NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月9日4:16

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
101	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: lib: test_hmm: evict device pages on file close to avoid use-after-free Patch series "Minor hmm_test fixes and cleanups". Two bu… New	-	CVE-2026-46280	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

102	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: mm/alloc_tag: clear codetag for pages allocated before page_ext initialization Due to initialization ordering, page_ext is alloca… New	-	CVE-2026-46279	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

103	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Fix segfault when updating ftrace mask Fix invalid data access by passing right data for debugfs entry. [ 171.… New	-	CVE-2026-46278	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

104	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: mm/zone_device: do not touch device folio after calling ->folio_free() The contents of a device folio can immediately change afte… New	-	CVE-2026-46277	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

105	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix zero-size GDS range init on RDNA4 RDNA4 (GFX 12) hardware removes the GDS, GWS, and OA on-chip memory resources. … New	-	CVE-2026-46276	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

106	9.0	CRITICAL ネットワーク	termix	termix	Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the GET /ssh/file_manager/ssh/resolvePath endpoint in the Termix … Update	CWE-78 CWE-639 OSコマンド・インジェクションユーザ制御の鍵による認証回避	CVE-2026-45750	2026-06-9 02:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

107	9.8	CRITICAL ネットワーク	termix	termix	Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. The `POST /ssh/tunnel/connect` endpoint in Termix prior to version 2.3.2 builds an SSH tu… Update	CWE-78 OSコマンド・インジェクション	CVE-2026-45748	2026-06-9 02:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

108	8.1	HIGH ネットワーク	termix	termix	Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. 16 file-manager endpoints in Termix prior to version 2.3.2 do not verify that the request… Update	CWE-639 ユーザ制御の鍵による認証回避	CVE-2026-45743	2026-06-9 02:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

109	5.5	MEDIUM ローカル	-	-	fabric-chaincode-java is a Java based implementation of Hyperledger Fabric chaincode shim APIs. From version 2.3.1 to before version 2.5.10, when chaincode is deployed in chaincode-as-a-service mode … New	CWE-532 ログファイルからの情報漏えい	CVE-2026-45581	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

110	-	-	-	-	Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting') vulnerability in ninenines cowlib allows HTTP response splitting via non-VCHAR bytes in structured-fields… New	CWE-113 HTTP レスポンスの分割	CVE-2026-43966	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

111	-	-	-	-	Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the chatflow update endpoint of FlowiseAI. T… New	CWE-284 CWE-639 CWE-915 不適切なアクセス制御ユーザ制御の鍵による認証回避動的に決定されたオブジェクト属性の不適切に制御された変更	CVE-2026-42863	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

112	-	-	-	-	Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the tool update endpoint of FlowiseAI. The e… New	CWE-284 CWE-639 CWE-915 不適切なアクセス制御ユーザ制御の鍵による認証回避動的に決定されたオブジェクト属性の不適切に制御された変更	CVE-2026-42862	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

113	6.5	MEDIUM ネットワーク	-	-	IRIS is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 return sensitive data to the user which are not required fo… Update	CWE-201 送信データへの重要な情報の挿入	CVE-2026-42539	2026-06-9 02:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

114	9.4	CRITICAL ネットワーク	-	-	AdGuard Home, when started with the --glinet flag, contains an authentication bypass vulnerability that allows unauthenticated attackers to gain full admin access by supplying a path traversal sequen… New	CWE-22 パス・トラバーサル	CVE-2026-41448	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

115	9.8	CRITICAL ネットワーク	-	-	STACKIT IaaS API contains a missing authorization check vulnerability that allows authenticated, low-privileged attackers to escalate privileges to full organization compromise by attaching arbitrary… New	CWE-862 認証の欠如	CVE-2026-39910	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

116	6.5	MEDIUM ネットワーク	-	-	OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the NTLMv2 hash of the process user by configuring a job proxy sour… New	CWE-522 認証情報の不十分な保護	CVE-2026-39908	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

117	7.5	HIGH ネットワーク	-	-	Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the page parameter of the fromDhcpListClient function. This vulnerability allows attackers to cau… Update	CWE-121 スタックオーバーフロー	CVE-2026-36785	2026-06-9 02:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

118	9.1	CRITICAL ネットワーク	-	-	An issue in the cluster-admin:backup-datastore component of Controller v12.0.5 allows attackers to execute a directory traversal via a crafted request. Update	CWE-22 パス・トラバーサル	CVE-2026-36500	2026-06-9 02:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

119	4.8	MEDIUM ネットワーク	-	-	Dovestones Softwares ADPhonebook before v4.0.1.1 is vulnerable to a Cross Site Scripting vulnerability. The /Admin/Save API allows an authenticated admin user to store malicious JavaScript payloads i… Update	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-36460	2026-06-9 02:16	2026-06-4	表示	GitHub Exploit DB Packet Storm

120	5.3	MEDIUM ネットワーク	libxls_project	libxls	A use-of-uninitialized memory vulnerability exists in libxls 1.6.3 when parsing malformed XLS files. The issue is reachable via xls_parseWorkBook() and is triggered by uninitialized heap memory origi… Update	CWE-908 初期化されていないリソースの使用	CVE-2026-26825	2026-06-9 02:16	2026-06-4	表示	GitHub Exploit DB Packet Storm

121	8.8	HIGH ネットワーク	-	-	OpenBullet2 through version 0.3.2 contains an authenticated remote code execution vulnerability that allows authenticated users to execute arbitrary C# code on the server host by creating or modifyin… New	CWE-94 コード・インジェクション	CVE-2026-25856	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

122	8.8	HIGH ネットワーク	-	-	OpenBullet2 through version 0.3.2 contains a remote code execution vulnerability that allows authenticated users to execute arbitrary commands by uploading script files (.bat.ps1.sh) through the File… New	CWE-78 OSコマンド・インジェクション	CVE-2026-25855	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

123	8.8	HIGH ネットワーク	-	-	OpenBullet2 through version 0.3.2 contains a path traversal vulnerability in the wordlist endpoint that allows authenticated attackers to perform arbitrary file read, write, and delete operations by … New	CWE-22 パス・トラバーサル	CVE-2026-25559	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

124	9.8	CRITICAL ネットワーク	-	-	OpenBullet2 through version 0.3.2 contains an authentication bypass vulnerability in the API key authentication middleware that allows unauthenticated attackers to gain admin access by supplying an e… New	CWE-305 根本の脆弱性による認証回避	CVE-2026-25555	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

125	6.5	MEDIUM ネットワーク	-	-	A flaw was found in 389 Directory Server. The Content Synchronization persistent search plugin allows unbounded memory growth when an authenticated client stops reading sync responses, enabling denia… New	CWE-400 リソースの枯渇	CVE-2026-11611	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

126	3.5	LOW ネットワーク	-	-	A vulnerability was detected in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this issue is some unknown functionality of the file /add.php. The manip… New	CWE-79 CWE-94 クロスサイト・スクリプティング（XSS）コード・インジェクション	CVE-2026-11534	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

127	5.4	MEDIUM ネットワーク	-	-	A security vulnerability has been detected in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected by this vulnerability is an unknown functionality of the file… New	CWE-266 CWE-285 不適切な権限設定不適切な認可	CVE-2026-11533	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

128	6.3	MEDIUM ネットワーク	-	-	A weakness has been identified in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. Affected is an unknown function of the file /add.php of the component Student Reco… New	CWE-266 CWE-284 不適切な権限設定不適切なアクセス制御	CVE-2026-11532	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

129	7.3	HIGH ネットワーク	-	-	A security flaw has been discovered in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This impacts an unknown function of the file admin/admin_login.php of the com… New	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11531	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

130	7.3	HIGH ネットワーク	-	-	A vulnerability was identified in imvks786 student_management_system up to 9599b560ad3c3b83e75d328b76bedcd489ef1f46. This affects an unknown function of the file /index.ph of the component Login. Suc… New	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11530	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

131	8.8	HIGH ネットワーク	-	-	A flaw has been found in Tenda W20E 15.11.0.6. This issue affects the function formPortalAuth of the file /goform/PortalAuth of the component Web Management Interface. Executing a manipulation of the… New	CWE-119 CWE-121 バッファエラースタックオーバーフロー	CVE-2026-11523	2026-06-9 02:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

132	7.3	HIGH ネットワーク	-	-	A flaw has been found in GL.iNet GL-MT3000 4.4.5. This impacts the function snprintf of the file /cgi-bin/glc of the component FTP Protocol Handler. Executing a manipulation of the argument media_dir… New	CWE-74 CWE-77 インジェクションコマンドインジェクション	CVE-2026-11451	2026-06-9 02:16	2026-06-7	表示	GitHub Exploit DB Packet Storm

133	8.1	HIGH ネットワーク	-	-	MoviePilot contains a path traversal vulnerability in the AliPan, U115, and Rclone cloud storage download handlers where the local destination path is constructed by concatenating the configured down… Update	CWE-22 パス・トラバーサル	CVE-2026-11416	2026-06-9 02:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

134	2.4	LOW ネットワーク	-	-	A security vulnerability has been detected in SourceCodester Ship Ferry Ticket Reservation System 1.0. Impacted is an unknown function of the file /admin/?page=user/manage_user. The manipulation of t… Update	CWE-79 CWE-94 クロスサイト・スクリプティング（XSS）コード・インジェクション	CVE-2026-11338	2026-06-9 02:16	2026-06-6	表示	GitHub Exploit DB Packet Storm

135	6.5	MEDIUM ネットワーク	-	-	Inappropriate implementation in WebAPKs in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform domain spoofing via a crafted WebAPK. (Chromium security severity: Medi… Update	CWE-358 不適切に実装されたセキュリティチェック	CVE-2026-11127	2026-06-9 02:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

136	6.5	MEDIUM ネットワーク	google	chrome	Insufficient policy enforcement in Extensions in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control … Update	CWE-732 重要なリソースに対する不適切なパーミッションの割り当て	CVE-2026-10997	2026-06-9 02:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

137	6.5	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in Workers in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: Medium) Update	NVD-CWE-noinfo CWE-346 同一生成元ポリシー違反	CVE-2026-10996	2026-06-9 02:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

138	8.8	HIGH ネットワーク	google	chrome	Heap buffer overflow in TabStrip in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a … Update	CWE-122 ヒープオーバーフロー	CVE-2026-10995	2026-06-9 02:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

139	8.8	HIGH ネットワーク	google	chrome	Type Confusion in ANGLE in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security sev… Update	CWE-843 型の取り違え	CVE-2026-10955	2026-06-9 02:10	2026-06-5	表示	GitHub Exploit DB Packet Storm

140	8.3	HIGH ネットワーク	google	chrome	Use after free in Core in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML… Update	CWE-416 解放済みメモリの使用	CVE-2026-10953	2026-06-9 02:09	2026-06-5	表示	GitHub Exploit DB Packet Storm

141	8.8	HIGH ネットワーク	google	chrome	Use after free in Chrome for iOS in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: … Update	CWE-416 解放済みメモリの使用	CVE-2026-10952	2026-06-9 02:09	2026-06-5	表示	GitHub Exploit DB Packet Storm

142	8.8	HIGH ネットワーク	google	chrome	Use after free in Autofill in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a… Update	CWE-416 解放済みメモリの使用	CVE-2026-10951	2026-06-9 02:09	2026-06-5	表示	GitHub Exploit DB Packet Storm

143	6.5	MEDIUM ネットワーク	google	chrome	Insufficient policy enforcement in Autofill in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Hi… Update	CWE-693 保護メカニズムの不具合	CVE-2026-10950	2026-06-9 02:08	2026-06-5	表示	GitHub Exploit DB Packet Storm

144	8.1	HIGH ネットワーク	google	chrome	Out of bounds read in WebGPU in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: Medium) Update	CWE-125 境界外読み取り	CVE-2026-11015	2026-06-9 02:07	2026-06-5	表示	GitHub Exploit DB Packet Storm

145	6.5	MEDIUM ネットワーク	google	chrome	Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive inform… Update	CWE-20 不適切な入力確認	CVE-2026-11013	2026-06-9 02:07	2026-06-5	表示	GitHub Exploit DB Packet Storm

146	6.5	MEDIUM ネットワーク	google	chrome	Insufficient policy enforcement in Autofill in Google Chrome on iOS prior to 149.0.7827.53 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Hi… Update	CWE-693 保護メカニズムの不具合	CVE-2026-10944	2026-06-9 02:07	2026-06-5	表示	GitHub Exploit DB Packet Storm

147	7.8	HIGH ローカル	google	chrome	Inappropriate implementation in UI in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to perform privilege escalation via a malicious file. (Chromium security severity: High) Update	CWE-20 NVD-CWE-noinfo 不適切な入力確認	CVE-2026-10942	2026-06-9 02:04	2026-06-5	表示	GitHub Exploit DB Packet Storm

148	8.3	HIGH ネットワーク	google	chrome	Race in Codecs in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (… Update	CWE-362 競合状態	CVE-2026-10940	2026-06-9 02:04	2026-06-5	表示	GitHub Exploit DB Packet Storm

149	7.8	HIGH ローカル	x.org redhat	x_server xwayland enterprise_linux	A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers sized XkbMaxShiftLevel * XkbNumKbdGroups but CheckKeyTypes() does not verify o… Update	CWE-121 スタックオーバーフロー	CVE-2026-50258	2026-06-9 01:46	2026-06-5	表示	GitHub Exploit DB Packet Storm

150	7.8	HIGH ローカル	x.org redhat	x_server xwayland enterprise_linux	A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence(). A client that sets up multiple fence triggers can trigger a use-after-free function pointer call. An attack… Update	CWE-416 解放済みメモリの使用	CVE-2026-50257	2026-06-9 01:45	2026-06-5	表示	GitHub Exploit DB Packet Storm