NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月9日4:16

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
51	10.0	CRITICAL ネットワーク	-	-	Improper Validation of Specified Quantity in Input vulnerability in ShapedPlugin, LLC Product Slider Pro for WooCommerce allows Malicious Software Implanted. This issue affects Product Slider Pro fo… Update	CWE-1284 入力で指定された数量の不適切な検証	CVE-2026-49777	2026-06-9 02:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

52	-	-	-	-	Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability in wojtekmach Req allows multipart parameter smuggling via attacker-influenced part metadata. Req.Utils.encode_form_part/2 … New	CWE-93 CRLF インジェクション	CVE-2026-49756	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

53	-	-	-	-	Improper Handling of Highly Compressed Data (Data Amplification) vulnerability in wojtekmach Req allows attacker-controlled HTTP servers to exhaust memory in a Req client via decompression-bomb respo… New	CWE-409 高圧縮データの不適切な処理 (データ増幅)	CVE-2026-49755	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

54	7.1	HIGH ネットワーク	-	-	Snipe-IT is an IT asset/license management system. A vulnerability in versions prior to 8.6.0 allows a non-admin user holding only the granular `users.edit` permission to lock every admin out of the … New	CWE-863 不正な認証	CVE-2026-48507	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

55	7.1	HIGH ネットワーク	-	-	Bludit is a content management system. Versions prior to 3.22.0 have a vulnerability in the user management logic that allows deactivated accounts to maintain access via persistent authentication tok… New	CWE-212 CWE-613 保存または転送前の重要な情報の不適切な削除不適切なセッション期限	CVE-2026-46657	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

56	-	-	-	-	HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an attack chain utilizing Stored XSS alongside dynamic token exposure in the `/system/api/connectionSetti… Update	CWE-79 CWE-522 CWE-922 クロスサイト・スクリプティング（XSS）認証情報の不十分な保護重要な情報のセキュアでない格納	CVE-2026-46511	2026-06-9 02:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

57	8.3	HIGH ネットワーク	-	-	OpenMetadata is a unified metadata platform. Prior to version 1.12.4, a non-admin SSO user can trigger a TEST_CONNECTION workflow for a Database Service and receive, in the HTTP 201 response of POST … New	CWE-201 送信データへの重要な情報の挿入	CVE-2026-46481	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

58	-	-	-	-	Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluator create and update mass-assignment allows cross-workspace evaluator takeover.… New	CWE-915 動的に決定されたオブジェクト属性の不適切に制御された変更	CVE-2026-46480	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

59	-	-	-	-	Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, evaluation create and update mass-assignment allows cross-workspace evaluation takeove… New	CWE-915 動的に決定されたオブジェクト属性の不適切に制御された変更	CVE-2026-46479	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

60	-	-	-	-	Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, assistant create and update mass-assignment allows cross-workspace assistant takeover.… New	CWE-915 動的に決定されたオブジェクト属性の不適切に制御された変更	CVE-2026-46475	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

61	-	-	-	-	Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the assistant update endpoint of FlowiseAI. … New	CWE-284 CWE-639 CWE-915 不適切なアクセス制御ユーザ制御の鍵による認証回避動的に決定されたオブジェクト属性の不適切に制御された変更	CVE-2026-46441	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

62	-	-	-	-	HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 11.0.6 and prior to version 25.0.0, the file upload functionality in HAXCMS PHP only validates file extensions… Update	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2026-46400	2026-06-9 02:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

63	-	-	-	-	HAX CMS helps manage microsite universe with PHP or NodeJs backends. The PHP version of HAX CMS prior to version 26.0.0 has an authenticated file overwrite vulnerability. An attacker can exploit this… Update	CWE-15 CWE-73 CWE-78 システム構成または設定の外部制御ファイル名やパス名の外部制御 OSコマンド・インジェクション	CVE-2026-46399	2026-06-9 02:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

64	6.5	MEDIUM ネットワーク	-	-	HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an Authenticated Local File Inclusion (LFI) vulnerability in the HAXCMS saveOutline endpoint allows a low… Update	CWE-22 CWE-73 パス・トラバーサルファイル名やパス名の外部制御	CVE-2026-46397	2026-06-9 02:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

65	-	-	-	-	HAX CMS helps manage microsite universe with PHP or NodeJs backends. An authenticated Server-Side Request Forgery (SSRF) vulnerability in versions prior to 26.0.0 allows authenticated users to fetch … Update	CWE-918 サーバサイドリクエストフォージェリ	CVE-2026-46393	2026-06-9 02:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

66	-	-	-	-	HAX CMS helps manage microsite universe with PHP or NodeJs backends. Starting in version 9.0.1 and prior to version 26.0.0 of @haxtheweb/open-apis, multiple functions conduct substring-only matching … Update	CWE-183 CWE-918 許容された入力値の許可リストサーバサイドリクエストフォージェリ	CVE-2026-46391	2026-06-9 02:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

67	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Reject empty multisync extension to prevent infinite loop v3d_get_extensions() walks a userspace-provided singly-linked … New	-	CVE-2026-46314	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

68	8.8	HIGH ネットワーク	mbs-solutions	universal_gateway_firmware	A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root. Update	CWE-121 スタックオーバーフロー	CVE-2026-35085	2026-06-9 02:16	2026-06-3	表示	GitHub Exploit DB Packet Storm

69	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: media: intel/ipu6: fix error pointer dereference In a error path isp->psys is confirmed to be an error pointer not NULL so this c… New	-	CVE-2026-46313	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

70	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: media: videobuf2: Set vma_flags in vb2_dma_sg_mmap vb2_dma_contig sets VMA flags VM_DONTEXPAND and VM_DONTDUMP and I do not see a… New	-	CVE-2026-46312	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

71	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: fix access to stale wptr mapping Use drm_exec to take both locks i.e vm root bo and wptr_obj bo to access the m… New	-	CVE-2026-46311	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

72	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: media: renesas: vsp1: Fix NULL pointer deref on module unload When unloading the module on gen 4, we hit a NULL pointer dereferen… New	-	CVE-2026-46310	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

73	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: drm/xe/uapi: Reject coh_none PAT index for CPU cached memory in madvise Add validation in xe_vm_madvise_ioctl() to reject PAT ind… New	-	CVE-2026-46309	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

74	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: pmdomain: mediatek: fix use-after-free in scpsys_get_bus_protection_legacy() In scpsys_get_bus_protection_legacy(), of_find_node_… New	-	CVE-2026-46308	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

75	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: wifi: ath5k: do not access array OOB Vincent reports: > The ath5k driver seems to do an array-index-out-of-bounds access as > sho… New	-	CVE-2026-46307	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

76	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: flow_dissector: do not dissect PPPoE PFC frames RFC 2516 Section 7 states that Protocol Field Compression (PFC) is NOT RECOMMENDE… New	-	CVE-2026-46306	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

77	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: os_dep: avoid NULL pointer dereference in rtw_cbuf_alloc The return value of kzalloc_flex() is used without e… New	-	CVE-2026-46305	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

78	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: nvmet: avoid recursive nvmet-wq flush in nvmet_ctrl_free nvmet_tcp_release_queue_work() runs on nvmet-wq and can drop the final c… New	-	CVE-2026-46304	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

79	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: isofs: validate Rock Ridge CE continuation extent against volume size rock_continue() reads rs->cont_extent verbatim from the Roc… New	-	CVE-2026-46303	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

80	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: selinux: allow multiple opens of /sys/fs/selinux/policy Currently there can only be a single open of /sys/fs/selinux/policy at an… New	-	CVE-2026-46302	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

81	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: spi: topcliff-pch: fix use-after-free on unbind Give the driver a chance to flush its queue before releasing the DMA buffers on d… New	-	CVE-2026-46301	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

82	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix held lock freed on hfsplus_fill_super() hfsplus_fill_super() calls hfs_find_init() to initialize a search structure,… New	-	CVE-2026-46299	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

83	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: pseries/papr-hvpipe: Fix race with interrupt handler While executing ->ioctl handler or ->release handler, if an interrupt fires … New	-	CVE-2026-46298	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

84	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: net: libwx: use request_irq for VF misc interrupt Currently, request_threaded_irq() is used with a primary handler but a NULL thr… New	-	CVE-2026-46297	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

85	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: spi: s3c64xx: fix NULL-deref on driver unbind A change moving DMA channel allocation from probe() back to s3c64xx_spi_prepare_tra… New	-	CVE-2026-46296	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

86	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Do IRR scan in __kvm_apic_update_irr even if PIR is empty Fall back to apic_find_highest_vector() when PID.ON is set bu… New	-	CVE-2026-46295	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

87	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: dm: fix a buffer overflow in ioctl processing Tony Asleson (using Claude) found a buffer overflow in dm-ioctl in the function ret… New	-	CVE-2026-46294	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

88	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: clk: microchip: mpfs-ccc: fix out of bounds access during output registration UBSAN reported an out of bounds access during regis… New	-	CVE-2026-46293	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

89	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: pmdomain: core: Fix detach procedure for virtual devices in genpd If a device is attached to a PM domain through genpd_dev_pm_att… New	-	CVE-2026-46292	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

90	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: crypto: caam - guard HMAC key hex dumps in hash_digest_key Use print_hex_dump_devel() for dumping sensitive HMAC key bytes in has… New	-	CVE-2026-46291	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

91	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: x86/efi: Fix graceful fault handling after FPU softirq changes Since commit d02198550423 ("x86/fpu: Improve crypto performance by… New	-	CVE-2026-46290	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

92	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: lib/scatterlist: fix length calculations in extract_kvec_to_sg Patch series "Fix bugs in extract_iter_to_sg()", v3. Fix bugs in … New	-	CVE-2026-46289	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

93	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: of: unittest: fix use-after-free in of_unittest_changeset() The variable 'parent' is assigned the value of 'nchangeset' earlier i… New	-	CVE-2026-46288	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

94	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: net: txgbe: fix RTNL assertion warning when remove module For the copper NIC with external PHY, the driver called phylink_connect… New	-	CVE-2026-46287	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

95	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: leds: qcom-lpg: Check for array overflow when selecting the high resolution When selecting the high resolution values from the ar… New	-	CVE-2026-46286	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

96	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: mtd: docg3: fix use-after-free in docg3_release() In docg3_release(), the docg3 pointer is obtained from cascade->floors[0]->priv… New	-	CVE-2026-46285	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

97	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix early boot crash on parameters without '=' separator If hugepages, hugepagesz, or default_hugepagesz are specifie… New	-	CVE-2026-46284	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

98	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: tpm: Use kfree_sensitive() to free auth session in tpm_dev_release() tpm_dev_release() uses plain kfree() to free chip->auth, whi… New	-	CVE-2026-46283	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

99	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: iio: frequency: admv1013: fix NULL pointer dereference on str When device_property_read_string() fails, str is left uninitialized… New	-	CVE-2026-46282	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

100	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: vmalloc: fix buffer overflow in vrealloc_node_align() Commit 4c5d3365882d ("mm/vmalloc: allow to set node and align in vrealloc")… New	-	CVE-2026-46281	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm