NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月19日4:01

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
248501	5.4	MEDIUM ネットワーク	readymadeb2bscript	basic_b2b	PHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14541	2024-11-21 12:49	2018-08-4	表示	GitHub Exploit DB Packet Storm

248502	5.4	MEDIUM ネットワーク	tendacn	d152_firmware	Tenda D152 ADSL routers allow XSS via a crafted SSID.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14497	2024-11-21 12:49	2018-08-4	表示	GitHub Exploit DB Packet Storm

248503	9.1	CRITICAL ネットワーク	ocsinventory-ng	ocsinventory_ng	OCS Inventory 2.4.1 lacks a proper XML parsing configuration, allowing the use of external entities. This issue can be exploited by an attacker sending a crafted HTTP request in order to exfiltrate i…	CWE-611 XML 外部エンティティ参照の不適切な制限	CVE-2018-14473	2024-11-21 12:49	2018-08-4	表示	GitHub Exploit DB Packet Storm

248504	9.8	CRITICAL ネットワーク	softnas	cloud	A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. In particular, the snserv script did not sanitize the 'recentVersion' parameter from the s…	CWE-78 OSコマンド・インジェクション	CVE-2018-14417	2024-11-21 12:49	2018-08-4	表示	GitHub Exploit DB Packet Storm

248505	9.8	CRITICAL ネットワーク	tecrail	responsive_filemanager	upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter.	CWE-918 サーバサイドリクエストフォージェリ	CVE-2018-14728	2024-11-21 12:49	2018-08-4	表示	GitHub Exploit DB Packet Storm

248506	7.5	HIGH ネットワーク	cryptogs	cryptogs	The endCoinFlip function and throwSlammer function of the smart contract implementations for Cryptogs, an Ethereum game, generate random numbers with an old block's hash. Therefore, attackers can pre…	CWE-338 暗号における脆弱な PRNG の使用	CVE-2018-14715	2024-11-21 12:49	2018-08-4	表示	GitHub Exploit DB Packet Storm

248507	7.5	HIGH ネットワーク	suncontract	suncontract	The mintTokens function of a smart contract implementation for SunContract, an Ethereum token, has an integer overflow via the _amount variable.	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2018-14576	2024-11-21 12:49	2018-08-4	表示	GitHub Exploit DB Packet Storm

248508	6.1	MEDIUM ネットワーク	mantisbt	mantisbt	An issue was discovered in manage_filter_edit_page.php in MantisBT 2.x through 2.15.0. A cross-site scripting (XSS) vulnerability in the Edit Filter page allows execution of arbitrary code (if CSP se…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14504	2024-11-21 12:49	2018-08-4	表示	GitHub Exploit DB Packet Storm

248509	7.2	HIGH ネットワーク	sensiolabs	symfony	An issue was discovered in HttpKernel in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. When using Http…	CWE-20 不適切な入力確認	CVE-2018-14774	2024-11-21 12:49	2018-08-4	表示	GitHub Exploit DB Packet Storm

248510	6.5	MEDIUM ネットワーク	sensiolabs debian drupal	symfony debian_linux drupal	An issue was discovered in Http Foundation in Symfony 2.7.0 through 2.7.48, 2.8.0 through 2.8.43, 3.3.0 through 3.3.17, 3.4.0 through 3.4.13, 4.0.0 through 4.0.13, and 4.1.0 through 4.1.2. It arises …	NVD-CWE-noinfo	CVE-2018-14773	2024-11-21 12:49	2018-08-4	表示	GitHub Exploit DB Packet Storm

248511	6.1	MEDIUM ネットワーク	djangoproject debian canonical	django debian_linux ubuntu_linux	django.middleware.common.CommonMiddleware in Django 1.11.x before 1.11.15 and 2.0.x before 2.0.8 has an Open Redirect.	CWE-601 オープンリダイレクト	CVE-2018-14574	2024-11-21 12:49	2018-08-4	表示	GitHub Exploit DB Packet Storm

248512	5.4	MEDIUM ネットワーク	weaselcms_project	weaselcms	An issue was discovered in WeaselCMS v0.3.5. XSS exists via Site Language, Site Title, Site Description, and Site Keywords on the SETTINGS page.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14877	2024-11-21 12:49	2018-08-3	表示	GitHub Exploit DB Packet Storm

248513	5.5	MEDIUM ローカル	flif	flif	An issue was discovered in image_save_png in image/image-png.cpp in Free Lossless Image Format (FLIF) 0.3. Attackers can trigger a longjmp that leads to an uninitialized stack frame after a libpng er…	NVD-CWE-noinfo	CVE-2018-14876	2024-11-21 12:49	2018-08-3	表示	GitHub Exploit DB Packet Storm

248514	5.4	MEDIUM ネットワーク	rincewind_project	rincewind	An issue was discovered in Rincewind 0.1. There is a cross-site scripting (XSS) vulnerability involving a p=account request to index.php and another file named commonPages.php.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14873	2024-11-21 12:49	2018-08-3	表示	GitHub Exploit DB Packet Storm

248515	7.5	HIGH ネットワーク	rincewind_project	rincewind	An issue was discovered in Rincewind 0.1. A reinstall vulnerability exists because the parameter p of index.php and another file named commonPages.php allows an attacker to reinstall the product, wit…	CWE-20 不適切な入力確認	CVE-2018-14872	2024-11-21 12:49	2018-08-3	表示	GitHub Exploit DB Packet Storm

248516	7.5	HIGH ネットワーク	icmsdev	icms	An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 because the remote function in app/spider/spider_tools.class.php does not block private and reserved IP addresses such as 10.0.0…	CWE-918 サーバサイドリクエストフォージェリ	CVE-2018-14858	2024-11-21 12:49	2018-08-3	表示	GitHub Exploit DB Packet Storm

248517	5.5	MEDIUM ローカル	php canonical debian netapp	php ubuntu_linux debian_linux storage_automation_store	exif_process_IFD_in_MAKERNOTE in ext/exif/exif.c in PHP before 5.6.37, 7.0.x before 7.0.31, 7.1.x before 7.1.20, and 7.2.x before 7.2.8 allows remote attackers to cause a denial of service (out-of-bo…	CWE-125 境界外読み取り	CVE-2018-14851	2024-11-21 12:49	2018-08-3	表示	GitHub Exploit DB Packet Storm

248518	9.1	CRITICAL ネットワーク	mikrotik	routeros	MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability i…	CWE-22 パス・トラバーサル	CVE-2018-14847	2024-11-21 12:49	2018-08-2	表示	GitHub Exploit DB Packet Storm

248519	6.1	MEDIUM ネットワーク	intelliants	subrion	uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for example, .htm file uploads).	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14840	2024-11-21 12:49	2018-08-2	表示	GitHub Exploit DB Packet Storm

248520	6.1	MEDIUM ネットワーク	rejucms_project	rejucms	rejucms 2.1 has stored XSS via the admin/book.php content parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14838	2024-11-21 12:49	2018-08-2	表示	GitHub Exploit DB Packet Storm

248521	6.5	MEDIUM ネットワーク	subrion	subrion_cms	Subrion 4.2.1 is vulnerable to Improper Access control because user groups not having access to the Admin panel are able to access it (but not perform actions) if the Guests user group has access to …	CWE-269 不適切な権限管理	CVE-2018-14836	2024-11-21 12:49	2018-08-2	表示	GitHub Exploit DB Packet Storm

248522	5.4	MEDIUM ネットワーク	subrion	subrion_cms	Subrion CMS v4.2.1 is vulnerable to Stored XSS because of no escaping added to the tooltip information being displayed in multiple areas.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14835	2024-11-21 12:49	2018-08-2	表示	GitHub Exploit DB Packet Storm

248523	5.4	MEDIUM ネットワーク	dleviet	datalife_engine	An issue was discovered in DataLife Engine (DLE) through 13.0. An attacker can use XSS (related to the /addnews.html and /index.php?do=addnews URIs) to send a malicious script to unsuspecting Admins …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14777	2024-11-21 12:49	2018-08-2	表示	GitHub Exploit DB Packet Storm

248524	5.4	MEDIUM ネットワーク	clickstudios	passwordstate	Click Studios Passwordstate before 8.3 Build 8397 allows XSS by authenticated users via an uploaded HTML document.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14776	2024-11-21 12:49	2018-08-1	表示	GitHub Exploit DB Packet Storm

248525	5.5	MEDIUM ローカル	openbsd	openbsd	tss_alloc in sys/arch/i386/i386/gdt.c in OpenBSD 6.2 and 6.3 has a Local Denial of Service (system crash) due to incorrect I/O port access control on the i386 architecture.	CWE-20 不適切な入力確認	CVE-2018-14775	2024-11-21 12:49	2018-08-1	表示	GitHub Exploit DB Packet Storm

248526	7.8	HIGH ローカル	red-gate	.net_reflector smartassembly	Redgate .NET Reflector before 10.0.7.774 and SmartAssembly before 6.12.5 allow attackers to execute code by decompiling a compiled .NET object (such as a DLL or EXE file) with a specific embedded res…	CWE-20 不適切な入力確認	CVE-2018-14581	2024-11-21 12:49	2018-07-31	表示	GitHub Exploit DB Packet Storm

248527	7.8	HIGH ローカル	intenogroup	iopsys_firmware	read_tmp and write_tmp in Inteno IOPSYS allow attackers to gain privileges after writing to /tmp/etc/smb.conf because /var is a symlink to /tmp.	NVD-CWE-noinfo	CVE-2018-14533	2024-11-21 12:49	2018-07-31	表示	GitHub Exploit DB Packet Storm

248528	5.3	MEDIUM ネットワーク	debian redhat openstack	debian_linux openstack keystone	In the Federation component of OpenStack Keystone before 11.0.4, 12.0.0, and 13.0.0, an authenticated "GET /v3/OS-FEDERATION/projects" request may bypass intended access restrictions on listing proje…	CWE-200 情報漏えい	CVE-2018-14432	2024-11-21 12:49	2018-07-31	表示	GitHub Exploit DB Packet Storm

248529	9.8	CRITICAL ネットワーク	debian kamailio	debian_linux kamailio	In Kamailio before 5.0.7 and 5.1.x before 5.1.4, a crafted SIP message with a double "To" header and an empty "To" tag causes a segmentation fault and crash. The reason is missing input validation in…	CWE-20 不適切な入力確認	CVE-2018-14767	2024-11-21 12:49	2018-07-31	表示	GitHub Exploit DB Packet Storm

248530	9.8	CRITICAL ネットワーク	pbc_project	pbc	An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A use-after-free can occur in _pbcM_sp_query in map.c.	CWE-416 解放済みメモリの使用	CVE-2018-14744	2024-11-21 12:49	2018-07-30	表示	GitHub Exploit DB Packet Storm

248531	7.5	HIGH ネットワーク	pbc_project	pbc	An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in wiretype_decode in context.c.	CWE-119 バッファエラー	CVE-2018-14743	2024-11-21 12:49	2018-07-30	表示	GitHub Exploit DB Packet Storm

248532	7.5	HIGH ネットワーク	pbc_project	pbc	An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in set_field_one in bootstrap.c during a memcpy.	CWE-119 バッファエラー	CVE-2018-14742	2024-11-21 12:49	2018-07-30	表示	GitHub Exploit DB Packet Storm

248533	7.5	HIGH ネットワーク	pbc_project	pbc	An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_pattern_pack in pattern.c.	CWE-119 バッファエラー	CVE-2018-14741	2024-11-21 12:49	2018-07-30	表示	GitHub Exploit DB Packet Storm

248534	7.5	HIGH ネットワーク	pbc_project	pbc	An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in set_field_one in bootstrap.c while making a query.	CWE-119 バッファエラー	CVE-2018-14740	2024-11-21 12:49	2018-07-30	表示	GitHub Exploit DB Packet Storm

248535	7.5	HIGH ネットワーク	pbc_project	pbc	An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_pattern_set_default in pattern.c.	CWE-119 バッファエラー	CVE-2018-14739	2024-11-21 12:49	2018-07-30	表示	GitHub Exploit DB Packet Storm

248536	7.5	HIGH ネットワーク	pbc_project	pbc	An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A SEGV can occur in pbc_rmessage_message in rmessage.c.	CWE-119 バッファエラー	CVE-2018-14738	2024-11-21 12:49	2018-07-30	表示	GitHub Exploit DB Packet Storm

248537	7.5	HIGH ネットワーク	pbc_project	pbc	An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A NULL pointer dereference can occur in pbc_wmessage_string in wmessage.c.	CWE-476 NULL ポインタデリファレンス	CVE-2018-14737	2024-11-21 12:49	2018-07-30	表示	GitHub Exploit DB Packet Storm

248538	7.5	HIGH ネットワーク	pbc_project	pbc	An issue was discovered in libpbc.a in cloudwu PBC through 2017-03-02. A buffer over-read can occur in pbc_wmessage_string in wmessage.c for PTYPE_ENUM.	CWE-125 境界外読み取り	CVE-2018-14736	2024-11-21 12:49	2018-07-30	表示	GitHub Exploit DB Packet Storm

248539	7.8	HIGH ローカル	linux canonical debian	linux_kernel ubuntu_linux debian_linux	drivers/infiniband/core/ucma.c in the Linux kernel through 4.17.11 allows ucma_leave_multicast to access a certain data structure after a cleanup step in ucma_process_join, which allows attackers to …	CWE-416 解放済みメモリの使用	CVE-2018-14734	2024-11-21 12:49	2018-07-30	表示	GitHub Exploit DB Packet Storm

248540	6.1	MEDIUM ネットワーク	xycms_project	xycms	system/edit_book.php in XYCMS 1.7 has stored XSS via a crafted add_do.php request, related to add_book.php.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14686	2024-11-21 12:49	2018-07-29	表示	GitHub Exploit DB Packet Storm

248541	9.8	CRITICAL ネットワーク	gxlcms	gxlcms	The add function in www/Lib/Lib/Action/Admin/TplAction.class.php in Gxlcms v1.1.4 allows remote attackers to read arbitrary files via a crafted index.php?s=Admin-Tpl-ADD-id request, related to Lib/Co…	CWE-200 情報漏えい	CVE-2018-14685	2024-11-21 12:49	2018-07-29	表示	GitHub Exploit DB Packet Storm

248542	8.8	HIGH ネットワーク	cabextract cabextract_project debian canonical redhat	libmspack cabextract debian_linux ubuntu_linux enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server ansible_tower	An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.	CWE-193 境界条件の判定	CVE-2018-14682	2024-11-21 12:49	2018-07-29	表示	GitHub Exploit DB Packet Storm

248543	8.8	HIGH ネットワーク	cabextract cabextract_project debian canonical redhat	libmspack cabextract debian_linux ubuntu_linux enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server ansible_tower	An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.	CWE-787 境界外書き込み	CVE-2018-14681	2024-11-21 12:49	2018-07-29	表示	GitHub Exploit DB Packet Storm

248544	6.5	MEDIUM ネットワーク	cabextract cabextract_project debian canonical redhat	libmspack cabextract debian_linux ubuntu_linux enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server ansible_tower	An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.	CWE-20 不適切な入力確認	CVE-2018-14680	2024-11-21 12:49	2018-07-29	表示	GitHub Exploit DB Packet Storm

248545	6.5	MEDIUM ネットワーク	cabextract cabextract_project debian canonical redhat	libmspack cabextract debian_linux ubuntu_linux enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server ansible_tower	An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitial…	CWE-193 境界条件の判定	CVE-2018-14679	2024-11-21 12:49	2018-07-29	表示	GitHub Exploit DB Packet Storm

248546	7.8	HIGH ローカル	linux xen debian canonical	linux_kernel xen debian_linux ubuntu_linux	An issue was discovered in the Linux kernel through 4.17.11, as used in Xen through 4.11.x. The xen_failsafe_callback entry point in arch/x86/entry/entry_64.S does not properly maintain RBX, which al…	CWE-665 不適切な初期化	CVE-2018-14678	2024-11-21 12:49	2018-07-29	表示	GitHub Exploit DB Packet Storm

248547	5.5	MEDIUM ローカル	linux debian canonical	linux_kernel debian_linux ubuntu_linux	An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference and panic in hfsplus_lookup() in fs/hfsplus/dir.c when opening a file (that is purportedly a hard link…	CWE-476 NULL ポインタデリファレンス	CVE-2018-14617	2024-11-21 12:49	2018-07-27	表示	GitHub Exploit DB Packet Storm

248548	5.5	MEDIUM ローカル	linux	linux_kernel	An issue was discovered in the Linux kernel through 4.17.10. There is a NULL pointer dereference in fscrypt_do_page_crypto() in fs/crypto/crypto.c when operating on a file in a corrupted f2fs image.	CWE-476 NULL ポインタデリファレンス	CVE-2018-14616	2024-11-21 12:49	2018-07-27	表示	GitHub Exploit DB Packet Storm

248549	5.5	MEDIUM ローカル	linux	linux_kernel	An issue was discovered in the Linux kernel through 4.17.10. There is a buffer overflow in truncate_inline_inode() in fs/f2fs/inline.c when umounting an f2fs image, because a length value may be nega…	CWE-119 バッファエラー	CVE-2018-14615	2024-11-21 12:49	2018-07-27	表示	GitHub Exploit DB Packet Storm

248550	5.5	MEDIUM ローカル	linux	linux_kernel	An issue was discovered in the Linux kernel through 4.17.10. There is an out-of-bounds access in __remove_dirty_segment() in fs/f2fs/segment.c when mounting an f2fs image.	CWE-476 NULL ポインタデリファレンス	CVE-2018-14614	2024-11-21 12:49	2018-07-27	表示	GitHub Exploit DB Packet Storm