NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月24日4:00

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
247751	9.8	CRITICAL ネットワーク	emc	esrs_policy_manager	Dell EMC ESRS Policy Manager versions 6.8 and prior contain a remote code execution vulnerability due to improper configurations of triggered JMX services. A remote unauthenticated attacker may poten…	NVD-CWE-noinfo	CVE-2018-15764	2024-11-21 12:51	2018-09-29	表示	GitHub Exploit DB Packet Storm

247752	6.7	MEDIUM ローカル	avaya	aura_communication_manager	A vulnerability in the local system administration component of Avaya Aura Communication Manager can allow an authenticated, privileged user on the local system to gain root privileges. Affected vers…	NVD-CWE-noinfo	CVE-2018-15611	2024-11-21 12:51	2018-09-28	表示	GitHub Exploit DB Packet Storm

247753	9.8	CRITICAL ネットワーク	javamelody_project	javamelody	JavaMelody before 1.74.0 has XXE via parseSoapMethodName in bull/javamelody/PayloadNameRequestWrapper.java.	CWE-611 XML 外部エンティティ参照の不適切な制限	CVE-2018-15531	2024-11-21 12:51	2018-09-27	表示	GitHub Exploit DB Packet Storm

247754	7.5	HIGH ネットワーク	xelerance	openswan	In verify_signed_hash() in lib/liboswkeys/signatures.c in Openswan before 2.6.50.1, the RSA implementation does not verify the value of padding string during PKCS#1 v1.5 signature verification. Conse…	CWE-347 デジタル署名の不適切な検証	CVE-2018-15836	2024-11-21 12:51	2018-09-27	表示	GitHub Exploit DB Packet Storm

247755	6.1	MEDIUM ネットワーク	salesagility	suitecrm	An XSS issue was discovered in SalesAgility SuiteCRM 7.x before 7.8.21 and 7.10.x before 7.10.8, related to phishing an error message.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-15606	2024-11-21 12:51	2018-09-27	表示	GitHub Exploit DB Packet Storm

247756	7.5	HIGH ネットワーク	adobe redhat	flash_player_desktop_runtime flash_player enterprise_linux_desktop enterprise_linux_server enterprise_linux_workstation	Adobe Flash Player versions 30.0.0.154 and earlier have a privilege escalation vulnerability. Successful exploitation could lead to information disclosure.	CWE-200 情報漏えい	CVE-2018-15967	2024-11-21 12:51	2018-09-25	表示	GitHub Exploit DB Packet Storm

247757	9.8	CRITICAL ネットワーク	adobe	coldfusion	Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead…	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2018-15965	2024-11-21 12:51	2018-09-25	表示	GitHub Exploit DB Packet Storm

247758	7.5	HIGH ネットワーク	adobe	coldfusion	Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitatio…	CWE-200 情報漏えい	CVE-2018-15964	2024-11-21 12:51	2018-09-25	表示	GitHub Exploit DB Packet Storm

247759	5.3	MEDIUM ネットワーク	adobe	coldfusion	Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a security bypass vulnerability. Successful exploitation could lead to arbitrary fold…	NVD-CWE-noinfo	CVE-2018-15963	2024-11-21 12:51	2018-09-25	表示	GitHub Exploit DB Packet Storm

247760	5.3	MEDIUM ネットワーク	adobe	coldfusion	Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a directory listing vulnerability. Successful exploitation could lead to information …	CWE-200 情報漏えい	CVE-2018-15962	2024-11-21 12:51	2018-09-25	表示	GitHub Exploit DB Packet Storm

247761	9.8	CRITICAL ネットワーク	adobe	coldfusion	Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbi…	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2018-15961	2024-11-21 12:51	2018-09-25	表示	GitHub Exploit DB Packet Storm

247762	7.5	HIGH ネットワーク	adobe	coldfusion	Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a use of a component with a known vulnerability vulnerability. Successful exploitatio…	CWE-20 不適切な入力確認	CVE-2018-15960	2024-11-21 12:51	2018-09-25	表示	GitHub Exploit DB Packet Storm

247763	9.8	CRITICAL ネットワーク	adobe	coldfusion	Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead…	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2018-15959	2024-11-21 12:51	2018-09-25	表示	GitHub Exploit DB Packet Storm

247764	9.8	CRITICAL ネットワーク	adobe	coldfusion	Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead…	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2018-15958	2024-11-21 12:51	2018-09-25	表示	GitHub Exploit DB Packet Storm

247765	9.8	CRITICAL ネットワーク	adobe	coldfusion	Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have a deserialization of untrusted data vulnerability. Successful exploitation could lead…	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2018-15957	2024-11-21 12:51	2018-09-25	表示	GitHub Exploit DB Packet Storm

247766	4.4	MEDIUM ローカル	avaya	call_management_system_supervisor	A vulnerability in the Supervisor component of Avaya Call Management System allows local administrative user to extract sensitive information from users connecting to a remote CMS host. Affected vers…	CWE-200 情報漏えい	CVE-2018-15615	2024-11-21 12:51	2018-09-24	表示	GitHub Exploit DB Packet Storm

247767	6.1	MEDIUM ネットワーク	avaya	aura_orchestration_designer	A cross-site scripting (XSS) vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could result in malicious content being returned to the user. Affected versions of Avay…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-15613	2024-11-21 12:51	2018-09-22	表示	GitHub Exploit DB Packet Storm

247768	8.8	HIGH ネットワーク	avaya	orchestration_designer	A CSRF vulnerability in the Runtime Config component of Avaya Aura Orchestration Designer could allow an attacker to add, change, or remove administrative settings. Affected versions of Avaya Aura Or…	CWE-352 同一生成元ポリシー違反	CVE-2018-15612	2024-11-21 12:51	2018-09-22	表示	GitHub Exploit DB Packet Storm

247769	8.8	HIGH ネットワーク	ubisoft	uplay	upc.exe in Ubisoft Uplay Desktop Client versions 63.0.5699.0 allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visi…	CWE-20 不適切な入力確認	CVE-2018-15832	2024-11-21 12:51	2018-09-21	表示	GitHub Exploit DB Packet Storm

247770	6.1	MEDIUM ネットワーク	accusoft	prizmdoc	Accusoft PrizmDoc version 13.3 and earlier contains a Stored Cross-Site Scripting issue through a crafted PDF file.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-15546	2024-11-21 12:51	2018-09-19	表示	GitHub Exploit DB Packet Storm

247771	8.8	HIGH ネットワーク	avaya	ip_office	A vulnerability in the one-X Portal component of Avaya IP Office allows an authenticated attacker to read and delete arbitrary files on the system. Affected versions of Avaya IP Office include 9.1 th…	CWE-22 パス・トラバーサル	CVE-2018-15610	2024-11-21 12:51	2018-09-13	表示	GitHub Exploit DB Packet Storm

247772	5.5	MEDIUM ローカル	radare	radare2	In radare2 before 2.9.0, a heap overflow vulnerability exists in the read_module_referenced_functions function in libr/anal/flirt.c via a crafted flirt signature file.	CWE-787 境界外書き込み	CVE-2018-15834	2024-11-21 12:51	2018-09-13	表示	GitHub Exploit DB Packet Storm

247773	5.9	MEDIUM ネットワーク	subsonic	music_streamer	The Subsonic Music Streamer application 4.4 for Android has Improper Certificate Validation of the Subsonic server certificate, which might allow man-in-the-middle attackers to obtain interaction dat…	CWE-295 不正な証明書検証	CVE-2018-15898	2024-11-21 12:51	2018-09-12	表示	GitHub Exploit DB Packet Storm

247774	7.2	HIGH ネットワーク	monstra	monstra	Monstra CMS 3.0.4 does not properly restrict modified Snippet content, as demonstrated by the admin/index.php?id=snippets&action=edit_snippet&filename=google-analytics URI, which allows attackers to …	CWE-94 コード・インジェクション	CVE-2018-15886	2024-11-21 12:51	2018-09-10	表示	GitHub Exploit DB Packet Storm

247775	7.5	HIGH ネットワーク	theethereumlottery	the_ethereum_lottery	The "PayWinner" function of a simplelottery smart contract implementation for The Ethereum Lottery, an Ethereum gambling game, generates a random value with publicly readable variable "maxTickets" (w…	CWE-338 暗号における脆弱な PRNG の使用	CVE-2018-15552	2024-11-21 12:51	2018-09-8	表示	GitHub Exploit DB Packet Storm

247776	7.8	HIGH ローカル	pulsesecure	pulse_secure_desktop_client	The Pulse Secure Desktop (macOS) has a Privilege Escalation Vulnerability.	NVD-CWE-noinfo	CVE-2018-15865	2024-11-21 12:51	2018-09-7	表示	GitHub Exploit DB Packet Storm

247777	5.5	MEDIUM ローカル	pulsesecure	pulse_secure_desktop_client	The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Format String Vulnerability.	CWE-134 書式文字列の問題	CVE-2018-15749	2024-11-21 12:51	2018-09-7	表示	GitHub Exploit DB Packet Storm

247778	5.3	MEDIUM ローカル	pulsesecure	pulse_secure_desktop_client	The Pulse Secure Desktop (macOS) 5.3RX before 5.3R5 and 9.0R1 has a Privilege Escalation Vulnerability.	CWE-78 OSコマンド・インジェクション	CVE-2018-15726	2024-11-21 12:51	2018-09-7	表示	GitHub Exploit DB Packet Storm

247779	5.4	MEDIUM ネットワーク	jorani_project	jorani	An issue was discovered in Jorani 0.6.5. SQL Injection (error-based) allows a user of the application without permissions to read and modify sensitive information from the database used by the applic…	CWE-89 SQLインジェクション	CVE-2018-15918	2024-11-21 12:51	2018-09-6	表示	GitHub Exploit DB Packet Storm

247780	5.4	MEDIUM ネットワーク	jorani_project	jorani	Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to session/language.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-15917	2024-11-21 12:51	2018-09-6	表示	GitHub Exploit DB Packet Storm

247781	5.3	MEDIUM ネットワーク	btiteam	xbtit	An issue was discovered in BTITeam XBTIT. PHP error logs are stored in an open directory (/include/logs) using predictable file names, which can lead to full path disclosure and leakage of sensitive …	CWE-200 情報漏えい	CVE-2018-15684	2024-11-21 12:51	2018-09-6	表示	GitHub Exploit DB Packet Storm

247782	6.1	MEDIUM ネットワーク	btiteam	xbtit	An issue was discovered in BTITeam XBTIT. The "returnto" parameter of the login page is vulnerable to an open redirect due to a lack of validation. If a user is already logged in when accessing the p…	CWE-601 オープンリダイレクト	CVE-2018-15683	2024-11-21 12:51	2018-09-6	表示	GitHub Exploit DB Packet Storm

247783	8.8	HIGH ネットワーク	btiteam	xbtit	An issue was discovered in BTITeam XBTIT. Due to a lack of cross-site request forgery protection, it is possible to automate the action of sending private messages to users by luring an authenticated…	CWE-352 同一生成元ポリシー違反	CVE-2018-15682	2024-11-21 12:51	2018-09-6	表示	GitHub Exploit DB Packet Storm

247784	9.8	CRITICAL ネットワーク	btiteam	xbtit	An issue was discovered in BTITeam XBTIT 2.5.4. When a user logs in, their password hash is rehashed using a predictable salt and stored in the "pass" cookie, which is not flagged as HTTPOnly. Due to…	CWE-732 CWE-916 重要なリソースに対する不適切なパーミッションの割り当て強度が不十分なパスワードハッシュの使用	CVE-2018-15681	2024-11-21 12:51	2018-09-6	表示	GitHub Exploit DB Packet Storm

247785	9.8	CRITICAL ネットワーク	btiteam	xbtit	An issue was discovered in BTITeam XBTIT 2.5.4. The hashed passwords stored in the xbtit_users table are stored as unsalted MD5 hashes, which makes it easier for context-dependent attackers to obtain…	CWE-916 強度が不十分なパスワードハッシュの使用	CVE-2018-15680	2024-11-21 12:51	2018-09-6	表示	GitHub Exploit DB Packet Storm

247786	6.1	MEDIUM ネットワーク	btiteam	xbtit	An issue was discovered in BTITeam XBTIT 2.5.4. The "keywords" parameter in the search function available at /index.php?page=forums&action=search is vulnerable to reflected cross-site scripting.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-15679	2024-11-21 12:51	2018-09-6	表示	GitHub Exploit DB Packet Storm

247787	6.1	MEDIUM ネットワーク	btiteam	xbtit	An issue was discovered in BTITeam XBTIT 2.5.4. The "act" parameter in the sign-up page available at /index.php?page=signup is vulnerable to reflected cross-site scripting.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-15678	2024-11-21 12:51	2018-09-6	表示	GitHub Exploit DB Packet Storm

247788	6.1	MEDIUM ネットワーク	btiteam	xbtit	The newsfeed (aka /index.php?page=viewnews) in BTITeam XBTIT 2.5.4 has stored XSS via the title of a news item. This is also exploitable via CSRF.	CWE-352 CWE-79 同一生成元ポリシー違反クロスサイト・スクリプティング（XSS）	CVE-2018-15677	2024-11-21 12:51	2018-09-6	表示	GitHub Exploit DB Packet Storm

247789	5.3	MEDIUM ネットワーク	btiteam	xbtit	An issue was discovered in BTITeam XBTIT. By using String.replace and eval, it is possible to bypass the includes/crk_protection.php anti-XSS mechanism that looks for a number of dangerous fingerprin…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-15676	2024-11-21 12:51	2018-09-6	表示	GitHub Exploit DB Packet Storm

247790	7.5	HIGH ネットワーク	argussurveillance	dvr	Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter.	CWE-22 パス・トラバーサル	CVE-2018-15745	2024-11-21 12:51	2018-08-31	表示	GitHub Exploit DB Packet Storm

247791	9.8	CRITICAL ネットワーク	broadcom	release_automation	Insecure deserialization of a specially crafted serialized object, in CA Release Automation 6.5 and earlier, allows attackers to potentially execute arbitrary code.	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2018-15691	2024-11-21 12:51	2018-08-30	表示	GitHub Exploit DB Packet Storm

247792	7.8	HIGH ローカル	manjaro	manjaro_linux	An issue was discovered in manjaro-update-system.sh in manjaro-system 20180716-1 on Manjaro Linux. A local attacker can install or remove arbitrary packages and package repositories potentially conta…	CWE-269 不適切な権限管理	CVE-2018-15912	2024-11-21 12:51	2018-08-30	表示	GitHub Exploit DB Packet Storm

247793	6.5	MEDIUM 隣接	technicolor	tc8305c_firmware	Technicolor (formerly RCA) TC8305C devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: this might over…	CWE-400 リソースの枯渇	CVE-2018-15907	2024-11-21 12:51	2018-08-30	表示	GitHub Exploit DB Packet Storm

247794	5.5	MEDIUM ローカル	qemu	qemu	qemu-seccomp.c in QEMU might allow local OS guest users to cause a denial of service (guest crash) by leveraging mishandling of the seccomp policy for threads other than the main thread.	NVD-CWE-noinfo	CVE-2018-15746	2024-11-21 12:51	2018-08-30	表示	GitHub Exploit DB Packet Storm

247795	6.1	MEDIUM ネットワーク	isweb	isweb	CMS ISWEB 3.5.3 has XSS via the ordineRis, sezioneRicerca, or oggettiRicerca parameter to index.php.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-15562	2024-11-21 12:51	2018-08-30	表示	GitHub Exploit DB Packet Storm

247796	9.8	CRITICAL ネットワーク	grafana redhat	grafana ceph_storage	Grafana 2.x, 3.x, and 4.x before 4.6.4 and 5.x before 5.2.3 allows authentication bypass because an attacker can generate a valid "remember me" cookie knowing only a username of an LDAP or OAuth user.	CWE-287 不適切な認証	CVE-2018-15727	2024-11-21 12:51	2018-08-30	表示	GitHub Exploit DB Packet Storm

247797	9.8	CRITICAL ネットワーク	joomla	joomla\!	An issue was discovered in Joomla! before 3.8.12. Inadequate checks in the InputFilter class could allow specifically prepared phar files to pass the upload filter.	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2018-15882	2024-11-21 12:51	2018-08-29	表示	GitHub Exploit DB Packet Storm

247798	7.5	HIGH ネットワーク	joomla	joomla\!	An issue was discovered in Joomla! before 3.8.12. Inadequate checks regarding disabled fields can lead to an ACL violation.	NVD-CWE-noinfo	CVE-2018-15881	2024-11-21 12:51	2018-08-29	表示	GitHub Exploit DB Packet Storm

247799	5.4	MEDIUM ネットワーク	joomla	joomla\!	An issue was discovered in Joomla! before 3.8.12. Inadequate output filtering on the user profile page could lead to a stored XSS attack.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-15880	2024-11-21 12:51	2018-08-29	表示	GitHub Exploit DB Packet Storm

247800	6.5	MEDIUM ネットワーク	website_seller_script_project	website_seller_script	PHP Scripts Mall Website Seller Script 2.0.5 allows remote attackers to cause a denial of service via crafted JavaScript code in the First Name, Last Name, Company Name, or Fax field, as demonstrated…	CWE-119 バッファエラー	CVE-2018-15897	2024-11-21 12:51	2018-08-29	表示	GitHub Exploit DB Packet Storm