NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月9日4:16

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
1	7.4	HIGH ネットワーク	asynchttpclient_project	async-http-client	The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. Versions on the 2.x branch prior to 2.15.0 and the 3.x branch pri… Update	CWE-200 情報漏えい	CVE-2026-45300	2026-06-9 03:37	2026-06-6	表示	GitHub Exploit DB Packet Storm

2	6.5	MEDIUM ネットワーク	google	chrome	Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a cr… Update	CWE-20 NVD-CWE-noinfo 不適切な入力確認	CVE-2026-11022	2026-06-9 03:37	2026-06-5	表示	GitHub Exploit DB Packet Storm

3	7.8	HIGH ローカル	x.org redhat	x_server xwayland enterprise_linux	A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() declares a fixed-size stack buffer mapWidths[256] indexed by key type index. The helper function Ch… Update	CWE-121 スタックオーバーフロー	CVE-2026-50259	2026-06-9 03:28	2026-06-5	表示	GitHub Exploit DB Packet Storm

4	6.5	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in Link Preview in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions via a crafted… Update	CWE-284 不適切なアクセス制御	CVE-2026-11017	2026-06-9 03:17	2026-06-5	表示	GitHub Exploit DB Packet Storm

5	6.5	MEDIUM ネットワーク	google	chrome	Insufficient policy enforcement in Actor in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medi… Update	CWE-602 サーバ側のセキュリティのクライアント側での実施	CVE-2026-11018	2026-06-9 03:17	2026-06-5	表示	GitHub Exploit DB Packet Storm

6	6.5	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in Payments in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform domain spoofing via a crafted… Update	CWE-290 CWE-451 スプーフィングによる認証回避ユーザインターフェースにおける重要情報の誤った表示	CVE-2026-11019	2026-06-9 03:17	2026-06-5	表示	GitHub Exploit DB Packet Storm

7	6.5	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted XML file. (Chromium security severity: Medium) Update	CWE-346 CWE-352 同一生成元ポリシー違反同一生成元ポリシー違反	CVE-2026-11020	2026-06-9 03:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

8	-	-	-	-	A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutralization of user-controlled input within the web management interface. An authe… New	CWE-78 OSコマンド・インジェクション	CVE-2026-8913	2026-06-9 03:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

9	7.2	HIGH ネットワーク	-	-	Lyrion Music Server 9.2.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through media file metadata tags like GENRE, ARTIST, and ALBUM. Attack… Update	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-50232	2026-06-9 03:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

10	-	-	-	-	Memory Allocation with Excessive Size Value vulnerability in Apache HTTP Server's mod_http leads to denial of service via malicious HTTP requests. This issue affects Apache HTTP Server: from 2.4.17 … New	CWE-789 過剰なサイズ値のメモリ割り当て	CVE-2026-49975	2026-06-9 03:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

11	7.1	HIGH ネットワーク	7-zip	7-zip	7-Zip is a file archiver with a high compression ratio. Versions 9.21 through 26.00 contain an off-by-one out-of-bounds read vulnerability in the ParseDepedencyExpression function of the UEFI firmwar… Update	CWE-125 境界外読み取り	CVE-2026-48111	2026-06-9 03:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

12	8.1	HIGH ネットワーク	7-zip	7-zip	7-Zip is a file archiver with a high compression ratio. Versions 9.34 through 26.00 contain a heap memory disclosure via SquashFS fragment offset integer overflow on 32-bit builds. 32-bit integer ove… Update	CWE-125 境界外読み取り	CVE-2026-48092	2026-06-9 03:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

13	8.8	HIGH ネットワーク	-	-	A security flaw has been discovered in Tenda F451 1.0.0.7/1.0.0.9. Impacted is the function formWriteFacMac of the file /goform/WriteFacMac of the component Web Management Interface. Performing a man… New	CWE-77 CWE-78 コマンドインジェクション OSコマンド・インジェクション	CVE-2026-11556	2026-06-9 03:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

14	3.7	LOW ネットワーク	-	-	A vulnerability was identified in D-Link DGS-1100-08PD 1.00.006. This issue affects some unknown processing of the file /etc/boa.conf of the component Web Interface. Such manipulation leads to least … New	CWE-266 CWE-272 不適切な権限設定最小権限の違反	CVE-2026-11555	2026-06-9 03:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

15	4.3	MEDIUM ネットワーク	-	-	A vulnerability was determined in TOTOLINK CP450 4.1.0cu.747. This vulnerability affects unknown code of the file /etc/vsftpd.conf of the component vsftpd. This manipulation causes least privilege vi… New	CWE-266 CWE-272 不適切な権限設定最小権限の違反	CVE-2026-11554	2026-06-9 03:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

16	8.8	HIGH ネットワーク	-	-	A vulnerability was found in Tenda HG7HG9 and HG10 300001138_en_xpon. This affects the function formPPPEdit of the file /boaform/formPPPEdit. The manipulation of the argument encodename results in st… New	CWE-119 CWE-121 バッファエラースタックオーバーフロー	CVE-2026-11553	2026-06-9 03:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

17	5.3	MEDIUM ネットワーク	-	-	A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affected by this issue is some unk… New	CWE-255 CWE-259 証明書・パスワード管理パスワードがハードコーディングされている	CVE-2026-11552	2026-06-9 03:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

18	6.5	MEDIUM ネットワーク	-	-	Inappropriate implementation in Web Share in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to leak cross-origin data via a craf… Update	CWE-20 不適切な入力確認	CVE-2026-11128	2026-06-9 03:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

19	4.3	MEDIUM ネットワーク	-	-	Inappropriate implementation in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chro… Update	CWE-20 不適切な入力確認	CVE-2026-11126	2026-06-9 03:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

20	8.8	HIGH ネットワーク	-	-	Integer overflow in Skia in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) Update	CWE-122 ヒープオーバーフロー	CVE-2026-11124	2026-06-9 03:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

21	9.8	CRITICAL ネットワーク	-	-	DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the for… Update	CWE-787 境界外書き込み	CVE-2026-10879	2026-06-9 03:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

22	9.6	CRITICAL ネットワーク	google	chrome	Insufficient validation of untrusted input in GPU in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbo… Update	CWE-20 不適切な入力確認	CVE-2026-11021	2026-06-9 03:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

23	4.3	MEDIUM ネットワーク	google	chrome	Insufficient policy enforcement in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to bypass discretionary access control via a crafted HTML page. (Chromium se… Update	CWE-284 不適切なアクセス制御	CVE-2026-11302	2026-06-9 03:12	2026-06-5	表示	GitHub Exploit DB Packet Storm

24	4.3	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in Permissions in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Update	CWE-451 ユーザインターフェースにおける重要情報の誤った表示	CVE-2026-11300	2026-06-9 03:10	2026-06-5	表示	GitHub Exploit DB Packet Storm

25	6.5	MEDIUM ネットワーク	google	chrome	Insufficient validation of untrusted input in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data v… Update	CWE-20 不適切な入力確認	CVE-2026-11007	2026-06-9 03:09	2026-06-5	表示	GitHub Exploit DB Packet Storm

26	6.5	MEDIUM ネットワーク	google	chrome	Insufficient validation of untrusted input in WebAppInstalls in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a… Update	CWE-20 不適切な入力確認	CVE-2026-11008	2026-06-9 03:09	2026-06-5	表示	GitHub Exploit DB Packet Storm

27	8.1	HIGH ネットワーク	google	chrome	Insufficient policy enforcement in Password Manager in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted H… Update	CWE-602 サーバ側のセキュリティのクライアント側での実施	CVE-2026-11011	2026-06-9 03:09	2026-06-5	表示	GitHub Exploit DB Packet Storm

28	6.5	MEDIUM ネットワーク	google	chrome	Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass site isolation via a crafted … Update	CWE-602 サーバ側のセキュリティのクライアント側での実施	CVE-2026-11014	2026-06-9 03:08	2026-06-5	表示	GitHub Exploit DB Packet Storm

29	8.8	HIGH ネットワーク	google	chrome	Inappropriate implementation in LiveCaption in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via malicious network traffic. (Chromi… Update	CWE-125 境界外読み取り	CVE-2026-11301	2026-06-9 03:08	2026-06-5	表示	GitHub Exploit DB Packet Storm

30	6.5	MEDIUM ネットワーク	google	chrome	Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass same origin policy via a cra… Update	CWE-20 不適切な入力確認	CVE-2026-11016	2026-06-9 03:08	2026-06-5	表示	GitHub Exploit DB Packet Storm

31	8.8	HIGH ネットワーク	google	chrome	Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low) Update	CWE-416 解放済みメモリの使用	CVE-2026-11305	2026-06-9 03:04	2026-06-5	表示	GitHub Exploit DB Packet Storm

32	8.8	HIGH ネットワーク	google	chrome	Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low) Update	CWE-416 解放済みメモリの使用	CVE-2026-11306	2026-06-9 03:04	2026-06-5	表示	GitHub Exploit DB Packet Storm

33	8.8	HIGH ネットワーク	google	chrome	Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low) Update	CWE-416 解放済みメモリの使用	CVE-2026-11307	2026-06-9 03:04	2026-06-5	表示	GitHub Exploit DB Packet Storm

34	4.2	MEDIUM ネットワーク	7-zip	7-zip	7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain an uninitialized heap read in the SquashFS archive handler caused by a sparsely populated index array. In t… Update	CWE-125 CWE-908 境界外読み取り初期化されていないリソースの使用	CVE-2026-48104	2026-06-9 03:03	2026-06-6	表示	GitHub Exploit DB Packet Storm

35	8.8	HIGH ネットワーク	google	chrome	Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Low) Update	CWE-416 解放済みメモリの使用	CVE-2026-11304	2026-06-9 03:02	2026-06-5	表示	GitHub Exploit DB Packet Storm

36	8.8	HIGH ネットワーク	google	chrome	Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low) Update	CWE-416 解放済みメモリの使用	CVE-2026-11303	2026-06-9 03:01	2026-06-5	表示	GitHub Exploit DB Packet Storm

37	6.5	MEDIUM ネットワーク	7-zip	7-zip	7-Zip is a file archiver with a high compression ratio. Versions 9.18 through 26.00 contain a heap out-of-bounds read in 7-Zip Ar handler BSD SYMDEF parser. A 4-byte heap out-of-bounds read exists in… Update	CWE-125 CWE-190 境界外読み取り整数オーバーフローまたはラップアラウンド	CVE-2026-48112	2026-06-9 03:00	2026-06-6	表示	GitHub Exploit DB Packet Storm

38	7.1	HIGH ネットワーク	7-zip	7-zip	7-Zip is a file archiver with a high compression ratio. Versions 9.34 through 26.00 contain an off-by-one heap out-of-bounds read in the WIM (Windows Imaging) archive handler's security descriptor lo… Update	CWE-125 境界外読み取り	CVE-2026-48103	2026-06-9 02:54	2026-06-6	表示	GitHub Exploit DB Packet Storm

39	6.3	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to perform privilege escalation via a craf… Update	CWE-269 不適切な権限管理	CVE-2026-11308	2026-06-9 02:43	2026-06-5	表示	GitHub Exploit DB Packet Storm

40	9.8	CRITICAL ネットワーク	mbs-solutions	universal_gateway_firmware	An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices. Update	CWE-1393 デフォルトのパスワードの使用	CVE-2026-35075	2026-06-9 02:17	2026-06-3	表示	GitHub Exploit DB Packet Storm

41	8.1	HIGH ネットワーク	mbs-solutions	universal_gateway_firmware	The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. Update	CWE-73 ファイル名やパス名の外部制御	CVE-2026-35076	2026-06-9 02:17	2026-06-3	表示	GitHub Exploit DB Packet Storm

42	8.1	HIGH ネットワーク	mbs-solutions	universal_gateway_firmware	The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. Update	CWE-73 ファイル名やパス名の外部制御	CVE-2026-35077	2026-06-9 02:17	2026-06-3	表示	GitHub Exploit DB Packet Storm

43	8.1	HIGH ネットワーク	mbs-solutions	universal_gateway_firmware	The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. Update	CWE-73 ファイル名やパス名の外部制御	CVE-2026-35078	2026-06-9 02:17	2026-06-3	表示	GitHub Exploit DB Packet Storm

44	8.1	HIGH ネットワーク	mbs-solutions	universal_gateway_firmware	The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. Update	CWE-73 ファイル名やパス名の外部制御	CVE-2026-35079	2026-06-9 02:17	2026-06-3	表示	GitHub Exploit DB Packet Storm

45	8.1	HIGH ネットワーク	mbs-solutions	universal_gateway_firmware	The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. Update	CWE-73 ファイル名やパス名の外部制御	CVE-2026-35080	2026-06-9 02:17	2026-06-3	表示	GitHub Exploit DB Packet Storm

46	8.1	HIGH ネットワーク	mbs-solutions	universal_gateway_firmware	The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input. Update	CWE-20 不適切な入力確認	CVE-2026-35081	2026-06-9 02:17	2026-06-3	表示	GitHub Exploit DB Packet Storm

47	8.8	HIGH ネットワーク	mbs-solutions	universal_gateway_firmware	The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input. Update	CWE-22 パス・トラバーサル	CVE-2026-35082	2026-06-9 02:17	2026-06-3	表示	GitHub Exploit DB Packet Storm

48	8.8	HIGH ネットワーク	mbs-solutions	universal_gateway_firmware	A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root. Update	CWE-121 スタックオーバーフロー	CVE-2026-35083	2026-06-9 02:17	2026-06-3	表示	GitHub Exploit DB Packet Storm

49	8.8	HIGH ネットワーク	mbs-solutions	universal_gateway_firmware	A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root. Update	CWE-121 スタックオーバーフロー	CVE-2026-35084	2026-06-9 02:17	2026-06-3	表示	GitHub Exploit DB Packet Storm

50	9.3	CRITICAL ネットワーク	-	-	A logic flow weakness in Remote Access and Mobile Access certificate validation in deprecated IKEv1 key exchange allows an unauthenticated remote attacker to bypass user authentication and establish … New	CWE-287 不適切な認証	CVE-2026-50751	2026-06-9 02:16	2026-06-8	表示	GitHub Exploit DB Packet Storm