NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年4月25日4:08

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
151	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: wifi: brcmsmac: Fix dma_free_coherent() size dma_alloc_consistent() may change the size to align it. The new size is saved in all… New	-	CVE-2026-31661	2026-04-25 02:51	2026-04-25	表示	GitHub Exploit DB Packet Storm

152	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: vfio/xe: Reorganize the init to decouple migration from reset Attempting to issue reset on VF devices that don't support migratio… New	-	CVE-2026-31601	2026-04-25 02:51	2026-04-25	表示	GitHub Exploit DB Packet Storm

153	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Limit PTP to a single page Commit 391e69143d0a increased CT_PTP_NUM from 1 to 4 to support 256 playback streams, but… New	-	CVE-2026-31602	2026-04-25 02:51	2026-04-25	表示	GitHub Exploit DB Packet Storm

154	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: usbip: validate number_of_packets in usbip_pack_ret_submit() When a USB/IP client receives a RET_SUBMIT response, usbip_pack_ret_… New	-	CVE-2026-31607	2026-04-25 02:51	2026-04-25	表示	GitHub Exploit DB Packet Storm

155	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: xfrm: clear trailing padding in build_polexpire() build_expire() clears the trailing padding bytes of struct xfrm_user_expire aft… New	-	CVE-2026-31664	2026-04-25 02:51	2026-04-25	表示	GitHub Exploit DB Packet Storm

156	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix mechToken leak when SPNEGO decode fails after token alloc The kernel ASN.1 BER decoder calls action callbacks incremen… New	-	CVE-2026-31610	2026-04-25 02:51	2026-04-25	表示	GitHub Exploit DB Packet Storm

157	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: ksmbd: require 3 sub-authorities before reading sub_auth[2] parse_dacl() compares each ACE SID against sid_unix_NFS_mode and on m… New	-	CVE-2026-31611	2026-04-25 02:51	2026-04-25	表示	GitHub Exploit DB Packet Storm

158	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOB reads parsing symlink error response When a CREATE returns STATUS_STOPPED_ON_SYMLINK, smb2_check_message() r… New	-	CVE-2026-31613	2026-04-25 02:51	2026-04-25	表示	GitHub Exploit DB Packet Storm

159	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: smb: client: fix off-by-8 bounds check in check_wsl_eas() The bounds check uses (u8 *)ea + nlen + 1 + vlen as the end of the EA n… New	-	CVE-2026-31614	2026-04-25 02:51	2026-04-25	表示	GitHub Exploit DB Packet Storm

160	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: seg6: separate dst_cache for input and output paths in seg6 lwtunnel The seg6 lwtunnel uses a single dst_cache per encap route, s… New	-	CVE-2026-31668	2026-04-25 02:51	2026-04-25	表示	GitHub Exploit DB Packet Storm

161	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: net: rfkill: prevent unlimited numbers of rfkill events from being created Userspace can create an unlimited number of rfkill eve… New	-	CVE-2026-31670	2026-04-25 02:51	2026-04-25	表示	GitHub Exploit DB Packet Storm

162	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: xfrm_user: fix info leak in build_report() struct xfrm_user_report is a __u8 proto field followed by a struct xfrm_selector which… New	-	CVE-2026-31671	2026-04-25 02:51	2026-04-25	表示	GitHub Exploit DB Packet Storm

163	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: wifi: rt2x00usb: fix devres lifetime USB drivers bind to USB interfaces and any device managed resources should have their lifeti… New	-	CVE-2026-31672	2026-04-25 02:51	2026-04-25	表示	GitHub Exploit DB Packet Storm

164	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_phonet: fix skb frags[] overflow in pn_rx_complete() A broken/bored/mean USB host can overflow the skb_shared_info… New	-	CVE-2026-31616	2026-04-25 02:51	2026-04-25	表示	GitHub Exploit DB Packet Storm

165	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: validate minimum block_len in ncm_unwrap_ntb() The block_len read from the host-supplied NTB header is checke… New	-	CVE-2026-31617	2026-04-25 02:51	2026-04-25	表示	GitHub Exploit DB Packet Storm

166	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: NFC: digital: Bounds check NFC-A cascade depth in SDD response handler The NFC-A anti-collision cascade in digital_in_recv_sdd_re… New	-	CVE-2026-31622	2026-04-25 02:51	2026-04-25	表示	GitHub Exploit DB Packet Storm

167	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: HID: core: clamp report_size in s32ton() to avoid undefined shift s32ton() shifts by n-1 where n is the field's report_size, a va… New	-	CVE-2026-31624	2026-04-25 02:51	2026-04-25	表示	GitHub Exploit DB Packet Storm

168	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: rxrpc: proc: size address buffers for %pISpc output The AF_RXRPC procfs helpers format local and remote socket addresses into fix… New	-	CVE-2026-31630	2026-04-25 02:51	2026-04-25	表示	GitHub Exploit DB Packet Storm

169	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix oversized RESPONSE authenticator length check rxgk_verify_response() decodes auth_len from the packet and is supposed … New	-	CVE-2026-31635	2026-04-25 02:51	2026-04-25	表示	GitHub Exploit DB Packet Storm

170	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix RESPONSE authenticator parser OOB read rxgk_verify_authenticator() copies auth_len bytes into a temporary buffer and t… New	-	CVE-2026-31636	2026-04-25 02:51	2026-04-25	表示	GitHub Exploit DB Packet Storm

171	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix RxGK token loading to check bounds rxrpc_preparse_xdr_yfs_rxgk() reads the raw key length and ticket length from the X… New	-	CVE-2026-31641	2026-04-25 02:51	2026-04-25	表示	GitHub Exploit DB Packet Storm

172	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix call removal to use RCU safe deletion Fix rxrpc call removal from the rxnet->calls list to use list_del_rcu() rather t… New	-	CVE-2026-31642	2026-04-25 02:51	2026-04-25	表示	GitHub Exploit DB Packet Storm

173	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: net: lan966x: fix use-after-free and leak in lan966x_fdma_reload() When lan966x_fdma_reload() fails to allocate new RX buffers, t… New	-	CVE-2026-31644	2026-04-25 02:51	2026-04-25	表示	GitHub Exploit DB Packet Storm

174	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: idpf: fix PREEMPT_RT raw/bh spinlock nesting for async VC handling Switch from using the completion's raw spinlock to a local loc… New	-	CVE-2026-31647	2026-04-25 02:51	2026-04-25	表示	GitHub Exploit DB Packet Storm

175	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix integer underflow in chain mode The jumbo_frm() chain-mode implementation unconditionally computes len = no… New	-	CVE-2026-31649	2026-04-25 02:51	2026-04-25	表示	GitHub Exploit DB Packet Storm

176	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: mm: filemap: fix nr_pages calculation overflow in filemap_map_pages() When running stress-ng on my Arm64 machine with v7.0-rc3 ke… New	-	CVE-2026-31648	2026-04-25 02:51	2026-04-25	表示	GitHub Exploit DB Packet Storm

177	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: mm/damon/stat: deallocate damon_call() failure leaking damon_ctx damon_stat_start() always allocates the module's damon_ctx objec… New	-	CVE-2026-31652	2026-04-25 02:51	2026-04-25	表示	GitHub Exploit DB Packet Storm

178	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: mm/vma: fix memory leak in __mmap_region() commit 605f6586ecf7 ("mm/vma: do not leak memory when .mmap_prepare swaps the file") h… New	-	CVE-2026-31654	2026-04-25 02:51	2026-04-25	表示	GitHub Exploit DB Packet Storm

179	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: fix refcount underflow in intel_engine_park_heartbeat A use-after-free / refcount underflow is possible when the hea… New	-	CVE-2026-31656	2026-04-25 02:51	2026-04-25	表示	GitHub Exploit DB Packet Storm

180	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: batman-adv: hold claim backbone gateways by reference batadv_bla_add_claim() can replace claim->backbone_gw and drop the old gate… New	-	CVE-2026-31657	2026-04-25 02:51	2026-04-25	表示	GitHub Exploit DB Packet Storm

181	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: batman-adv: reject oversized global TT response buffers batadv_tt_prepare_tvlv_global_data() builds the allocation length for a g… New	-	CVE-2026-31659	2026-04-25 02:51	2026-04-25	表示	GitHub Exploit DB Packet Storm

182	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: allocate rx skb before consuming bytes pn532_receive_buf() reports the number of accepted bytes to the serdev core. T… New	-	CVE-2026-31660	2026-04-25 02:51	2026-04-25	表示	GitHub Exploit DB Packet Storm

183	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG The GRP_ACK_MSG handler in tipc_group_proto_rcv() currently decrements bc_… New	-	CVE-2026-31662	2026-04-25 02:51	2026-04-25	表示	GitHub Exploit DB Packet Storm

184	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: xfrm: hold dev ref until after transport_finish NF_HOOK After async crypto completes, xfrm_input_resume() calls dev_put() immedia… New	-	CVE-2026-31663	2026-04-25 02:51	2026-04-25	表示	GitHub Exploit DB Packet Storm

185	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: fix use-after-free in timeout object destroy nft_ct_timeout_obj_destroy() frees the timeout object with kfree(… New	-	CVE-2026-31665	2026-04-25 02:51	2026-04-25	表示	GitHub Exploit DB Packet Storm

186	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: btrfs: fix incorrect return value after changing leaf in lookup_extent_data_ref() After commit 1618aa3c2e01 ("btrfs: simplify ret… New	-	CVE-2026-31666	2026-04-25 02:51	2026-04-25	表示	GitHub Exploit DB Packet Storm

187	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: Input: uinput - fix circular locking dependency with ff-core A lockdep circular locking dependency warning can be triggered repro… New	-	CVE-2026-31667	2026-04-25 02:51	2026-04-25	表示	GitHub Exploit DB Packet Storm

188	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: mptcp: fix slab-use-after-free in __inet_lookup_established The ehash table lookups are lockless and rely on SLAB_TYPESAFE_BY_RCU… New	-	CVE-2026-31669	2026-04-25 02:51	2026-04-25	表示	GitHub Exploit DB Packet Storm

189	6.1	MEDIUM ネットワーク	-	-	PostCSS takes a CSS file and provides an API to analyze and modify its rules by transforming the rules into an Abstract Syntax Tree. Versions prior to 8.5.10 do not escape `</style>` sequences when s… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-41305	2026-04-25 02:16	2026-04-24	表示	GitHub Exploit DB Packet Storm

190	7.7	HIGH ネットワーク	-	-	Kyverno is a policy engine designed for cloud native platform engineering teams. The patch for CVE-2026-22039 fixed cross-namespace privilege escalation in Kyverno's `apiCall` context by validating t… New	CWE-863 不正な認証	CVE-2026-41068	2026-04-25 02:16	2026-04-24	表示	GitHub Exploit DB Packet Storm

191	4.3	MEDIUM ネットワーク	-	-	The asset dependency graph did not restrict nodes by the viewer's DAG read permissions: a user with read access to at least one DAG could browse the asset graph for any other asset in the deployment … New	CWE-1220 アクセス制御の不十分な粒度	CVE-2026-40690	2026-04-25 02:16	2026-04-24	表示	GitHub Exploit DB Packet Storm

192	4.3	MEDIUM ネットワーク	-	-	The authenticated /ui/dags endpoint did not enforce per-DAG access control on embedded Human-in-the-Loop (HITL) and TaskInstance records: a logged-in Airflow user with read access to at least one DAG… New	CWE-1220 アクセス制御の不十分な粒度	CVE-2026-38743	2026-04-25 02:16	2026-04-24	表示	GitHub Exploit DB Packet Storm

193	-	-	-	-	Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the /config/ < service > /find-in-config endpoint in Roxy-WI fails to sanitize the use… New	CWE-78 OSコマンド・インジェクション	CVE-2026-33208	2026-04-25 02:16	2026-04-24	表示	GitHub Exploit DB Packet Storm

194	6.3	MEDIUM ネットワーク	-	-	Deserialization of Untrusted Data vulnerability in Apache DolphinScheduler RPC module. This issue affects Apache DolphinScheduler: Version >= 3.2.0 and < 3.3.1. Attackers who can access the Maste… New	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2025-62233	2026-04-25 02:16	2026-04-24	表示	GitHub Exploit DB Packet Storm

195	6.5	MEDIUM ネットワーク	nimiq	nimiq_proof-of-stake	nimiq-transaction provides the transaction primitive to be used in Nimiq's Rust implementation. Prior to version 1.3.0, `HistoryTreeProof::verify` panics on a malformed proof where `history.len() != … New	CWE-617 到達可能なアサーション	CVE-2026-34067	2026-04-25 02:12	2026-04-23	表示	GitHub Exploit DB Packet Storm

196	5.3	MEDIUM ネットワーク	nimiq	nimiq_proof-of-stake	nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. Prior to version 1.3.0, `HistoryStore::put_historic_txns` uses an `assert!` to enforce invariants about `HistoricTr… New	CWE-20 CWE-617 CWE-754 不適切な入力確認到達可能なアサーション例外的な状態における不適切なチェック	CVE-2026-34066	2026-04-25 02:12	2026-04-23	表示	GitHub Exploit DB Packet Storm

197	7.5	HIGH ネットワーク	nimiq	nimiq_proof-of-stake	nimiq-primitives contains primitives (e.g., block, account, transaction) to be used in Nimiq's Rust implementation. Prior to version 1.3.0, an untrusted p2p peer can cause a node to panic by announci… New	CWE-252 CWE-755 未チェックの戻り値例外的な状態における不適切な処理	CVE-2026-34065	2026-04-25 02:12	2026-04-23	表示	GitHub Exploit DB Packet Storm

198	8.2	HIGH ネットワーク	nimiq	nimiq_proof-of-stake	nimiq-account contains account primitives to be used in Nimiq's Rust implementation. Prior to version 1.3.0, `VestingContract::can_change_balance` returns `AccountError::InsufficientFunds` when `new_… New	CWE-191 整数アンダーフロー	CVE-2026-34064	2026-04-25 02:12	2026-04-23	表示	GitHub Exploit DB Packet Storm

199	7.5	HIGH ネットワーク	nimiq	nimiq_proof-of-stake	Nimiq's network-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `network-libp2p` discovery uses a libp2p `ConnectionHandler` state machine. the handler assumes there… New	CWE-617 到達可能なアサーション	CVE-2026-34063	2026-04-25 02:12	2026-04-23	表示	GitHub Exploit DB Packet Storm

200	5.3	MEDIUM ネットワーク	nimiq	nimiq_proof-of-stake	nimiq-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `MessageCodec::read_request` and `read_response` call `read_to_end()` on inbound substreams, so a remote peer c… New	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2026-34062	2026-04-25 02:11	2026-04-23	表示	GitHub Exploit DB Packet Storm