NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月23日4:00

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
247801	5.4	MEDIUM ネットワーク	website_seller_script_project	website_seller_script	PHP Scripts Mall Website Seller Script 2.0.5 has XSS via Personal Address or Company Name.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-15896	2024-11-21 12:51	2018-08-29	表示	GitHub Exploit DB Packet Storm

247802	8.8	HIGH ネットワーク	e107	e107	e107 2.1.8 has CSRF in 'usersettings.php' with an impact of changing details such as passwords of users including administrators.	CWE-352 同一生成元ポリシー違反	CVE-2018-15901	2024-11-21 12:51	2018-08-29	表示	GitHub Exploit DB Packet Storm

247803	8.8	HIGH ネットワーク	ricoh	mp_c4504ex_firmware	RICOH MP C4504ex devices allow HTML Injection via the /web/entry/en/address/adrsSetUserWizard.cgi entryNameIn parameter.	CWE-352 CWE-79 同一生成元ポリシー違反クロスサイト・スクリプティング（XSS）	CVE-2018-15884	2024-11-21 12:51	2018-08-29	表示	GitHub Exploit DB Packet Storm

247804	9.8	CRITICAL ネットワーク	sapplica	sentrifugo	A SQL Injection issue was discovered in Sentrifugo 3.2 via the deptid parameter.	CWE-89 SQLインジェクション	CVE-2018-15873	2024-11-21 12:51	2018-08-29	表示	GitHub Exploit DB Packet Storm

247805	6.1	MEDIUM ネットワーク	zohocorp	manageengine_admanager_plus	Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-15740	2024-11-21 12:51	2018-08-29	表示	GitHub Exploit DB Packet Storm

247806	6.1	MEDIUM ネットワーク	manageengine	admanager_plus	Zoho ManageEngine ADManager Plus 6.5.7 allows HTML Injection on the "AD Delegation" "Help Desk Technicians" screen.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-15608	2024-11-21 12:51	2018-08-29	表示	GitHub Exploit DB Packet Storm

247807	6.1	MEDIUM ネットワーク	mybb	mybb	An issue was discovered in inc/class_feedgeneration.php in MyBB 1.8.17. On the forum RSS Syndication page, one can generate a URL such as http://localhost/syndication.php?fid=&type=atom1.0&limit=15. …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-15596	2024-11-21 12:51	2018-08-29	表示	GitHub Exploit DB Packet Storm

247808	9.8	CRITICAL ネットワーク	dlink	dir-615_firmware	D-Link DIR-615 devices have a buffer overflow via a long Authorization HTTP header.	CWE-119 バッファエラー	CVE-2018-15839	2024-11-21 12:51	2018-08-29	表示	GitHub Exploit DB Packet Storm

247809	8.6	HIGH ローカル	export_users_to_csv_project	export_users_to_csv	The Export Users to CSV plugin through 1.1.1 for WordPress allows CSV injection.	CWE-1236 CSV ファイル内の数式要素の不適切な中和	CVE-2018-15571	2024-11-21 12:51	2018-08-29	表示	GitHub Exploit DB Packet Storm

247810	8.8	HIGH ネットワーク	mutiny	mutiny	A command injection vulnerability in maintenance.cgi in Mutiny "Monitoring Appliance" before 6.1.0-5263 allows authenticated users, with access to the admin interface, to inject arbitrary commands wi…	CWE-78 OSコマンド・インジェクション	CVE-2018-15529	2024-11-21 12:51	2018-08-29	表示	GitHub Exploit DB Packet Storm

247811	5.3	MEDIUM ネットワーク	openbsd netapp	openssh cloud_backup steelstore data_ontap_edge ontap_select_deploy cn1610_firmware	Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states …	CWE-200 情報漏えい	CVE-2018-15919	2024-11-21 12:51	2018-08-28	表示	GitHub Exploit DB Packet Storm

247812	7.8	HIGH ローカル	debian canonical artifex redhat pulsesecure	debian_linux ubuntu_linux ghostscript enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server enterprise_linux_server_eus gpl_ghostscript pulse_connect_s…	In Artifex Ghostscript before 9.24, attackers able to supply crafted PostScript files could use a type confusion in the LockDistillerParams parameter to crash the interpreter or execute code.	CWE-704 不正な型変換またはキャスト	CVE-2018-15910	2024-11-21 12:51	2018-08-28	表示	GitHub Exploit DB Packet Storm

247813	7.8	HIGH ローカル	debian canonical artifex redhat pulsesecure	debian_linux ubuntu_linux ghostscript gpl_ghostscript enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server enterprise_linux_server_tus enterprise_linu…	In Artifex Ghostscript 9.23 before 2018-08-24, attackers able to supply crafted PostScript could use uninitialized memory access in the aesdecode operator to crash the interpreter or potentially exec…	CWE-908 初期化されていないリソースの使用	CVE-2018-15911	2024-11-21 12:51	2018-08-28	表示	GitHub Exploit DB Packet Storm

247814	7.8	HIGH ローカル	debian canonical artifex redhat pulsesecure	debian_linux ubuntu_linux ghostscript gpl_ghostscript enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server enterprise_linux_server_tus enterprise_linu…	In Artifex Ghostscript 9.23 before 2018-08-24, a type confusion using the .shfill operator could be used by attackers able to supply crafted PostScript files to crash the interpreter or potentially e…	CWE-704 不正な型変換またはキャスト	CVE-2018-15909	2024-11-21 12:51	2018-08-28	表示	GitHub Exploit DB Packet Storm

247815	7.8	HIGH ローカル	artifex debian canonical redhat	ghostscript debian_linux ubuntu_linux enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server enterprise_linux_server_eus enterprise_linux_server_aus	In Artifex Ghostscript 9.23 before 2018-08-23, attackers are able to supply malicious PostScript files to bypass .tempfile restrictions and write files.	NVD-CWE-noinfo	CVE-2018-15908	2024-11-21 12:51	2018-08-28	表示	GitHub Exploit DB Packet Storm

247816	9.8	CRITICAL ネットワーク	a10networks	acos_web_application_firewall	A10 ACOS Web Application Firewall (WAF) 2.7.1 and 2.7.2 before 2.7.2-P12, 4.1.0 before 4.1.0-P11, 4.1.1 before 4.1.1-P8, and 4.1.2 before 4.1.2-P4 mishandles the configured rules for blocking SQL inj…	CWE-89 SQLインジェクション	CVE-2018-15904	2024-11-21 12:51	2018-08-28	表示	GitHub Exploit DB Packet Storm

247817	8.8	HIGH ネットワーク	asus	dsl-n12e_c1_firmware	Main_Analysis_Content.asp in ASUS DSL-N12E_C1 1.1.2.3_345 is prone to Authenticated Remote Command Execution, which allows a remote attacker to execute arbitrary OS commands via service parameters, s…	CWE-78 OSコマンド・インジェクション	CVE-2018-15887	2024-11-21 12:51	2018-08-28	表示	GitHub Exploit DB Packet Storm

247818	7.5	HIGH ネットワーク	visiology	flipbox	Visiology Flipbox Software Suite before 2.7.0 allows directory traversal via %5c%2e%2e%2f because it does not sanitize filename parameters.	CWE-22 パス・トラバーサル	CVE-2018-15810	2024-11-21 12:51	2018-08-28	表示	GitHub Exploit DB Packet Storm

247819	6.1	MEDIUM ネットワーク	asustor	data_master	ASUSTOR Data Master 3.1.5 and below makes an HTTP request for a configuration file that is vulnerable to XSS. A man in the middle can take advantage of this by inserting Javascript into the configura…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-15699	2024-11-21 12:51	2018-08-27	表示	GitHub Exploit DB Packet Storm

247820	6.5	MEDIUM ネットワーク	asustor	data_master	ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on the file system when providing the full path to loginimage.cgi.	CWE-200 情報漏えい	CVE-2018-15698	2024-11-21 12:51	2018-08-27	表示	GitHub Exploit DB Packet Storm

247821	6.5	MEDIUM ネットワーク	asustor	data_master	ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to read any file on a share by providing the full path. For example, /home/admin/.ash_history.	CWE-200 情報漏えい	CVE-2018-15697	2024-11-21 12:51	2018-08-27	表示	GitHub Exploit DB Packet Storm

247822	4.3	MEDIUM ネットワーク	asustor	data_master	ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to enumerate all user accounts via user.cgi.	CWE-200 情報漏えい	CVE-2018-15696	2024-11-21 12:51	2018-08-27	表示	GitHub Exploit DB Packet Storm

247823	6.5	MEDIUM ネットワーク	asustor	data_master	ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to delete any file on the file system due to a path traversal vulnerability in wallpaper.cgi.	CWE-22 パス・トラバーサル	CVE-2018-15695	2024-11-21 12:51	2018-08-27	表示	GitHub Exploit DB Packet Storm

247824	7.5	HIGH ネットワーク	asustor	data_master	ASUSTOR Data Master 3.1.5 and below allows authenticated remote non-administrative users to upload files to arbitrary locations due to a path traversal vulnerability. This could lead to code executio…	CWE-22 パス・トラバーサル	CVE-2018-15694	2024-11-21 12:51	2018-08-27	表示	GitHub Exploit DB Packet Storm

247825	6.1	MEDIUM ネットワーク	1234n	minicms	An issue was discovered in MiniCMS 1.10. There is a post.php?date= XSS vulnerability.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-15899	2024-11-21 12:51	2018-08-27	表示	GitHub Exploit DB Packet Storm

247826	7.5	HIGH ネットワーク	icmsdev	icms	An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spider_tools.class.php does not block DNS hostnames associated with private and reserved IP ad…	CWE-918 サーバサイドリクエストフォージェリ	CVE-2018-15895	2024-11-21 12:51	2018-08-27	表示	GitHub Exploit DB Packet Storm

247827	9.8	CRITICAL ネットワーク	wuzhi_cms_project	wuzhi_cms	A SQL injection was discovered in /coreframe/app/admin/pay/admin/index.php in WUZHI CMS 4.1.0 via the index.php?m=pay&f=index&v=listing keyValue parameter.	CWE-89 SQLインジェクション	CVE-2018-15894	2024-11-21 12:51	2018-08-27	表示	GitHub Exploit DB Packet Storm

247828	9.8	CRITICAL ネットワーク	wuzhi_cms_project	wuzhi_cms	A SQL injection was discovered in /coreframe/app/admin/copyfrom.php in WUZHI CMS 4.1.0 via the index.php?m=core&f=copyfrom&v=listing keywords parameter.	CWE-89 SQLインジェクション	CVE-2018-15893	2024-11-21 12:51	2018-08-27	表示	GitHub Exploit DB Packet Storm

247829	9.8	CRITICAL ネットワーク	aspcms	aspcms	An issue was discovered in ASPCMS 2.5.6. When registering ordinary users in the addUser function of the /member/reg.asp page, they can be registered with the super administrators GroupID directly.	CWE-20 不適切な入力確認	CVE-2018-15888	2024-11-21 12:51	2018-08-27	表示	GitHub Exploit DB Packet Storm

247830	7.5	HIGH ネットワーク	ovation	findme	Ovation FindMe 1.4-1083-1 is intended to support transmission of network traffic from covert video recorders but does not properly disrupt binary analysis for discovering the product's capabilities o…	CWE-20 不適切な入力確認	CVE-2018-15885	2024-11-21 12:51	2018-08-27	表示	GitHub Exploit DB Packet Storm

247831	6.1	MEDIUM ネットワーク	zyxel	vmg3312_b10b_firmware	Zyxel VMG3312 B10B devices are affected by a persistent XSS vulnerability via the pages/connectionStatus/connectionStatus-hostEntry.cmd hostname parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-15602	2024-11-21 12:51	2018-08-27	表示	GitHub Exploit DB Packet Storm

247832	4.3	MEDIUM ネットワーク	vanillaforums	vanilla_forums	In Vanilla before 2.6.1, the polling functionality allows Insecure Direct Object Reference (IDOR) via the Poll ID, leading to the ability of a single user to select multiple Poll Options (e.g., vote …	CWE-639 ユーザ制御の鍵による認証回避	CVE-2018-15833	2024-11-21 12:51	2018-08-27	表示	GitHub Exploit DB Packet Storm

247833	8.8	HIGH ネットワーク	plainview_activity_monitor_project	plainview_activity_monitor	The Plainview Activity Monitor plugin before 20180826 for WordPress is vulnerable to OS command injection via shell metacharacters in the ip parameter of a wp-admin/admin.php?page=plainview_activity_…	CWE-78 OSコマンド・インジェクション	CVE-2018-15877	2024-11-21 12:51	2018-08-26	表示	GitHub Exploit DB Packet Storm

247834	5.3	MEDIUM ネットワーク	ajax_bootmodal_login_project	ajax_bootmodal_login	An issue was discovered in the ajax-bootmodal-login plugin 1.4.3 for WordPress. The register form, login form, and password-recovery form require solving a CAPTCHA to perform actions. However, this i…	CWE-20 不適切な入力確認	CVE-2018-15876	2024-11-21 12:51	2018-08-26	表示	GitHub Exploit DB Packet Storm

247835	5.5	MEDIUM ローカル	xkbcommon canonical	xkbcommon libxkbcommon ubuntu_linux	Unchecked NULL pointer usage in resolve_keysym in xkbcomp/parser.y in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a c…	CWE-476 NULL ポインタデリファレンス	CVE-2018-15864	2024-11-21 12:51	2018-08-26	表示	GitHub Exploit DB Packet Storm

247836	5.5	MEDIUM ローカル	xkbcommon canonical	xkbcommon libxkbcommon ubuntu_linux	Unchecked NULL pointer usage in ResolveStateAndPredicate in xkbcomp/compat.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by sup…	CWE-476 NULL ポインタデリファレンス	CVE-2018-15863	2024-11-21 12:51	2018-08-26	表示	GitHub Exploit DB Packet Storm

247837	5.5	MEDIUM ローカル	xkbcommon canonical	xkbcommon libxkbcommon ubuntu_linux	Unchecked NULL pointer usage in LookupModMask in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a craf…	CWE-476 NULL ポインタデリファレンス	CVE-2018-15862	2024-11-21 12:51	2018-08-26	表示	GitHub Exploit DB Packet Storm

247838	5.5	MEDIUM ローカル	xkbcommon canonical	xkbcommon libxkbcommon ubuntu_linux	Unchecked NULL pointer usage in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a cra…	CWE-476 NULL ポインタデリファレンス	CVE-2018-15861	2024-11-21 12:51	2018-08-26	表示	GitHub Exploit DB Packet Storm

247839	5.5	MEDIUM ローカル	xkbcommon canonical	xkbcommon libxkbcommon ubuntu_linux	Unchecked NULL pointer usage when parsing invalid atoms in ExprResolveLhs in xkbcomp/expr.c in xkbcommon before 0.8.2 could be used by local attackers to crash (NULL pointer dereference) the xkbcommo…	CWE-476 NULL ポインタデリファレンス	CVE-2018-15859	2024-11-21 12:51	2018-08-26	表示	GitHub Exploit DB Packet Storm

247840	5.5	MEDIUM ローカル	xkbcommon canonical	xkbcommon libxkbcommon ubuntu_linux	Unchecked NULL pointer usage when handling invalid aliases in CopyKeyAliasesToKeymap in xkbcomp/keycodes.c in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereferenc…	CWE-476 NULL ポインタデリファレンス	CVE-2018-15858	2024-11-21 12:51	2018-08-26	表示	GitHub Exploit DB Packet Storm

247841	7.8	HIGH ローカル	xkbcommon canonical	xkbcommon libxkbcommon ubuntu_linux	An invalid free in ExprAppendMultiKeysymList in xkbcomp/ast-build.c in xkbcommon before 0.8.1 could be used by local attackers to crash xkbcommon keymap parsers or possibly have unspecified other imp…	CWE-416 解放済みメモリの使用	CVE-2018-15857	2024-11-21 12:51	2018-08-26	表示	GitHub Exploit DB Packet Storm

247842	5.5	MEDIUM ローカル	xkbcommon canonical	xkbcommon ubuntu_linux	An infinite loop when reaching EOL unexpectedly in compose/parser.c (aka the keymap parser) in xkbcommon before 0.8.1 could be used by local attackers to cause a denial of service during parsing of c…	CWE-835 無限ループ	CVE-2018-15856	2024-11-21 12:51	2018-08-26	表示	GitHub Exploit DB Packet Storm

247843	5.5	MEDIUM ローカル	xkbcommon_project canonical	xkbcommon ubuntu_linux	Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because the XkbFil…	CWE-476 NULL ポインタデリファレンス	CVE-2018-15855	2024-11-21 12:51	2018-08-26	表示	GitHub Exploit DB Packet Storm

247844	5.5	MEDIUM ローカル	xkbcommon_project canonical	xkbcommon ubuntu_linux	Unchecked NULL pointer usage in xkbcommon before 0.8.1 could be used by local attackers to crash (NULL pointer dereference) the xkbcommon parser by supplying a crafted keymap file, because geometry t…	CWE-476 NULL ポインタデリファレンス	CVE-2018-15854	2024-11-21 12:51	2018-08-26	表示	GitHub Exploit DB Packet Storm

247845	5.5	MEDIUM ローカル	xkbcommon canonical	xkbcommon libxkbcommon ubuntu_linux	Endless recursion exists in xkbcomp/expr.c in xkbcommon and libxkbcommon before 0.8.1, which could be used by local attackers to crash xkbcommon users by supplying a crafted keymap file that triggers…	CWE-400 リソースの枯渇	CVE-2018-15853	2024-11-21 12:51	2018-08-26	表示	GitHub Exploit DB Packet Storm

247846	6.5	MEDIUM 隣接	technicolor	tc7200.20_firmware	Technicolor TC7200.20 devices allow remote attackers to cause a denial of service (networking outage) via a flood of random MAC addresses, as demonstrated by macof. NOTE: Technicolor denies that the …	CWE-400 リソースの枯渇	CVE-2018-15852	2024-11-21 12:51	2018-08-26	表示	GitHub Exploit DB Packet Storm

247847	8.8	HIGH ネットワーク	flexocms_project	flexo_cms	An issue was discovered in Flexo CMS v0.1.6. There is a CSRF vulnerability that can add an administrator via /admin/user/add.	CWE-352 同一生成元ポリシー違反	CVE-2018-15851	2024-11-21 12:51	2018-08-26	表示	GitHub Exploit DB Packet Storm

247848	8.8	HIGH ネットワーク	redaxo	redaxo_cms	An issue was discovered in REDAXO CMS 4.7.2. There is a CSRF vulnerability that can add an administrator account via index.php?page=user.	CWE-352 同一生成元ポリシー違反	CVE-2018-15850	2024-11-21 12:51	2018-08-26	表示	GitHub Exploit DB Packet Storm

247849	4.3	MEDIUM ネットワーク	portfoliocms_project	portfoliocms	An issue was discovered in portfolioCMS 1.0.5. There is CSRF to update the website settings via admin/aboutus.php.	CWE-352 同一生成元ポリシー違反	CVE-2018-15849	2024-11-21 12:51	2018-08-26	表示	GitHub Exploit DB Packet Storm

247850	8.8	HIGH ネットワーク	portfoliocms_project	portfoliocms	An issue was discovered in portfolioCMS 1.0.5. There is CSRF to create new pages via admin/portfolio.php?newpage=true.	CWE-352 同一生成元ポリシー違反	CVE-2018-15848	2024-11-21 12:51	2018-08-26	表示	GitHub Exploit DB Packet Storm