NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2026年6月23日4:00

No CVSS レベル
攻撃区分		 ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
247851 6.1 MEDIUM
ネットワーク 		puppycms puppycms An issue was discovered in puppyCMS 5.1. There is an XSS vulnerability via menu.php in the "Add Page/URL" URL link field. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2018-15847 2024-11-21 12:51 2018-08-26 表示 GitHub Exploit DB Packet Storm
247852 8.8 HIGH
ネットワーク 		fledrcms_project fledrcms An issue was discovered in fledrCMS through 2014-02-03. There is a CSRF vulnerability that can change the administrator's password via index.php?p=done&savedata=1. CWE-352
同一生成元ポリシー違反 		CVE-2018-15846 2024-11-21 12:51 2018-08-26 表示 GitHub Exploit DB Packet Storm
247853 8.8 HIGH
ネットワーク 		gleezcms gleez_cms There is a CSRF vulnerability that can add an administrator account in Gleez CMS 1.2.0 via admin/users/add. CWE-352
同一生成元ポリシー違反 		CVE-2018-15845 2024-11-21 12:51 2018-08-26 表示 GitHub Exploit DB Packet Storm
247854 8.8 HIGH
ネットワーク 		damicms damicms An issue was discovered in DamiCMS 6.0.0. There is an CSRF vulnerability that can revise the administrator account's password via /admin.php?s=/Admin/doedit. CWE-352
同一生成元ポリシー違反 		CVE-2018-15844 2024-11-21 12:51 2018-08-26 表示 GitHub Exploit DB Packet Storm
247855 4.8 MEDIUM
ネットワーク 		get-simple getsimple_cms GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" field. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2018-15843 2024-11-21 12:51 2018-08-26 表示 GitHub Exploit DB Packet Storm
247856 4.8 MEDIUM
ネットワーク 		wolfcms wolf_cms WolfCMS 0.8.3.1 has XSS via the /?/admin/page/add slug parameter. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2018-15842 2024-11-21 12:51 2018-08-26 表示 GitHub Exploit DB Packet Storm
247857 6.1 MEDIUM
ネットワーク 		dlink dir-615_firmware Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows attackers to inject JavaScript into the router's admin UPnP page via the description field in an AddPortMapping UPnP SO… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2018-15875 2024-11-21 12:51 2018-08-26 表示 GitHub Exploit DB Packet Storm
247858 6.1 MEDIUM
ネットワーク 		dlink dir-615_firmware Cross-site scripting (XSS) vulnerability on D-Link DIR-615 routers 20.07 allows an attacker to inject JavaScript into the "Status -> Active Client Table" page via the hostname field in a DHCP request. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2018-15874 2024-11-21 12:51 2018-08-26 表示 GitHub Exploit DB Packet Storm
247859 6.5 MEDIUM
ネットワーク 		libming libming An invalid memory address dereference was discovered in decompileSingleArgBuiltInFunctionCall in libming 0.4.8 before 2018-03-12. The vulnerability causes a segmentation fault and application crash, … CWE-119
バッファエラー 		CVE-2018-15871 2024-11-21 12:51 2018-08-26 表示 GitHub Exploit DB Packet Storm
247860 6.5 MEDIUM
ネットワーク 		libming libming An invalid memory address dereference was discovered in decompileGETVARIABLE in libming 0.4.8 before 2018-03-12. The vulnerability causes a segmentation fault and application crash, which leads to de… CWE-119
バッファエラー 		CVE-2018-15870 2024-11-21 12:51 2018-08-26 表示 GitHub Exploit DB Packet Storm
247861 5.3 MEDIUM
ネットワーク 		hashicorp packer An Amazon Web Services (AWS) developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security be… CWE-732
重要なリソースに対する不適切なパーミッションの割り当て 		CVE-2018-15869 2024-11-21 12:51 2018-08-25 表示 GitHub Exploit DB Packet Storm
247862 8.1 HIGH
ネットワーク 		hazzardweb easylogin_pro An issue was discovered in EasyLogin Pro through 1.3.0. Encryptor.php contains an unserialize call that can be exploited for remote code execution in the decrypt function, if the attacker knows the k… CWE-502
信頼性のないデータのデシリアライゼーション 		CVE-2018-15576 2024-11-21 12:51 2018-08-25 表示 GitHub Exploit DB Packet Storm
247863 6.1 MEDIUM
ネットワーク 		phpmyadmin phpmyadmin An issue was discovered in phpMyAdmin before 4.8.3. A Cross-Site Scripting vulnerability has been found where an attacker can use a crafted file to manipulate an authenticated user who loads that fil… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2018-15605 2024-11-21 12:51 2018-08-25 表示 GitHub Exploit DB Packet Storm
247864 5.5 MEDIUM
ローカル 		tecrail responsive_filemanager /filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary f… CWE-22
パス・トラバーサル 		CVE-2018-15536 2024-11-21 12:51 2018-08-25 表示 GitHub Exploit DB Packet Storm
247865 7.5 HIGH
ネットワーク 		tecrail responsive_filemanager /filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutrali… CWE-22
パス・トラバーサル 		CVE-2018-15535 2024-11-21 12:51 2018-08-25 表示 GitHub Exploit DB Packet Storm
247866 8.8 HIGH
ネットワーク 		couchbase couchbase_server Couchbase Server exposed the '/diag/eval' endpoint which by default is available on TCP/8091 and/or TCP/18091. Authenticated users that have 'Full Admin' role assigned could send arbitrary Erlang cod… CWE-94
コード・インジェクション 		CVE-2018-15728 2024-11-21 12:51 2018-08-25 表示 GitHub Exploit DB Packet Storm
247867 7.5 HIGH
ネットワーク 		ffmpeg
debian
canonical 		ffmpeg
debian_linux
ubuntu_linux 		The flv_write_packet function in libavformat/flvenc.c in FFmpeg through 2.8 does not check for an empty audio packet, leading to an assertion failure. CWE-617
到達可能なアサーション 		CVE-2018-15822 2024-11-21 12:51 2018-08-24 表示 GitHub Exploit DB Packet Storm
247868 5.5 MEDIUM
ローカル 		accupos accupos AccuPOS 2017.8 is installed with the insecure "Authenticated Users: Modify" permission for files within the installation path. This may allow local attackers to compromise the integrity of critical r… CWE-732
重要なリソースに対する不適切なパーミッションの割り当て 		CVE-2018-15809 2024-11-21 12:51 2018-08-24 表示 GitHub Exploit DB Packet Storm
247869 9.8 CRITICAL
ネットワーク 		posim evo POSIM EVO 15.13 for Windows includes hardcoded database credentials for the "root" database user. "root" access to POSIM EVO's database may result in a breach of confidentiality, integrity, or availa… CWE-798
ハードコードされた認証情報の使用 		CVE-2018-15808 2024-11-21 12:51 2018-08-24 表示 GitHub Exploit DB Packet Storm
247870 7.8 HIGH
ローカル 		posim evo POSIM EVO 15.13 for Windows includes an "Emergency Override" administrative account that may be accessed through POSIM's "override" feature. This Override prompt expects a code that is computed local… CWE-330
不十分なランダム値の使用 		CVE-2018-15807 2024-11-21 12:51 2018-08-24 表示 GitHub Exploit DB Packet Storm
247871 8.8 HIGH
ネットワーク 		mapr mapr An issue was discovered in the MapR File System in MapR Converged Data Platform and MapR-XD 6.x and earlier. Under certain conditions, it is possible for MapR ticket credentials to become compromised… NVD-CWE-noinfo
CVE-2018-15804 2024-11-21 12:51 2018-08-24 表示 GitHub Exploit DB Packet Storm
247872 8.8 HIGH
ネットワーク 		dell 2335dn_engine_firmware
2335dn_network_firmware
2335dn_printer_firmware 		On Dell 2335dn printers with Printer Firmware Version 2.70.05.02, Engine Firmware Version 1.10.65, and Network Firmware Version V4.02.15(2335dn MFP) 11-22-2010, the admin interface allows an authenti… CWE-521
脆弱なパスワードポリシー 		CVE-2018-15748 2024-11-21 12:51 2018-08-24 表示 GitHub Exploit DB Packet Storm
247873 8.1 HIGH
ネットワーク 		electronjs electron GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnera… CWE-1188
リソースの安全ではないデフォルト値への初期化 		CVE-2018-15685 2024-11-21 12:51 2018-08-23 表示 GitHub Exploit DB Packet Storm
247874 6.5 MEDIUM
ネットワーク 		hdfgroup hdf5 An issue was discovered in the HDF HDF5 1.10.2 library. Excessive stack consumption has been detected in the function H5P__get_cb() in H5Pint.c during an attempted parse of a crafted HDF file. This r… CWE-400
リソースの枯渇 		CVE-2018-15671 2024-11-21 12:51 2018-08-22 表示 GitHub Exploit DB Packet Storm
247875 4.3 MEDIUM
ネットワーク 		bloop airmail An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that OpenURL is the … CWE-20
不適切な入力確認 		CVE-2018-15670 2024-11-21 12:51 2018-08-22 表示 GitHub Exploit DB Packet Storm
247876 5.3 MEDIUM
ネットワーク 		bloop airmail_3 An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. Its primary WebView instance implements "webView:decidePolicyForNavigationAction:request:frame:decisionListener:" such that requests from H… NVD-CWE-noinfo
CVE-2018-15669 2024-11-21 12:51 2018-08-22 表示 GitHub Exploit DB Packet Storm
247877 5.3 MEDIUM
ネットワーク 		bloop airmail_3 An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. The "send" command in the airmail:// URL scheme allows an external application to send arbitrary emails from an active account. URL paramet… CWE-200
情報漏えい 		CVE-2018-15668 2024-11-21 12:51 2018-08-22 表示 GitHub Exploit DB Packet Storm
247878 7.5 HIGH
ネットワーク 		olacabs ola_money An issue was discovered in the Ola Money (aka com.olacabs.olamoney) application 1.9.0 for Android. If an attacker controls an application with accessibility permissions and the ability to read SMS me… CWE-200
情報漏えい 		CVE-2018-15661 2024-11-21 12:51 2018-08-22 表示 GitHub Exploit DB Packet Storm
247879 5.9 MEDIUM
ネットワーク 		olacabs olamoney An issue was discovered in the Ola Money (aka com.olacabs.olamoney) application 1.9.0 for Android. If an attacker controls an application with accessibility permissions, then the attacker can read ce… NVD-CWE-noinfo
CVE-2018-15660 2024-11-21 12:51 2018-08-22 表示 GitHub Exploit DB Packet Storm
247880 7.5 HIGH
ネットワーク 		airmailapp airmail An issue was discovered in Bloop Airmail 3 3.5.9 for macOS. It registers and uses the airmail:// URL scheme. The "send" command in the URL scheme allows an external application to send arbitrary emai… CWE-287
不適切な認証 		CVE-2018-15667 2024-11-21 12:51 2018-08-22 表示 GitHub Exploit DB Packet Storm
247881 9.8 CRITICAL
ネットワーク 		geutebrueck re_porter_16_firmware Geutebrueck re_porter 16 before 7.8.974.20 has a possibility of unauthenticated access to sensitive information including usernames and hashes via a direct request for /statistics/gscsetup.xml on TCP… CWE-200
情報漏えい 		CVE-2018-15534 2024-11-21 12:51 2018-08-22 表示 GitHub Exploit DB Packet Storm
247882 6.1 MEDIUM
ネットワーク 		geutebrueck re_porter_16_firmware A reflected cross-site scripting vulnerability exists in Geutebrueck re_porter 16 before 7.8.974.20 by appending a query string to /modifychannel/exec or /images/*.png on TCP port 12005. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2018-15533 2024-11-21 12:51 2018-08-22 表示 GitHub Exploit DB Packet Storm
247883 6.1 MEDIUM
ネットワーク 		javasystemsolutions sso_plugin Reflected Cross-Site Scripting exists in the Java System Solutions SSO plugin 4.0.13.1 for BMC MyIT. A remote attacker can abuse this issue to inject client-side scripts into the "select_sso()" funct… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2018-15528 2024-11-21 12:51 2018-08-22 表示 GitHub Exploit DB Packet Storm
247884 6.5 MEDIUM
ネットワーク 		imagemagick imagemagick In ImageMagick 7.0.8-11 Q16, a tiny input file 0x50 0x36 0x36 0x36 0x36 0x4c 0x36 0x38 0x36 0x36 0x36 0x36 0x36 0x36 0x1f 0x35 0x50 0x00 can result in a hang of several minutes during which CPU and m… CWE-400
リソースの枯渇 		CVE-2018-15607 2024-11-21 12:51 2018-08-22 表示 GitHub Exploit DB Packet Storm
247885 6.1 MEDIUM
ネットワーク 		victor_cms_project victor_cms An issue was discovered in Victor CMS through 2018-05-10. There is XSS via the Author field of the "Leave a Comment" screen. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2018-15603 2024-11-21 12:51 2018-08-21 表示 GitHub Exploit DB Packet Storm
247886 9.8 CRITICAL
ネットワーク 		elefantcms elefantcms apps/filemanager/handlers/upload/drop.php in Elefant CMS 2.0.3 performs a urldecode step too late in the "Cannot upload executable files" protection mechanism. CWE-20
不適切な入力確認 		CVE-2018-15601 2024-11-21 12:51 2018-08-21 表示 GitHub Exploit DB Packet Storm
247887 5.3 MEDIUM
ネットワーク 		debian
dropbear_ssh_project 		debian_linux
dropbear_ssh 		The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages… CWE-200
情報漏えい 		CVE-2018-15599 2024-11-21 12:51 2018-08-21 表示 GitHub Exploit DB Packet Storm
247888 7.5 HIGH
ネットワーク 		traefik traefik Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the configuration and secret if authentication is missing and the API's port is publicly reachable. CWE-287
不適切な認証 		CVE-2018-15598 2024-11-21 12:51 2018-08-21 表示 GitHub Exploit DB Packet Storm
247889 5.5 MEDIUM
ローカル 		debian
canonical
linux 		debian_linux
ubuntu_linux
linux_kernel 		arch/x86/kernel/paravirt.c in the Linux kernel before 4.18.1 mishandles certain indirect calls, which makes it easier for attackers to conduct Spectre-v2 attacks against paravirtual guests. CWE-200
情報漏えい 		CVE-2018-15594 2024-11-21 12:51 2018-08-20 表示 GitHub Exploit DB Packet Storm
247890 6.1 MEDIUM
ネットワーク 		reprisesoftware reprise_license_manager An issue was discovered in the license editor in Reprise License Manager (RLM) through 12.2BL2. It is a cross-site scripting vulnerability in the /goform/edit_lf_get_data lf parameter via GET or POST… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2018-15574 2024-11-21 12:51 2018-08-20 表示 GitHub Exploit DB Packet Storm
247891 6.5 MEDIUM
ローカル 		debian
canonical
linux 		debian_linux
ubuntu_linux
linux_kernel 		The spectre_v2_select_mitigation function in arch/x86/kernel/cpu/bugs.c in the Linux kernel before 4.18.1 does not always fill RSB upon a context switch, which makes it easier for attackers to conduc… NVD-CWE-noinfo
CVE-2018-15572 2024-11-21 12:51 2018-08-20 表示 GitHub Exploit DB Packet Storm
247892 4.8 MEDIUM
ネットワーク 		bijiadao waimai_super_cms In waimai Super Cms 20150505, there is stored XSS via the /admin.php/Foodcat/editsave fcname parameter. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2018-15570 2024-11-21 12:51 2018-08-20 表示 GitHub Exploit DB Packet Storm
247893 6.5 MEDIUM
ネットワーク 		mylittleforum my_little_forum my little forum 2.4.12 allows CSRF for deletion of users. CWE-352
同一生成元ポリシー違反 		CVE-2018-15569 2024-11-21 12:51 2018-08-20 表示 GitHub Exploit DB Packet Storm
247894 8.8 HIGH
ネットワーク 		tp5cms_project tp5cms tp5cms through 2017-05-25 has CSRF via admin.php/category/delete.html. CWE-352
同一生成元ポリシー違反 		CVE-2018-15568 2024-11-21 12:51 2018-08-20 表示 GitHub Exploit DB Packet Storm
247895 6.1 MEDIUM
ネットワーク 		cmsuno_project cmsuno CMSUno before 1.5.3 has XSS via the title field. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2018-15567 2024-11-21 12:51 2018-08-20 表示 GitHub Exploit DB Packet Storm
247896 8.8 HIGH
ネットワーク 		reprisesoftware reprise_license_manager An issue was discovered in Reprise License Manager (RLM) through 12.2BL2. Attackers can use the web interface to read and write data to any file on disk (as long as rlm.exe has access to it) via /gof… CWE-434
危険なタイプのファイルの無制限アップロード 		CVE-2018-15573 2024-11-21 12:51 2018-08-20 表示 GitHub Exploit DB Packet Storm
247897 6.1 MEDIUM
ネットワーク 		tp5cms_project tp5cms tp5cms through 2017-05-25 has XSS via the admin.php/article/index.html q parameter. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2018-15566 2024-11-21 12:51 2018-08-20 表示 GitHub Exploit DB Packet Storm
247898 8.8 HIGH
ネットワーク 		simple-cms_project simple_cms An issue was discovered in daveismyname simple-cms through 2014-03-11. admin/addpage.php does not require authentication for adding a page. This can also be exploited via CSRF. CWE-352
同一生成元ポリシー違反 		CVE-2018-15565 2024-11-21 12:51 2018-08-20 表示 GitHub Exploit DB Packet Storm
247899 8.8 HIGH
ネットワーク 		simple-cms_project simple_cms An issue was discovered in daveismyname simple-cms through 2014-03-11. There is a CSRF vulnerability that can delete any page via admin/?delpage=8. CWE-352
同一生成元ポリシー違反 		CVE-2018-15564 2024-11-21 12:51 2018-08-20 表示 GitHub Exploit DB Packet Storm
247900 7.5 HIGH
ネットワーク 		pycryptodome pycryptodome PyCryptodome before 3.6.6 has an integer overflow in the data_len variable in AESNI.c, related to the AESNI_encrypt and AESNI_decrypt functions, leading to the mishandling of messages shorter than 16… CWE-190
整数オーバーフローまたはラップアラウンド 		CVE-2018-15560 2024-11-21 12:51 2018-08-20 表示 GitHub Exploit DB Packet Storm