NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月19日4:01

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
248551	5.5	MEDIUM ローカル	linux	linux_kernel	An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in io_ctl_map_page() when mounting and operating a crafted btrfs image, because of a lack of block…	CWE-476 NULL ポインタデリファレンス	CVE-2018-14613	2024-11-21 12:49	2018-07-27	表示	GitHub Exploit DB Packet Storm

248552	5.5	MEDIUM ローカル	linux	linux_kernel	An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in btrfs_root_node() when mounting a crafted btrfs image, because of a lack of chunk block group m…	CWE-476 NULL ポインタデリファレンス	CVE-2018-14612	2024-11-21 12:49	2018-07-27	表示	GitHub Exploit DB Packet Storm

248553	5.5	MEDIUM ローカル	linux debian	linux_kernel debian_linux	An issue was discovered in the Linux kernel through 4.17.10. There is a use-after-free in try_merge_free_space() when mounting a crafted btrfs image, because of a lack of chunk type flag checks in bt…	CWE-416 解放済みメモリの使用	CVE-2018-14611	2024-11-21 12:49	2018-07-27	表示	GitHub Exploit DB Packet Storm

248554	5.5	MEDIUM ローカル	linux	linux_kernel	An issue was discovered in the Linux kernel through 4.17.10. There is out-of-bounds access in write_extent_buffer() when mounting and operating a crafted btrfs image, because of a lack of verificatio…	CWE-125 CWE-787 境界外読み取り境界外書き込み	CVE-2018-14610	2024-11-21 12:49	2018-07-27	表示	GitHub Exploit DB Packet Storm

248555	5.5	MEDIUM ローカル	linux debian canonical	linux_kernel debian_linux ubuntu_linux	An issue was discovered in the Linux kernel through 4.17.10. There is an invalid pointer dereference in __del_reloc_root() in fs/btrfs/relocation.c when mounting a crafted btrfs image, related to rem…	CWE-476 NULL ポインタデリファレンス	CVE-2018-14609	2024-11-21 12:49	2018-07-27	表示	GitHub Exploit DB Packet Storm

248556	5.4	MEDIUM ネットワーク	gitlab	gitlab	An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur via a Milestone name during a promotion.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14606	2024-11-21 12:49	2018-07-27	表示	GitHub Exploit DB Packet Storm

248557	5.4	MEDIUM ネットワーク	gitlab	gitlab	An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the branch name during a Web IDE file commit.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14605	2024-11-21 12:49	2018-07-27	表示	GitHub Exploit DB Packet Storm

248558	6.1	MEDIUM ネットワーク	gitlab	gitlab	An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. XSS can occur in the tooltip of the job inside the CI/CD pipeline.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14604	2024-11-21 12:49	2018-07-27	表示	GitHub Exploit DB Packet Storm

248559	8.8	HIGH ネットワーク	gitlab	gitlab	An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. CSRF can occur in the Test feature of the System Hooks component.	CWE-352 同一生成元ポリシー違反	CVE-2018-14603	2024-11-21 12:49	2018-07-27	表示	GitHub Exploit DB Packet Storm

248560	7.5	HIGH ネットワーク	gitlab	gitlab	An issue was discovered in GitLab Community and Enterprise Edition before 10.8.7, 11.0.x before 11.0.5, and 11.1.x before 11.1.2. Information Disclosure can occur because the Prometheus metrics featu…	CWE-200 情報漏えい	CVE-2018-14602	2024-11-21 12:49	2018-07-27	表示	GitHub Exploit DB Packet Storm

248561	7.5	HIGH ネットワーク	gitlab	gitlab	An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.2. A Denial of Service can occur because Markdown rendering times are slow.	NVD-CWE-noinfo	CVE-2018-14601	2024-11-21 12:49	2018-07-27	表示	GitHub Exploit DB Packet Storm

248562	7.5	HIGH ネットワーク	thomsonreuters	ultratax_cs	Thomson Reuters UltraTax CS 2017 on Windows has a password protection option; however, the level of protection might be inconsistent with some customers' expectations because the data is directly acc…	CWE-311 重要なデータの暗号化の欠如	CVE-2018-14608	2024-11-21 12:49	2018-07-27	表示	GitHub Exploit DB Packet Storm

248563	7.5	HIGH ネットワーク	thomsonreuters	ultratax_cs_2017	Thomson Reuters UltraTax CS 2017 on Windows, in a client/server configuration, transfers customer records and bank account numbers in cleartext over SMBv2, which allows attackers to (1) obtain sensit…	CWE-311 重要なデータの暗号化の欠如	CVE-2018-14607	2024-11-21 12:49	2018-07-27	表示	GitHub Exploit DB Packet Storm

248564	6.1	MEDIUM ネットワーク	opmantek	open-audit	Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14493	2024-11-21 12:49	2018-07-26	表示	GitHub Exploit DB Packet Storm

248565	6.1	MEDIUM ネットワーク	mondula	multi_step_form	The Mondula Multi Step Form plugin through 1.2.5 for WordPress allows XSS via the fw_data [id][1], fw_data [id][2], fw_data [id][3], fw_data [id][4], or email field of the contact form, exploitable w…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14430	2024-11-21 12:49	2018-07-26	表示	GitHub Exploit DB Packet Storm

248566	7.5	HIGH ネットワーク	wancms	wancms	wancms 1.0 through 5.0 allows remote attackers to cause a denial of service (resource consumption) via a checkcode (aka verification code) URI in which the values of font_size, width, and height are …	CWE-400 リソースの枯渇	CVE-2018-14596	2024-11-21 12:49	2018-07-25	表示	GitHub Exploit DB Packet Storm

248567	7.5	HIGH ネットワーク	axiosys	bento4	An issue has been discovered in Bento4 1.5.1-624. A SEGV can occur in AP4_Processor::ProcessFragments in Core/Ap4Processor.cpp.	CWE-119 バッファエラー	CVE-2018-14590	2024-11-21 12:49	2018-07-25	表示	GitHub Exploit DB Packet Storm

248568	8.8	HIGH ネットワーク	axiosys	bento4	An issue has been discovered in Bento4 1.5.1-624. AP4_Mp4AudioDsiParser::ReadBits in Codecs/Ap4Mp4AudioInfo.cpp has a heap-based buffer over-read.	CWE-125 境界外読み取り	CVE-2018-14589	2024-11-21 12:49	2018-07-25	表示	GitHub Exploit DB Packet Storm

248569	7.5	HIGH ネットワーク	axiosys	bento4	An issue has been discovered in Bento4 1.5.1-624. A NULL pointer dereference can occur in AP4_DataBuffer::SetData in Core/Ap4DataBuffer.cpp.	CWE-476 NULL ポインタデリファレンス	CVE-2018-14588	2024-11-21 12:49	2018-07-25	表示	GitHub Exploit DB Packet Storm

248570	8.8	HIGH ネットワーク	axiosys	bento4	An issue has been discovered in Bento4 1.5.1-624. AP4_MemoryByteStream::WritePartial in Core/Ap4ByteStream.cpp has a buffer over-read.	CWE-125 境界外読み取り	CVE-2018-14587	2024-11-21 12:49	2018-07-25	表示	GitHub Exploit DB Packet Storm

248571	8.8	HIGH ネットワーク	axiosys	bento4	An issue has been discovered in Bento4 1.5.1-624. A SEGV can occur in AP4_Mpeg2TsAudioSampleStream::WriteSample in Core/Ap4Mpeg2Ts.cpp, a different vulnerability than CVE-2018-14532.	CWE-119 バッファエラー	CVE-2018-14586	2024-11-21 12:49	2018-07-25	表示	GitHub Exploit DB Packet Storm

248572	8.8	HIGH ネットワーク	axiosys	bento4	An issue has been discovered in Bento4 1.5.1-624. AP4_BytesToUInt16BE in Core/Ap4Utils.h has a heap-based buffer over-read after a call from the AP4_Stz2Atom class.	CWE-125 境界外読み取り	CVE-2018-14585	2024-11-21 12:49	2018-07-25	表示	GitHub Exploit DB Packet Storm

248573	8.8	HIGH ネットワーク	axiosys	bento4	An issue has been discovered in Bento4 1.5.1-624. AP4_AvccAtom::Create in Core/Ap4AvccAtom.cpp has a heap-based buffer over-read.	CWE-125 境界外読み取り	CVE-2018-14584	2024-11-21 12:49	2018-07-25	表示	GitHub Exploit DB Packet Storm

248574	8.8	HIGH ネットワーク	xyhcms	xyhcms	xyhai.php?s=/Auth/addUser in XYHCMS 3.5 allows CSRF to add a background administrator account.	CWE-352 同一生成元ポリシー違反	CVE-2018-14583	2024-11-21 12:49	2018-07-25	表示	GitHub Exploit DB Packet Storm

248575	8.8	HIGH ネットワーク	bagesoft	bagecms	index.php?r=admini/admin/create in BageCMS V3.1.3 allows CSRF to add a background administrator account.	CWE-352 同一生成元ポリシー違反	CVE-2018-14582	2024-11-21 12:49	2018-07-25	表示	GitHub Exploit DB Packet Storm

248576	9.8	CRITICAL ネットワーク	golemcms_project	golemcms	GolemCMS through 2008-12-24, if the install/ directory remains active after an installation, allows remote attackers to execute arbitrary PHP code by inserting this code into the "Database Informatio…	CWE-94 コード・インジェクション	CVE-2018-14579	2024-11-21 12:49	2018-07-24	表示	GitHub Exploit DB Packet Storm

248577	5.5	MEDIUM ローカル	trms	tightrope_media_carousel_digital_signage	A Local File Inclusion (LFI) vulnerability exists in the Web Interface API of TightRope Media Carousel Digital Signage before 7.3.5. The RenderingFetch API allows for the downloading of arbitrary fil…	CWE-22 パス・トラバーサル	CVE-2018-14573	2024-11-21 12:49	2018-07-24	表示	GitHub Exploit DB Packet Storm

248578	8.8	HIGH ネットワーク	niushop	b2b2c_multi-business	A file upload vulnerability in application/shop/controller/member.php in Niushop B2B2C Multi-business basic version V1.11 allows any remote member to upload a .php file to the web server via a profil…	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2018-14570	2024-11-21 12:49	2018-07-24	表示	GitHub Exploit DB Packet Storm

248579	7.5	HIGH ネットワーク	suricata-ids	suricata	Suricata before 4.0.5 stops TCP stream inspection upon a TCP RST from a server. This allows detection bypass because Windows TCP clients proceed with normal processing of TCP data that arrives shortl…	NVD-CWE-noinfo	CVE-2018-14568	2024-11-21 12:49	2018-07-24	表示	GitHub Exploit DB Packet Storm

248580	9.8	CRITICAL ネットワーク	thunlp	thulac	An issue was discovered in libthulac.so in THULAC through 2018-02-25. A heap-based buffer over-read can occur in NGramFeature::find_bases in include/cb_ngram_feature.h.	CWE-125 境界外読み取り	CVE-2018-14565	2024-11-21 12:49	2018-07-23	表示	GitHub Exploit DB Packet Storm

248581	9.8	CRITICAL ネットワーク	thunlp	thulac	An issue was discovered in libthulac.so in THULAC through 2018-02-25. A SEGV can occur in NGramFeature::find_bases in include/cb_ngram_feature.h.	CWE-119 バッファエラー	CVE-2018-14564	2024-11-21 12:49	2018-07-23	表示	GitHub Exploit DB Packet Storm

248582	9.8	CRITICAL ネットワーク	thunlp	thulac	An issue was discovered in libthulac.so in THULAC through 2018-02-25. "operator delete" is used with "operator new[]" in the TaggingLearner class in include/cb_tagging_learner.h, possibly leading to …	CWE-119 バッファエラー	CVE-2018-14563	2024-11-21 12:49	2018-07-23	表示	GitHub Exploit DB Packet Storm

248583	9.8	CRITICAL ネットワーク	thunlp	thulac	An issue was discovered in libthulac.so in THULAC through 2018-02-25. A NULL pointer dereference can occur in the BasicModel class in include/cb_model.h.	CWE-476 NULL ポインタデリファレンス	CVE-2018-14562	2024-11-21 12:49	2018-07-23	表示	GitHub Exploit DB Packet Storm

248584	9.8	CRITICAL ネットワーク	imagemagick canonical	imagemagick ubuntu_linux	The ReadMATImageV4 function in coders/mat.c in ImageMagick 7.0.8-7 uses an uninitialized variable, leading to memory corruption.	CWE-787 CWE-908 境界外書き込み初期化されていないリソースの使用	CVE-2018-14551	2024-11-21 12:49	2018-07-23	表示	GitHub Exploit DB Packet Storm

248585	6.5	MEDIUM ネットワーク	libwav_project	libwav	An issue has been found in libwav through 2017-04-20. It is a SEGV in the function wav_write in libwav.c.	NVD-CWE-noinfo	CVE-2018-14549	2024-11-21 12:49	2018-07-23	表示	GitHub Exploit DB Packet Storm

248586	5.5	MEDIUM ローカル	axiosys	bento4	There exists one invalid memory read bug in AP4_SampleDescription::GetType() in Ap4SampleDescription.h in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 fi…	CWE-125 境界外読み取り	CVE-2018-14545	2024-11-21 12:49	2018-07-23	表示	GitHub Exploit DB Packet Storm

248587	5.5	MEDIUM ローカル	axiosys	bento4	There exists one invalid memory read bug in AP4_SampleDescription::GetFormat() in Ap4SampleDescription.h in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 …	CWE-125 境界外読み取り	CVE-2018-14544	2024-11-21 12:49	2018-07-23	表示	GitHub Exploit DB Packet Storm

248588	5.5	MEDIUM ローカル	axiosys	bento4	There exists one NULL pointer dereference vulnerability in AP4_JsonInspector::AddField in Ap4Atom.cpp in Bento4 1.5.1-624, which can allow attackers to cause a denial-of-service via a crafted mp4 fil…	CWE-476 NULL ポインタデリファレンス	CVE-2018-14543	2024-11-21 12:49	2018-07-23	表示	GitHub Exploit DB Packet Storm

248589	9.8	CRITICAL ネットワーク	axiosys	bento4	An issue was discovered in Bento4 1.5.1-624. There is a heap-based buffer over-read in AP4_Mpeg2TsVideoSampleStream::WriteSample in Core/Ap4Mpeg2Ts.cpp after a call from Mp42Hls.cpp, a related issue …	CWE-125 境界外読み取り	CVE-2018-14532	2024-11-21 12:49	2018-07-23	表示	GitHub Exploit DB Packet Storm

248590	9.8	CRITICAL ネットワーク	axiosys	bento4	An issue was discovered in Bento4 1.5.1-624. There is an unspecified "heap-buffer-overflow" crash in the AP4_HvccAtom class in Core/Ap4HvccAtom.cpp.	CWE-119 バッファエラー	CVE-2018-14531	2024-11-21 12:49	2018-07-23	表示	GitHub Exploit DB Packet Storm

248591	6.1	MEDIUM ネットワーク	xiao5ucompany_project	xiao5ucompany	Feedback.asp in Xiao5uCompany 1.7 has XSS because the XSS protection mechanism in Safe.asp is insufficient (for example, it considers SCRIPT and IMG elements, but does not consider VIDEO elements).	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14527	2024-11-21 12:49	2018-07-23	表示	GitHub Exploit DB Packet Storm

248592	6.5	MEDIUM ネットワーク	gnu	libredwg	dwg_decode_eed in decode.c in GNU LibreDWG before 0.6 leads to a double free (in dwg_free_eed in free.c) because it does not properly manage the obj->eed value after a free occurs.	CWE-415 二重解放	CVE-2018-14524	2024-11-21 12:49	2018-07-23	表示	GitHub Exploit DB Packet Storm

248593	8.8	HIGH ネットワーク	aubio opensuse suse	aubio leap linux_enterprise	An issue was discovered in aubio 0.4.6. A buffer over-read can occur in new_aubio_pitchyinfft in pitch/pitchyinfft.c, as demonstrated by aubionotes.	CWE-125 境界外読み取り	CVE-2018-14523	2024-11-21 12:49	2018-07-23	表示	GitHub Exploit DB Packet Storm

248594	8.8	HIGH ネットワーク	aubio opensuse suse	aubio leap linux_enterprise	An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_pitch_set_unit in pitch/pitch.c, as demonstrated by aubionotes.	CWE-119 バッファエラー	CVE-2018-14522	2024-11-21 12:49	2018-07-23	表示	GitHub Exploit DB Packet Storm

248595	8.8	HIGH ネットワーク	aubio	aubio	An issue was discovered in aubio 0.4.6. A SEGV signal can occur in aubio_source_avcodec_readframe in io/source_avcodec.c, as demonstrated by aubiomfcc.	CWE-119 バッファエラー	CVE-2018-14521	2024-11-21 12:49	2018-07-23	表示	GitHub Exploit DB Packet Storm

248596	6.1	MEDIUM ネットワーク	seacms	seacms	SeaCMS 6.61 has two XSS issues in the admin_config.php file via certain form fields.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14517	2024-11-21 12:49	2018-07-23	表示	GitHub Exploit DB Packet Storm

248597	9.8	CRITICAL ネットワーク	wuzhi_cms_project	wuzhi_cms	A SQL injection was discovered in WUZHI CMS 4.1.0 that allows remote attackers to inject a malicious SQL statement via the index.php?m=promote&f=index&v=search keywords parameter.	CWE-89 SQLインジェクション	CVE-2018-14515	2024-11-21 12:49	2018-07-23	表示	GitHub Exploit DB Packet Storm

248598	9.8	CRITICAL ネットワーク	icmsdev	icms	An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read sensitive files, access an intranet, or possibly have unspecified other impact.	CWE-918 サーバサイドリクエストフォージェリ	CVE-2018-14514	2024-11-21 12:49	2018-07-23	表示	GitHub Exploit DB Packet Storm

248599	6.1	MEDIUM ネットワーク	wuzhi_cms_project	wuzhi_cms	An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[content] parameter to the index.php?m=…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14513	2024-11-21 12:49	2018-07-23	表示	GitHub Exploit DB Packet Storm

248600	6.1	MEDIUM ネットワーク	wuzhicms	wuzhi_cms	An XSS vulnerability was discovered in WUZHI CMS 4.1.0. There is persistent XSS that allows remote attackers to inject arbitrary web script or HTML via the form[nickname] parameter to the index.php?m…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14512	2024-11-21 12:49	2018-07-23	表示	GitHub Exploit DB Packet Storm