NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月22日4:00

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
248251	6.5	MEDIUM ネットワーク	harmonicinc	nsg_9000	Harmonic NSG 9000 devices allow remote authenticated users to read the webapp.py source code via a direct request for the /webapp.py URI.	CWE-200 情報漏えい	CVE-2018-14941	2024-11-21 12:50	2018-08-6	表示	GitHub Exploit DB Packet Storm

248252	7.5	HIGH ネットワーク	phpcms	phpcms	PHPCMS 9 allows remote attackers to cause a denial of service (resource consumption) via large font_size, height, and width parameters in an api.php?op=checkcode request.	CWE-400 リソースの枯渇	CVE-2018-14940	2024-11-21 12:50	2018-08-6	表示	GitHub Exploit DB Packet Storm

248253	9.8	CRITICAL ネットワーク	libreoffice	libreoffice	The get_app_path function in desktop/unx/source/start.c in LibreOffice through 6.0.5 mishandles the realpath function in certain environments such as FreeBSD libc, which might allow attackers to caus…	CWE-119 バッファエラー	CVE-2018-14939	2024-11-21 12:50	2018-08-6	表示	GitHub Exploit DB Packet Storm

248254	9.1	CRITICAL ネットワーク	digitalcorpora canonical	tcpflow ubuntu_linux	An issue was discovered in wifipcap/wifipcap.cpp in TCPFLOW through 1.5.0-alpha. There is an integer overflow in the function handle_prism during caplen processing. If the caplen is less than 144, on…	CWE-125 CWE-190 境界外読み取り整数オーバーフローまたはラップアラウンド	CVE-2018-14938	2024-11-21 12:50	2018-08-5	表示	GitHub Exploit DB Packet Storm

248255	4.8	MEDIUM ネットワーク	mylittleforum	my_little_forum	The Add page option in my little forum 2.4.12 allows XSS via the Menu Link field.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14937	2024-11-21 12:50	2018-08-5	表示	GitHub Exploit DB Packet Storm

248256	4.8	MEDIUM ネットワーク	mylittleforum	my_little_forum	The Add page option in my little forum 2.4.12 allows XSS via the Title field.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14936	2024-11-21 12:50	2018-08-5	表示	GitHub Exploit DB Packet Storm

248257	9.8	CRITICAL ネットワーク	nuuo	nvrmini_firmware	upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.	CWE-78 OSコマンド・インジェクション	CVE-2018-14933	2024-11-21 12:50	2018-08-5	表示	GitHub Exploit DB Packet Storm

248258	6.1	MEDIUM ネットワーク	matera	banco	Matera Banco 1.0.0 is vulnerable to multiple reflected XSS, as demonstrated by the /contingency/web/index.jsp (aka home page) url parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14929	2024-11-21 12:50	2018-08-4	表示	GitHub Exploit DB Packet Storm

248259	7.5	HIGH ネットワーク	matera	banco	/contingency/servlet/ServletFileDownload executes as root and provides unauthenticated access to files via the file parameter.	CWE-200 情報漏えい	CVE-2018-14928	2024-11-21 12:50	2018-08-4	表示	GitHub Exploit DB Packet Storm

248260	5.3	MEDIUM ネットワーク	matera	banco	Matera Banco 1.0.0 is vulnerable to path traversal (allowing access to system files outside the default application folder) via the /contingency/servlet/ServletFileDownload file parameter, related to…	CWE-22 パス・トラバーサル	CVE-2018-14927	2024-11-21 12:50	2018-08-4	表示	GitHub Exploit DB Packet Storm

248261	8.8	HIGH ネットワーク	matera	banco	Matera Banco 1.0.0 allows CSRF, as demonstrated by a /contingency/web/messageSend/messageSendHandler.jsp request.	CWE-352 同一生成元ポリシー違反	CVE-2018-14926	2024-11-21 12:50	2018-08-4	表示	GitHub Exploit DB Packet Storm

248262	9.8	CRITICAL ネットワーク	matera	banco	Matera Banco 1.0.0 mishandles Java errors in the backend, as demonstrated by a stack trace revealing use of net.sf.acegisecurity components.	CWE-209 エラーメッセージによる情報漏えい	CVE-2018-14925	2024-11-21 12:50	2018-08-4	表示	GitHub Exploit DB Packet Storm

248263	6.1	MEDIUM ネットワーク	matera	banco	Matera Banco 1.0.0 is vulnerable to multiple stored XSS, as demonstrated by the sca/privilegio/consultarUsuario.jsf "Nome Completo" (aka user fullname) field.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14924	2024-11-21 12:50	2018-08-4	表示	GitHub Exploit DB Packet Storm

248264	7.8	HIGH ローカル	uniview	ezplayer	A vulnerability in uniview EZPlayer 1.0.6 could allow an attacker to execute arbitrary code on a targeted system via video playback.	CWE-20 不適切な入力確認	CVE-2018-14923	2024-11-21 12:50	2018-08-4	表示	GitHub Exploit DB Packet Storm

248265	7.5	HIGH ネットワーク	cgit_project debian	cgit debian_linux	cgit_clone_objects in CGit before 1.2.1 has a directory traversal vulnerability when `enable-http-clone=1` is not turned off, as demonstrated by a cgit/cgit.cgi/git/objects/?path=../ request.	CWE-22 パス・トラバーサル	CVE-2018-14912	2024-11-21 12:50	2018-08-4	表示	GitHub Exploit DB Packet Storm

248266	7.2	HIGH ネットワーク	ukcms	ukcms	A file upload vulnerability exists in ukcms v1.1.7 and earlier. The vulnerability is due to the system not strictly filtering the file upload type. An attacker can exploit the vulnerability to upload…	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2018-14911	2024-11-21 12:50	2018-08-4	表示	GitHub Exploit DB Packet Storm

248267	8.8	HIGH ネットワーク	seacms	seacms	SeaCMS v6.61 allows Remote Code execution by placing PHP code in an allowed IP address (aka ip) to /admin/admin_ip.php (aka /adm1n/admin_ip.php). The code is executed by visiting adm1n/admin_ip.php o…	CWE-352 CWE-94 同一生成元ポリシー違反コード・インジェクション	CVE-2018-14910	2024-11-21 12:50	2018-08-4	表示	GitHub Exploit DB Packet Storm

248268	8.8	HIGH ネットワーク	samsung	syncthru_web_service	Samsung Syncthru Web Service V4.05.61 is vulnerable to CSRF on every request, as demonstrated by sws.application/printinformation/printReportSetupView.sws for a "Print emails sent" action.	CWE-352 同一生成元ポリシー違反	CVE-2018-14908	2024-11-21 12:50	2018-08-4	表示	GitHub Exploit DB Packet Storm

248269	5.3	MEDIUM ネットワーク	3cx	3cx_web_server	The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname.	CWE-209 エラーメッセージによる情報漏えい	CVE-2018-14907	2024-11-21 12:50	2018-08-4	表示	GitHub Exploit DB Packet Storm

248270	6.1	MEDIUM ネットワーク	3cx	3cx_web_server	The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on all stack traces' propertyPath parameters.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14906	2024-11-21 12:50	2018-08-4	表示	GitHub Exploit DB Packet Storm

248271	6.1	MEDIUM ネットワーク	3cx	3cx_web_server	The Web server in 3CX version 15.5.8801.3 is vulnerable to Reflected XSS on the api/CallLog TimeZoneName parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14905	2024-11-21 12:50	2018-08-4	表示	GitHub Exploit DB Packet Storm

248272	6.1	MEDIUM ネットワーク	samsung	syncthru_web_service	Samsung Syncthru Web Service V4.05.61 is vulnerable to Multiple unauthenticated XSS attacks on several parameters, as demonstrated by ruiFw_pid.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14904	2024-11-21 12:50	2018-08-4	表示	GitHub Exploit DB Packet Storm

248273	7.5	HIGH ネットワーク	php netapp	php storage_automation_store	An issue was discovered in PHP 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. Inappropriately parsing an HTTP response leads to a segmentation fault because http_header_value in ex…	CWE-476 NULL ポインタデリファレンス	CVE-2018-14884	2024-11-21 12:50	2018-08-3	表示	GitHub Exploit DB Packet Storm

248274	7.5	HIGH ネットワーク	php canonical debian netapp	php ubuntu_linux debian_linux storage_automation_store	An issue was discovered in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8. An Integer Overflow leads to a heap-based buffer over-read in exif_thumbnail_extract of…	CWE-125 CWE-190 境界外読み取り整数オーバーフローまたはラップアラウンド	CVE-2018-14883	2024-11-21 12:50	2018-08-3	表示	GitHub Exploit DB Packet Storm

248275	4.3	MEDIUM ネットワーク	samba fedoraproject	samba fedora	An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attrib…	-	CVE-2018-14628	2024-11-21 12:49	2023-01-18	表示	GitHub Exploit DB Packet Storm

248276	5.4	MEDIUM ネットワーク	getkirby	kirby	An issue was discovered in Kirby 2.5.12. The application allows malicious HTTP requests to be sent in order to trick a user into adding web pages.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14520	2024-11-21 12:49	2022-08-25	表示	GitHub Exploit DB Packet Storm

248277	4.3	MEDIUM ネットワーク	getkirby	kirby	An issue was discovered in Kirby 2.5.12. The delete page functionality suffers from a CSRF flaw. A remote attacker can craft a malicious CSRF page and force the user to delete a page.	CWE-352 同一生成元ポリシー違反	CVE-2018-14519	2024-11-21 12:49	2022-08-25	表示	GitHub Exploit DB Packet Storm

248278	9.8	CRITICAL ネットワーク	kibokolabs	chained_quiz	controllers/quizzes.php in the Kiboko Chained Quiz plugin before 1.0.9 for WordPress allows remote unauthenticated users to execute arbitrary SQL commands via the 'answer' and 'answers' parameters.	CWE-89 SQLインジェクション	CVE-2018-14502	2024-11-21 12:49	2020-03-10	表示	GitHub Exploit DB Packet Storm

248279	9.8	CRITICAL ネットワーク	drobo	5n2_firmware	In Drobo 5N2 4.0.5, all optional applications lack any form of authentication/authorization validation. As a result, any user capable of accessing the device over the network may interact with and co…	CWE-287 不適切な認証	CVE-2018-14705	2024-11-21 12:49	2020-02-25	表示	GitHub Exploit DB Packet Storm

248280	7.5	HIGH ネットワーク	libgd fedoraproject canonical debian opensuse	libgd fedora ubuntu_linux debian_linux leap	gdImageClone in gd.c in libgd 2.1.0-rc2 through 2.2.5 has a NULL pointer dereference allowing attackers to crash an application via a specific function call sequence. Only affects PHP when linked wit…	CWE-476 NULL ポインタデリファレンス	CVE-2018-14553	2024-11-21 12:49	2020-02-11	表示	GitHub Exploit DB Packet Storm

248281	6.1	MEDIUM ネットワーク	metalgenix	genixcms	GeniXCMS 1.1.5 has XSS via the dbuser or dbhost parameter during step 1 of installation.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14476	2024-11-21 12:49	2020-01-1	表示	GitHub Exploit DB Packet Storm

248282	7.5	HIGH ネットワーク	tcpdump redhat debian opensuse fedoraproject apple	tcpdump enterprise_linux debian_linux leap fedora mac_os_x	The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_RESTART).	CWE-125 境界外読み取り	CVE-2018-14881	2024-11-21 12:49	2019-10-4	表示	GitHub Exploit DB Packet Storm

248283	7.5	HIGH ネットワーク	tcpdump redhat debian opensuse fedoraproject apple f5	tcpdump enterprise_linux debian_linux leap fedora mac_os_x big-iq_centralized_management big-ip_local_traffic_manager big-ip_advanced_firewall_manager big-ip_application_ac…	The OSPFv3 parser in tcpdump before 4.9.3 has a buffer over-read in print-ospf6.c:ospf6_print_lshdr().	CWE-125 境界外読み取り	CVE-2018-14880	2024-11-21 12:49	2019-10-4	表示	GitHub Exploit DB Packet Storm

248284	7.0	HIGH ローカル	redhat debian opensuse fedoraproject f5 tcpdump apple	enterprise_linux debian_linux leap fedora traffix_signaling_delivery_controller tcpdump mac_os_x	The command-line argument parser in tcpdump before 4.9.3 has a buffer overflow in tcpdump.c:get_next_file().	CWE-120 古典的バッファオーバーフロー	CVE-2018-14879	2024-11-21 12:49	2019-10-4	表示	GitHub Exploit DB Packet Storm

248285	7.5	HIGH ネットワーク	tcpdump redhat debian opensuse fedoraproject apple	tcpdump enterprise_linux debian_linux leap fedora mac_os_x	The Babel parser in tcpdump before 4.9.3 has a buffer over-read in print-babel.c:babel_print_v2().	CWE-125 境界外読み取り	CVE-2018-14470	2024-11-21 12:49	2019-10-4	表示	GitHub Exploit DB Packet Storm

248286	7.5	HIGH ネットワーク	tcpdump redhat debian opensuse fedoraproject f5 apple	tcpdump enterprise_linux debian_linux leap fedora traffix_signaling_delivery_controller mac_os_x	The IKEv1 parser in tcpdump before 4.9.3 has a buffer over-read in print-isakmp.c:ikev1_n_print().	CWE-125 境界外読み取り	CVE-2018-14469	2024-11-21 12:49	2019-10-4	表示	GitHub Exploit DB Packet Storm

248287	7.5	HIGH ネットワーク	tcpdump redhat debian opensuse fedoraproject apple f5	tcpdump enterprise_linux debian_linux leap fedora mac_os_x big-iq_centralized_management big-ip_local_traffic_manager big-ip_advanced_firewall_manager big-ip_application_ac…	The FRF.16 parser in tcpdump before 4.9.3 has a buffer over-read in print-fr.c:mfr_print().	CWE-125 境界外読み取り	CVE-2018-14468	2024-11-21 12:49	2019-10-4	表示	GitHub Exploit DB Packet Storm

248288	7.5	HIGH ネットワーク	tcpdump redhat debian opensuse fedoraproject apple	tcpdump enterprise_linux debian_linux leap fedora mac_os_x	The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_capabilities_print() (BGP_CAPCODE_MP).	CWE-125 境界外読み取り	CVE-2018-14467	2024-11-21 12:49	2019-10-4	表示	GitHub Exploit DB Packet Storm

248289	7.5	HIGH ネットワーク	tcpdump redhat debian opensuse fedoraproject apple	tcpdump enterprise_linux debian_linux leap fedora mac_os_x	The Rx parser in tcpdump before 4.9.3 has a buffer over-read in print-rx.c:rx_cache_find() and rx_cache_insert().	CWE-125 境界外読み取り	CVE-2018-14466	2024-11-21 12:49	2019-10-4	表示	GitHub Exploit DB Packet Storm

248290	7.5	HIGH ネットワーク	tcpdump redhat debian opensuse fedoraproject f5 apple	tcpdump enterprise_linux debian_linux leap fedora traffix_signaling_delivery_controller mac_os_x	The RSVP parser in tcpdump before 4.9.3 has a buffer over-read in print-rsvp.c:rsvp_obj_print().	CWE-125 境界外読み取り	CVE-2018-14465	2024-11-21 12:49	2019-10-4	表示	GitHub Exploit DB Packet Storm

248291	7.5	HIGH ネットワーク	tcpdump redhat debian opensuse fedoraproject apple	tcpdump enterprise_linux debian_linux leap fedora mac_os_x	The LMP parser in tcpdump before 4.9.3 has a buffer over-read in print-lmp.c:lmp_print_data_link_subobjs().	CWE-125 境界外読み取り	CVE-2018-14464	2024-11-21 12:49	2019-10-4	表示	GitHub Exploit DB Packet Storm

248292	7.5	HIGH ネットワーク	tcpdump redhat debian opensuse fedoraproject f5 apple	tcpdump enterprise_linux debian_linux leap fedora traffix_signaling_delivery_controller mac_os_x	The VRRP parser in tcpdump before 4.9.3 has a buffer over-read in print-vrrp.c:vrrp_print() for VRRP version 2, a different vulnerability than CVE-2019-15167.	CWE-125 境界外読み取り	CVE-2018-14463	2024-11-21 12:49	2019-10-4	表示	GitHub Exploit DB Packet Storm

248293	7.5	HIGH ネットワーク	tcpdump redhat debian opensuse fedoraproject f5 apple	tcpdump enterprise_linux debian_linux leap fedora traffix_signaling_delivery_controller mac_os_x	The ICMP parser in tcpdump before 4.9.3 has a buffer over-read in print-icmp.c:icmp_print().	CWE-125 境界外読み取り	CVE-2018-14462	2024-11-21 12:49	2019-10-4	表示	GitHub Exploit DB Packet Storm

248294	7.5	HIGH ネットワーク	tcpdump redhat debian opensuse fedoraproject apple	tcpdump enterprise_linux debian_linux leap fedora mac_os_x	The LDP parser in tcpdump before 4.9.3 has a buffer over-read in print-ldp.c:ldp_tlv_print().	CWE-125 境界外読み取り	CVE-2018-14461	2024-11-21 12:49	2019-10-4	表示	GitHub Exploit DB Packet Storm

248295	5.3	MEDIUM ネットワーク	yandex	clickhouse	In ClickHouse before 18.12.13, functions for loading CatBoost models allowed path traversal and reading arbitrary files through error messages.	CWE-22 パス・トラバーサル	CVE-2018-14672	2024-11-21 12:49	2019-08-16	表示	GitHub Exploit DB Packet Storm

248296	9.8	CRITICAL ネットワーク	yandex	clickhouse	In ClickHouse before 18.10.3, unixODBC allowed loading arbitrary shared objects from the file system which led to a Remote Code Execution vulnerability.	CWE-20 不適切な入力確認	CVE-2018-14671	2024-11-21 12:49	2019-08-16	表示	GitHub Exploit DB Packet Storm

248297	9.8	CRITICAL ネットワーク	yandex	clickhouse	Incorrect configuration in deb package in ClickHouse before 1.1.54131 could lead to unauthorized use of the database.	CWE-285 不適切な認可	CVE-2018-14670	2024-11-21 12:49	2019-08-16	表示	GitHub Exploit DB Packet Storm

248298	7.5	HIGH ネットワーク	yandex	clickhouse	ClickHouse MySQL client before versions 1.1.54390 had "LOAD DATA LOCAL INFILE" functionality enabled that allowed a malicious MySQL database read arbitrary files from the connected ClickHouse server.	CWE-200 情報漏えい	CVE-2018-14669	2024-11-21 12:49	2019-08-16	表示	GitHub Exploit DB Packet Storm

248299	8.8	HIGH ネットワーク	yandex	clickhouse	In ClickHouse before 1.1.54388, "remote" table function allowed arbitrary symbols in "user", "password" and "default_database" fields which led to Cross Protocol Request Forgery Attacks.	CWE-352 同一生成元ポリシー違反	CVE-2018-14668	2024-11-21 12:49	2019-08-16	表示	GitHub Exploit DB Packet Storm

248300	4.9	MEDIUM ネットワーク	damicms	damicms	An arbitrary file read vulnerability in DamiCMS v6.0.0 allows remote authenticated administrators to read any files in the server via a crafted /admin.php?s=Tpl/Add/id/ URI.	CWE-200 情報漏えい	CVE-2018-14831	2024-11-21 12:49	2019-07-11	表示	GitHub Exploit DB Packet Storm