NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月18日4:00

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
248701	10.0	CRITICAL ネットワーク	siemens	tim_1531_irc_firmware	A vulnerability has been identified in TIM 1531 IRC (All version < V2.0). The devices was missing proper authentication on port 102/tcp, although configured. Successful exploitation requires an attac…	CWE-287 不適切な認証	CVE-2018-13816	2024-11-21 12:48	2018-12-13	表示	GitHub Exploit DB Packet Storm

248702	7.5	HIGH ネットワーク	descor	infocad_fm	An issue was discovered in Descor Infocad FM before 3.1.0.0. An unauthenticated web service allows the retrieval of files on the web server and on reachable SMB servers.	CWE-287 CWE-294 CWE-522 不適切な認証 Capture-replayによる認証回避認証情報の不十分な保護	CVE-2018-13789	2024-11-21 12:48	2018-10-11	表示	GitHub Exploit DB Packet Storm

248703	8.8	HIGH ネットワーク	siemens	rox_ii_firmware	A vulnerability has been identified in ROX II (All versions < V2.12.1). An attacker with network access to port 22/tcp and valid low-privileged user credentials for the target device could perform a …	CWE-269 不適切な権限管理	CVE-2018-13801	2024-11-21 12:48	2018-10-11	表示	GitHub Exploit DB Packet Storm

248704	7.5	HIGH ネットワーク	siemens	simatic_et_200sp_firmware simatic_s7-1500_firmware simatic_s7-1500f_firmware	A vulnerability has been identified in SIMATIC ET 200SP Open Controller (All versions >= V2.0 and < V2.1.6), SIMATIC S7-1500 Software Controller (All versions >= V2.0 and < V2.5), SIMATIC S7-1500 inc…	CWE-400 リソースの枯渇	CVE-2018-13805	2024-11-21 12:48	2018-10-11	表示	GitHub Exploit DB Packet Storm

248705	7.2	HIGH ネットワーク	siemens	rox_ii_firmware	A vulnerability has been identified in ROX II (All versions < V2.12.1). An authenticated attacker with a high-privileged user account access via SSH could circumvent restrictions in place and execute…	CWE-269 不適切な権限管理	CVE-2018-13802	2024-11-21 12:48	2018-10-11	表示	GitHub Exploit DB Packet Storm

248706	7.3	HIGH ネットワーク	siemens	simatic_s7-1200_v4_firmware	A vulnerability has been identified in SIMATIC S7-1200 CPU family version 4 (All versions < V4.2.3). The web interface could allow a Cross-Site Request Forgery (CSRF) attack if an unsuspecting user i…	CWE-352 同一生成元ポリシー違反	CVE-2018-13800	2024-11-21 12:48	2018-10-11	表示	GitHub Exploit DB Packet Storm

248707	9.8	CRITICAL ネットワーク	d-link	dir-809_a1_firmware dir-809_a2_firmware dir-809_guestzone_firmware	An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. Device passwords, such as the admin password and the WPA key, are stored in cleartext.	CWE-522 認証情報の不十分な保護	CVE-2018-14081	2024-11-21 12:48	2018-10-10	表示	GitHub Exploit DB Packet Storm

248708	7.5	HIGH ネットワーク	d-link	dir-809_a1_firmware dir-809_a2_firmware dir-809_guestzone_firmware	An issue was discovered on D-Link DIR-809 A1 through 1.09, A2 through 1.11, and Guest Zone through 1.09 devices. One can bypass authentication mechanisms to download the configuration file.	CWE-287 不適切な認証	CVE-2018-14080	2024-11-21 12:48	2018-10-10	表示	GitHub Exploit DB Packet Storm

248709	6.1	MEDIUM ネットワーク	progress	kendo_ui	Cross-site scripting (XSS) vulnerability in Progress Kendo UI Editor v2018.1.221 allows remote attackers to inject arbitrary JavaScript into the DOM of the WYSIWYG editor because of the editorNS.Seri…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14037	2024-11-21 12:48	2018-09-28	表示	GitHub Exploit DB Packet Storm

248710	7.8	HIGH ローカル	ee	ee40vb_firmware	The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE40_00_02.00_45 sets weak permissions (Everyone:Full Control) for the "Web Con…	CWE-732 重要なリソースに対する不適切なパーミッションの割り当て	CVE-2018-14327	2024-11-21 12:48	2018-09-27	表示	GitHub Exploit DB Packet Storm

248711	8.8	HIGH ネットワーク	samsung	galaxy_s8_firmware	This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S8 G950FXXU1AQL5. User interaction is required to exploit this vulnerability in that…	CWE-20 不適切な入力確認	CVE-2018-14318	2024-11-21 12:48	2018-09-25	表示	GitHub Exploit DB Packet Storm

248712	7.5	HIGH ネットワーク	smarty debian	smarty debian_linux	Smarty_Security::isTrustedResourceDir() in Smarty before 3.1.33 is prone to a path traversal vulnerability due to insufficient template code sanitization. This allows attackers controlling the execut…	CWE-22 パス・トラバーサル	CVE-2018-13982	2024-11-21 12:48	2018-09-19	表示	GitHub Exploit DB Packet Storm

248713	6.5	MEDIUM ネットワーク	podofo_project	podofo	This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of PoDoFo. User interaction is required to exploit this vulnerability in that the target must …	CWE-119 バッファエラー	CVE-2018-14320	2024-11-21 12:48	2018-09-18	表示	GitHub Exploit DB Packet Storm

248714	8.6	HIGH ネットワーク	siemens	scalance_x408_firmware scalance_x300_firmware scalance_x414_firmware	A vulnerability has been identified in SCALANCE X300 (All versions < V4.0.0), SCALANCE X408 (All versions < V4.0.0), SCALANCE X414 (All versions). The web interface on port 443/tcp could allow an att…	CWE-20 不適切な入力確認	CVE-2018-13807	2024-11-21 12:48	2018-09-12	表示	GitHub Exploit DB Packet Storm

248715	7.8	HIGH ローカル	siemens	td_keypad_designer	A vulnerability has been identified in SIEMENS TD Keypad Designer (All versions). A DLL hijacking vulnerability exists in all versions of SIEMENS TD Keypad Designer which could allow an attacker to e…	CWE-427 制御されていない検索パスの要素	CVE-2018-13806	2024-11-21 12:48	2018-09-12	表示	GitHub Exploit DB Packet Storm

248716	9.1	CRITICAL ネットワーク	siemens	simatic_wincc_open_architecture	A vulnerability has been identified in SIMATIC WinCC OA V3.14 and prior (All versions < V3.14-P021). Improper access control to a data point of the affected product could allow an unauthenticated rem…	NVD-CWE-noinfo	CVE-2018-13799	2024-11-21 12:48	2018-09-12	表示	GitHub Exploit DB Packet Storm

248717	6.1	MEDIUM ネットワーク	cremecrm	cremecrm	An issue was discovered in Creme CRM 1.6.12. The value of the cancel button uses the content of the HTTP Referer header, and could be used to trick a user into visiting a fake login page in order to …	CWE-601 オープンリダイレクト	CVE-2018-14398	2024-11-21 12:48	2018-09-8	表示	GitHub Exploit DB Packet Storm

248718	5.4	MEDIUM ネットワーク	cremecrm	cremecrm	An issue was discovered in Creme CRM 1.6.12. The organization creation page is affected by 9 stored cross-site scripting vulnerabilities involving the name, billing_address-address, billing_address-z…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14397	2024-11-21 12:48	2018-09-8	表示	GitHub Exploit DB Packet Storm

248719	5.4	MEDIUM ネットワーク	cremecrm	cremecrm	An issue was discovered in Creme CRM 1.6.12. The salesman creation page is affected by 10 stored cross-site scripting vulnerabilities involving the firstname, lastname, billing_address-address, billi…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14396	2024-11-21 12:48	2018-09-8	表示	GitHub Exploit DB Packet Storm

248720	6.1	MEDIUM ネットワーク	pulsesecure ivanti	pulse_policy_secure pulse_connect_secure connect_secure	download.cgi in Pulse Secure Pulse Connect Secure 8.1RX before 8.1R13 and 8.3RX before 8.3R4 and Pulse Policy Secure through 5.2RX before 5.2R10 and 5.4RX before 5.4R4 have an Open Redirect Vulnerabi…	CWE-601 オープンリダイレクト	CVE-2018-14366	2024-11-21 12:48	2018-09-7	表示	GitHub Exploit DB Packet Storm

248721	9.1	CRITICAL ネットワーク	ca broadcom	project_portfolio_management	An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to conduct server side request…	CWE-611 XML 外部エンティティ参照の不適切な制限	CVE-2018-13826	2024-11-21 12:48	2018-08-30	表示	GitHub Exploit DB Packet Storm

248722	6.1	MEDIUM ネットワーク	ca broadcom	project_portfolio_management	Insufficient input validation in the gridExcelExport functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute reflected cros…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-13825	2024-11-21 12:48	2018-08-30	表示	GitHub Exploit DB Packet Storm

248723	9.8	CRITICAL ネットワーク	ca broadcom	project_portfolio_management	Insufficient input sanitization of two parameters in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to execute SQL injection attacks.	CWE-89 SQLインジェクション	CVE-2018-13824	2024-11-21 12:48	2018-08-30	表示	GitHub Exploit DB Packet Storm

248724	7.5	HIGH ネットワーク	ca broadcom	project_portfolio_management	An XML external entity vulnerability in the XOG functionality, in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows remote attackers to access sensitive informatio…	CWE-611 XML 外部エンティティ参照の不適切な制限	CVE-2018-13823	2024-11-21 12:48	2018-08-30	表示	GitHub Exploit DB Packet Storm

248725	7.5	HIGH ネットワーク	broadcom	project_portfolio_management	Unprotected storage of credentials in CA PPM 14.3 and below, 14.4, 15.1, 15.2 CP5 and below, and 15.3 CP2 and below, allows attackers to access sensitive information.	CWE-522 認証情報の不十分な保護	CVE-2018-13822	2024-11-21 12:48	2018-08-30	表示	GitHub Exploit DB Packet Storm

248726	9.8	CRITICAL ネットワーク	ca	unified_infrastructure_management	A lack of authentication, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows remote attackers to conduct a variety of attacks, including file reading/writing.	CWE-287 不適切な認証	CVE-2018-13821	2024-11-21 12:48	2018-08-30	表示	GitHub Exploit DB Packet Storm

248727	7.5	HIGH ネットワーク	ca	unified_infrastructure_management	A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information.	CWE-798 ハードコードされた認証情報の使用	CVE-2018-13820	2024-11-21 12:48	2018-08-30	表示	GitHub Exploit DB Packet Storm

248728	7.5	HIGH ネットワーク	ca	unified_infrastructure_management	A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information.	CWE-798 ハードコードされた認証情報の使用	CVE-2018-13819	2024-11-21 12:48	2018-08-30	表示	GitHub Exploit DB Packet Storm

248729	8.8	HIGH ネットワーク	foxitsoftware	foxit_reader	This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the tar…	CWE-704 不正な型変換またはキャスト	CVE-2018-14317	2024-11-21 12:48	2018-08-30	表示	GitHub Exploit DB Packet Storm

248730	5.4	MEDIUM ネットワーク	pimcore	pimcore	Pimcore allows XSS via Users, Assets, Data Objects, Video Thumbnails, Image Thumbnails, Field-Collections, Objectbrick, Classification Store, Document Types, Predefined Properties, Predefined Asset M…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14059	2024-11-21 12:48	2018-08-25	表示	GitHub Exploit DB Packet Storm

248731	4.0	MEDIUM ローカル	signal	signal-desktop	Open Whisper Signal (aka Signal-Desktop) before 1.15.0-beta.10 allows information leakage.	CWE-200 情報漏えい	CVE-2018-14023	2024-11-21 12:48	2018-08-21	表示	GitHub Exploit DB Packet Storm

248732	5.3	MEDIUM ネットワーク	paymorrow	paymorrow	An issue was discovered in the Paymorrow module 1.0.0 before 1.0.2 and 2.0.0 before 2.0.1 for OXID eShop. An attacker can bypass delivery-address change detection if the payment module doesn't use eS…	NVD-CWE-noinfo	CVE-2018-14020	2024-11-21 12:48	2018-08-21	表示	GitHub Exploit DB Packet Storm

248733	7.5	HIGH ネットワーク	wi2be	smart_hp_wmt	Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to obtain sensitive information via /Status/SystemStatusRpm.esp.	CWE-200 情報漏えい	CVE-2018-14079	2024-11-21 12:48	2018-08-21	表示	GitHub Exploit DB Packet Storm

248734	9.8	CRITICAL ネットワーク	wi2be	smart_hp_wmt	Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to reset the admin password via the /ConfigWizard/ChangePwd.esp?2admin URL (Attackers can login using the "admin" username wi…	CWE-287 不適切な認証	CVE-2018-14078	2024-11-21 12:48	2018-08-21	表示	GitHub Exploit DB Packet Storm

248735	7.5	HIGH ネットワーク	wi2be	smart_hp_wmt	Wi2be SMART HP WMT R1.2.20_201400922 allows unauthorized remote attackers to backup the device configuration via a direct request to /Maintenance/configfile.cfg.	NVD-CWE-noinfo	CVE-2018-14077	2024-11-21 12:48	2018-08-21	表示	GitHub Exploit DB Packet Storm

248736	6.5	MEDIUM ネットワーク	pimcore	pimcore	Pimcore before 5.3.0 allows SQL Injection via the REST web service API.	CWE-89 SQLインジェクション	CVE-2018-14058	2024-11-21 12:48	2018-08-18	表示	GitHub Exploit DB Packet Storm

248737	8.8	HIGH ネットワーク	pimcore	pimcore	Pimcore before 5.3.0 allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging validation of the X-pimcore-csrf-token anti-CSRF token only in the "Settings > Users / …	CWE-352 同一生成元ポリシー違反	CVE-2018-14057	2024-11-21 12:48	2018-08-18	表示	GitHub Exploit DB Packet Storm

248738	9.8	CRITICAL ネットワーク	citrix	xenserver	Citrix XenServer 7.1 and newer allows Directory Traversal.	CWE-22 パス・トラバーサル	CVE-2018-14007	2024-11-21 12:48	2018-08-16	表示	GitHub Exploit DB Packet Storm

248739	8.1	HIGH ネットワーク	libcgroup_project debian fedoraproject	libcgroup debian_linux fedora	libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask, leading to disclosure of information.	CWE-200 情報漏えい	CVE-2018-14348	2024-11-21 12:48	2018-08-15	表示	GitHub Exploit DB Packet Storm

248740	7.2	HIGH ネットワーク	wordpress	wordpress	In WordPress 4.9.7, plugins uploaded via the admin area are not verified as being ZIP files. This allows for PHP files to be uploaded. Once a PHP file is uploaded, the plugin extraction fails, but th…	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2018-14028	2024-11-21 12:48	2018-08-11	表示	GitHub Exploit DB Packet Storm

248741	7.5	HIGH ネットワーク	megacryptopolis	megacryptopolis	The doPayouts() function of the smart contract implementation for MegaCryptoPolis, an Ethereum game, has a Denial of Service vulnerability. If a smart contract that has a fallback function always cau…	CWE-20 不適切な入力確認	CVE-2018-13877	2024-11-21 12:48	2018-08-7	表示	GitHub Exploit DB Packet Storm

248742	6.5	MEDIUM ネットワーク	foxitsoftware	foxit_reader phantompdf	This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that…	CWE-200 CWE-125 情報漏えい境界外読み取り	CVE-2018-14316	2024-11-21 12:48	2018-08-1	表示	GitHub Exploit DB Packet Storm

248743	8.8	HIGH ネットワーク	foxitsoftware	foxit_reader phantompdf	This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the tar…	CWE-416 解放済みメモリの使用	CVE-2018-14315	2024-11-21 12:48	2018-08-1	表示	GitHub Exploit DB Packet Storm

248744	8.8	HIGH ネットワーク	foxitsoftware	foxit_reader phantompdf	This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the tar…	CWE-416 解放済みメモリの使用	CVE-2018-14314	2024-11-21 12:48	2018-08-1	表示	GitHub Exploit DB Packet Storm

248745	8.8	HIGH ネットワーク	foxitsoftware	foxit_reader phantompdf	This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the tar…	CWE-704 不正な型変換またはキャスト	CVE-2018-14313	2024-11-21 12:48	2018-08-1	表示	GitHub Exploit DB Packet Storm

248746	8.8	HIGH ネットワーク	foxitsoftware	foxit_reader phantompdf	This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the tar…	CWE-416 解放済みメモリの使用	CVE-2018-14312	2024-11-21 12:48	2018-08-1	表示	GitHub Exploit DB Packet Storm

248747	8.8	HIGH ネットワーク	foxitsoftware	foxit_reader phantompdf	This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must vi…	CWE-704 不正な型変換またはキャスト	CVE-2018-14311	2024-11-21 12:48	2018-08-1	表示	GitHub Exploit DB Packet Storm

248748	8.8	HIGH ネットワーク	foxitsoftware	foxit_reader phantompdf	This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the tar…	CWE-416 解放済みメモリの使用	CVE-2018-14310	2024-11-21 12:48	2018-08-1	表示	GitHub Exploit DB Packet Storm

248749	8.8	HIGH ネットワーク	foxitsoftware	foxit_reader phantompdf	This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.1.0.5096. User interaction is required to exploit this vulnerability in that the tar…	CWE-416 解放済みメモリの使用	CVE-2018-14309	2024-11-21 12:48	2018-08-1	表示	GitHub Exploit DB Packet Storm

248750	8.8	HIGH ネットワーク	foxitsoftware	foxit_reader phantompdf	This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.5096. User interaction is required to exploit this vulnerability in that the tar…	CWE-416 解放済みメモリの使用	CVE-2018-14308	2024-11-21 12:48	2018-08-1	表示	GitHub Exploit DB Packet Storm