NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年4月26日4:08

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
551	9.8	CRITICAL ネットワーク	-	-	Delta Electronics AS320T has denial of service via the undocumented subfunction vulnerability. New	CWE-912 非公開の機能	CVE-2026-1952	2026-04-24 23:39	2026-04-24	表示	GitHub Exploit DB Packet Storm

552	7.5	HIGH ネットワーク	-	-	Tempo queries with large limits can cause large memory allocations which can impact the availability of the service, depending on its deployment strategy. Mitigation can be done by setting max_resul… New	CWE-400 リソースの枯渇	CVE-2026-21728	2026-04-24 23:39	2026-04-24	表示	GitHub Exploit DB Packet Storm

553	-	-	-	-	A client holding only a read JWT scope can still register itself as a signal provider through the production kuksa.val.v2 OpenProviderStream API by sending ProvideSignalRequest. 1. Obtain any valid … New	CWE-306 重要な機能に対する認証の欠如解説	CVE-2026-6272	2026-04-24 23:39	2026-04-24	表示	GitHub Exploit DB Packet Storm

554	-	-	-	-	Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ. An authenticated attacker may by… New	CWE-20 CWE-94 不適切な入力確認コード・インジェクション	CVE-2026-40466	2026-04-24 23:39	2026-04-24	表示	GitHub Exploit DB Packet Storm

555	-	-	-	-	Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache ActiveMQ, Apache ActiveMQ Web. An authenticated attacker can show malicious content when browsin… New	CWE-79 CWE-915 クロスサイト・スクリプティング（XSS）動的に決定されたオブジェクト属性の不適切に制御された変更	CVE-2026-41043	2026-04-24 23:39	2026-04-24	表示	GitHub Exploit DB Packet Storm

556	-	-	-	-	Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use … New	CWE-20 CWE-94 不適切な入力確認コード・インジェクション	CVE-2026-41044	2026-04-24 23:39	2026-04-24	表示	GitHub Exploit DB Packet Storm

557	-	-	-	-	Incorrect Authorization vulnerability in Apache DolphinScheduler allows authenticated users with system login permissions to use tenants that are not defined on the platform during workflow execution… New	CWE-863 不正な認証	CVE-2026-23902	2026-04-24 23:39	2026-04-24	表示	GitHub Exploit DB Packet Storm

558	-	-	-	-	AdaptiveGRC is vulnerable to Stored XSS via text type fields across the forms. Authenticated attacker can replace the value of the text field in the HTTP POST request. Improper parameter validation b… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-4313	2026-04-24 23:39	2026-04-24	表示	GitHub Exploit DB Packet Storm

559	-	-	-	-	P4 Server versions prior to 2026.1 are configured with insecure default settings that, when exposed to untrusted networks, allow unauthenticated attackers to create arbitrary user accounts, enumerate… New	CWE-1188 リソースの安全ではないデフォルト値への初期化	CVE-2026-6043	2026-04-24 23:39	2026-04-24	表示	GitHub Exploit DB Packet Storm

560	9.9	CRITICAL ネットワーク	-	-	Exposure of sensitive information to an unauthorized actor in Azure IOT Central allows an authorized attacker to elevate privileges over a network. New	CWE-200 情報漏えい	CVE-2026-21515	2026-04-24 23:39	2026-04-24	表示	GitHub Exploit DB Packet Storm

561	6.5	MEDIUM ネットワーク	-	-	When generating an ICMP Destination Unreachable or Packet Too Big response, the handler copies a portion of the original packet into the ICMP error body using the IP header's self-declared total leng… New	CWE-130 レングスパラメーターの不整合による不適切な処理	CVE-2026-5265	2026-04-24 23:39	2026-04-24	表示	GitHub Exploit DB Packet Storm

562	8.6	HIGH ネットワーク	-	-	A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could ca… New	CWE-130 レングスパラメーターの不整合による不適切な処理	CVE-2026-5367	2026-04-24 23:39	2026-04-24	表示	GitHub Exploit DB Packet Storm

563	-	-	-	-	CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Analyzer and Clang Tidy. Authentication bypass occurs when the URL ends with Authentication with certain… New	CWE-290 CWE-863 スプーフィングによる認証回避不正な認証	CVE-2026-25660	2026-04-24 23:39	2026-04-24	表示	GitHub Exploit DB Packet Storm

564	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption The -EBUSY handling in tls_do_encryption(), introduced by c… New	-	CVE-2026-31533	2026-04-24 23:38	2026-04-24	表示	GitHub Exploit DB Packet Storm

565	5.3	MEDIUM ネットワーク	-	-	The MaxiBlocks Builder plugin for WordPress is vulnerable to arbitrary media file deletion due to insufficient file ownership validation on the 'maxi_remove_custom_image_size' AJAX action in all vers… New	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-2028	2026-04-24 23:38	2026-04-24	表示	GitHub Exploit DB Packet Storm

566	4.3	MEDIUM ネットワーク	-	-	The BetterDocs plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.3.11. This is due to a missing capability check in the generate_openai_content_callback() … New	CWE-862 認証の欠如	CVE-2026-6393	2026-04-24 23:38	2026-04-24	表示	GitHub Exploit DB Packet Storm

567	6.4	MEDIUM ネットワーク	-	-	The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image captions in the Image Grid/Slider/Carousel widget in versions up to and including 1.7.1056. This… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-5428	2026-04-24 23:38	2026-04-24	表示	GitHub Exploit DB Packet Storm

568	5.3	MEDIUM ネットワーク	-	-	The ExactMetrics – Google Analytics Dashboard for WordPress plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 9.1.2. This is due to missing capability checks… New	CWE-862 認証の欠如	CVE-2026-5488	2026-04-24 23:38	2026-04-24	表示	GitHub Exploit DB Packet Storm

569	5.3	MEDIUM ネットワーク	-	-	The HM Books Gallery plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 4.8.0. This is due to the absence of capability checks and nonce verification in the a… New	CWE-862 認証の欠如	CVE-2026-5347	2026-04-24 23:38	2026-04-24	表示	GitHub Exploit DB Packet Storm

570	8.1	HIGH ネットワーク	-	-	The Drag and Drop File Upload for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file upload in versions up to, and including, 1.1.3. This is due to the plugin extracting the file ext… New	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2026-5364	2026-04-24 23:38	2026-04-24	表示	GitHub Exploit DB Packet Storm

571	5.3	MEDIUM ネットワーク	-	-	The Booking Calendar Contact Form plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.63 via the dex_bccf_admin_int_calendar_list.inc.php … New	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-6810	2026-04-24 23:38	2026-04-24	表示	GitHub Exploit DB Packet Storm

572	4.3	MEDIUM ネットワーク	-	-	The HubSpot All-In-One Marketing - Forms, Popups, Live Chat plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.3.32 via the leadin/public/ad… New	CWE-862 認証の欠如	CVE-2025-11762	2026-04-24 23:38	2026-04-24	表示	GitHub Exploit DB Packet Storm

573	4.3	MEDIUM ネットワーク	-	-	The Taqnix plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to a missing nonce verification in the taqnix_delete_my_account() … New	CWE-352 同一生成元ポリシー違反	CVE-2026-3565	2026-04-24 23:38	2026-04-24	表示	GitHub Exploit DB Packet Storm

574	5.3	MEDIUM ネットワーク	-	-	The Liaison Site Prober plugin for WordPress is vulnerable to Information Exposure in all versions up to and including 1.2.1 via the /wp-json/site-prober/v1/logs REST API endpoint. The permissions_re… New	CWE-862 認証の欠如	CVE-2026-3569	2026-04-24 23:38	2026-04-24	表示	GitHub Exploit DB Packet Storm

575	6.4	MEDIUM ネットワーク	-	-	The ITERAS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple shortcodes (iteras-ordering, iteras-signup, iteras-paywall-login, iteras-selfservice) in all versions up to a… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-4078	2026-04-24 23:38	2026-04-24	表示	GitHub Exploit DB Packet Storm

576	6.5	MEDIUM ネットワーク	dnnsoftware	dotnetnuke	DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. All new installations of DNN 10.x.x - 10.2.1 have the same Host GUID. This does not affec… Update	CWE-330 不十分なランダム値の使用	CVE-2026-40306	2026-04-24 23:29	2026-04-18	表示	GitHub Exploit DB Packet Storm

577	4.7	MEDIUM ネットワーク	oracle	applications_framework	Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization). Supported versions that are affected are 12.2.9-12.2.15. Easily exploitable vulner… Update	CWE-284 不適切なアクセス制御	CVE-2026-34298	2026-04-24 23:29	2026-04-22	表示	GitHub Exploit DB Packet Storm

578	6.5	MEDIUM ネットワーク	oracle	peoplesoft_enterprise_fin_maintenance_management	Vulnerability in the PeopleSoft Enterprise FIN Maintenance Management product of Oracle PeopleSoft (component: Work Order Management). The supported version that is affected is 9.2. Easily exploita… Update	CWE-284 不適切なアクセス制御	CVE-2026-34299	2026-04-24 23:28	2026-04-22	表示	GitHub Exploit DB Packet Storm

579	6.5	MEDIUM ネットワーク	oracle	peoplesoft_enterprise_fin_maintenance_management	Vulnerability in the PeopleSoft Enterprise FIN Maintenance Management product of Oracle PeopleSoft (component: Work Order Management). The supported version that is affected is 9.2. Easily exploita… Update	CWE-284 不適切なアクセス制御	CVE-2026-34301	2026-04-24 23:28	2026-04-22	表示	GitHub Exploit DB Packet Storm

580	5.5	MEDIUM ネットワーク	oracle	workflow	Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Loader). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows… Update	CWE-284 不適切なアクセス制御	CVE-2026-34302	2026-04-24 23:27	2026-04-22	表示	GitHub Exploit DB Packet Storm

581	7.5	HIGH ネットワーク	oracle	weblogic_server	Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0… Update	CWE-200 情報漏えい	CVE-2026-34305	2026-04-24 23:27	2026-04-22	表示	GitHub Exploit DB Packet Storm

582	6.5	MEDIUM ネットワーク	oracle	peoplesoft_enterprise_fin_project_costing	Vulnerability in the PeopleSoft Enterprise FIN Project Costing product of Oracle PeopleSoft (component: Projects). The supported version that is affected is 9.2. Easily exploitable vulnerability al… Update	CWE-284 不適切なアクセス制御	CVE-2026-34306	2026-04-24 23:26	2026-04-22	表示	GitHub Exploit DB Packet Storm

583	5.4	MEDIUM ネットワーク	oracle	peoplesoft_enterprise_peopletools	Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Workflow). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows… Update	CWE-284 不適切なアクセス制御	CVE-2026-34307	2026-04-24 23:26	2026-04-22	表示	GitHub Exploit DB Packet Storm

584	8.1	HIGH ネットワーク	oracle	peoplesoft_enterprise_peopletools	Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows… Update	CWE-284 不適切なアクセス制御	CVE-2026-34309	2026-04-24 23:25	2026-04-22	表示	GitHub Exploit DB Packet Storm

585	7.5	HIGH ネットワーク	oracle	financial_services_analytical_applications_infrastructure	Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected ar… Update	CWE-284 不適切なアクセス制御	CVE-2026-34310	2026-04-24 23:25	2026-04-22	表示	GitHub Exploit DB Packet Storm

586	6.5	MEDIUM ネットワーク	oracle	weblogic_server	Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0… Update	CWE-285 CWE-601 不適切な認可オープンリダイレクト	CVE-2026-34315	2026-04-24 23:24	2026-04-22	表示	GitHub Exploit DB Packet Storm

587	8.1	HIGH ネットワーク	sysadminsmedia	homebox	HomeBox is a home inventory and organization system. Versions prior to 0.25.0 contain a vulnerability where the defaultGroup ID remained permanently assigned to a user after being invited to a group,… Update	CWE-708 不適切な所有権の割り当て	CVE-2026-40196	2026-04-24 23:23	2026-04-18	表示	GitHub Exploit DB Packet Storm

588	3.7	LOW ネットワーク	vmware	spring_security	Vulnerability in Spring Spring Security. If an application is using the UserDetails#isEnabled, #isAccountNonExpired, or #isAccountNonLocked user attributes, to enable, expire, or lock users, then Dao… Update	CWE-208 タイミングの違いに起因する情報漏えい	CVE-2026-22746	2026-04-24 23:20	2026-04-22	表示	GitHub Exploit DB Packet Storm

589	8.1	HIGH ネットワーク	vmware	spring_security	Vulnerability in Spring Spring Security. SubjectX500PrincipalExtractor does not correctly handle certain malformed X.509 certificate CN values, which can lead to reading the wrong value for the usern… Update	CWE-297 ホストの不一致による証明書の不適切な検証	CVE-2026-22747	2026-04-24 23:18	2026-04-22	表示	GitHub Exploit DB Packet Storm

590	6.5	MEDIUM ネットワーク	vmware	spring_security	Vulnerability in Spring Spring Security. When an application configures JWT decoding with NimbusJwtDecoder or NimbusReactiveJwtDecoder, it must configure an OAuth2TokenValidator<Jwt> separately, for… Update	CWE-20 不適切な入力確認	CVE-2026-22748	2026-04-24 23:18	2026-04-22	表示	GitHub Exploit DB Packet Storm

591	7.5	HIGH ネットワーク	vmware	spring_security	Vulnerability in Spring Spring Security. If an application is using securityMatchers(String) and a PathPatternRequestMatcher.Builder bean to prepend a servlet path, matching requests to that filter c… Update	CWE-693 保護メカニズムの不具合	CVE-2026-22753	2026-04-24 23:17	2026-04-22	表示	GitHub Exploit DB Packet Storm

592	7.5	HIGH ネットワーク	vmware	spring_security	Vulnerability in Spring Spring Security. If an application uses <sec:intercept-url servlet-path="/servlet-path" pattern="/endpoint/**"/> to define the servlet path for computing a path matcher, then … Update	CWE-284 不適切なアクセス制御	CVE-2026-22754	2026-04-24 23:16	2026-04-22	表示	GitHub Exploit DB Packet Storm

593	7.5	HIGH ネットワーク	nestjs	nest	Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.19, when an attacker sends many small, valid JSON messages in one TCP frame, handleData() recurses once per m… Update	CWE-674 不適切な再帰制御	CVE-2026-40879	2026-04-24 22:46	2026-04-22	表示	GitHub Exploit DB Packet Storm

594	5.0	MEDIUM ネットワーク	openfga	helm_charts openfga	OpenFGA is an authorization/permission engine built for developers. Prior to version 1.14.1, in specific scenarios, models using conditions with caching enabled can result in two different check requ… Update	CWE-706 CWE-863 誤って解決された名前や参照の使用不正な認証	CVE-2026-41131	2026-04-24 22:44	2026-04-22	表示	GitHub Exploit DB Packet Storm

595	8.8	HIGH ローカル	packagekit_project	packagekit	PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3… Update	CWE-367 Time-of-check Time-of-use (TOCTOU) 競合状態	CVE-2026-41651	2026-04-24 22:43	2026-04-22	表示	GitHub Exploit DB Packet Storm

596	7.5	HIGH ネットワーク	coturn_project	coturn	Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.10.0, the STUN/TURN attribute parsing functions in coturn perform unsafe pointer casts from uint8_t * to uint16_t * wit… Update	CWE-704 不正な型変換またはキャスト	CVE-2026-40613	2026-04-24 22:41	2026-04-22	表示	GitHub Exploit DB Packet Storm

597	4.8	MEDIUM ネットワーク	mitmproxy	mitmproxy	mitmproxy is a interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers and mitmweb is a web-based interface for mitmproxy. In mitmproxy 12.2.1 and below, the b… Update	CWE-90 LDAP インジェクション	CVE-2026-40606	2026-04-24 22:33	2026-04-22	表示	GitHub Exploit DB Packet Storm

598	2.7	LOW ネットワーク	openbao	openbao	OpenBao is an open source identity-based secrets management system. OpenBao's namespaces provide multi-tenant separation. Prior to version 2.5.3, a tenant who leaks token accessors can have their tok… Update	CWE-1259 セキュリティトークンの割り当ての不適切な制限	CVE-2026-40264	2026-04-24 22:29	2026-04-21	表示	GitHub Exploit DB Packet Storm

599	4.9	MEDIUM ネットワーク	openbao	openbao	OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, when OpenBao revoked privileges on a role in the PostgreSQL database secrets engine, OpenBao failed to use … Update	CWE-89 SQLインジェクション	CVE-2026-39946	2026-04-24 22:28	2026-04-21	表示	GitHub Exploit DB Packet Storm

600	3.1	LOW ネットワーク	openbao	openbao	OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, OpenBao's Certificate authentication method, when a token renewal is requested and `disable_binding=true` i… Update	CWE-295 不正な証明書検証	CVE-2026-39388	2026-04-24 22:27	2026-04-21	表示	GitHub Exploit DB Packet Storm