NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月9日4:16

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
151	7.8	HIGH ローカル	x.org redhat	x_server xwayland enterprise_linux	A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow… Update	CWE-121 スタックオーバーフロー	CVE-2026-50256	2026-06-9 01:45	2026-06-5	表示	GitHub Exploit DB Packet Storm

152	4.3	MEDIUM ネットワーク	google	chrome	Insufficient policy enforcement in History in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) Update	CWE-346 同一生成元ポリシー違反	CVE-2026-11309	2026-06-9 01:40	2026-06-5	表示	GitHub Exploit DB Packet Storm

153	6.5	MEDIUM ネットワーク	team	net\	Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inj… Update	CWE-93 CRLF インジェクション	CVE-2026-8722	2026-06-9 01:39	2026-06-4	表示	GitHub Exploit DB Packet Storm

154	7.7	HIGH ローカル	google	chrome	Insufficient validation of untrusted input in Reader Mode in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to bypass navigation restrictions via a malicious file. (Chromium… Update	CWE-20 不適切な入力確認	CVE-2026-11297	2026-06-9 01:37	2026-06-5	表示	GitHub Exploit DB Packet Storm

155	7.5	HIGH ネットワーク	rrwo	net\	Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses. The add method called the _encode method to parse addresses. If the addresses did not look like netmasks or network range… Update	CWE-674 CWE-1287 不適切な再帰制御指定されたタイプの入力に対する不適切な検証	CVE-2026-49941	2026-06-9 01:37	2026-06-5	表示	GitHub Exploit DB Packet Storm

156	8.8	HIGH ネットワーク	google	chrome	Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severi… Update	CWE-269 不適切な権限管理	CVE-2026-11295	2026-06-9 01:37	2026-06-5	表示	GitHub Exploit DB Packet Storm

157	7.3	HIGH ネットワーク	rrwo	net\	Net::CIDR::Set versions through 0.20 for Perl did not validate network masks. The mask portion of a network mask could contain Unicode digits such as the Arabic-Indic One (U+0661), or non-digits, wh… Update	CWE-1289 安全でない等式による入力の不適切な検証	CVE-2026-49942	2026-06-9 01:37	2026-06-5	表示	GitHub Exploit DB Packet Storm

158	4.3	MEDIUM ネットワーク	google	chrome	Inappropriate implementation in Android Autofill in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security … Update	CWE-346 同一生成元ポリシー違反	CVE-2026-11291	2026-06-9 01:37	2026-06-5	表示	GitHub Exploit DB Packet Storm

159	6.5	MEDIUM ネットワーク	rrwo	net\	Net::CIDR::Set versions through 0.20 for Perl accept non-ASCII IP addresses and netmasks. Unicode digits such as the Arabic-Indic One (U+0661) were accepted but not properly parsed as numbers. This… Update	CWE-1289 安全でない等式による入力の不適切な検証	CVE-2026-49940	2026-06-9 01:35	2026-06-5	表示	GitHub Exploit DB Packet Storm

160	7.5	HIGH ネットワーク	sanbeg	etsy\	Etsy::StatsD versions through 1.002002 for Perl allow metric injections. The metric names and values are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inj… Update	CWE-93 CRLF インジェクション	CVE-2026-46741	2026-06-9 01:33	2026-06-5	表示	GitHub Exploit DB Packet Storm

161	6.5	MEDIUM ネットワーク	google	chrome	Insufficient policy enforcement in Navigation in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to bypass navigation restrictions v… Update	CWE-20 CWE-602 不適切な入力確認サーバ側のセキュリティのクライアント側での実施	CVE-2026-11287	2026-06-9 01:31	2026-06-5	表示	GitHub Exploit DB Packet Storm

162	5.3	MEDIUM ネットワーク	cosimo	net\	Net::Statsd versions before 0.13 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional st… Update	CWE-93 CRLF インジェクション	CVE-2026-46739	2026-06-9 01:31	2026-06-5	表示	GitHub Exploit DB Packet Storm

163	7.5	HIGH ネットワーク	oalders	html\	HTML::Entities versions before 3.84 for Perl read freed heap memory in _decode_entities. The XS routine backing HTML::Entities::_decode_entities cached a pointer (repl) into the entity-value SV retu… Update	CWE-416 解放済みメモリの使用	CVE-2026-8829	2026-06-9 01:29	2026-06-4	表示	GitHub Exploit DB Packet Storm

164	5.0	MEDIUM ローカル	google	chrome	Integer overflow in Chromoting in Google Chrome on Windows prior to 149.0.7827.53 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted ETW event. (Ch… Update	CWE-472 CWE-190 不変と仮定される Web パラメータの外部制御整数オーバーフローまたはラップアラウンド	CVE-2026-11281	2026-06-9 01:27	2026-06-5	表示	GitHub Exploit DB Packet Storm

165	-	-	-	-	Use After Free vulnerability in Apache HTTP Server module mod_http2 when file handles are already exhausted. This issue affects Apache HTTP Server: from 2.4.55 through 2.4.67. New	CWE-416 解放済みメモリの使用	CVE-2026-48913	2026-06-9 01:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

166	-	-	-	-	phpMyFAQ is an open source FAQ web application. Prior to version 4.1.4, attachment passwords are hashed using SHA-1, a cryptographically broken algorithm. SHA-1 has been vulnerable to collision attac… New	CWE-328 脆弱なハッシュの使用	CVE-2026-48488	2026-06-9 01:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

167	8.8	HIGH ネットワーク	-	-	Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user account has been physically del… New	CWE-285 CWE-613 不適切な認可不適切なセッション期限	CVE-2026-46656	2026-06-9 01:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

168	-	-	-	-	Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, DatasetRow create and update mass-assignment allows cross-workspace row takeover. This… New	CWE-915 動的に決定されたオブジェクト属性の不適切に制御された変更	CVE-2026-46478	2026-06-9 01:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

169	-	-	-	-	Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, dataset create and update mass-assignment allows cross-workspace dataset takeover. Thi… New	CWE-915 動的に決定されたオブジェクト属性の不適切に制御された変更	CVE-2026-46477	2026-06-9 01:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

170	-	-	-	-	Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, CustomTemplate create and update mass-assignment allows cross-workspace template takeo… New	CWE-915 動的に決定されたオブジェクト属性の不適切に制御された変更	CVE-2026-46476	2026-06-9 01:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

171	-	-	-	-	Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, all CRUD endpoints for OpenAI Assistants Vector Store have no authentication middlewar… New	CWE-862 認証の欠如	CVE-2026-46444	2026-06-9 01:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

172	-	-	-	-	Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, when credentials are fetched with a credentialName filter parameter, the encryptedData… New	CWE-200 情報漏えい	CVE-2026-46443	2026-06-9 01:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

173	-	-	-	-	Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, POST /api/v1/node-custom-function lacks route-level authorization, allowing any authen… New	CWE-94 コード・インジェクション	CVE-2026-46442	2026-06-9 01:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

174	7.5	HIGH ネットワーク	-	-	Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, the checkBasicAuth endpoint validates credentials in plaintext without rate limiting a… New	CWE-522 認証情報の不十分な保護	CVE-2026-46440	2026-06-9 01:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

175	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_uart: fix UAFs and race conditions in close and init paths Vulnerabilities leading to Use-After-Free (UAF) and Nul… New	-	CVE-2026-46275	2026-06-9 01:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

176	-	-	-	-	In the Linux kernel, the following vulnerability has been resolved: io-wq: check that the predecessor is hashed in io_wq_remove_pending() io_wq_remove_pending() needs to fix up wq->hash_tail[] if t… New	-	CVE-2026-46274	2026-06-9 01:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

177	-	-	-	-	Buffer Underwrite vulnerability in Apache HTTP Server on crafted regular expressions in the configuration. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to… New	CWE-124 バッファアンダーフロー	CVE-2026-44631	2026-06-9 01:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

178	-	-	-	-	Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in the mod_proxy_ftp module in Apache HTTP Server with an attacker controlled backend FTP server. This issue affects undefined: f… New	CWE-835 無限ループ	CVE-2026-44186	2026-06-9 01:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

179	-	-	-	-	Buffer Over-read vulnerability in Apache HTTP Server via outbound OCSP requests to an attacker controlled OCSP server This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are rec… New	CWE-126 バッファオーバーリード	CVE-2026-44185	2026-06-9 01:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

180	-	-	-	-	Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTT… New	CWE-269 不適切な権限管理	CVE-2026-44119	2026-06-9 01:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

181	-	-	-	-	Out-of-bounds Read vulnerability in Apache HTTP Server with mod_headers and mod_mime and multiple response languages. This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. New	CWE-125 境界外読み取り	CVE-2026-43951	2026-06-9 01:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

182	-	-	-	-	Flowise is a drag & drop user interface to build a customized large language model flow. Prior to version 3.1.2, a mass assignment vulnerability exists in the variable update endpoint of FlowiseAI. T… New	CWE-284 CWE-639 CWE-915 不適切なアクセス制御ユーザ制御の鍵による認証回避動的に決定されたオブジェクト属性の不適切に制御された変更	CVE-2026-42861	2026-06-9 01:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

183	5.4	MEDIUM ネットワーク	-	-	IRIS is a web collaborative platform that helps incident responders share technical details during investigations. In versions prior to 2.4.28, users can create alerts for customers that are not assi… Update	CWE-863 不正な認証	CVE-2026-42547	2026-06-9 01:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

184	-	-	-	-	Heap-based Buffer Overflow vulnerability in Apache HTTP Server with mod_xml2enc, xml2StartParse, and untrusted content This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are re… New	CWE-122 ヒープオーバーフロー	CVE-2026-42536	2026-06-9 01:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

185	-	-	-	-	A path handling issue in mod_dav_fs in Apache 2.4.67 and earlier allows a WebDAV content author to directly manipulate trusted DAV property databases, potentially causing child process crashes. User… New	CWE-668 誤った領域へのリソースの漏えい	CVE-2026-42535	2026-06-9 01:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

186	4.7	MEDIUM ネットワーク	-	-	Iris is a web collaborative platform that helps incident responders share technical details during investigations. Versions prior to 2.4.28 contain a weakness where an attacker can misuse it to redir… Update	CWE-602 サーバ側のセキュリティのクライアント側での実施	CVE-2026-42329	2026-06-9 01:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

187	8.8	HIGH ネットワーク	-	-	Froxlor is open source server administration software. Version 2.3.6 contains a symlink-following flaw in the root-owned SSH key synchronization path used for customer FTP users. The provisioning cod… Update	CWE-59 リンク解釈の問題	CVE-2026-41236	2026-06-9 01:16	2026-06-5	表示	GitHub Exploit DB Packet Storm

188	-	-	-	-	Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the list1 parameter of the fromDhcpListClient function. This vulnerability allows attackers to ca… New	-	CVE-2026-36786	2026-06-9 01:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

189	-	-	-	-	Heap-based Buffer Overflow vulnerability in Apache HTTP Server with malicious backend servers and ProxyPassReverseCookie* This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are… New	CWE-122 ヒープオーバーフロー	CVE-2026-34356	2026-06-9 01:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

190	-	-	-	-	A buffer overflow in mod_proxy_html in Apache HTTP Server 2.4.67 and earlier allows an attack by an untrusted backend. Users are recommended to upgrade to version 2.4.68, which fixes this issue. New	CWE-122 ヒープオーバーフロー	CVE-2026-34355	2026-06-9 01:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

191	-	-	-	-	Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of a mapping state maintained for a sparse memory allocation. The product accidenta… New	CWE-468	CVE-2026-34194	2026-06-9 01:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

192	-	-	-	-	A cross-site scripting vulnerability exists in mod_proxy_ftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or revers… New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2026-29170	2026-06-9 01:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

193	-	-	-	-	Use After Free vulnerability in Apache HTTP Server with mod_ldap in per-directory configuration This issue affects Apache HTTP Server: from 2.4.0 through 2.4.67. Users are recommended to upgrade to… New	CWE-416 解放済みメモリの使用	CVE-2026-29167	2026-06-9 01:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

194	-	-	-	-	Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory. By creating resources of certain types and presenting a set of parameters t… New	CWE-122 ヒープオーバーフロー	CVE-2026-22164	2026-06-9 01:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

195	6.3	MEDIUM ネットワーク	-	-	A vulnerability was determined in designcomputer mysql-mcp-server up to 0.2.2. The impacted element is the function read_resource of the file src/mysql_mcp_server/server.py of the component mysql URI… New	CWE-74 CWE-89 インジェクション SQLインジェクション	CVE-2026-11529	2026-06-9 01:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

196	8.8	HIGH ネットワーク	-	-	A vulnerability was found in Tenda AC18 15.03.05.05. The affected element is the function sub_45304 of the file /goform/getRebootStatus of the component Web Management Interface. The manipulation of … New	CWE-119 CWE-121 バッファエラースタックオーバーフロー	CVE-2026-11528	2026-06-9 01:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

197	8.8	HIGH ネットワーク	-	-	A vulnerability has been found in Tenda W20E 15.11.0.6. Impacted is the function modifyWifiFilterRules of the file /goform/modifyWifiFilterRules of the component Web Management Interface. The manipul… New	CWE-119 CWE-121 バッファエラースタックオーバーフロー	CVE-2026-11524	2026-06-9 01:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

198	8.8	HIGH ネットワーク	-	-	A vulnerability was detected in Tenda W20E 15.11.0.6. This vulnerability affects the function formSetPortMirror of the file /goform/setPortMirror. Performing a manipulation of the argument portMirror… New	CWE-119 CWE-121 バッファエラースタックオーバーフロー	CVE-2026-11522	2026-06-9 01:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

199	5.5	MEDIUM 隣接	-	-	A vulnerability was found in UTT HiPER 2610G up to 3.0.0-171107. This affects the function strcpy of the file /goform/formNatStaticMap. Performing a manipulation of the argument NatBinds results in b… New	CWE-119 CWE-120 バッファエラー古典的バッファオーバーフロー	CVE-2026-11516	2026-06-9 01:16	2026-06-9	表示	GitHub Exploit DB Packet Storm

200	3.3	LOW ローカル	-	-	A security vulnerability has been detected in SecureAge CatchPulse up to 10.9.3. Impacted is an unknown function in the library saappctl.sys of the component IOCTL Handler. The manipulation leads to … New	CWE-200 CWE-284 情報漏えい不適切なアクセス制御	CVE-2026-11459	2026-06-9 01:16	2026-06-7	表示	GitHub Exploit DB Packet Storm