NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2026年6月22日4:00

No CVSS レベル
攻撃区分		 ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
248301 9.8 CRITICAL
ネットワーク 		vivotek fd8136_firmware Vivotek FD8136 devices allow remote memory corruption and remote code execution because of a stack-based buffer overflow, related to sprintf, vlocal_buff_4326, and set_getparam.cgi. NOTE: The vendor … CWE-787
境界外書き込み 		CVE-2018-14496 2024-11-21 12:49 2019-07-10 表示 GitHub Exploit DB Packet Storm
248302 9.8 CRITICAL
ネットワーク 		vivotek fd8136_firmware Vivotek FD8136 devices allow Remote Command Injection, aka "another command injection vulnerability in our target device," a different issue than CVE-2018-14494. NOTE: The vendor has disputed this as… CWE-78
OSコマンド・インジェクション 		CVE-2018-14495 2024-11-21 12:49 2019-07-10 表示 GitHub Exploit DB Packet Storm
248303 9.8 CRITICAL
ネットワーク 		vivotek fd8136_firmware Vivotek FD8136 devices allow Remote Command Injection, related to BusyBox and wget. NOTE: the vendor sent a clarification on 2019-09-17 explaining that, although this CVE was first populated in July … CWE-78
OSコマンド・インジェクション 		CVE-2018-14494 2024-11-21 12:49 2019-07-10 表示 GitHub Exploit DB Packet Storm
248304 8.8 HIGH
ネットワーク 		libpng
oracle
netapp 		libpng
mysql_workbench
hyperion_infrastructure_technology
oncommand_api_services
active_iq_unified_manager 		An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the function get_token in pnm2png.c in pnm2png. CWE-787
境界外書き込み 		CVE-2018-14550 2024-11-21 12:49 2019-07-10 表示 GitHub Exploit DB Packet Storm
248305 5.9 MEDIUM
ネットワーク 		intuit lacerte Intuit Lacerte 2017 has Incorrect Access Control. CWE-284
不適切なアクセス制御 		CVE-2018-14833 2024-11-21 12:49 2019-07-9 表示 GitHub Exploit DB Packet Storm
248306 7.5 HIGH
ネットワーク 		odoo odoo The Odoo Community Association (OCA) dbfilter_from_header module makes Odoo 8.x, 9.x, 10.x, and 11.x vulnerable to ReDoS (regular expression denial of service) under certain circumstances. CWE-20
不適切な入力確認 		CVE-2018-14733 2024-11-21 12:49 2019-07-6 表示 GitHub Exploit DB Packet Storm
248307 7.5 HIGH
ネットワーク 		invoxia nvx220_firmware Invoxia NVX220 devices allow access to /bin/sh via escape from a restricted CLI, leading to disclosure of password hashes. CWE-200
情報漏えい 		CVE-2018-14529 2024-11-21 12:49 2019-07-6 表示 GitHub Exploit DB Packet Storm
248308 9.8 CRITICAL
ネットワーク 		invoxia nvx220_firmware Invoxia NVX220 devices allow TELNET access as admin with a default password. CWE-798
ハードコードされた認証情報の使用 		CVE-2018-14528 2024-11-21 12:49 2019-07-6 表示 GitHub Exploit DB Packet Storm
248309 9.1 CRITICAL
ネットワーク 		odoo odoo Improper sanitization of dynamic user expressions in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated privileged users to escape from the dynamic expression s… CWE-78
OSコマンド・インジェクション 		CVE-2018-14860 2024-11-21 12:49 2019-07-4 表示 GitHub Exploit DB Packet Storm
248310 8.1 HIGH
ネットワーク 		odoo odoo Incorrect access control in the password reset component in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated users to reset the password of other users by bei… CWE-284
不適切なアクセス制御 		CVE-2018-14859 2024-11-21 12:49 2019-07-4 表示 GitHub Exploit DB Packet Storm
248311 6.5 MEDIUM
ネットワーク 		odoo odoo Report engine in Odoo Community 9.0 through 11.0 and earlier and Odoo Enterprise 9.0 through 11.0 and earlier does not use secure options when passing documents to wkhtmltopdf, which allows remote at… CWE-200
情報漏えい 		CVE-2018-14865 2024-11-21 12:49 2019-07-4 表示 GitHub Exploit DB Packet Storm
248312 6.5 MEDIUM
ネットワーク 		odoo odoo Incorrect access control in asset bundles in Odoo Community 9.0 through 11.0 and earlier and Odoo Enterprise 9.0 through 11.0 and earlier allows remote authenticated users to inject arbitrary web scr… CWE-284
不適切なアクセス制御 		CVE-2018-14864 2024-11-21 12:49 2019-07-4 表示 GitHub Exploit DB Packet Storm
248313 8.1 HIGH
ネットワーク 		odoo odoo Incorrect access control in the RPC framework in Odoo Community 8.0 through 11.0 and Odoo Enterprise 9.0 through 11.0 allows authenticated users to call private functions via RPC. CWE-284
不適切なアクセス制御 		CVE-2018-14863 2024-11-21 12:49 2019-07-4 表示 GitHub Exploit DB Packet Storm
248314 6.5 MEDIUM
ネットワーク 		odoo odoo Incorrect access control in the mail templating system in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated internal users to delete arbitrary menuitems via a … CWE-732
重要なリソースに対する不適切なパーミッションの割り当て 		CVE-2018-14862 2024-11-21 12:49 2019-07-4 表示 GitHub Exploit DB Packet Storm
248315 6.5 MEDIUM
ネットワーク 		odoo odoo Improper data access control in Odoo Community 10.0 and 11.0 and Odoo Enterprise 10.0 and 11.0 allows authenticated users to perform a CSV export of the secure hashed passwords of other users. CWE-732
重要なリソースに対する不適切なパーミッションの割り当て 		CVE-2018-14861 2024-11-21 12:49 2019-07-4 表示 GitHub Exploit DB Packet Storm
248316 4.3 MEDIUM
ネットワーク 		odoo odoo Incorrect access control in the TransientModel framework in Odoo Community 11.0 and earlier and Odoo Enterprise 11.0 and earlier allows authenticated attackers to access data in transient records tha… CWE-732
重要なリソースに対する不適切なパーミッションの割り当て 		CVE-2018-14866 2024-11-21 12:49 2019-07-4 表示 GitHub Exploit DB Packet Storm
248317 6.5 MEDIUM
ネットワーク 		odoo odoo Incorrect access control in the Password Encryption module in Odoo Community 9.0 and Odoo Enterprise 9.0 allows authenticated users to change the password of other users without knowing their current… CWE-287
不適切な認証 		CVE-2018-14868 2024-11-21 12:49 2019-06-29 表示 GitHub Exploit DB Packet Storm
248318 5.3 MEDIUM
ネットワーク 		odoo odoo Incorrect access control in the portal messaging system in Odoo Community 9.0 and 10.0 and Odoo Enterprise 9.0 and 10.0 allows remote attackers to post messages on behalf of customers, and to guess d… CWE-284
不適切なアクセス制御 		CVE-2018-14867 2024-11-21 12:49 2019-06-29 表示 GitHub Exploit DB Packet Storm
248319 6.1 MEDIUM
ネットワーク 		synacor zimbra_collaboration_suite There is a Persistent XSS vulnerability in the briefcase component of Synacor Zimbra Collaboration Suite (ZCS) Zimbra Web Client (ZWC) 8.8.8 before 8.8.8 Patch 7 and 8.8.9 before 8.8.9 Patch 1. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2018-14425 2024-11-21 12:49 2019-05-31 表示 GitHub Exploit DB Packet Storm
248320 8.8 HIGH
ネットワーク 		comsenz discuz\! The database backup feature in upload/source/admincp/admincp_db.php in Discuz! 2.5 and 3.4 allows remote attackers to execute arbitrary PHP code. CWE-20
不適切な入力確認 		CVE-2018-14729 2024-11-21 12:49 2019-05-23 表示 GitHub Exploit DB Packet Storm
248321 9.8 CRITICAL
ネットワーク 		lg n1a1_firmware LG N1A1 NAS 3718.510 is affected by: Remote Command Execution. The impact is: execute arbitrary code (remote). The attack vector is: HTTP POST with parameters. CWE-78
OSコマンド・インジェクション 		CVE-2018-14839 2024-11-21 12:49 2019-05-15 表示 GitHub Exploit DB Packet Storm
248322 9.8 CRITICAL
ネットワーク 		asus rt-ac3200_firmware System command injection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute system commands via the "load_script" URL parameter. NVD-CWE-noinfo
CVE-2018-14714 2024-11-21 12:49 2019-05-13 表示 GitHub Exploit DB Packet Storm
248323 8.1 HIGH
ネットワーク 		asus rt-ac3200_firmware Format string vulnerability in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to read arbitrary sections of memory and CPU registers via the "hook" URL parameter. CWE-134
書式文字列の問題 		CVE-2018-14713 2024-11-21 12:49 2019-05-13 表示 GitHub Exploit DB Packet Storm
248324 6.5 MEDIUM
ネットワーク 		asus rt-ac3200_firmware Buffer overflow in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to inject system commands via the "hook" URL parameter. CWE-119
バッファエラー 		CVE-2018-14712 2024-11-21 12:49 2019-05-13 表示 GitHub Exploit DB Packet Storm
248325 6.5 MEDIUM
ネットワーク 		asus rt-ac3200_firmware Missing cross-site request forgery protection in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to cause state-changing actions with specially crafted URLs. CWE-352
同一生成元ポリシー違反 		CVE-2018-14711 2024-11-21 12:49 2019-05-13 表示 GitHub Exploit DB Packet Storm
248326 6.1 MEDIUM
ネットワーク 		asus rt-ac3200_firmware Cross-site scripting in appGet.cgi on ASUS RT-AC3200 version 3.0.0.4.382.50010 allows attackers to execute JavaScript via the "hook" URL parameter. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2018-14710 2024-11-21 12:49 2019-05-13 表示 GitHub Exploit DB Packet Storm
248327 9.8 CRITICAL
ネットワーク 		blogengine blogengine.net BlogEngine.NET 3.3 allows XXE attacks via the POST body to metaweblog.axd. CWE-611
XML 外部エンティティ参照の不適切な制限 		CVE-2018-14485 2024-11-21 12:49 2019-05-8 表示 GitHub Exploit DB Packet Storm
248328 6.1 MEDIUM
ネットワーク 		coppermine-gallery coppermine_photo_gallery ecard.php in Coppermine Photo Gallery (CPG) 1.5.46 has XSS via the sender_name, recipient_email, greetings, or recipient_name parameter. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2018-14478 2024-11-21 12:49 2019-05-8 表示 GitHub Exploit DB Packet Storm
248329 5.4 MEDIUM
ネットワーク 		polarisft intellect_core_banking An issue was discovered in the Core and Portal modules in Polaris FT Intellect Core Banking 9.7.1. Reflected XSS exists with an authenticated session via the Customerid, formName, FrameId, or MODE pa… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2018-14875 2024-11-21 12:49 2019-05-1 表示 GitHub Exploit DB Packet Storm
248330 8.8 HIGH
ネットワーク 		polarisft intellect_core_banking An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. Input passed through the code parameter in three pages as collaterals/colexe3t.jsp and /references/refsuppu.jsp… CWE-89
SQLインジェクション 		CVE-2018-14874 2024-11-21 12:49 2019-05-1 表示 GitHub Exploit DB Packet Storm
248331 7.5 HIGH
ネットワーク 		tenda ac7_firmware
ac9_firmware
ac10_firmware 		An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06… CWE-119
バッファエラー 		CVE-2018-14559 2024-11-21 12:49 2019-04-26 表示 GitHub Exploit DB Packet Storm
248332 7.5 HIGH
ネットワーク 		tenda ac7_firmware
ac9_firmware
ac10_firmware 		An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through V15.03.05.19(6318)_CN(AC9), and AC10 devices with firmware through V15.03.06… CWE-119
バッファエラー 		CVE-2018-14557 2024-11-21 12:49 2019-04-26 表示 GitHub Exploit DB Packet Storm
248333 6.1 MEDIUM
ネットワーク 		paessler prtg_network_monitor PRTG before 19.1.49.1966 has Cross Site Scripting (XSS) in the WEBGUI. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2018-14683 2024-11-21 12:49 2019-04-11 表示 GitHub Exploit DB Packet Storm
248334 6.5 MEDIUM
ネットワーク 		we-con pi_studio
pi_studio_hmi 		WECON Technology PI Studio HMI versions 4.1.9 and prior and PI Studio versions 4.2.34 and prior lacks proper validation of user-supplied data, which may result in a read past the end of an allocated … CWE-125
境界外読み取り 		CVE-2018-14814 2024-11-21 12:49 2019-03-28 表示 GitHub Exploit DB Packet Storm
248335 8.8 HIGH
隣接 		samsung galaxy_s6_firmware Buffer overflow in prot_get_ring_space in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to overwri… CWE-119
バッファエラー 		CVE-2018-14745 2024-11-21 12:49 2019-03-22 表示 GitHub Exploit DB Packet Storm
248336 5.4 MEDIUM
ネットワーク 		mybb ban_list In the Ban List plugin 1.0 for MyBB, any forum user with mod privileges can ban users and input an XSS payload into the ban reason, which is executed on the bans.php page. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2018-14724 2024-11-21 12:49 2019-03-22 表示 GitHub Exploit DB Packet Storm
248337 8.8 HIGH
ネットワーク 		mybb trash_bin Trash Bin plugin 1.1.3 for MyBB has cross-site scripting (XSS) via a thread subject and a cross-site request forgery (CSRF) via a post subject. CWE-352
CWE-79
同一生成元ポリシー違反
クロスサイト・スクリプティング(XSS) 		CVE-2018-14575 2024-11-21 12:49 2019-03-22 表示 GitHub Exploit DB Packet Storm
248338 6.1 MEDIUM
ネットワーク 		dnnsoftware dotnetnuke DNN (formerly DotNetNuke) 9.1.1 allows cross-site scripting (XSS) via XML. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2018-14486 2024-11-21 12:49 2019-03-22 表示 GitHub Exploit DB Packet Storm
248339 6.1 MEDIUM
ネットワーク 		hyphp hybbs An issue was found in HYBBS through 2016-03-08. There is an XSS vulnerablity via an article title to post.html. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2018-14499 2024-11-21 12:49 2019-03-8 表示 GitHub Exploit DB Packet Storm
248340 6.5 MEDIUM
ネットワーク 		mozilla
libjpeg-turbo
fedoraproject
debian
opensuse 		mozjpeg
libjpeg-turbo
fedora
debian_linux
leap 		get_8bit_row in rdbmp.c in libjpeg-turbo through 1.5.90 and MozJPEG through 3.3.1 allows attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted 8-bit… CWE-125
境界外読み取り 		CVE-2018-14498 2024-11-21 12:49 2019-03-8 表示 GitHub Exploit DB Packet Storm
248341 7.2 HIGH
ネットワーク 		redhat satellite An improper authorization flaw was found in the Smart Class feature of Foreman. An attacker can use it to change configuration of any host registered in Red Hat Satellite, independent of the organiza… CWE-863
不正な認証 		CVE-2018-14666 2024-11-21 12:49 2019-01-23 表示 GitHub Exploit DB Packet Storm
248342 5.7 MEDIUM
隣接 		redhat
debian
opensuse
canonical 		ceph
debian_linux
leap
enterprise_linux_server
ceph_storage
ubuntu_linux 		It was found Ceph versions before 13.2.4 that authenticated ceph users with read only permissions could steal dm-crypt encryption keys used in ceph disk encryption. - CVE-2018-14662 2024-11-21 12:49 2019-01-16 表示 GitHub Exploit DB Packet Storm
248343 6.1 MEDIUM
ネットワーク 		osclass osclass Osclass 3.7.4 has XSS via the query string to index.php, a different vulnerability than CVE-2014-6280. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2018-14481 2024-11-21 12:49 2019-01-4 表示 GitHub Exploit DB Packet Storm
248344 10.0 CRITICAL
ネットワーク 		fasterxml
debian
oracle
redhat 		jackson-databind
debian_linux
primavera_unifier
banking_platform
jdeveloper
retail_merchandising_system
webcenter_portal
communications_billing_and_revenue_management
financia… 		FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic de… CWE-918
サーバサイドリクエストフォージェリ 		CVE-2018-14721 2024-11-21 12:49 2019-01-3 表示 GitHub Exploit DB Packet Storm
248345 9.8 CRITICAL
ネットワーク 		fasterxml
debian
oracle
redhat 		jackson-databind
debian_linux
primavera_unifier
banking_platform
jdeveloper
retail_merchandising_system
webcenter_portal
communications_billing_and_revenue_management
financia… 		FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization. CWE-611
CWE-502
XML 外部エンティティ参照の不適切な制限
信頼性のないデータのデシリアライゼーション 		CVE-2018-14720 2024-11-21 12:49 2019-01-3 表示 GitHub Exploit DB Packet Storm
248346 9.8 CRITICAL
ネットワーク 		fasterxml
debian
oracle
redhat
netapp 		jackson-databind
debian_linux
primavera_unifier
primavera_p6_enterprise_project_portfolio_management
database_server
banking_platform
jdeveloper
retail_merchandising_system
we… 		FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deseriali… CWE-502
信頼性のないデータのデシリアライゼーション 		CVE-2018-14719 2024-11-21 12:49 2019-01-3 表示 GitHub Exploit DB Packet Storm
248347 9.8 CRITICAL
ネットワーク 		fasterxml
debian
oracle
netapp
redhat 		jackson-databind
debian_linux
primavera_unifier
jd_edwards_enterpriseone_tools
primavera_p6_enterprise_project_portfolio_management
banking_platform
jdeveloper
retail_merchandisi… 		FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization. CWE-502
信頼性のないデータのデシリアライゼーション 		CVE-2018-14718 2024-11-21 12:49 2019-01-3 表示 GitHub Exploit DB Packet Storm
248348 5.4 MEDIUM
ネットワーク 		mondula multi_step_form The Mondula Multi Step Form plugin before 1.2.8 for WordPress has multiple stored XSS via wp-admin/admin-ajax.php. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2018-14846 2024-11-21 12:49 2018-12-21 表示 GitHub Exploit DB Packet Storm
248349 6.3 MEDIUM
隣接 		samsung galaxy_s6_firmware Buffer overflow in dhd_bus_flow_ring_create_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allow an attacker (wh… CWE-119
バッファエラー 		CVE-2018-14856 2024-11-21 12:49 2018-12-18 表示 GitHub Exploit DB Packet Storm
248350 6.3 MEDIUM
隣接 		samsung galaxy_s6_firmware Buffer overflow in dhd_bus_flow_ring_flush_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 allow an attacker (who has obtained code exec… CWE-119
バッファエラー 		CVE-2018-14855 2024-11-21 12:49 2018-12-18 表示 GitHub Exploit DB Packet Storm