NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月18日4:00

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
248851	9.8	CRITICAL ネットワーク	mutt neomutt canonical debian redhat	mutt neomutt ubuntu_linux debian_linux enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server enterprise_linux_server_eus enterprise_linux_server_tus	An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c does not forbid characters that may have unsafe interaction with message-cache pathnames, as demonstrated by a '/' c…	CWE-119 バッファエラー	CVE-2018-14362	2024-11-21 12:48	2018-07-18	表示	GitHub Exploit DB Packet Storm

248852	9.8	CRITICAL ネットワーク	debian neomutt	debian_linux neomutt	An issue was discovered in NeoMutt before 2018-07-16. nntp.c proceeds even if memory allocation fails for messages data.	CWE-20 不適切な入力確認	CVE-2018-14361	2024-11-21 12:48	2018-07-18	表示	GitHub Exploit DB Packet Storm

248853	9.8	CRITICAL ネットワーク	debian neomutt	debian_linux neomutt	An issue was discovered in NeoMutt before 2018-07-16. nntp_add_group in newsrc.c has a stack-based buffer overflow because of incorrect sscanf usage.	CWE-787 境界外書き込み	CVE-2018-14360	2024-11-21 12:48	2018-07-18	表示	GitHub Exploit DB Packet Storm

248854	9.8	CRITICAL ネットワーク	mutt neomutt canonical debian	mutt neomutt ubuntu_linux debian_linux	An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They have a buffer overflow via base64 data.	CWE-120 古典的バッファオーバーフロー	CVE-2018-14359	2024-11-21 12:48	2018-07-18	表示	GitHub Exploit DB Packet Storm

248855	9.8	CRITICAL ネットワーク	mutt neomutt canonical debian	mutt neomutt ubuntu_linux debian_linux	An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long RFC822.SIZE field.	CWE-787 境界外書き込み	CVE-2018-14358	2024-11-21 12:48	2018-07-18	表示	GitHub Exploit DB Packet Storm

248856	9.8	CRITICAL ネットワーク	debian mutt neomutt canonical	debian_linux mutt neomutt ubuntu_linux	An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. pop.c mishandles a zero-length UID.	CWE-824 初期化されていないポインタのアクセス	CVE-2018-14356	2024-11-21 12:48	2018-07-18	表示	GitHub Exploit DB Packet Storm

248857	5.3	MEDIUM ネットワーク	debian mutt neomutt canonical	debian_linux mutt neomutt ubuntu_linux	An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/util.c mishandles ".." directory traversal in a mailbox name.	CWE-22 パス・トラバーサル	CVE-2018-14355	2024-11-21 12:48	2018-07-18	表示	GitHub Exploit DB Packet Storm

248858	9.8	CRITICAL ネットワーク	mutt neomutt canonical debian	mutt neomutt ubuntu_linux debian_linux	An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c has an integer underflow.	CWE-191 整数アンダーフロー	CVE-2018-14353	2024-11-21 12:48	2018-07-18	表示	GitHub Exploit DB Packet Storm

248859	9.8	CRITICAL ネットワーク	mutt neomutt canonical debian	mutt neomutt ubuntu_linux debian_linux	An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap_quote_string in imap/util.c does not leave room for quote characters, leading to a stack-based buffer overflow.	CWE-787 境界外書き込み	CVE-2018-14352	2024-11-21 12:48	2018-07-18	表示	GitHub Exploit DB Packet Storm

248860	9.8	CRITICAL ネットワーク	mutt neomutt canonical debian	mutt neomutt ubuntu_linux debian_linux	An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a long IMAP status mailbox literal count size.	CWE-20 不適切な入力確認	CVE-2018-14351	2024-11-21 12:48	2018-07-18	表示	GitHub Exploit DB Packet Storm

248861	9.8	CRITICAL ネットワーク	mutt neomutt debian canonical	mutt neomutt debian_linux ubuntu_linux	An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/message.c has a stack-based buffer overflow for a FETCH response with a long INTERNALDATE field.	CWE-787 境界外書き込み	CVE-2018-14350	2024-11-21 12:48	2018-07-18	表示	GitHub Exploit DB Packet Storm

248862	9.8	CRITICAL ネットワーク	debian mutt neomutt canonical	debian_linux mutt neomutt ubuntu_linux	An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. imap/command.c mishandles a NO response without a message.	CWE-20 不適切な入力確認	CVE-2018-14349	2024-11-21 12:48	2018-07-18	表示	GitHub Exploit DB Packet Storm

248863	6.5	MEDIUM ネットワーク	debian gnu	debian_linux libextractor	GNU Libextractor before 1.7 contains an infinite loop vulnerability in EXTRACTOR_mpeg_extract_method (mpeg_extractor.c).	CWE-835 無限ループ	CVE-2018-14347	2024-11-21 12:48	2018-07-18	表示	GitHub Exploit DB Packet Storm

248864	8.8	HIGH ネットワーク	debian gnu	debian_linux libextractor	GNU Libextractor before 1.7 has a stack-based buffer overflow in ec_read_file_func (unzip.c).	CWE-787 境界外書き込み	CVE-2018-14346	2024-11-21 12:48	2018-07-18	表示	GitHub Exploit DB Packet Storm

248865	7.5	HIGH ネットワーク	sddm_project	sddm	An issue was discovered in SDDM through 0.17.0. If configured with ReuseSession=true, the password is not checked for users with an already existing session. Any user with access to the system D-Bus …	CWE-287 CWE-613 不適切な認証不適切なセッション期限	CVE-2018-14345	2024-11-21 12:48	2018-07-17	表示	GitHub Exploit DB Packet Storm

248866	9.8	CRITICAL ネットワーク	trivum	webtouch_setup_v9_firmware	Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using…	NVD-CWE-noinfo	CVE-2018-13862	2024-11-21 12:48	2018-07-17	表示	GitHub Exploit DB Packet Storm

248867	9.8	CRITICAL ネットワーク	trivum	webtouch_setup_v9_firmware	Touchpad / Trivum WebTouch Setup V9 V2.53 build 13163 of Apr 6 2018 09:10:14 (FW 303) allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, …	NVD-CWE-noinfo	CVE-2018-13861	2024-11-21 12:48	2018-07-17	表示	GitHub Exploit DB Packet Storm

248868	7.5	HIGH ネットワーク	trivum	c4_professional_firmware	MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18 allows unauthorized remote attackers to obtain sensitive information via the "/xml/…	CWE-200 情報漏えい	CVE-2018-13860	2024-11-21 12:48	2018-07-17	表示	GitHub Exploit DB Packet Storm

248869	9.8	CRITICAL ネットワーク	trivum	c4_professional_firmware	MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18, allow unauthorized remote attackers to reset the authentication via the "/xml/syst…	NVD-CWE-noinfo	CVE-2018-13859	2024-11-21 12:48	2018-07-17	表示	GitHub Exploit DB Packet Storm

248870	9.8	CRITICAL ネットワーク	trivum	c4_professional_firmware	MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using …	NVD-CWE-noinfo	CVE-2018-13858	2024-11-21 12:48	2018-07-17	表示	GitHub Exploit DB Packet Storm

248871	8.1	HIGH ネットワーク	exiv2	exiv2	samples/geotag.cpp in the example code of Exiv2 0.26 misuses the realpath function on POSIX platforms (other than Apple platforms) where glibc is not used, possibly leading to a buffer overflow.	CWE-119 バッファエラー	CVE-2018-14338	2024-11-21 12:48	2018-07-17	表示	GitHub Exploit DB Packet Storm

248872	7.5	HIGH ネットワーク	lightbend	play_framework	A directory traversal vulnerability has been found in the Assets controller in Play Framework 2.6.12 through 2.6.15 (fixed in 2.6.16) when running on Windows. It allows a remote attacker to download …	CWE-22 パス・トラバーサル	CVE-2018-13864	2024-11-21 12:48	2018-07-17	表示	GitHub Exploit DB Packet Storm

248873	7.5	HIGH ネットワーク	mruby debian	mruby debian_linux	The CHECK macro in mrbgems/mruby-sprintf/src/sprintf.c in mruby 1.4.1 contains a signed integer overflow, possibly leading to out-of-bounds memory access because the mrb_str_resize function in string…	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2018-14337	2024-11-21 12:48	2018-07-17	表示	GitHub Exploit DB Packet Storm

248874	9.8	CRITICAL ネットワーク	joyplus-cms_project	joyplus-cms	manager/editor/upload.php in joyplus-cms 1.6.0 allows arbitrary file upload because detection of a prohibited file extension simply sets the $errm value, and does not otherwise alter the flow of cont…	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2018-14334	2024-11-21 12:48	2018-07-17	表示	GitHub Exploit DB Packet Storm

248875	8.1	HIGH ネットワーク	teamviewer	teamviewer	TeamViewer through 13.1.1548 stores a password in Unicode format within TeamViewer.exe process memory between "[00 88] and "[00 00 00]" delimiters, which might make it easier for attackers to obtain …	CWE-200 情報漏えい	CVE-2018-14333	2024-11-21 12:48	2018-07-17	表示	GitHub Exploit DB Packet Storm

248876	8.8	HIGH ネットワーク	xiaocms	xiaocms_x1	An issue was discovered in XiaoCms X1 v20140305. There is a CSRF vulnerability to change the administrator account password via admin/index.php?c=index&a=my.	CWE-352 同一生成元ポリシー違反	CVE-2018-14331	2024-11-21 12:48	2018-07-17	表示	GitHub Exploit DB Packet Storm

248877	4.7	MEDIUM ローカル	htslib	htslib	In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink attack.	CWE-362 CWE-59 競合状態リンク解釈の問題	CVE-2018-14329	2024-11-21 12:48	2018-07-17	表示	GitHub Exploit DB Packet Storm

248878	4.8	MEDIUM ネットワーク	techotronic	all_in_one_favicon	Multiple Persistent cross-site scripting (XSS) issues in the Techotronic all-in-one-favicon (aka All In One Favicon) plugin 4.6 for WordPress allow remote attackers to inject arbitrary web script or …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-13832	2024-11-21 12:48	2018-07-17	表示	GitHub Exploit DB Packet Storm

248879	8.8	HIGH ネットワーク	techsmith	mp4v2	In MP4v2 2.0.0, there is an integer overflow (with resultant memory corruption) when resizing MP4Array for the ftyp atom in mp4array.h.	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2018-14326	2024-11-21 12:48	2018-07-17	表示	GitHub Exploit DB Packet Storm

248880	8.8	HIGH ネットワーク	techsmith	mp4v2	In MP4v2 2.0.0, there is an integer underflow (with resultant memory corruption) when parsing MP4Atom in mp4atom.cpp.	CWE-191 整数アンダーフロー	CVE-2018-14325	2024-11-21 12:48	2018-07-17	表示	GitHub Exploit DB Packet Storm

248881	9.8	CRITICAL ネットワーク	oracle	glassfish_server	The demo feature in Oracle GlassFish Open Source Edition 5.0 has TCP port 7676 open by default with a password of admin for the admin account. This allows remote attackers to obtain potentially sensi…	CWE-798 ハードコードされた認証情報の使用	CVE-2018-14324	2024-11-21 12:48	2018-07-17	表示	GitHub Exploit DB Packet Storm

248882	9.8	CRITICAL ネットワーク	zeta-producer	zeta_producer_desktop_cms	The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated remote code execution due to a default component that permits arbitrary upload of PHP files…	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2018-13981	2024-11-21 12:48	2018-07-16	表示	GitHub Exploit DB Packet Storm

248883	5.5	MEDIUM ローカル	zeta-producer	zeta_producer	The websites that were built from Zeta Producer Desktop CMS before 14.2.1 are vulnerable to unauthenticated file disclosure if the plugin "filebrowser" is installed, because of assets/php/filebrowser…	CWE-22 パス・トラバーサル	CVE-2018-13980	2024-11-21 12:48	2018-07-16	表示	GitHub Exploit DB Packet Storm

248884	9.8	CRITICAL ネットワーク	cyberhobo	geo_mashup	The Geo Mashup plugin before 1.10.4 for WordPress has insufficient sanitization of post editor and other user input.	CWE-20 不適切な入力確認	CVE-2018-14071	2024-11-21 12:48	2018-07-16	表示	GitHub Exploit DB Packet Storm

248885	7.5	HIGH ネットワーク	virgo_zodiactoken_project	virgo_zodiactoken	An issue was discovered in a smart contract implementation for Virgo_ZodiacToken, an Ethereum token. In this contract, 'bool sufficientAllowance = allowance <= _value' will cause an arbitrary transfe…	CWE-20 不適切な入力確認	CVE-2018-14089	2024-11-21 12:48	2018-07-16	表示	GitHub Exploit DB Packet Storm

248886	9.8	CRITICAL ネットワーク	stex_white_list_project	stex_white_list	An issue was discovered in a smart contract implementation for STeX White List (STE(WL)), an Ethereum token. The contract has an integer overflow. If the owner sets the value of amount to a large num…	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2018-14088	2024-11-21 12:48	2018-07-16	表示	GitHub Exploit DB Packet Storm

248887	9.8	CRITICAL ネットワーク	encryptedtoken_project	encryptedtoken	An issue was discovered in a smart contract implementation for EUC (EUC), an Ethereum token. The contract has an integer overflow. If the owner sets the value of buyPrice to a large number in setPric…	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2018-14087	2024-11-21 12:48	2018-07-16	表示	GitHub Exploit DB Packet Storm

248888	9.8	CRITICAL ネットワーク	mytoken_project	mytoken	An issue was discovered in a smart contract implementation for SingaporeCoinOrigin (SCO), an Ethereum token. The contract has an integer overflow. If the owner sets the value of sellPrice to a large …	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2018-14086	2024-11-21 12:48	2018-07-16	表示	GitHub Exploit DB Packet Storm

248889	9.8	CRITICAL ネットワーク	myadvancedtoken_project	myadvancedtoken	An issue was discovered in a smart contract implementation for MKCB, an Ethereum token. If the owner sets the value of sellPrice to a large number in setPrices() then the "amount * sellPrice" will ca…	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2018-14084	2024-11-21 12:48	2018-07-16	表示	GitHub Exploit DB Packet Storm

248890	8.8	HIGH ネットワーク	srcms_project	srcms	An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add a user account via admin.php?m=Admin&c=member&a=add.	CWE-352 同一生成元ポリシー違反	CVE-2018-14069	2024-11-21 12:48	2018-07-16	表示	GitHub Exploit DB Packet Storm

248891	8.8	HIGH ネットワーク	srcms_project	srcms	An issue was discovered in SRCMS V2.3.1. There is a CSRF vulnerability that can add an admin account via admin.php?m=Admin&c=manager&a=add.	CWE-352 同一生成元ポリシー違反	CVE-2018-14068	2024-11-21 12:48	2018-07-16	表示	GitHub Exploit DB Packet Storm

248892	9.8	CRITICAL ネットワーク	google	android	The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. One consequence is that an application without the REA…	CWE-89 SQLインジェクション	CVE-2018-14066	2024-11-21 12:48	2018-07-16	表示	GitHub Exploit DB Packet Storm

248893	9.8	CRITICAL ネットワーク	phpoffice_project	common	XMLReader.php in PHPOffice Common before 0.2.9 allows XXE.	CWE-611 XML 外部エンティティ参照の不適切な制限	CVE-2018-14065	2024-11-21 12:48	2018-07-16	表示	GitHub Exploit DB Packet Storm

248894	9.8	CRITICAL ネットワーク	velotismart_project	velotismart_wifi_firmware	The uc-http service 1.0.0 on VelotiSmart WiFi B-380 camera devices allows Directory Traversal, as demonstrated by /../../etc/passwd on TCP port 80.	CWE-22 パス・トラバーサル	CVE-2018-14064	2024-11-21 12:48	2018-07-16	表示	GitHub Exploit DB Packet Storm

248895	9.8	CRITICAL ネットワーク	tracto	tracto	The increaseApproval function of a smart contract implementation for Tracto (TRCT), an Ethereum ERC20 token, has an integer overflow.	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2018-14063	2024-11-21 12:48	2018-07-16	表示	GitHub Exploit DB Packet Storm

248896	9.8	CRITICAL ネットワーク	mi	xiaomi_r3d_firmware	OS command injection in the AP mode settings feature in /cgi-bin/luci /api/misystem/set_router_wifiap on Xiaomi R3D before 2.26.4 devices allows an attacker to execute any command via crafted JSON da…	CWE-78 OSコマンド・インジェクション	CVE-2018-14060	2024-11-21 12:48	2018-07-15	表示	GitHub Exploit DB Packet Storm

248897	9.8	CRITICAL ネットワーク	mi	xiaomi_r3p_firmware xiaomi_r3c_firmware xiaomi_r3d_firmware xiaomi_r3	OS command injection in the guest Wi-Fi settings feature in /cgi-bin/luci on Xiaomi R3P before 2.14.5, R3C before 2.12.15, R3 before 2.22.15, and R3D before 2.26.4 devices allows an attacker to execu…	CWE-78 OSコマンド・インジェクション	CVE-2018-14010	2024-11-21 12:48	2018-07-15	表示	GitHub Exploit DB Packet Storm

248898	5.3	MEDIUM ネットワーク	znc debian	znc debian_linux	ZNC before 1.7.1-rc1 is prone to a path traversal flaw via ../ in a web skin name to access files outside of the intended skins directories.	CWE-22 パス・トラバーサル	CVE-2018-14056	2024-11-21 12:48	2018-07-15	表示	GitHub Exploit DB Packet Storm

248899	6.5	MEDIUM ネットワーク	znc debian	znc debian_linux	ZNC before 1.7.1-rc1 does not properly validate untrusted lines coming from the network, allowing a non-admin user to escalate his privilege and inject rogue values into znc.conf.	CWE-20 不適切な入力確認	CVE-2018-14055	2024-11-21 12:48	2018-07-15	表示	GitHub Exploit DB Packet Storm

248900	9.8	CRITICAL ネットワーク	techsmith	mp4v2	A double free exists in the MP4StringProperty class in mp4property.cpp in MP4v2 2.0.0. A dangling pointer is freed again in the destructor once an exception is triggered.	CWE-415 二重解放	CVE-2018-14054	2024-11-21 12:48	2018-07-14	表示	GitHub Exploit DB Packet Storm