NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月23日4:00

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
247951	6.1	MEDIUM ネットワーク	cisco	identity_services_engine_software	A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-15463	2024-11-21 12:50	2019-01-16	表示	GitHub Exploit DB Packet Storm

247952	6.1	MEDIUM ネットワーク	cisco	identity_services_engine_software	A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack aga…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-15440	2024-11-21 12:50	2019-01-16	表示	GitHub Exploit DB Packet Storm

247953	6.1	MEDIUM ネットワーク	cisco	telepresence_management_suite	A vulnerability in the web-based management interface of Cisco TelePresence Management Suite (TMS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack again…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-15467	2024-11-21 12:50	2019-01-12	表示	GitHub Exploit DB Packet Storm

247954	3.7	LOW ネットワーク	cisco	policy_suite_for_mobile	A vulnerability in the Graphite web interface of the Policy and Charging Rules Function (PCRF) of Cisco Policy Suite (CPS) could allow an unauthenticated, remote attacker to access the Graphite web i…	CWE-306 重要な機能に対する認証の欠如解説	CVE-2018-15466	2024-11-21 12:50	2019-01-12	表示	GitHub Exploit DB Packet Storm

247955	5.8	MEDIUM ネットワーク	cisco	asr_900_series_software	A vulnerability in Cisco 900 Series Aggregation Services Router (ASR) software could allow an unauthenticated, remote attacker to cause a partial denial of service (DoS) condition on an affected devi…	CWE-400 リソースの枯渇	CVE-2018-15464	2024-11-21 12:50	2019-01-12	表示	GitHub Exploit DB Packet Storm

247956	6.1	MEDIUM ネットワーク	cisco	webex_business_suite	A vulnerability in the MyWebex component of Cisco Webex Business Suite could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. The vulnerability is due to insu…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-15461	2024-11-21 12:50	2019-01-11	表示	GitHub Exploit DB Packet Storm

247957	8.6	HIGH ネットワーク	cisco	asyncos	A vulnerability in the email message filtering feature of Cisco AsyncOS Software for Cisco Email Security Appliances (ESA) could allow an unauthenticated, remote attacker to cause the CPU utilization…	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2018-15460	2024-11-21 12:50	2019-01-11	表示	GitHub Exploit DB Packet Storm

247958	7.5	HIGH ネットワーク	cisco	firepower_management_center	A vulnerability in the Shell Access Filter feature of Cisco Firepower Management Center (FMC), when used in conjunction with remote authentication, could allow an unauthenticated, remote attacker to …	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2018-15458	2024-11-21 12:50	2019-01-11	表示	GitHub Exploit DB Packet Storm

247959	6.1	MEDIUM ネットワーク	cisco	prime_infrastructure	A vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of th…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-15457	2024-11-21 12:50	2019-01-11	表示	GitHub Exploit DB Packet Storm

247960	4.9	MEDIUM ネットワーク	cisco	identity_services_engine	A vulnerability in the Admin Portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to view saved passwords in plain text. The vulnerability is due to the incorr…	CWE-522 認証情報の不十分な保護	CVE-2018-15456	2024-11-21 12:50	2019-01-11	表示	GitHub Exploit DB Packet Storm

247961	8.6	HIGH ネットワーク	cisco	email_security_appliance_firmware	A vulnerability in the Secure/Multipurpose Internet Mail Extensions (S/MIME) Decryption and Verification or S/MIME Public Key Harvesting features of Cisco AsyncOS Software for Cisco Email Security Ap…	CWE-787 境界外書き込み	CVE-2018-15453	2024-11-21 12:50	2019-01-11	表示	GitHub Exploit DB Packet Storm

247962	7.1	HIGH ローカル	expressvpn	expressvpn	An issue was discovered in ExpressVPN on Windows. The Xvpnd.exe process (which runs as a service with SYSTEM privileges) listens on TCP port 2015, which is used as an RPC interface for communication …	CWE-22 パス・トラバーサル	CVE-2018-15490	2024-11-21 12:50	2019-01-3	表示	GitHub Exploit DB Packet Storm

247963	7.8	HIGH ローカル	skydevices	sky_elite_6.0l\+_firmware	The Sky Elite 6.0L+ Android device with a build fingerprint of SKY/x6069_trx_l601_sky/x6069_trx_l601_sky:6.0/MRA58K/1482897127:user/release-keys contains a pre-installed platform app with a package n…	CWE-78 OSコマンド・インジェクション	CVE-2018-15007	2024-11-21 12:50	2018-12-29	表示	GitHub Exploit DB Packet Storm

247964	5.5	MEDIUM ローカル	zteusa	zte_zmax_champ_firmware	The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contains a pre-installed platform app with a package name of com.androi…	NVD-CWE-noinfo	CVE-2018-15006	2024-11-21 12:50	2018-12-29	表示	GitHub Exploit DB Packet Storm

247965	7.1	HIGH ローカル	zteusa	zte_zmax_champ_firmware	The ZTE ZMAX Champ Android device with a build fingerprint of ZTE/Z917VL/fortune:6.0.1/MMB29M/20170327.120922:user/release-keys contains a pre-installed platform app with a package name of com.zte.zd…	NVD-CWE-noinfo CWE-862 認証の欠如	CVE-2018-15005	2024-11-21 12:50	2018-12-29	表示	GitHub Exploit DB Packet Storm

247966	5.9	MEDIUM ネットワーク	coolpad	canvas_firmware	The Coolpad Canvas device with a build fingerprint of Coolpad/cp3636a/cp3636a:7.0/NRD90M/093031423:user/release-keys contains a platform app with a package name of com.qualcomm.qti.modemtestmode (ver…	CWE-532 ログファイルからの情報漏えい	CVE-2018-15004	2024-11-21 12:50	2018-12-29	表示	GitHub Exploit DB Packet Storm

247967	4.7	MEDIUM ローカル	vivo	v7_firmware	The Vivo V7 device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys allows any app co-located on the device to set system properties as the com.android.phone u…	CWE-532 ログファイルからの情報漏えい	CVE-2018-15002	2024-11-21 12:50	2018-12-29	表示	GitHub Exploit DB Packet Storm

247968	5.5	MEDIUM ローカル	vivo	v7_firmware	The Vivo V7 Android device with a build fingerprint of vivo/1718/1718:7.1.2/N2G47H/compil11021857:user/release-keys contains a platform app with a package name of com.vivo.bsptest (versionCode=1, ver…	CWE-532 ログファイルからの情報漏えい	CVE-2018-15001	2024-11-21 12:50	2018-12-29	表示	GitHub Exploit DB Packet Storm

247969	6.8	MEDIUM 物理	leagoo	p1_firmware	The Leagoo P1 Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a hidden root privilege escalation capability to achieve …	CWE-78 OSコマンド・インジェクション	CVE-2018-14998	2024-11-21 12:50	2018-12-29	表示	GitHub Exploit DB Packet Storm

247970	4.7	MEDIUM ローカル	zteusa	zte_blade_vantage_firmware zte_blade_spark_firmware zte_zmax_pro_firmware zte_zmax_champ_firmware	The ZTE Blade Vantage Android device with a build fingerprint of ZTE/Z839/sweet:7.1.1/NMF26V/20180120.095344:user/release-keys, the ZTE Blade Spark Android device with a build fingerprint of ZTE/Z971…	CWE-532 ログファイルからの情報漏えい	CVE-2018-14995	2024-11-21 12:50	2018-12-29	表示	GitHub Exploit DB Packet Storm

247971	5.5	MEDIUM ローカル	asus	zenfone_3_max_firmware	The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains a pre-installed platform app with a p…	NVD-CWE-noinfo	CVE-2018-14992	2024-11-21 12:50	2018-12-29	表示	GitHub Exploit DB Packet Storm

247972	7.5	HIGH ネットワーク	mxq_project	mxq_tv_box_firmware	The MXQ TV Box 4.4.2 Android device with a build fingerprint of MBX/m201_N/m201_N:4.4.2/KOT49H/20160106:user/test-keys contains the Android framework with a package name of android (versionCode=19, v…	CWE-20 不適切な入力確認	CVE-2018-14988	2024-11-21 12:50	2018-12-29	表示	GitHub Exploit DB Packet Storm

247973	7.1	HIGH ローカル	mxq_project	mxq_tv_box_firmware	The MXQ TV Box 4.4.2 Android device with a build fingerprint of MBX/m201_N/m201_N:4.4.2/KOT49H/20160106:user/test-keys contains the Android framework with a package name of android (versionCode=19, v…	CWE-732 重要なリソースに対する不適切なパーミッションの割り当て	CVE-2018-14987	2024-11-21 12:50	2018-12-29	表示	GitHub Exploit DB Packet Storm

247974	7.5	HIGH ネットワーク	leagoo	z5c_firmware	The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed app with a package name of com.android.m…	CWE-200 情報漏えい	CVE-2018-14986	2024-11-21 12:50	2018-12-29	表示	GitHub Exploit DB Packet Storm

247975	7.1	HIGH ローカル	leagoo	z5c_firmware	The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed platform app with a package name of com.…	NVD-CWE-noinfo CWE-862 認証の欠如	CVE-2018-14985	2024-11-21 12:50	2018-12-29	表示	GitHub Exploit DB Packet Storm

247976	7.5	HIGH ネットワーク	leagoo	z5c_firmware	The Leagoo Z5C Android device with a build fingerprint of sp7731c_1h10_32v4_bird:6.0/MRA58K/android.20170629.214736:user/release-keys contains a pre-installed app with a package name of com.android.m…	CWE-200 情報漏えい	CVE-2018-14984	2024-11-21 12:50	2018-12-29	表示	GitHub Exploit DB Packet Storm

247977	4.7	MEDIUM ローカル	asus	zenfone_3_max_firmware	The ASUS ZenFone 3 Max Android device with a build fingerprint of asus/US_Phone/ASUS_X008_1:7.0/NRD90M/US_Phone-14.14.1711.92-20171208:user/release-keys contains a pre-installed app with a package na…	CWE-200 情報漏えい	CVE-2018-14979	2024-11-21 12:50	2018-12-29	表示	GitHub Exploit DB Packet Storm

247978	5.9	MEDIUM ネットワーク	f5	big-ip_access_policy_manager	When APM 13.0.0-13.1.x is deployed as an OAuth Resource Server, APM becomes a client application to an external OAuth authorization server. In certain cases when communication between the BIG-IP APM …	NVD-CWE-noinfo	CVE-2018-15335	2024-11-21 12:50	2018-12-29	表示	GitHub Exploit DB Packet Storm

247979	4.3	MEDIUM ネットワーク	f5	big-ip_access_policy_manager	A cross-site request forgery (CSRF) vulnerability in the APM webtop 11.2.1 or greater may allow attacker to force an APM webtop session to log out and require re-authentication.	CWE-352 同一生成元ポリシー違反	CVE-2018-15334	2024-11-21 12:50	2018-12-29	表示	GitHub Exploit DB Packet Storm

247980	5.5	MEDIUM ローカル	f5	big-ip_local_traffic_manager big-ip_advanced_firewall_manager big-ip_application_acceleration_manager big-ip_analytics big-ip_access_policy_manager big-ip_domain_name_system big-ip_…	On versions 11.2.1. and greater, unrestricted Snapshot File Access allows BIG-IP system's user with any role, including Guest Role, to have access and download previously generated and available snap…	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2018-15333	2024-11-21 12:50	2018-12-29	表示	GitHub Exploit DB Packet Storm

247981	8.8	HIGH ネットワーク	qt debian opensuse	qt debian_linux leap	QXmlStream in Qt 5.x before 5.11.3 has a double-free or corruption during parsing of a specially crafted illegal XML document.	CWE-415 二重解放	CVE-2018-15518	2024-11-21 12:50	2018-12-27	表示	GitHub Exploit DB Packet Storm

247982	8.1	HIGH ネットワーク	cisco	adaptive_security_appliance_software	A vulnerability in the authorization subsystem of Cisco Adaptive Security Appliance (ASA) Software could allow an authenticated, but unprivileged (levels 0 and 1), remote attacker to perform privileg…	CWE-863 不正な認証	CVE-2018-15465	2024-11-21 12:50	2018-12-24	表示	GitHub Exploit DB Packet Storm

247983	7.8	HIGH ローカル	f5	big-ip_application_acceleration_manager	On BIG-IP AAM 13.0.0 or 12.1.0-12.1.3.7, the dcdb_convert utility used by BIG-IP AAM fails to drop group permissions when executing helper scripts, which could be used to leverage attacks against the…	CWE-269 不適切な権限管理	CVE-2018-15331	2024-11-21 12:50	2018-12-21	表示	GitHub Exploit DB Packet Storm

247984	7.5	HIGH ネットワーク	f5	big-ip_local_traffic_manager big-ip_application_acceleration_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_access_policy_manager big-ip_application_security_manager<…	On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, when a virtual server using the inflate functionality to process a gzip bomb as a payload, the BIG-IP system will experience a fatal er…	CWE-20 不適切な入力確認	CVE-2018-15330	2024-11-21 12:50	2018-12-21	表示	GitHub Exploit DB Packet Storm

247985	7.2	HIGH ネットワーク	f5	big-ip_local_traffic_manager big-ip_application_acceleration_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_access_policy_manager big-ip_application_security_manager<…	On BIG-IP 14.0.0-14.0.0.2, 13.0.0-13.1.1.1, or 12.1.0-12.1.3.7, or Enterprise Manager 3.1.1, when authenticated administrative users run commands in the Traffic Management User Interface (TMUI), also…	CWE-862 認証の欠如	CVE-2018-15329	2024-11-21 12:50	2018-12-21	表示	GitHub Exploit DB Packet Storm

247986	9.8	CRITICAL ネットワーク	libvnc_project canonical redhat debian	libvncserver ubuntu_linux enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server enterprise_linux_server_tus enterprise_linux_server_eus enterprise_linux_s…	LibVNC before commit 502821828ed00b4a2c4bef90683d0fd88ce495de contains heap out-of-bound write vulnerability in server code of file transfer extension that can result remote code execution	CWE-787 境界外書き込み	CVE-2018-15127	2024-11-21 12:50	2018-12-20	表示	GitHub Exploit DB Packet Storm

247987	9.8	CRITICAL ネットワーク	libvnc_project canonical debian	libvncserver ubuntu_linux debian_linux	LibVNC before commit 73cb96fec028a576a5a24417b57723b55854ad7b contains heap use-after-free vulnerability in server code of file transfer extension that can result remote code execution	CWE-416 解放済みメモリの使用	CVE-2018-15126	2024-11-21 12:50	2018-12-20	表示	GitHub Exploit DB Packet Storm

247988	7.5	HIGH ネットワーク	f5	big-ip_local_traffic_manager big-ip_application_acceleration_manager big-ip_advanced_firewall_manager big-ip_analytics big-ip_access_policy_manager big-ip_application_security_manager<…	On BIG-IP 14.0.x, 13.x, 12.x, and 11.x, Enterprise Manager 3.1.1, BIG-IQ 6.x, 5.x, and 4.x, and iWorkflow 2.x, the passphrases for SNMPv3 users and trap destinations that are used for authentication …	CWE-200 情報漏えい	CVE-2018-15328	2024-11-21 12:50	2018-12-12	表示	GitHub Exploit DB Packet Storm

247989	9.1	CRITICAL ネットワーク	ge	cimplicity	XXE in GE Proficy Cimplicity GDS versions 9.0 R2, 9.5, 10.0	CWE-611 XML 外部エンティティ参照の不適切な制限	CVE-2018-15362	2024-11-21 12:50	2018-12-8	表示	GitHub Exploit DB Packet Storm

247990	7.0	HIGH ローカル	f5	big-ip_access_policy_manager big-ip_access_policy_manager_client	The svpn component of the F5 BIG-IP APM client prior to version 7.1.7.2 for Linux and macOS runs as a privileged process and can allow an unprivileged user to get ownership of files owned by root on …	CWE-362 競合状態	CVE-2018-15332	2024-11-21 12:50	2018-12-6	表示	GitHub Exploit DB Packet Storm

247991	9.8	CRITICAL ネットワーク	cisco	prime_license_manager	A vulnerability in the web framework code of Cisco Prime License Manager (PLM) could allow an unauthenticated, remote attacker to execute arbitrary SQL queries. The vulnerability is due to a lack of …	CWE-89 SQLインジェクション	CVE-2018-15441	2024-11-21 12:50	2018-11-29	表示	GitHub Exploit DB Packet Storm

247992	8.8	HIGH ネットワーク	zyxel	nsa325_v2_firmware	A system command injection vulnerability in zyshclient in ZyXEL NSA325 V2 version 4.81 allows attackers to execute system commands via the web application API.	CWE-78 CWE-77 OSコマンド・インジェクションコマンドインジェクション	CVE-2018-14893	2024-11-21 12:50	2018-11-28	表示	GitHub Exploit DB Packet Storm

247993	8.8	HIGH ネットワーク	zyxel	nsa325_v2_firmware	Missing protections against Cross-Site Request Forgery in the web application in ZyXEL NSA325 V2 version 4.81 allow attackers to perform state-changing actions via crafted HTTP forms.	CWE-352 同一生成元ポリシー違反	CVE-2018-14892	2024-11-21 12:50	2018-11-28	表示	GitHub Exploit DB Packet Storm

247994	6.1	MEDIUM ネットワーク	polycom	trio_8500_firmware	The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14935	2024-11-21 12:50	2018-11-16	表示	GitHub Exploit DB Packet Storm

247995	6.5	MEDIUM 隣接	polycom	trio_8500_firmware	The Bluetooth subsystem on Polycom Trio devices with software before 5.5.4 has Incorrect Access Control. An attacker can connect without authentication and subsequently record audio from the device m…	CWE-732 重要なリソースに対する不適切なパーミッションの割り当て	CVE-2018-14934	2024-11-21 12:50	2018-11-16	表示	GitHub Exploit DB Packet Storm

247996	6.7	MEDIUM ローカル	cisco	advanced_malware_protection_for_endpoints	A vulnerability in the DLL loading component of Cisco Advanced Malware Protection (AMP) for Endpoints on Windows could allow an authenticated, local attacker to disable system scanning services or ta…	CWE-427 制御されていない検索パスの要素	CVE-2018-15452	2024-11-21 12:50	2018-11-13	表示	GitHub Exploit DB Packet Storm

247997	6.5	MEDIUM ネットワーク	cisco	prime_collaboration	A vulnerability in the web-based UI of Cisco Prime Collaboration Assurance could allow an authenticated, remote attacker to overwrite files on the file system. The vulnerability is due to insufficien…	CWE-22 パス・トラバーサル	CVE-2018-15450	2024-11-21 12:50	2018-11-9	表示	GitHub Exploit DB Packet Storm

247998	5.4	MEDIUM ネットワーク	cisco	prime_service_catalog	A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-15451	2024-11-21 12:50	2018-11-9	表示	GitHub Exploit DB Packet Storm

247999	6.5	MEDIUM ネットワーク	cisco	video_surveillance_media_server	A vulnerability in the web-based management interface of Cisco Video Surveillance Media Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) of the web-based mana…	CWE-20 不適切な入力確認	CVE-2018-15449	2024-11-21 12:50	2018-11-9	表示	GitHub Exploit DB Packet Storm

248000	7.5	HIGH ネットワーク	cisco	registered_envelope_service	A vulnerability in the user management functions of Cisco Registered Envelope Service could allow an unauthenticated, remote attacker to discover sensitive user information. The attacker could use th…	NVD-CWE-Other	CVE-2018-15448	2024-11-21 12:50	2018-11-9	表示	GitHub Exploit DB Packet Storm