NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2026年6月18日4:00

No CVSS レベル
攻撃区分		 ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
248951 9.8 CRITICAL
ネットワーク 		hdfgroup hdf5 An issue was discovered in the HDF HDF5 1.8.20 library. There is a memcpy parameter overlap in the function H5O_link_decode in H5Olink.c. CWE-119
バッファエラー 		CVE-2018-13869 2024-11-21 12:48 2018-07-11 表示 GitHub Exploit DB Packet Storm
248952 9.8 CRITICAL
ネットワーク 		hdfgroup hdf5 An issue was discovered in the HDF HDF5 1.8.20 library. There is a heap-based buffer over-read in the function H5O_fill_old_decode in H5Ofill.c. CWE-125
境界外読み取り 		CVE-2018-13868 2024-11-21 12:48 2018-07-11 表示 GitHub Exploit DB Packet Storm
248953 9.8 CRITICAL
ネットワーク 		hdfgroup hdf5 An issue was discovered in the HDF HDF5 1.8.20 library. There is an out of bounds read in the function H5F__accum_read in H5Faccum.c. CWE-125
境界外読み取り 		CVE-2018-13867 2024-11-21 12:48 2018-07-11 表示 GitHub Exploit DB Packet Storm
248954 9.8 CRITICAL
ネットワーク 		hdfgroup hdf5 An issue was discovered in the HDF HDF5 1.8.20 library. There is a stack-based buffer over-read in the function H5F_addr_decode_len in H5Fint.c. CWE-125
境界外読み取り 		CVE-2018-13866 2024-11-21 12:48 2018-07-11 表示 GitHub Exploit DB Packet Storm
248955 6.1 MEDIUM
ネットワーク 		idreamsoft icms An issue was discovered in idreamsoft iCMS 7.0.9. XSS exists via the callback parameter in a public/api.php uploadpic request, bypassing the iWAF protection mechanism. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2018-13865 2024-11-21 12:48 2018-07-11 表示 GitHub Exploit DB Packet Storm
248956 7.5 HIGH
ネットワーク 		mongodb js-bson The MongoDB bson JavaScript module (also known as js-bson) versions 0.5.0 to 1.0.x before 1.0.5 is vulnerable to a Regular Expression Denial of Service (ReDoS) in lib/bson/decimal128.js. The flaw is … NVD-CWE-noinfo
CVE-2018-13863 2024-11-21 12:48 2018-07-11 表示 GitHub Exploit DB Packet Storm
248957 9.8 CRITICAL
ネットワーク 		icanstudioz firebase_push_notification_on_ios_\/_fcm_\+_advance_admin_panel The "Firebase Cloud Messaging (FCM) + Advance Admin Panel" component supporting Firebase Push Notification on iOS (through 2017-10-26) allows SQL injection via the /advance_push/public/login username… CWE-89
SQLインジェクション 		CVE-2018-13850 2024-11-21 12:48 2018-07-11 表示 GitHub Exploit DB Packet Storm
248958 6.1 MEDIUM
ネットワーク 		instagram-clone_project instagram-clone edit_requests.php in yTakkar Instagram-clone through 2018-04-23 has XSS via an onmouseover payload because of an inadequate XSS protection mechanism based on preg_replace. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2018-13849 2024-11-21 12:48 2018-07-11 表示 GitHub Exploit DB Packet Storm
248959 7.5 HIGH
ネットワーク 		axiosys bento4 An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StszAtom::GetSampleSize in Core/Ap4StszAtom.cpp. CWE-119
バッファエラー 		CVE-2018-13848 2024-11-21 12:48 2018-07-11 表示 GitHub Exploit DB Packet Storm
248960 7.5 HIGH
ネットワーク 		axiosys bento4 An issue has been found in Bento4 1.5.1-624. It is a SEGV in AP4_StcoAtom::AdjustChunkOffsets in Core/Ap4StcoAtom.cpp. CWE-119
バッファエラー 		CVE-2018-13847 2024-11-21 12:48 2018-07-11 表示 GitHub Exploit DB Packet Storm
248961 9.8 CRITICAL
ネットワーク 		axiosys bento4 An issue has been found in Bento4 1.5.1-624. AP4_Mpeg2TsVideoSampleStream::WriteSample in Core/Ap4Mpeg2Ts.cpp has a heap-based buffer over-read after a call from Mp42Ts.cpp, a related issue to CVE-20… CWE-125
境界外読み取り 		CVE-2018-13846 2024-11-21 12:48 2018-07-11 表示 GitHub Exploit DB Packet Storm
248962 9.8 CRITICAL
ネットワーク 		htslib htslib An issue has been found in HTSlib 1.8. It is a buffer over-read in sam_parse1 in sam.c. CWE-125
境界外読み取り 		CVE-2018-13845 2024-11-21 12:48 2018-07-11 表示 GitHub Exploit DB Packet Storm
248963 7.5 HIGH
ネットワーク 		htslib htslib An issue has been found in HTSlib 1.8. It is a memory leak in fai_read in faidx.c. NOTE: This has been disputed with the assertion that this vulnerability exists in the test harness and HTSlib users … CWE-401
有効期限後のメモリの解放の欠如 		CVE-2018-13844 2024-11-21 12:48 2018-07-11 表示 GitHub Exploit DB Packet Storm
248964 7.5 HIGH
ネットワーク 		htslib htslib An issue has been found in HTSlib 1.8. It is a memory leak in bgzf_getline in bgzf.c. NOTE: the software maintainer's position is that the "failure to free memory" can be fixed in applications that u… CWE-772
有効なライフタイム後のリソースの解放の欠如 		CVE-2018-13843 2024-11-21 12:48 2018-07-11 表示 GitHub Exploit DB Packet Storm
248965 7.8 HIGH
ローカル 		cmft_project cmft An issue was discovered in cmft through 2017-09-24. The cmft::rwReadFile function in image.cpp allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash)… CWE-787
境界外書き込み 		CVE-2018-13833 2024-11-21 12:48 2018-07-11 表示 GitHub Exploit DB Packet Storm
248966 9.8 CRITICAL
ネットワーク 		symfony twig Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the res… CWE-94
コード・インジェクション 		CVE-2018-13818 2024-11-21 12:48 2018-07-10 表示 GitHub Exploit DB Packet Storm
248967 9.8 CRITICAL
ネットワーク 		node-macaddress_project node-macaddress The macaddress module before 0.2.9 for Node.js is prone to an arbitrary command injection flaw, due to allowing unsanitized input to an exec (rather than execFile) call. CWE-78
OSコマンド・インジェクション 		CVE-2018-13797 2024-11-21 12:48 2018-07-10 表示 GitHub Exploit DB Packet Storm
248968 7.5 HIGH
ネットワーク 		creolabs gravity Gravity before 0.5.1 does not support a maximum recursion depth. CWE-20
不適切な入力確認 		CVE-2018-13795 2024-11-21 12:48 2018-07-10 表示 GitHub Exploit DB Packet Storm
248969 9.8 CRITICAL
ネットワーク 		catimg_project catimg A heap-based buffer overflow exists in stbi__bmp_load_cont in stb_image.h in catimg 2.4.0. CWE-787
境界外書き込み 		CVE-2018-13794 2024-11-21 12:48 2018-07-10 表示 GitHub Exploit DB Packet Storm
248970 8.8 HIGH
ネットワーク 		abbyy flexicapture Multiple Cross Site Request Forgery (CSRF) vulnerabilities in the HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 exist in Web Verification, Web Scanning, Web Capture, Monitoring and Admi… CWE-352
同一生成元ポリシー違反 		CVE-2018-13793 2024-11-21 12:48 2018-07-10 表示 GitHub Exploit DB Packet Storm
248971 9.8 CRITICAL
ネットワーク 		abbyy flexicapture The HTTP API in ABBYY FlexiCapture before 12 Release 1 Update 7 allows an attacker to conduct Access Control attacks via the /FlexiCapture12/Login/Server/SevaUserProfile FlexiCaptureTmsSts2 parameter. CWE-732
重要なリソースに対する不適切なパーミッションの割り当て 		CVE-2018-13791 2024-11-21 12:48 2018-07-10 表示 GitHub Exploit DB Packet Storm
248972 7.2 HIGH
ネットワーク 		concretecms concrete_cms A Server Side Request Forgery (SSRF) vulnerability in tools/files/importers/remote.php in concrete5 8.2.0 can lead to attacks on the local network and mapping of the internal network, because of URL … CWE-918
サーバサイドリクエストフォージェリ 		CVE-2018-13790 2024-11-21 12:48 2018-07-10 表示 GitHub Exploit DB Packet Storm
248973 8.8 HIGH
ネットワーク 		solarwinds network_performance_monitor SolarWinds Network Performance Monitor 12.3 allows SQL Injection via the /api/ActiveAlertsOnThisEntity/GetActiveAlerts TriggeringObjectEntityNames parameter. CWE-89
SQLインジェクション 		CVE-2018-13442 2024-11-21 12:47 2019-07-17 表示 GitHub Exploit DB Packet Storm
248974 8.8 HIGH
ネットワーク 		block jit-wasm EOS.IO jit-wasm 4.1 has a heap-based buffer overflow via a crafted wast file. CWE-787
境界外書き込み 		CVE-2018-13443 2024-11-21 12:47 2019-04-25 表示 GitHub Exploit DB Packet Storm
248975 5.4 MEDIUM
ネットワーク 		atlassian jira
jira_server 		The two-dimensional filter statistics gadget in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.12.4, and from version 7.13.0 before version 7.13.1 allows remote attackers t… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2018-13403 2024-11-21 12:47 2019-02-14 表示 GitHub Exploit DB Packet Storm
248976 4.1 MEDIUM
ネットワーク 		atlassian jira
jira_server 		The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9… CWE-918
サーバサイドリクエストフォージェリ 		CVE-2018-13404 2024-11-21 12:47 2019-02-14 表示 GitHub Exploit DB Packet Storm
248977 8.8 HIGH
ネットワーク 		terra-master terramaster_operating_system System command injection in ajaxdata.php in TerraMaster TOS 3.1.03 allows attackers to execute system commands via the "newname" parameter. CWE-78
OSコマンド・インジェクション 		CVE-2018-13418 2024-11-21 12:47 2018-11-28 表示 GitHub Exploit DB Packet Storm
248978 8.8 HIGH
ネットワーク 		atlassian sourcetree There was an argument injection vulnerability in Sourcetree for Windows from version 0.5.1.0 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to com… NVD-CWE-noinfo
CVE-2018-13397 2024-11-21 12:47 2018-11-6 表示 GitHub Exploit DB Packet Storm
248979 8.8 HIGH
ネットワーク 		atlassian sourcetree There was an argument injection vulnerability in Sourcetree for macOS from version 1.0b2 before version 3.0.0 via Git subrepositories in Mercurial repositories. An attacker with permission to commit … NVD-CWE-noinfo
CVE-2018-13396 2024-11-21 12:47 2018-11-6 表示 GitHub Exploit DB Packet Storm
248980 6.1 MEDIUM
ネットワーク 		atlassian jira
jira_server 		Many resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 b… CWE-601
オープンリダイレクト 		CVE-2018-13402 2024-11-21 12:47 2018-10-23 表示 GitHub Exploit DB Packet Storm
248981 6.1 MEDIUM
ネットワーク 		atlassian jira
jira_server 		The XsrfErrorAction resource in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from ve… CWE-601
オープンリダイレクト 		CVE-2018-13401 2024-11-21 12:47 2018-10-23 表示 GitHub Exploit DB Packet Storm
248982 4.7 MEDIUM
ネットワーク 		atlassian jira
jira_server 		Several administrative resources in Atlassian Jira before version 7.6.9, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, fro… CWE-269
不適切な権限管理 		CVE-2018-13400 2024-11-21 12:47 2018-10-23 表示 GitHub Exploit DB Packet Storm
248983 7.8 HIGH
ローカル 		atlassian fisheye
crucible 		The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory. CWE-732
重要なリソースに対する不適切なパーミッションの割り当て 		CVE-2018-13399 2024-11-21 12:47 2018-10-16 表示 GitHub Exploit DB Packet Storm
248984 6.5 MEDIUM
ネットワーク 		atlassian fisheye
crucible 		The administrative smart-commits resource in Atlassian Fisheye and Crucible before version 4.5.4 allows remote attackers to modify smart-commit settings via a Cross-site request forgery (CSRF) vulner… CWE-352
同一生成元ポリシー違反 		CVE-2018-13398 2024-11-21 12:47 2018-09-18 表示 GitHub Exploit DB Packet Storm
248985 7.8 HIGH
ローカル 		zohocorp manageengine_desktop_central An issue was discovered in the Self Service Portal in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. I… CWE-732
重要なリソースに対する不適切なパーミッションの割り当て 		CVE-2018-13412 2024-11-21 12:47 2018-09-13 表示 GitHub Exploit DB Packet Storm
248986 8.8 HIGH
ネットワーク 		zohocorp manageengine_desktop_central An issue was discovered in Zoho ManageEngine Desktop Central before 10.0.282. A clickable company logo in a window running as SYSTEM can be abused to escalate privileges. In cloud, the issue is fixed… CWE-732
重要なリソースに対する不適切なパーミッションの割り当て 		CVE-2018-13411 2024-11-21 12:47 2018-09-13 表示 GitHub Exploit DB Packet Storm
248987 6.1 MEDIUM
ネットワーク 		atlassian jira
jira_server 		Various resources in Atlassian Jira before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2018-13395 2024-11-21 12:47 2018-08-28 表示 GitHub Exploit DB Packet Storm
248988 5.3 MEDIUM
ネットワーク 		atlassian jira
jira_server 		The ProfileLinkUserFormat component of Jira Server before version 7.6.8, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, fro… CWE-200
情報漏えい 		CVE-2018-13391 2024-11-21 12:47 2018-08-28 表示 GitHub Exploit DB Packet Storm
248989 7.0 HIGH
ローカル 		linecorp line An issue was discovered in the LINE jp.naver.line application 8.8.1 for Android. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method's return value… CWE-287
不適切な認証 		CVE-2018-13446 2024-11-21 12:47 2018-08-17 表示 GitHub Exploit DB Packet Storm
248990 7.0 HIGH
ローカル 		linecorp line An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The Passcode feature allows authentication bypass via runtime manipulation that forces a certain method to disable passcod… CWE-287
不適切な認証 		CVE-2018-13435 2024-11-21 12:47 2018-08-17 表示 GitHub Exploit DB Packet Storm
248991 6.3 MEDIUM
物理 		linecorp line An issue was discovered in the LINE jp.naver.line application 8.8.0 for iOS. The LAContext class for Biometric (TouchID) validation allows authentication bypass by overriding the LAContext return Boo… CWE-287
不適切な認証 		CVE-2018-13434 2024-11-21 12:47 2018-08-17 表示 GitHub Exploit DB Packet Storm
248992 6.5 MEDIUM
ネットワーク 		atlassian questions_for_confluence The acceptAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, allows remote… CWE-352
同一生成元ポリシー違反 		CVE-2018-13394 2024-11-21 12:47 2018-08-15 表示 GitHub Exploit DB Packet Storm
248993 6.5 MEDIUM
ネットワーク 		atlassian questions_for_confluence The convertCommentToAnswer resource in Atlassian Confluence Questions before version 2.6.6, the bundled version of Confluence Questions was updated to a fixed version in Confluence version 6.9.0, all… CWE-352
同一生成元ポリシー違反 		CVE-2018-13393 2024-11-21 12:47 2018-08-15 表示 GitHub Exploit DB Packet Storm
248994 9.8 CRITICAL
ネットワーク 		vuze bittorrent_client In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this v… CWE-611
XML 外部エンティティ参照の不適切な制限 		CVE-2018-13417 2024-11-21 12:47 2018-08-14 表示 GitHub Exploit DB Packet Storm
248995 9.8 CRITICAL
ネットワーク 		plex media_server In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vu… CWE-611
XML 外部エンティティ参照の不適切な制限 		CVE-2018-13415 2024-11-21 12:47 2018-08-14 表示 GitHub Exploit DB Packet Storm
248996 6.1 MEDIUM
ネットワーク 		atlassian fisheye
crucible 		Several resources in Atlassian Fisheye and Crucible before version 4.6.0 allow remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in linked issue k… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2018-13392 2024-11-21 12:47 2018-08-13 表示 GitHub Exploit DB Packet Storm
248997 6.1 MEDIUM
隣接 		atlassian cloudtoken Unauthenticated access to cloudtoken daemon on Linux via network from version 0.1.1 before version 0.1.24 allows attackers on the same subnet to gain temporary AWS credentials for the users' roles. NVD-CWE-noinfo
CVE-2018-13390 2024-11-21 12:47 2018-08-11 表示 GitHub Exploit DB Packet Storm
248998 9.8 CRITICAL
ネットワーク 		spirton universal_media_server In Universal Media Server (UMS) 7.1.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use th… CWE-611
XML 外部エンティティ参照の不適切な制限 		CVE-2018-13416 2024-11-21 12:47 2018-08-4 表示 GitHub Exploit DB Packet Storm
248999 8.1 HIGH
ネットワーク 		atlassian sourcetree There was an argument injection vulnerability in Sourcetree for Windows via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree f… CWE-88
引数の挿入または変更 		CVE-2018-13386 2024-11-21 12:47 2018-07-24 表示 GitHub Exploit DB Packet Storm
249000 9.8 CRITICAL
ネットワーク 		atlassian sourcetree There was an argument injection vulnerability in Sourcetree for macOS via filenames in Mercurial repositories. An attacker with permission to commit to a Mercurial repository linked in Sourcetree for… CWE-88
引数の挿入または変更 		CVE-2018-13385 2024-11-21 12:47 2018-07-24 表示 GitHub Exploit DB Packet Storm