	表示	GitHub Exploit DB Packet Storm

64	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: x86/sev: Evict cache lines during SNP memory validation An SNP cache coherency vulnerability requires a cache line eviction mitig…	-	CVE-2025-38560	2025-08-20 02:15	2025-08-20	表示	GitHub Exploit DB Packet Storm

65	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: platform/x86/intel/pmt: fix a crashlog NULL pointer access Usage of the intel_pmt_read() for binary sysfs, requires a pcidev. The…	-	CVE-2025-38559	2025-08-20 02:15	2025-08-20	表示	GitHub Exploit DB Packet Storm

66	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: Initialize frame-based format color matching descriptor Fix NULL pointer crash in uvcg_framebased_make due to u…	-	CVE-2025-38558	2025-08-20 02:15	2025-08-20	表示	GitHub Exploit DB Packet Storm

67	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: HID: apple: validate feature-report field count to prevent NULL pointer dereference A malicious HID device with quirk APPLE_MAGIC…	-	CVE-2025-38557	2025-08-20 02:15	2025-08-20	表示	GitHub Exploit DB Packet Storm

68	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: usb: gadget : fix use-after-free in composite_dev_cleanup() 1. In func configfs_composite_bind() -> composite_os_desc_req_prepare…	-	CVE-2025-38555	2025-08-20 02:15	2025-08-20	表示	GitHub Exploit DB Packet Storm

69	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: mm: fix a UAF when vma->mm is freed after vma->vm_refcnt got dropped By inducing delays in the right places, Jann Horn created a …	-	CVE-2025-38554	2025-08-20 02:15	2025-08-20	表示	GitHub Exploit DB Packet Storm

70	6.6	MEDIUM ネットワーク	-	-	A flaw has been found in Linksys E5600 1.1.0.26. The affected element is the function verify_gemtek_header of the file checkFw.sh of the component Firmware Handler. Executing manipulation can lead to…	CWE-310 CWE-327 暗号の問題不完全、または危険な暗号アルゴリズムの使用	CVE-2025-9146	2025-08-20 01:15	2025-08-20	表示	GitHub Exploit DB Packet Storm

71	3.5	LOW ネットワーク	-	-	A security vulnerability has been detected in Scada-LTS 2.7.8.1. This issue affects some unknown processing of the file view_edit.shtm of the component SVG File Handler. Such manipulation of the argu…	CWE-79 CWE-94 クロスサイト・スクリプティング（XSS）コード・インジェクション	CVE-2025-9145	2025-08-20 01:15	2025-08-20	表示	GitHub Exploit DB Packet Storm

72	-	-	-	-	Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accid…	-	CVE-2025-8782	2025-08-20 01:15	2025-08-20	表示	GitHub Exploit DB Packet Storm

73	-	-	-	-	EzGED3 3.5.0 stores user passwords using an insecure hashing scheme: md5(md5(password)). This hashing method is cryptographically weak and allows attackers to perform efficient offline brute-force at…	-	CVE-2025-51540	2025-08-20 01:15	2025-08-20	表示	GitHub Exploit DB Packet Storm

74	-	-	-	-	Cross site scripting (XSS) vulnerability in Hustoj 2025-01-31 via the TID parameter to thread.php.	-	CVE-2025-50938	2025-08-20 01:15	2025-08-20	表示	GitHub Exploit DB Packet Storm

75	-	-	-	-	A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8, 2025.Q1.0 through 2025.Q1.15, 2024.Q4.0 through 2024.Q…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2025-43738	2025-08-20 01:15	2025-08-20	表示	GitHub Exploit DB Packet Storm

76	-	-	-	-	MoonShine v3.12.5 was discovered to contain a SQL injection vulnerability via the Data parameter under the Blog module.	-	CVE-2025-51510	2025-08-20 01:15	2025-08-20	表示	GitHub Exploit DB Packet Storm

77	-	-	-	-	EzGED3 3.5.0 contains an unauthenticated arbitrary file read vulnerability due to improper access control and insufficient input validation in a script exposed via the web interface. A remote attacke…	-	CVE-2025-51539	2025-08-20 01:15	2025-08-20	表示	GitHub Exploit DB Packet Storm

78	-	-	-	-	An insufficient access control vulnerability was found in the Red Hat Developer Hub rhdh/rhdh-hub-rhel9 container image. The Red Hat Developer Hub cluster admin/user, who has standard user access to …	-	CVE-2025-5417	2025-08-20 01:15	2025-08-19	表示	GitHub Exploit DB Packet Storm

79	-	-	-	-	Soosyze CMS 2.0 allows brute-force login attacks via the /user/login endpoint due to missing rate-limiting and lockout mechanisms. An attacker can repeatedly submit login attempts without restriction…	-	CVE-2025-52392	2025-08-20 01:15	2025-08-13	表示	GitHub Exploit DB Packet Storm

80	3.5	LOW ネットワーク	-	-	A weakness has been identified in Scada-LTS 2.7.8.1. This vulnerability affects unknown code of the file publisher_edit.shtm. This manipulation of the argument Name causes cross site scripting. The a…	CWE-79 CWE-94 クロスサイト・スクリプティング（XSS）コード・インジェクション	CVE-2025-9144	2025-08-20 00:15	2025-08-20	表示	GitHub Exploit DB Packet Storm

81	3.5	LOW ネットワーク	-	-	A security flaw has been discovered in Scada-LTS 2.7.8.1. This affects an unknown part of the file mailing_lists.shtm. The manipulation of the argument name/userList/address results in cross site scr…	CWE-79 CWE-94 クロスサイト・スクリプティング（XSS）コード・インジェクション	CVE-2025-9143	2025-08-20 00:15	2025-08-20	表示	GitHub Exploit DB Packet Storm

82	-	-	-	-	Incorrect Access Control in the AJAX endpoint functionality in jonkastonka Cookies and Content Security Policy plugin through version 2.29 allows remote attackers to cause a denial of service (databa…	-	CVE-2025-51529	2025-08-20 00:15	2025-08-20	表示	GitHub Exploit DB Packet Storm

83	-	-	-	-	An arbitrary file upload vulnerability in MoonShine v3.12.4 allows attackers to execute arbitrary code via uploading a crafted SVG file.	-	CVE-2025-51489	2025-08-20 00:15	2025-08-20	表示	GitHub Exploit DB Packet Storm

84	-	-	-	-	A stored cross-site scripting (XSS) vulnerability in the Create Admin function of MoonShine v3.12.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the …	-	CVE-2025-51488	2025-08-20 00:15	2025-08-20	表示	GitHub Exploit DB Packet Storm

85	-	-	-	-	A stored cross-site scripting (XSS) vulnerability in the Create Article function of MoonShine v3.12.3 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into th…	-	CVE-2025-51487	2025-08-20 00:15	2025-08-20	表示	GitHub Exploit DB Packet Storm

86	-	-	-	-	A vulnerability exists in riscv-boom SonicBOOM 1.2 (BOOMv1.2) processor implementation, where valid virtual-to-physical address translations configured with write permissions (PTE_W) in SV39 mode may…	-	CVE-2025-50897	2025-08-20 00:15	2025-08-20	表示	GitHub Exploit DB Packet Storm

87	-	-	-	-	A CORS misconfiguration in Nginx Proxy Manager v2.12.3 allows unauthorized domains to access sensitive data, particularly JWT tokens, due to improper validation of the Origin header. This misconfigur…	-	CVE-2025-50579	2025-08-20 00:15	2025-08-20	表示	GitHub Exploit DB Packet Storm

88	7.0	HIGH ローカル	microsoft	windows_server_2008 windows_server_2012 windows_11_24h2 windows_10_1507 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_22h2 windows_11_23h2 w…	Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locall…	CWE-362 競合状態	CVE-2025-49762	2025-08-19 23:42	2025-08-13	表示	GitHub Exploit DB Packet Storm

89	7.8	HIGH ローカル	microsoft	windows_server_2008 windows_server_2012 windows_11_24h2 windows_server_2025 windows_10_1507 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_22h2<…	Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally.	CWE-416 解放済みメモリの使用	CVE-2025-49761	2025-08-19 23:41	2025-08-13	表示	GitHub Exploit DB Packet Storm

90	8.8	HIGH ネットワーク	microsoft	windows_server_2008 windows_server_2012 windows_server_2025 windows_server_2016 windows_server_2019 windows_server_2022 windows_server_2022_23h2	Heap-based buffer overflow in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network.	CWE-122 ヒープオーバーフロー	CVE-2025-49757	2025-08-19 23:41	2025-08-13	表示	GitHub Exploit DB Packet Storm

91	7.8	HIGH ローカル	microsoft	windows_11_24h2 windows_server_2025	Use after free in Windows PrintWorkflowUserSvc allows an authorized attacker to elevate privileges locally.	CWE-416 解放済みメモリの使用	CVE-2025-53133	2025-08-19 23:37	2025-08-13	表示	GitHub Exploit DB Packet Storm

92	8.0	HIGH ネットワーク	microsoft	windows_server_2008 windows_server_2012 windows_11_24h2 windows_10_1507 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_22h2 windows_11_23h2 w…	Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges over a network.	CWE-362 CWE-416 競合状態解放済みメモリの使用	CVE-2025-53132	2025-08-19 23:37	2025-08-13	表示	GitHub Exploit DB Packet Storm

93	8.8	HIGH ネットワーク	microsoft	windows_11_24h2 windows_server_2025 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_22h2 windows_11_23h2 windows_server_2019 windows_server_2022 windows_server_2…	Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code over a network.	CWE-122 ヒープオーバーフロー	CVE-2025-53131	2025-08-19 23:36	2025-08-13	表示	GitHub Exploit DB Packet Storm

94	8.1	HIGH ネットワーク	microsoft	windows_server_2008 windows_server_2012 windows_11_24h2 windows_10_1507 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_22h2 windows_11_23h2 w…	Use after free in Windows Message Queuing allows an unauthorized attacker to execute code over a network.	CWE-362 CWE-416 競合状態解放済みメモリの使用	CVE-2025-50177	2025-08-19 23:36	2025-08-13	表示	GitHub Exploit DB Packet Storm

95	7.8	HIGH ローカル	microsoft	windows_11_24h2 windows_server_2025 windows_11_22h2 windows_11_23h2 windows_server_2022 windows_server_2022_23h2	Access of resource using incompatible type ('type confusion') in Graphics Kernel allows an authorized attacker to execute code locally.	CWE-122 CWE-843 ヒープオーバーフロー型の取り違え	CVE-2025-50176	2025-08-19 23:36	2025-08-13	表示	GitHub Exploit DB Packet Storm

96	7.8	HIGH ローカル	microsoft	windows_server_2008 windows_server_2012 windows_11_24h2 windows_10_1507 windows_10_1607 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_22h2 windows_11_23h2 w…	Weak authentication in Windows Installer allows an authorized attacker to elevate privileges locally.	CWE-1390 脆弱な認証	CVE-2025-50173	2025-08-19 23:36	2025-08-13	表示	GitHub Exploit DB Packet Storm

97	6.5	MEDIUM ネットワーク	microsoft	windows_11_24h2 windows_server_2025 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_22h2 windows_11_23h2 windows_server_2019 windows_server_2022 windows_server_2…	Allocation of resources without limits or throttling in Windows DirectX allows an authorized attacker to deny service over a network.	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2025-50172	2025-08-19 23:35	2025-08-13	表示	GitHub Exploit DB Packet Storm

98	7.8	HIGH ローカル	microsoft	windows_11_24h2 windows_server_2025 windows_10_1809 windows_10_21h2 windows_10_22h2 windows_11_22h2 windows_11_23h2 windows_server_2019 windows_server_2022 windows_server_2…	Improper handling of insufficient permissions or privileges in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally.	CWE-280 権限管理不備	CVE-2025-50170	2025-08-19 23:35	2025-08-13	表示	GitHub Exploit DB Packet Storm

99	7.5	HIGH ネットワーク	microsoft	windows_11_24h2 windows_server_2025	Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB allows an unauthorized attacker to execute code over a network.	CWE-362 CWE-415 競合状態二重解放	CVE-2025-50169	2025-08-19 23:21	2025-08-13	表示	GitHub Exploit DB Packet Storm

100	7.8	HIGH ローカル	microsoft	windows_11_24h2 windows_server_2025 windows_11_22h2 windows_11_23h2 windows_server_2022_23h2	Access of resource using incompatible type ('type confusion') in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally.	CWE-122 CWE-843 ヒープオーバーフロー型の取り違え	CVE-2025-50168	2025-08-19 23:20	2025-08-13	表示	GitHub Exploit DB Packet Storm