NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月18日4:00

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
248901	6.5	MEDIUM ネットワーク	libwav_project	libwav	An issue has been found in libwav through 2017-04-20. It is a SEGV in the function apply_gain in wav_gain/wav_gain.c.	NVD-CWE-noinfo	CVE-2018-14052	2024-11-21 12:48	2018-07-14	表示	GitHub Exploit DB Packet Storm

248902	7.5	HIGH ネットワーク	libwav_project	libwav	The function wav_read in libwav.c in libwav through 2017-04-20 has an infinite loop.	CWE-835 無限ループ	CVE-2018-14051	2024-11-21 12:48	2018-07-14	表示	GitHub Exploit DB Packet Storm

248903	6.5	MEDIUM ネットワーク	libwav_project	libwav	An issue has been found in libwav through 2017-04-20. It is a SEGV in the function wav_free in libwav.c.	NVD-CWE-noinfo	CVE-2018-14050	2024-11-21 12:48	2018-07-14	表示	GitHub Exploit DB Packet Storm

248904	6.5	MEDIUM ネットワーク	libwav_project	libwav	An issue has been found in libwav through 2017-04-20. It is a SEGV in the function print_info in wav_info/wav_info.c.	NVD-CWE-noinfo	CVE-2018-14049	2024-11-21 12:48	2018-07-14	表示	GitHub Exploit DB Packet Storm

248905	6.5	MEDIUM ネットワーク	libpng oracle	libpng jdk jre	An issue has been found in libpng 1.6.34. It is a SEGV in the function png_free_data in png.c, related to the recommended error handling for png_read_image.	NVD-CWE-noinfo	CVE-2018-14048	2024-11-21 12:48	2018-07-14	表示	GitHub Exploit DB Packet Storm

248906	5.5	MEDIUM ローカル	pngwriter_project	pngwriter	An issue has been found in PNGwriter 0.7.0. It is a SEGV in pngwriter::readfromfile in pngwriter.cc. NOTE: there is a "Warning: PNGwriter was never designed for reading untrusted files with it. Do NO…	CWE-119 バッファエラー	CVE-2018-14047	2024-11-21 12:48	2018-07-14	表示	GitHub Exploit DB Packet Storm

248907	8.8	HIGH ネットワーク	exiv2	exiv2	Exiv2 0.26 has a heap-based buffer over-read in WebPImage::decodeChunks in webpimage.cpp.	CWE-125 境界外読み取り	CVE-2018-14046	2024-11-21 12:48	2018-07-14	表示	GitHub Exploit DB Packet Storm

248908	7.5	HIGH ネットワーク	surina	soundtouch	The FIRFilter::evaluateFilterMulti function in FIRFilter.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and applicati…	CWE-617 到達可能なアサーション	CVE-2018-14045	2024-11-21 12:48	2018-07-14	表示	GitHub Exploit DB Packet Storm

248909	7.5	HIGH ネットワーク	surina	soundtouch	The RateTransposer::setChannels function in RateTransposer.cpp in libSoundTouch.a in Olli Parviainen SoundTouch 2.0 allows remote attackers to cause a denial of service (assertion failure and applica…	CWE-617 到達可能なアサーション	CVE-2018-14044	2024-11-21 12:48	2018-07-14	表示	GitHub Exploit DB Packet Storm

248910	9.8	CRITICAL ネットワーク	monetra	mstdlib	mstdlib (aka the M Standard Library for C) 1.2.0 has incorrect file access control in situations where M_fs_perms_can_access attempts to delete an existing file (that lacks public read/write access) …	CWE-732 重要なリソースに対する不適切なパーミッションの割り当て	CVE-2018-14043	2024-11-21 12:48	2018-07-13	表示	GitHub Exploit DB Packet Storm

248911	6.1	MEDIUM ネットワーク	getbootstrap	bootstrap	In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14042	2024-11-21 12:48	2018-07-13	表示	GitHub Exploit DB Packet Storm

248912	6.1	MEDIUM ネットワーク	getbootstrap	bootstrap	In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14041	2024-11-21 12:48	2018-07-13	表示	GitHub Exploit DB Packet Storm

248913	6.1	MEDIUM ネットワーク	debian getbootstrap	debian_linux bootstrap	In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-14040	2024-11-21 12:48	2018-07-13	表示	GitHub Exploit DB Packet Storm

248914	6.5	MEDIUM ネットワーク	freedesktop	accountsservice	Directory Traversal with ../ sequences occurs in AccountsService before 0.6.50 because of an insufficient path check in user_change_icon_file_authorized_cb() in user.c.	CWE-22 パス・トラバーサル	CVE-2018-14036	2024-11-21 12:48	2018-07-13	表示	GitHub Exploit DB Packet Storm

248915	8.8	HIGH ネットワーク	hdfgroup	hdf5	An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5VM_memcpyvv in H5VM.c.	CWE-125 境界外読み取り	CVE-2018-14035	2024-11-21 12:48	2018-07-13	表示	GitHub Exploit DB Packet Storm

248916	8.8	HIGH ネットワーク	hdfgroup	hdf5	An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5O_pline_reset in H5Opline.c.	CWE-125 境界外読み取り	CVE-2018-14034	2024-11-21 12:48	2018-07-13	表示	GitHub Exploit DB Packet Storm

248917	8.8	HIGH ネットワーク	hdfgroup	hdf5	An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_layout_decode in H5Olayout.c, related to HDmemcpy.	CWE-125 境界外読み取り	CVE-2018-14033	2024-11-21 12:48	2018-07-13	表示	GitHub Exploit DB Packet Storm

248918	8.8	HIGH ネットワーク	hdfgroup	hdf5	An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5T_copy in H5T.c.	CWE-125 境界外読み取り	CVE-2018-14031	2024-11-21 12:48	2018-07-13	表示	GitHub Exploit DB Packet Storm

248919	8.8	HIGH ネットワーク	creatiwity	witycms	CSRF vulnerability in admin/user/edit in Creatiwity wityCMS 0.6.2 allows an attacker to take over a user account, as demonstrated by modifying the account's email field.	CWE-352 同一生成元ポリシー違反	CVE-2018-14029	2024-11-21 12:48	2018-07-13	表示	GitHub Exploit DB Packet Storm

248920	5.5	MEDIUM ローカル	radare	radare2	The r_bin_java_annotation_new function in shlr/java/class.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted .cl…	CWE-125 境界外読み取り	CVE-2018-14017	2024-11-21 12:48	2018-07-13	表示	GitHub Exploit DB Packet Storm

248921	5.5	MEDIUM ローカル	radare	radare2	The r_bin_mdmp_init_directory_entry function in mdmp.c in radare2 2.7.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted Mini Cra…	CWE-125 境界外読み取り	CVE-2018-14016	2024-11-21 12:48	2018-07-13	表示	GitHub Exploit DB Packet Storm

248922	5.5	MEDIUM ローカル	radare	radare2	The sdb_set_internal function in sdb.c in radare2 2.7.0 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted ELF file because of missing input valid…	CWE-119 バッファエラー	CVE-2018-14015	2024-11-21 12:48	2018-07-13	表示	GitHub Exploit DB Packet Storm

248923	8.8	HIGH ネットワーク	super_cms_project	super_cms	In waimai Super Cms 20150505, there is a CSRF vulnerability that can add an admin account via admin.php?m=Member&a=adminadd.	CWE-352 同一生成元ポリシー違反	CVE-2018-14014	2024-11-21 12:48	2018-07-13	表示	GitHub Exploit DB Packet Storm

248924	9.8	CRITICAL ネットワーク	wolfsight	wolfsight_cms	WolfSight CMS 3.2 allows SQL injection via the PATH_INFO to the default URI.	CWE-89 SQLインジェクション	CVE-2018-14012	2024-11-21 12:48	2018-07-13	表示	GitHub Exploit DB Packet Storm

248925	6.5	MEDIUM ネットワーク	gnu	mailman	An issue was discovered in GNU Mailman before 2.1.28. A crafted URL can cause arbitrary text to be displayed on a web page from a trusted site.	CWE-20 不適切な入力確認	CVE-2018-13796	2024-11-21 12:48	2018-07-13	表示	GitHub Exploit DB Packet Storm

248926	9.8	CRITICAL ネットワーク	codiad	codiad	Codiad through 2.8.4 allows Remote Code Execution, a different vulnerability than CVE-2017-11366 and CVE-2017-15689.	CWE-20 不適切な入力確認	CVE-2018-14009	2024-11-21 12:48	2018-07-13	表示	GitHub Exploit DB Packet Storm

248927	7.5	HIGH ネットワーク	ngtoken_project	ngtoken	An integer overflow vulnerability exists in the function multipleTransfer of Neo Genesis Token (NGT), an Ethereum token smart contract. An attacker could use it to set any user's balance.	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2018-14006	2024-11-21 12:48	2018-07-13	表示	GitHub Exploit DB Packet Storm

248928	7.5	HIGH ネットワーク	malaysiancoin_project	malaysiancoin	An integer overflow vulnerability exists in the function transferAny of Malaysia coins (Xmc), an Ethereum token smart contract. An attacker could use it to set any user's balance.	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2018-14005	2024-11-21 12:48	2018-07-13	表示	GitHub Exploit DB Packet Storm

248929	7.5	HIGH ネットワーク	globecoin_project	globecoin	An integer overflow vulnerability exists in the function transfer_tokens_after_ICO of GlobeCoin (GLB), an Ethereum token smart contract. An attacker could use it to set any user's balance.	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2018-14004	2024-11-21 12:48	2018-07-13	表示	GitHub Exploit DB Packet Storm

248930	9.8	CRITICAL ネットワーク	mutt neomutt canonical debian redhat	mutt neomutt ubuntu_linux debian_linux enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server enterprise_linux_server_eus enterprise_linux_server_tus	An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command as…	CWE-78 OSコマンド・インジェクション	CVE-2018-14357	2024-11-21 12:48	2018-07-18	表示	GitHub Exploit DB Packet Storm

248931	9.8	CRITICAL ネットワーク	mutt neomutt canonical debian redhat	mutt neomutt ubuntu_linux debian_linux enterprise_linux_desktop enterprise_linux_workstation enterprise_linux_server enterprise_linux_server_eus enterprise_linux_server_tus	An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote characters, related to the mailboxes command as…	CWE-78 OSコマンド・インジェクション	CVE-2018-14354	2024-11-21 12:48	2018-07-18	表示	GitHub Exploit DB Packet Storm

248932	7.5	HIGH ネットワーク	wmctoken_project	wmctoken	An integer overflow vulnerability exists in the function batchTransfer of WeMediaChain (WMC), an Ethereum token smart contract. An attacker could use it to set any user's balance.	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2018-14003	2024-11-21 12:48	2018-07-13	表示	GitHub Exploit DB Packet Storm

248933	7.5	HIGH ネットワーク	mp3_coin_project	mp3_coin	An integer overflow vulnerability exists in the function distribute of MP3 Coin (MP3), an Ethereum token smart contract. An attacker could use it to set any user's balance.	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2018-14002	2024-11-21 12:48	2018-07-13	表示	GitHub Exploit DB Packet Storm

248934	7.5	HIGH ネットワーク	sharktech_project	sharktech	An integer overflow vulnerability exists in the function batchTransfer of SHARKTECH (SKT), an Ethereum token smart contract. An attacker could use it to set any user's balance.	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2018-14001	2024-11-21 12:48	2018-07-13	表示	GitHub Exploit DB Packet Storm

248935	7.5	HIGH ネットワーク	rocket_coin_project	rocket_coin	An integer overflow vulnerability exists in the function multiTransfer of Rocket Coin (XRC), an Ethereum token smart contract. An attacker could use it to set any user's balance.	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2018-13836	2024-11-21 12:48	2018-07-13	表示	GitHub Exploit DB Packet Storm

248936	7.5	HIGH ネットワーク	userwallet_project	userwallet	An issue was discovered in a smart contract implementation for UserWallet 0x0a7bca9FB7AfF26c6ED8029BB6f0F5D291587c42, an Ethereum token. First, suppose that the owner adds the evil contract address t…	CWE-20 不適切な入力確認	CVE-2018-14085	2024-11-21 12:48	2018-07-16	表示	GitHub Exploit DB Packet Storm

248937	4.8	MEDIUM ネットワーク	catfish-cms	catfish_cms	Catfish CMS v4.7.9 allows XSS via the admin/Index/write.html editorValue parameter (aka an article posted by an administrator).	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-13999	2024-11-21 12:48	2018-07-12	表示	GitHub Exploit DB Packet Storm

248938	4.8	MEDIUM ネットワーク	clippercms	clippercms	ClipperCMS 1.3.3 has stored XSS via the Full Name field of (1) Security -> Manager Users or (2) Security -> Web Users.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-13998	2024-11-21 12:48	2018-07-12	表示	GitHub Exploit DB Packet Storm

248939	7.5	HIGH ネットワーク	codeplea	genann	Genann through 2018-07-08 has a SEGV in genann_run in genann.c.	CWE-119 バッファエラー	CVE-2018-13997	2024-11-21 12:48	2018-07-12	表示	GitHub Exploit DB Packet Storm

248940	9.8	CRITICAL ネットワーク	codeplea	genann	Genann through 2018-07-08 has a stack-based buffer over-read in genann_train in genann.c.	CWE-125 境界外読み取り	CVE-2018-13996	2024-11-21 12:48	2018-07-12	表示	GitHub Exploit DB Packet Storm

248941	8.8	HIGH ネットワーク	arcelikas	grundig_smart_inter\@ctive_firmware	Grundig Smart Inter@ctive TV 3.0 devices allow CSRF attacks via a POST request to TCP port 8085 containing a predictable ID value, as demonstrated by a /sendrcpackage?keyid=-2544&keysymbol=-4081 requ…	CWE-352 同一生成元ポリシー違反	CVE-2018-13989	2024-11-21 12:48	2018-07-12	表示	GitHub Exploit DB Packet Storm

248942	5.4	MEDIUM ネットワーク	rocket.chat	rocket.chat	A reflected XSS issue was discovered in the registration form in Rocket.Chat before 0.66. When one creates an account, the next step will ask for a username. This field will not save HTML control cha…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-13879	2024-11-21 12:48	2018-07-11	表示	GitHub Exploit DB Packet Storm

248943	6.1	MEDIUM ネットワーク	rocket.chat	rocket.chat	An XSS issue was discovered in packages/rocketchat-mentions/Mentions.js in Rocket.Chat before 0.65. The real name of a username is displayed unescaped when the user is mentioned (using the @ symbol) …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-13878	2024-11-21 12:48	2018-07-11	表示	GitHub Exploit DB Packet Storm

248944	9.8	CRITICAL ネットワーク	hdfgroup	hdf5	An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer overflow in the function H5FD_sec2_read in H5FDsec2.c, related to HDread.	CWE-787 境界外書き込み	CVE-2018-13876	2024-11-21 12:48	2018-07-11	表示	GitHub Exploit DB Packet Storm

248945	7.8	HIGH ローカル	hdfgroup	hdf5	An issue was discovered in the HDF HDF5 1.8.20 library. There is an out-of-bounds read in the function H5VM_memcpyvv in H5VM.c.	CWE-125 境界外読み取り	CVE-2018-13875	2024-11-21 12:48	2018-07-11	表示	GitHub Exploit DB Packet Storm

248946	9.8	CRITICAL ネットワーク	hdfgroup	hdf5	An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer overflow in the function H5FD_sec2_read in H5FDsec2.c, related to HDmemset.	CWE-787 境界外書き込み	CVE-2018-13874	2024-11-21 12:48	2018-07-11	表示	GitHub Exploit DB Packet Storm

248947	9.8	CRITICAL ネットワーク	hdfgroup	hdf5	An issue was discovered in the HDF HDF5 1.8.20 library. There is a buffer over-read in H5O_chunk_deserialize in H5Ocache.c.	CWE-125 境界外読み取り	CVE-2018-13873	2024-11-21 12:48	2018-07-11	表示	GitHub Exploit DB Packet Storm

248948	9.8	CRITICAL ネットワーク	hdfgroup	hdf5	An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer overflow in the function H5G_ent_decode in H5Gent.c.	CWE-787 境界外書き込み	CVE-2018-13872	2024-11-21 12:48	2018-07-11	表示	GitHub Exploit DB Packet Storm

248949	9.8	CRITICAL ネットワーク	hdfgroup	hdf5	An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer overflow in the function H5FL_blk_malloc in H5FL.c.	CWE-787 境界外書き込み	CVE-2018-13871	2024-11-21 12:48	2018-07-11	表示	GitHub Exploit DB Packet Storm

248950	9.8	CRITICAL ネットワーク	hdfgroup	hdf5	An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_link_decode in H5Olink.c.	CWE-125 境界外読み取り	CVE-2018-13870	2024-11-21 12:48	2018-07-11	表示	GitHub Exploit DB Packet Storm