NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月18日4:00

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
248801	8.8	HIGH ネットワーク	foxitsoftware	foxit_reader phantompdf	This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the tar…	CWE-704 不正な型変換またはキャスト	CVE-2018-14257	2024-11-21 12:48	2018-08-1	表示	GitHub Exploit DB Packet Storm

248802	8.8	HIGH ネットワーク	foxitsoftware	foxit_reader phantompdf	This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the tar…	CWE-704 不正な型変換またはキャスト	CVE-2018-14256	2024-11-21 12:48	2018-08-1	表示	GitHub Exploit DB Packet Storm

248803	8.8	HIGH ネットワーク	foxitsoftware	foxit_reader phantompdf	This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the tar…	CWE-704 不正な型変換またはキャスト	CVE-2018-14255	2024-11-21 12:48	2018-08-1	表示	GitHub Exploit DB Packet Storm

248804	8.8	HIGH ネットワーク	foxitsoftware	foxit_reader phantompdf	This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the tar…	CWE-704 不正な型変換またはキャスト	CVE-2018-14254	2024-11-21 12:48	2018-08-1	表示	GitHub Exploit DB Packet Storm

248805	8.8	HIGH ネットワーク	foxitsoftware	foxit_reader phantompdf	This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the tar…	CWE-704 不正な型変換またはキャスト	CVE-2018-14253	2024-11-21 12:48	2018-08-1	表示	GitHub Exploit DB Packet Storm

248806	8.8	HIGH ネットワーク	foxitsoftware	foxit_reader phantompdf	This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the tar…	CWE-704 不正な型変換またはキャスト	CVE-2018-14252	2024-11-21 12:48	2018-08-1	表示	GitHub Exploit DB Packet Storm

248807	8.8	HIGH ネットワーク	foxitsoftware	foxit_reader phantompdf	This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the tar…	CWE-704 不正な型変換またはキャスト	CVE-2018-14251	2024-11-21 12:48	2018-08-1	表示	GitHub Exploit DB Packet Storm

248808	8.8	HIGH ネットワーク	foxitsoftware	foxit_reader phantompdf	This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the tar…	CWE-704 不正な型変換またはキャスト	CVE-2018-14250	2024-11-21 12:48	2018-08-1	表示	GitHub Exploit DB Packet Storm

248809	8.8	HIGH ネットワーク	foxitsoftware	foxit_reader phantompdf	This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the tar…	CWE-704 不正な型変換またはキャスト	CVE-2018-14249	2024-11-21 12:48	2018-08-1	表示	GitHub Exploit DB Packet Storm

248810	8.8	HIGH ネットワーク	foxitsoftware	foxit_reader phantompdf	This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the tar…	CWE-704 不正な型変換またはキャスト	CVE-2018-14248	2024-11-21 12:48	2018-08-1	表示	GitHub Exploit DB Packet Storm

248811	8.8	HIGH ネットワーク	foxitsoftware	foxit_reader phantompdf	This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the tar…	CWE-704 不正な型変換またはキャスト	CVE-2018-14247	2024-11-21 12:48	2018-08-1	表示	GitHub Exploit DB Packet Storm

248812	8.8	HIGH ネットワーク	foxitsoftware	foxit_reader phantompdf	This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the tar…	CWE-704 不正な型変換またはキャスト	CVE-2018-14246	2024-11-21 12:48	2018-08-1	表示	GitHub Exploit DB Packet Storm

248813	8.8	HIGH ネットワーク	foxitsoftware	foxit_reader phantompdf	This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the tar…	CWE-704 不正な型変換またはキャスト	CVE-2018-14245	2024-11-21 12:48	2018-08-1	表示	GitHub Exploit DB Packet Storm

248814	8.8	HIGH ネットワーク	foxitsoftware	foxit_reader phantompdf	This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the tar…	CWE-704 不正な型変換またはキャスト	CVE-2018-14244	2024-11-21 12:48	2018-08-1	表示	GitHub Exploit DB Packet Storm

248815	8.8	HIGH ネットワーク	foxitsoftware	foxit_reader phantompdf	This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the tar…	CWE-704 不正な型変換またはキャスト	CVE-2018-14243	2024-11-21 12:48	2018-08-1	表示	GitHub Exploit DB Packet Storm

248816	8.8	HIGH ネットワーク	foxitsoftware	foxit_reader phantompdf	This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the tar…	CWE-704 不正な型変換またはキャスト	CVE-2018-14242	2024-11-21 12:48	2018-08-1	表示	GitHub Exploit DB Packet Storm

248817	8.8	HIGH ネットワーク	foxitsoftware	foxit_reader phantompdf	This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the tar…	CWE-704 不正な型変換またはキャスト	CVE-2018-14241	2024-11-21 12:48	2018-08-1	表示	GitHub Exploit DB Packet Storm

248818	7.5	HIGH ネットワーク	lica	minicmts_e8k_firmware	LICA miniCMTS E8K(u/i/...) devices allow remote attackers to obtain sensitive information via a direct POST request for the inc/user.ini file, leading to discovery of a password hash.	CWE-200 情報漏えい	CVE-2018-14083	2024-11-21 12:48	2018-07-26	表示	GitHub Exploit DB Packet Storm

248819	6.5	MEDIUM ネットワーク	freedesktop canonical debian redhat	poppler ubuntu_linux debian_linux enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server openshift_container_platform ansible_tower	Poppler through 0.62 contains an out of bounds read vulnerability due to an incorrect memory access that is not mapped in its memory space, as demonstrated by pdfunite. This can result in memory corr…	CWE-125 境界外読み取り	CVE-2018-13988	2024-11-21 12:48	2018-07-26	表示	GitHub Exploit DB Packet Storm

248820	6.5	MEDIUM ネットワーク	h2database	h2	An issue was discovered in H2 1.4.197. Insecure handling of permissions in the backup function allows attackers to read sensitive files (outside of their permissions) via a symlink to a fake database…	CWE-59 リンク解釈の問題	CVE-2018-14335	2024-11-21 12:48	2018-07-24	表示	GitHub Exploit DB Packet Storm

248821	9.8	CRITICAL ネットワーク	brynamics	online_trade	Brynamics "Online Trade - Online trading and cryptocurrency investment system" allows remote attackers to obtain sensitive information via a direct request for /dashboard/addplan, /dashboard/paywithc…	CWE-200 情報漏えい	CVE-2018-14328	2024-11-21 12:48	2018-07-24	表示	GitHub Exploit DB Packet Storm

248822	7.5	HIGH ネットワーク	tp-link	wr840n	TP-Link WR840N devices allow remote attackers to cause a denial of service (connectivity loss) via a series of packets with random MAC addresses.	CWE-20 不適切な入力確認	CVE-2018-14336	2024-11-21 12:48	2018-07-20	表示	GitHub Exploit DB Packet Storm

248823	5.5	MEDIUM ローカル	clementine-player	clementine	An issue was discovered in Clementine Music Player 1.3.1. Clementine.exe is vulnerable to a user mode write access violation due to a NULL pointer dereference in the Init call in the MoodbarPipeline:…	CWE-476 NULL ポインタデリファレンス	CVE-2018-14332	2024-11-21 12:48	2018-07-20	表示	GitHub Exploit DB Packet Storm

248824	7.5	HIGH ネットワーク	axmldec_project	axmldec	axmldec 1.2.0 has an out-of-bounds write in the jitana::axml_parser::parse_start_namespace function in lib/jitana/util/axml_parser.cpp.	CWE-787 境界外書き込み	CVE-2018-14402	2024-11-21 12:48	2018-07-19	表示	GitHub Exploit DB Packet Storm

248825	7.5	HIGH ネットワーク	axml_parser_project	axml_parser	CopyData in AxmlParser.c in AXML Parser through 2018-01-04 has an out-of-bounds read.	CWE-125 境界外読み取り	CVE-2018-14401	2024-11-21 12:48	2018-07-19	表示	GitHub Exploit DB Packet Storm

248826	9.8	CRITICAL ネットワーク	phpcms_project	phpcms	libs\classes\attachment.class.php in PHPCMS 9.6.0 allows remote attackers to upload and execute arbitrary PHP code via a .txt?.php#.jpg URI in the SRC attribute of an IMG element within info[content]…	CWE-94 コード・インジェクション	CVE-2018-14399	2024-11-21 12:48	2018-07-19	表示	GitHub Exploit DB Packet Storm

248827	6.5	MEDIUM ネットワーク	debian ffmpeg	debian_linux ffmpeg	libavformat/movenc.c in FFmpeg 3.2 and 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted audio file when converting to the M…	CWE-369 ゼロ除算	CVE-2018-14395	2024-11-21 12:48	2018-07-19	表示	GitHub Exploit DB Packet Storm

248828	6.5	MEDIUM ネットワーク	ffmpeg	ffmpeg	libavformat/movenc.c in FFmpeg before 4.0.2 allows attackers to cause a denial of service (application crash caused by a divide-by-zero error) with a user crafted Waveform audio file.	CWE-369 ゼロ除算	CVE-2018-14394	2024-11-21 12:48	2018-07-19	表示	GitHub Exploit DB Packet Storm

248829	6.1	MEDIUM ネットワーク	mybb	new_threads	The New Threads plugin before 1.2 for MyBB has XSS.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14392	2024-11-21 12:48	2018-07-19	表示	GitHub Exploit DB Packet Storm

248830	7.5	HIGH ネットワーク	wireshark	wireshark	In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/airpdcap.c via bounds checking that prevents a buffer over-read.	CWE-125 境界外読み取り	CVE-2018-14370	2024-11-21 12:48	2018-07-19	表示	GitHub Exploit DB Packet Storm

248831	7.5	HIGH ネットワーク	wireshark debian	wireshark debian_linux	In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the HTTP2 dissector could crash. This was addressed in epan/dissectors/packet-http2.c by verifying that header data was found before …	CWE-20 不適切な入力確認	CVE-2018-14369	2024-11-21 12:48	2018-07-19	表示	GitHub Exploit DB Packet Storm

248832	7.5	HIGH ネットワーク	wireshark debian	wireshark debian_linux	In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the Bazaar protocol dissector could go into an infinite loop. This was addressed in epan/dissectors/packet-bzr.c by properly handling…	CWE-835 無限ループ	CVE-2018-14368	2024-11-21 12:48	2018-07-19	表示	GitHub Exploit DB Packet Storm

248833	7.5	HIGH ネットワーク	wireshark	wireshark	In Wireshark 2.6.0 to 2.6.1 and 2.4.0 to 2.4.7, the CoAP protocol dissector could crash. This was addressed in epan/dissectors/packet-coap.c by properly checking for a NULL condition.	CWE-252 未チェックの戻り値	CVE-2018-14367	2024-11-21 12:48	2018-07-19	表示	GitHub Exploit DB Packet Storm

248834	7.5	HIGH ネットワーク	wireshark	wireshark	In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ISMP dissector could crash. This was addressed in epan/dissectors/packet-ismp.c by validating the IPX address length to avoid a b…	CWE-125 境界外読み取り	CVE-2018-14344	2024-11-21 12:48	2018-07-19	表示	GitHub Exploit DB Packet Storm

248835	7.5	HIGH ネットワーク	wireshark debian	wireshark debian_linux	In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the ASN.1 BER dissector could crash. This was addressed in epan/dissectors/packet-ber.c by ensuring that length values do not exceed …	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2018-14343	2024-11-21 12:48	2018-07-19	表示	GitHub Exploit DB Packet Storm

248836	7.5	HIGH ネットワーク	wireshark debian	wireshark debian_linux	In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the BGP protocol dissector could go into a large loop. This was addressed in epan/dissectors/packet-bgp.c by validating Path Attribut…	CWE-834 過度なイテレーション	CVE-2018-14342	2024-11-21 12:48	2018-07-19	表示	GitHub Exploit DB Packet Storm

248837	7.5	HIGH ネットワーク	wireshark debian	wireshark debian_linux	In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offse…	CWE-190 CWE-835 整数オーバーフローまたはラップアラウンド無限ループ	CVE-2018-14341	2024-11-21 12:48	2018-07-19	表示	GitHub Exploit DB Packet Storm

248838	7.5	HIGH ネットワーク	wireshark debian	wireshark debian_linux	In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, dissectors that support zlib decompression could crash. This was addressed in epan/tvbuff_zlib.c by rejecting negative lengths to avo…	CWE-125 境界外読み取り	CVE-2018-14340	2024-11-21 12:48	2018-07-19	表示	GitHub Exploit DB Packet Storm

248839	7.5	HIGH ネットワーク	wireshark debian	wireshark debian_linux	In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the MMSE dissector could go into an infinite loop. This was addressed in epan/proto.c by adding offset and length validation.	CWE-20 CWE-835 不適切な入力確認無限ループ	CVE-2018-14339	2024-11-21 12:48	2018-07-19	表示	GitHub Exploit DB Packet Storm

248840	9.8	CRITICAL ネットワーク	joyplus-cms_project	joyplus-cms	joyplus-cms 1.6.0 has SQL Injection via the manager/admin_ajax.php val parameter.	CWE-89 SQLインジェクション	CVE-2018-14389	2024-11-21 12:48	2018-07-19	表示	GitHub Exploit DB Packet Storm

248841	5.4	MEDIUM ネットワーク	joyplus-cms_project	joyplus-cms	joyplus-cms 1.6.0 has XSS via the manager/admin_ajax.php can_search_device array parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14388	2024-11-21 12:48	2018-07-19	表示	GitHub Exploit DB Packet Storm

248842	8.8	HIGH ネットワーク	wondercms	wondercms	An issue was discovered in WonderCMS before 2.5.2. An attacker can create a new session on a web application and record the associated session identifier. The attacker then causes the victim to authe…	CWE-384 セッションの固定化	CVE-2018-14387	2024-11-21 12:48	2018-07-19	表示	GitHub Exploit DB Packet Storm

248843	9.8	CRITICAL ネットワーク	gitlab	gitlab	GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab pro…	CWE-22 パス・トラバーサル	CVE-2018-14364	2024-11-21 12:48	2018-07-19	表示	GitHub Exploit DB Packet Storm

248844	5.4	MEDIUM ネットワーク	freelancewebdesignerchennai	job_portal	PHP Scripts Mall JOB SITE (aka Job Portal) 3.0.1 has Cross-site Scripting (XSS) via the search bar.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14082	2024-11-21 12:48	2018-07-19	表示	GitHub Exploit DB Packet Storm

248845	6.1	MEDIUM ネットワーク	instantcms	instantcms	InstantCMS 2.10.1 has /redirect?url= XSS.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14382	2024-11-21 12:48	2018-07-19	表示	GitHub Exploit DB Packet Storm

248846	6.1	MEDIUM ネットワーク	pagekit	pagekit	Pagekit before 1.0.14 has a /user/login?redirect= open redirect vulnerability.	CWE-601 オープンリダイレクト	CVE-2018-14381	2024-11-21 12:48	2018-07-19	表示	GitHub Exploit DB Packet Storm

248847	6.1	MEDIUM ネットワーク	graylog	graylog	In Graylog before 2.4.6, XSS was possible in typeahead components, related to components/common/TypeAheadInput.jsx and components/search/QueryInput.ts.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14380	2024-11-21 12:48	2018-07-19	表示	GitHub Exploit DB Packet Storm

248848	7.5	HIGH ネットワーク	eclipse	mojarra	The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or Ja…	CWE-22 パス・トラバーサル	CVE-2018-14371	2024-11-21 12:48	2018-07-18	表示	GitHub Exploit DB Packet Storm

248849	8.8	HIGH ネットワーク	techsmith	mp4v2	MP4Atom::factory in mp4atom.cpp in MP4v2 2.0.0 incorrectly uses the MP4ItemAtom data type in a certain case where MP4DataAtom is required, which allows remote attackers to cause a denial of service (…	CWE-704 不正な型変換またはキャスト	CVE-2018-14379	2024-11-21 12:48	2018-07-18	表示	GitHub Exploit DB Packet Storm

248850	7.5	HIGH ネットワーク	debian neomutt	debian_linux neomutt	An issue was discovered in NeoMutt before 2018-07-16. newsrc.c does not properly restrict '/' characters that may have unsafe interaction with cache pathnames.	CWE-22 パス・トラバーサル	CVE-2018-14363	2024-11-21 12:48	2018-07-18	表示	GitHub Exploit DB Packet Storm