NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月22日4:00

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
248101	5.4	MEDIUM ネットワーク	vectra	cognito	Vectra Networks Cognito Brain and Sensor before 4.2 contains a cross-site scripting (XSS) vulnerability in the Web Management Console.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14890	2024-11-21 12:50	2018-09-22	表示	GitHub Exploit DB Packet Storm

248102	7.8	HIGH ローカル	apache	couchdb	CouchDB in Vectra Networks Cognito Brain and Sensor before 4.3 contains a local code execution vulnerability.	CWE-20 不適切な入力確認	CVE-2018-14889	2024-11-21 12:50	2018-09-22	表示	GitHub Exploit DB Packet Storm

248103	4.3	MEDIUM ネットワーク	f5	big-ip_access_policy_manager	A vulnerability in BIG-IP APM portal access 11.5.1-11.5.7, 11.6.0-11.6.3, and 12.1.0-12.1.3 discloses the BIG-IP software version in rewritten pages.	CWE-200 情報漏えい	CVE-2018-15310	2024-11-21 12:50	2018-09-13	表示	GitHub Exploit DB Packet Storm

248104	7.5	HIGH ネットワーク	lwolf	loading_docs	Insecure permissions in Lone Wolf Technologies loadingDOCS 2018-08-13 allow remote attackers to download any confidential files via https requests for predictable URLs.	CWE-732 重要なリソースに対する不適切なパーミッションの割り当て	CVE-2018-15502	2024-11-21 12:50	2018-09-13	表示	GitHub Exploit DB Packet Storm

248105	9.1	CRITICAL ネットワーク	kone	group_controller_firmware	An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Local File Inclusion and File modification is possible through the open HTTP interface by modifying the na…	CWE-829 信頼性のない制御領域からの機能の組み込み	CVE-2018-15486	2024-11-21 12:50	2018-09-8	表示	GitHub Exploit DB Packet Storm

248106	9.1	CRITICAL ネットワーク	kone	group_controller_firmware	An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. FTP does not require authentication or authorization, aka KONE-03.	CWE-287 不適切な認証	CVE-2018-15485	2024-11-21 12:50	2018-09-8	表示	GitHub Exploit DB Packet Storm

248107	9.8	CRITICAL ネットワーク	kone	group_controller_firmware	An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Unauthenticated Remote Code Execution is possible through the open HTTP interface by modifying autoexec.bat, aka KONE-01.	CWE-78 OSコマンド・インジェクション	CVE-2018-15484	2024-11-21 12:50	2018-09-8	表示	GitHub Exploit DB Packet Storm

248108	7.5	HIGH ネットワーク	kone	group_controller_firmware	An issue was discovered on KONE Group Controller (KGC) devices before 4.6.5. Denial of Service can occur through the open HTTP interface, aka KONE-04.	CWE-20 不適切な入力確認	CVE-2018-15483	2024-11-21 12:50	2018-09-8	表示	GitHub Exploit DB Packet Storm

248109	9.6	CRITICAL ネットワーク	dokuwiki	dokuwiki	CSV Injection (aka Excel Macro Injection or Formula Injection) in /lib/plugins/usermanager/admin.php in DokuWiki 2018-04-22a and earlier allows remote attackers to exfiltrate sensitive data and to ex…	CWE-1236 CSV ファイル内の数式要素の不適切な中和	CVE-2018-15474	2024-11-21 12:50	2018-09-8	表示	GitHub Exploit DB Packet Storm

248110	6.5	MEDIUM ネットワーク	libesedb_project	libesedb	The libesedb_key_append_data function in libesedb_key.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has di…	CWE-125 境界外読み取り	CVE-2018-15161	2024-11-21 12:50	2018-09-1	表示	GitHub Exploit DB Packet Storm

248111	6.5	MEDIUM ネットワーク	libesedb_project	libesedb	The libesedb_catalog_definition_read function in libesedb_catalog_definition.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. …	CWE-125 境界外読み取り	CVE-2018-15160	2024-11-21 12:50	2018-09-1	表示	GitHub Exploit DB Packet Storm

248112	6.5	MEDIUM ネットワーク	libesedb_project	libesedb	The libesedb_page_read_tags function in libesedb_page.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has di…	CWE-125 境界外読み取り	CVE-2018-15159	2024-11-21 12:50	2018-09-1	表示	GitHub Exploit DB Packet Storm

248113	6.5	MEDIUM ネットワーク	libesedb_project	libesedb	The libesedb_page_read_values function in libesedb_page.c in libesedb through 2018-04-01 allows remote attackers to cause a heap-based buffer over-read via a crafted esedb file. NOTE: the vendor has …	CWE-125 境界外読み取り	CVE-2018-15158	2024-11-21 12:50	2018-09-1	表示	GitHub Exploit DB Packet Storm

248114	6.5	MEDIUM ネットワーク	libfsclfs_project	libfsclfs	The libfsclfs_block_read function in libfsclfs_block.c in libfsclfs before 2018-07-25 allows remote attackers to cause a heap-based buffer over-read via a crafted clfs file. NOTE: the vendor has disp…	CWE-125 境界外読み取り	CVE-2018-15157	2024-11-21 12:50	2018-09-1	表示	GitHub Exploit DB Packet Storm

248115	8.8	HIGH ネットワーク	docker	docker	HandleRequestAsync in Docker for Windows before 18.06.0-ce-rc3-win68 (edge) and before 18.06.0-ce-win72 (stable) deserialized requests over the \\.\pipe\dockerBackend named pipe without verifying the…	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2018-15514	2024-11-21 12:50	2018-09-1	表示	GitHub Exploit DB Packet Storm

248116	4.7	MEDIUM ローカル	trendmicro	officescan_xg	A Named Pipe Request Processing Out-of-Bounds Read Information Disclosure vulnerability in Trend Micro OfficeScan XG (12.0) could allow a local attacker to disclose sensitive information on vulnerabl…	CWE-200 情報漏えい	CVE-2018-15364	2024-11-21 12:50	2018-08-31	表示	GitHub Exploit DB Packet Storm

248117	7.8	HIGH ローカル	trendmicro	antivirus_\+_security internet_security maximum_security premium_security	An Out-of-Bounds Read Privilege Escalation vulnerability in Trend Micro Security 2018 (Consumer) products could allow a local attacker to escalate privileges on vulnerable installations. An attacker …	CWE-125 境界外読み取り	CVE-2018-15363	2024-11-21 12:50	2018-08-31	表示	GitHub Exploit DB Packet Storm

248118	8.8	HIGH ネットワーク	mystrom	wifi_switch_firmware wifi_button_plus_firmware wifi_button_firmware wifi_switch_eu_firmware wifi_bulb_firmware wifi_led_strip_firmware	An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and …	NVD-CWE-noinfo	CVE-2018-15480	2024-11-21 12:50	2018-08-31	表示	GitHub Exploit DB Packet Storm

248119	9.8	CRITICAL ネットワーク	mystrom	wifi_switch_firmware	myStrom WiFi Switch V1 devices before 2.66 did not sanitize a parameter received from the cloud that was used in an OS command. Malicious servers were able to run operating system commands on the dev…	CWE-78 OSコマンド・インジェクション	CVE-2018-15477	2024-11-21 12:50	2018-08-31	表示	GitHub Exploit DB Packet Storm

248120	7.5	HIGH ネットワーク	epson	wf-2750_firmware	EPSON WF-2750 printers with firmware JP02I2 do not properly validate files before running updates, which allows remote attackers to cause a printer malfunction or send malicious data to the printer.	CWE-346 同一生成元ポリシー違反	CVE-2018-14903	2024-11-21 12:50	2018-08-31	表示	GitHub Exploit DB Packet Storm

248121	7.5	HIGH ネットワーク	epson	iprint	The ContentProvider in the EPSON iPrint application 6.6.3 for Android does not properly restrict data access. This allows an attacker's application to read scanned documents.	CWE-200 情報漏えい	CVE-2018-14902	2024-11-21 12:50	2018-08-31	表示	GitHub Exploit DB Packet Storm

248122	6.5	MEDIUM ネットワーク	mystrom	wifi_switch_firmware wifi_button_plus_firmware wifi_button_firmware wifi_switch_eu_firmware wifi_bulb_firmware wifi_led_strip_firmware	An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and …	CWE-287 不適切な認証	CVE-2018-15479	2024-11-21 12:50	2018-08-31	表示	GitHub Exploit DB Packet Storm

248123	8.1	HIGH ネットワーク	mystrom	wifi_switch_firmware wifi_button_plus_firmware wifi_button_firmware wifi_switch_eu_firmware wifi_bulb_firmware wifi_led_strip_firmware	An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and …	CWE-287 不適切な認証	CVE-2018-15478	2024-11-21 12:50	2018-08-31	表示	GitHub Exploit DB Packet Storm

248124	8.1	HIGH ネットワーク	mystrom	wifi_switch_firmware wifi_button_plus_firmware wifi_button_firmware wifi_switch_eu_firmware wifi_bulb_firmware wifi_led_strip_firmware	An issue was discovered in myStrom WiFi Switch V1 before 2.66, WiFi Switch V2 before 3.80, WiFi Switch EU before 3.80, WiFi Bulb before 2.58, WiFi LED Strip before 3.80, WiFi Button before 2.73, and …	CWE-295 不正な証明書検証	CVE-2018-15476	2024-11-21 12:50	2018-08-31	表示	GitHub Exploit DB Packet Storm

248125	7.5	HIGH ネットワーク	epson	iprint	The EPSON iPrint application 6.6.3 for Android contains hard-coded API and Secret keys for the Dropbox, Box, Evernote and OneDrive services.	CWE-798 ハードコードされた認証情報の使用	CVE-2018-14901	2024-11-21 12:50	2018-08-31	表示	GitHub Exploit DB Packet Storm

248126	7.5	HIGH ネットワーク	epson	wf-2750_firmware	On EPSON WF-2750 printers with firmware JP02I2, there is no filtering of print jobs. Remote attackers can send print jobs directly to the printer via TCP port 9100.	CWE-417 チャネルおよびパスのエラー	CVE-2018-14900	2024-11-21 12:50	2018-08-31	表示	GitHub Exploit DB Packet Storm

248127	6.1	MEDIUM ネットワーク	epson	wf-2750_firmware	On the EPSON WF-2750 printer with firmware JP02I2, the Web interface AirPrint Setup page is vulnerable to HTML Injection that can redirect users to malicious sites.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14899	2024-11-21 12:50	2018-08-31	表示	GitHub Exploit DB Packet Storm

248128	8.8	HIGH ネットワーク	auth0	aspnet-owin aspnet	An issue was discovered in Auth0 auth0-aspnet and auth0-aspnet-owin. Affected packages do not use or validate the state parameter of the OAuth 2.0 and OpenID Connect protocols. This leaves applicatio…	CWE-352 同一生成元ポリシー違反	CVE-2018-15121	2024-11-21 12:50	2018-08-29	表示	GitHub Exploit DB Packet Storm

248129	4.7	MEDIUM ローカル	gearsoftware	gearaspiwdm	GEAR Software products that include GEARAspiWDM.sys, 2.2.5.0, allow local users to cause a denial of service (Race Condition and BSoD on Windows) by not checking that user-mode memory is available ri…	CWE-362 競合状態	CVE-2018-15499	2024-11-21 12:50	2018-08-25	表示	GitHub Exploit DB Packet Storm

248130	6.5	MEDIUM ネットワーク	gnome canonical	pango ubuntu_linux	libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via …	CWE-119 バッファエラー	CVE-2018-15120	2024-11-21 12:50	2018-08-25	表示	GitHub Exploit DB Packet Storm

248131	8.8	HIGH ネットワーク	ucopia	wireless_appliance_firmware	Improper input sanitization within the restricted administration shell on UCOPIA Wireless Appliance devices using firmware version 5.1.x before 5.1.13 allows authenticated remote attackers to escape …	CWE-78 OSコマンド・インジェクション	CVE-2018-15481	2024-11-21 12:50	2018-08-22	表示	GitHub Exploit DB Packet Storm

248132	7.5	HIGH ネットワーク	embedthis juniper	appweb goahead junos	An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. An HTTP POST request with a specially crafted "Host" header field may cause a NULL pointer dereference and thus caus…	CWE-476 NULL ポインタデリファレンス	CVE-2018-15505	2024-11-21 12:50	2018-08-18	表示	GitHub Exploit DB Packet Storm

248133	7.5	HIGH ネットワーク	embedthis juniper	appweb goahead junos	An issue was discovered in Embedthis GoAhead before 4.0.1 and Appweb before 7.0.2. The server mishandles some HTTP request fields associated with time, which results in a NULL pointer dereference, as…	CWE-476 NULL ポインタデリファレンス	CVE-2018-15504	2024-11-21 12:50	2018-08-18	表示	GitHub Exploit DB Packet Storm

248134	7.5	HIGH ネットワーク	swoole	swoole	The unpack implementation in Swoole version 4.0.4 lacks correct size checks in the deserialization process. An attacker can craft a serialized object to exploit this vulnerability and cause a SEGV.	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2018-15503	2024-11-21 12:50	2018-08-18	表示	GitHub Exploit DB Packet Storm

248135	7.5	HIGH ネットワーク	debian libgit2	debian_linux libgit2	In ng_pkt in transports/smart_pkt.c in libgit2 before 0.26.6 and 0.27.x before 0.27.4, a remote attacker can send a crafted smart-protocol "ng" packet that lacks a '\0' byte to trigger an out-of-boun…	CWE-125 境界外読み取り	CVE-2018-15501	2024-11-21 12:50	2018-08-18	表示	GitHub Exploit DB Packet Storm

248136	7.5	HIGH ネットワーク	tecrail	responsive_filemanager	/filemanager/upload.php in Responsive FileManager before 9.13.3 allows Directory Traversal and SSRF because the url parameter is used directly in a curl_exec call, as demonstrated by a file:///etc/pa…	CWE-22 パス・トラバーサル	CVE-2018-15495	2024-11-21 12:50	2018-08-18	表示	GitHub Exploit DB Packet Storm

248137	9.8	CRITICAL ネットワーク	dojotoolkit debian	dojo debian_linux	In Dojo Toolkit before 1.14, there is unescaped string injection in dojox/Grid/DataGrid.	CWE-116 不適切なエンコード、または出力のエスケープ	CVE-2018-15494	2024-11-21 12:50	2018-08-18	表示	GitHub Exploit DB Packet Storm

248138	7.5	HIGH ネットワーク	gemalto	sentinel_license_manager	A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.	CWE-405 非対称のリソース消費に関する脆弱性	CVE-2018-15492	2024-11-21 12:50	2018-08-18	表示	GitHub Exploit DB Packet Storm

248139	7.5	HIGH ネットワーク	zemana	antilogger	A vulnerability in the permission and encryption implementation of Zemana Anti-Logger 1.9.3.527 and prior (fixed in 1.9.3.602) allows an attacker to take control of the whitelisting feature (MyRules2…	CWE-798 CWE-732 ハードコードされた認証情報の使用重要なリソースに対する不適切なパーミッションの割り当て	CVE-2018-15491	2024-11-21 12:50	2018-08-18	表示	GitHub Exploit DB Packet Storm

248140	9.8	CRITICAL ネットワーク	google	android	Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for MLT application intents. The LG ID is LVE-SMP-180006.	CWE-732 重要なリソースに対する不適切なパーミッションの割り当て	CVE-2018-15482	2024-11-21 12:50	2018-08-18	表示	GitHub Exploit DB Packet Storm

248141	9.8	CRITICAL ネットワーク	google	android	Certain LG devices based on Android 6.0 through 8.1 have incorrect access control in the GNSS application. The LG ID is LVE-SMP-180004.	CWE-732 重要なリソースに対する不適切なパーミッションの割り当て	CVE-2018-14982	2024-11-21 12:50	2018-08-18	表示	GitHub Exploit DB Packet Storm

248142	9.8	CRITICAL ネットワーク	google	android	Certain LG devices based on Android 6.0 through 8.1 have incorrect access control for SystemUI application intents. The LG ID is LVE-SMP-180005.	CWE-732 重要なリソースに対する不適切なパーミッションの割り当て	CVE-2018-14981	2024-11-21 12:50	2018-08-18	表示	GitHub Exploit DB Packet Storm

248143	5.3	MEDIUM ネットワーク	openbsd debian redhat canonical netapp oracle siemens	openssh debian_linux enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server ubuntu_linux cn1610_firmware cloud_backup data_ontap_edge ontap_select_de…	OpenSSH through 7.7 is prone to a user enumeration vulnerability due to not delaying bailout for an invalid authenticating user until after the packet containing the request has been fully parsed, re…	CWE-362 競合状態	CVE-2018-15473	2024-11-21 12:50	2018-08-18	表示	GitHub Exploit DB Packet Storm

248144	7.8	HIGH ローカル	xen linux canonical	xen linux_kernel ubuntu_linux	An issue was discovered in xenvif_set_hash_mapping in drivers/net/xen-netback/hash.c in the Linux kernel through 4.18.1, as used in Xen through 4.11.x and other products. The Linux netback driver all…	CWE-125 境界外読み取り	CVE-2018-15471	2024-11-21 12:50	2018-08-18	表示	GitHub Exploit DB Packet Storm

248145	6.5	MEDIUM ローカル	xen debian	xen debian_linux	An issue was discovered in Xen through 4.11.x. ARM never properly implemented grant table v2, either in the hypervisor or in Linux. Unfortunately, an ARM guest can still request v2 grant tables; they…	CWE-400 リソースの枯渇	CVE-2018-15469	2024-11-21 12:50	2018-08-18	表示	GitHub Exploit DB Packet Storm

248146	6.5	MEDIUM ローカル	xen	xen	An issue was discovered in Xen through 4.11.x. The logic in oxenstored for handling writes depended on the order of evaluation of expressions making up a tuple. As indicated in section 7.7.3 "Operati…	CWE-400 リソースの枯渇	CVE-2018-15470	2024-11-21 12:50	2018-08-18	表示	GitHub Exploit DB Packet Storm

248147	6.0	MEDIUM ローカル	xen	xen	An issue was discovered in Xen through 4.11.x. The DEBUGCTL MSR contains several debugging features, some of which virtualise cleanly, but some do not. In particular, Branch Trace Store is not virtua…	CWE-863 不正な認証	CVE-2018-15468	2024-11-21 12:50	2018-08-18	表示	GitHub Exploit DB Packet Storm

248148	7.3	HIGH ネットワーク	eltex	esp-200_firmware	An attacker without authentication can login with default credentials for privileged users in Eltex ESP-200 firmware version 1.2.0.	CWE-798 ハードコードされた認証情報の使用	CVE-2018-15360	2024-11-21 12:50	2018-08-18	表示	GitHub Exploit DB Packet Storm

248149	8.8	HIGH ネットワーク	eltex	esp-200_firmware	An authenticated attacker with low privileges can use insecure sudo configuration to expand attack surface in Eltex ESP-200 firmware version 1.2.0.	NVD-CWE-noinfo	CVE-2018-15359	2024-11-21 12:50	2018-08-18	表示	GitHub Exploit DB Packet Storm

248150	8.8	HIGH ネットワーク	eltex	esp-200_firmware	An authenticated attacker with low privileges can activate high privileged user and use it to expand attack surface in Eltex ESP-200 firmware version 1.2.0.	CWE-20 不適切な入力確認	CVE-2018-15358	2024-11-21 12:50	2018-08-18	表示	GitHub Exploit DB Packet Storm