NVD脆弱性情報トップ
検索メニュー表示
ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD(National Vulnerability Database)で管理されている脆弱性の一覧を検索することが出来ます。
JVN(Japan Vulnerability Note)より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN(Japan Vulnerability Note)に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

  • CRITICAL
  • HIGH
  • MEDIUM
  • LOW

更新日:2026年6月15日4:10

No CVSS レベル
攻撃区分		 ベンダー名 プロダクト名 タイトル CWE CVE 更新日 公表日 影響表示 Exploit
PoC
検索
249101 7.5 HIGH
ネットワーク 		ctb_project ctb The mintToken function of a smart contract implementation for CTB, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any valu… CWE-190
整数オーバーフローまたはラップアラウンド 		CVE-2018-13077 2024-11-21 12:46 2018-07-3 表示 GitHub Exploit DB Packet Storm
249102 7.5 HIGH
ネットワーク 		betcash_project betcash The mintToken function of a smart contract implementation for Betcash (BC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to… CWE-190
整数オーバーフローまたはラップアラウンド 		CVE-2018-13076 2024-11-21 12:46 2018-07-3 表示 GitHub Exploit DB Packet Storm
249103 7.5 HIGH
ネットワーク 		carbonexchangecointoken_project carbonexchangecointoken The mintToken function of a smart contract implementation for Carbon Exchange Coin Token (CEC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of … CWE-190
整数オーバーフローまたはラップアラウンド 		CVE-2018-13075 2024-11-21 12:46 2018-07-3 表示 GitHub Exploit DB Packet Storm
249104 7.5 HIGH
ネットワーク 		fibtoken_project fibtoken The mintToken function of a smart contract implementation for FIBToken (FIB), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user … CWE-190
整数オーバーフローまたはラップアラウンド 		CVE-2018-13074 2024-11-21 12:46 2018-07-3 表示 GitHub Exploit DB Packet Storm
249105 7.5 HIGH
ネットワーク 		ethereumblack_project ethereumblack The mintToken function of a smart contract implementation for ETHEREUMBLACK (ETCBK), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrar… CWE-190
整数オーバーフローまたはラップアラウンド 		CVE-2018-13073 2024-11-21 12:46 2018-07-3 表示 GitHub Exploit DB Packet Storm
249106 7.5 HIGH
ネットワーク 		coffeecoin_project coffeecoin The mintToken function of a smart contract implementation for Coffeecoin (COFFEE), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary … CWE-190
整数オーバーフローまたはラップアラウンド 		CVE-2018-13072 2024-11-21 12:46 2018-07-3 表示 GitHub Exploit DB Packet Storm
249107 7.5 HIGH
ネットワーク 		ccindextoken_project ccindextoken The mintToken function of a smart contract implementation for CCindex10 (T10), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user… CWE-190
整数オーバーフローまたはラップアラウンド 		CVE-2018-13071 2024-11-21 12:46 2018-07-3 表示 GitHub Exploit DB Packet Storm
249108 7.5 HIGH
ネットワーク 		encryptedtoken_project encryptedtoken The mintToken function of a smart contract implementation for EncryptedToken (ECC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary… CWE-190
整数オーバーフローまたはラップアラウンド 		CVE-2018-13070 2024-11-21 12:46 2018-07-3 表示 GitHub Exploit DB Packet Storm
249109 7.5 HIGH
ネットワーク 		dychain_project dychain The mintToken function of a smart contract implementation for DYchain (DYC), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user t… CWE-190
整数オーバーフローまたはラップアラウンド 		CVE-2018-13069 2024-11-21 12:46 2018-07-3 表示 GitHub Exploit DB Packet Storm
249110 7.5 HIGH
ネットワーク 		azuriontoken_project azuriontoken The mintToken function of a smart contract implementation for AzurionToken (AZU), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary u… CWE-190
整数オーバーフローまたはラップアラウンド 		CVE-2018-13068 2024-11-21 12:46 2018-07-3 表示 GitHub Exploit DB Packet Storm
249111 8.8 HIGH
ネットワーク 		opencart opencart /upload/catalog/controller/account/password.php in OpenCart through 3.0.2.0 has CSRF via the index.php?route=account/password URI to change a user's password. CWE-352
同一生成元ポリシー違反 		CVE-2018-13067 2024-11-21 12:46 2018-07-3 表示 GitHub Exploit DB Packet Storm
249112 7.5 HIGH
ネットワーク 		libming libming There is a memory leak in util/parser.c in libming 0.4.8, which will lead to a denial of service via parseSWF_DEFINEBUTTON2, parseSWF_DEFINEFONT, parseSWF_DEFINEFONTINFO, parseSWF_DEFINELOSSLESS, par… CWE-772
有効なライフタイム後のリソースの解放の欠如 		CVE-2018-13066 2024-11-21 12:46 2018-07-3 表示 GitHub Exploit DB Packet Storm
249113 5.5 MEDIUM
ローカル 		linux
debian
canonical 		linux_kernel
debian_linux
ubuntu_linux 		An issue was discovered in the Linux kernel through 4.17.3. An Integer Overflow in kernel/time/posix-timers.c in the POSIX timer code is caused by the way the overrun accounting works. Depending on i… CWE-190
整数オーバーフローまたはラップアラウンド 		CVE-2018-12896 2024-11-21 12:46 2018-07-3 表示 GitHub Exploit DB Packet Storm
249114 6.5 MEDIUM
ローカル 		xen
debian 		xen
debian_linux 		An issue was discovered in Xen through 4.10.x. One of the fixes in XSA-260 added some safety checks to help prevent Xen livelocking with debug exceptions. Unfortunately, due to an oversight, at least… NVD-CWE-noinfo
CVE-2018-12893 2024-11-21 12:46 2018-07-3 表示 GitHub Exploit DB Packet Storm
249115 9.9 CRITICAL
ネットワーク 		debian
xen 		debian_linux
xen 		An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting up a SCSI disk, due to what was probably an erroneous merge conflict resolution. Maliciou… CWE-200
情報漏えい 		CVE-2018-12892 2024-11-21 12:46 2018-07-3 表示 GitHub Exploit DB Packet Storm
249116 6.5 MEDIUM
ローカル 		debian
xen 		debian_linux
xen 		An issue was discovered in Xen through 4.10.x. Certain PV MMU operations may take a long time to process. For that reason Xen explicitly checks for the need to preempt the current vCPU at certain poi… NVD-CWE-noinfo
CVE-2018-12891 2024-11-21 12:46 2018-07-3 表示 GitHub Exploit DB Packet Storm
249117 7.5 HIGH
ネットワーク 		zzcms zzcms An issue was discovered on zzcms 8.3. There is a vulnerability at /user/del.php that can delete any file by placing its relative path into the zzcms_main table and then making an img add request. Thi… CWE-20
不適切な入力確認 		CVE-2018-13056 2024-11-21 12:46 2018-07-3 表示 GitHub Exploit DB Packet Storm
249118 8.1 HIGH
ネットワーク 		debian
linuxmint 		debian_linux
cinnamon 		An issue was discovered in Cinnamon 1.9.2 through 3.8.6. The cinnamon-settings-users.py GUI runs as root and allows configuration of (for example) other users' icon files in _on_face_browse_menuitem_… CWE-59
リンク解釈の問題 		CVE-2018-13054 2024-11-21 12:46 2018-07-2 表示 GitHub Exploit DB Packet Storm
249119 3.3 LOW
ローカル 		linux
canonical
debian 		linux_kernel
ubuntu_linux
debian_linux 		The alarm_timer_nsleep function in kernel/time/alarmtimer.c in the Linux kernel through 4.17.3 has an integer overflow via a large relative timeout because ktime_add_safe is not used. CWE-190
整数オーバーフローまたはラップアラウンド 		CVE-2018-13053 2024-11-21 12:46 2018-07-2 表示 GitHub Exploit DB Packet Storm
249120 9.8 CRITICAL
ネットワーク 		zohocorp manageengine_applications_manager A SQL Injection vulnerability exists in Zoho ManageEngine Applications Manager 13.x before build 13800 via the j_username parameter in a /j_security_check POST request. CWE-89
SQLインジェクション 		CVE-2018-13050 2024-11-21 12:46 2018-07-2 表示 GitHub Exploit DB Packet Storm
249121 8.8 HIGH
ネットワーク 		glpi-project glpi The constructSQL function in inc/search.class.php in GLPI 9.2.x through 9.3.0 allows SQL Injection, as demonstrated by triggering a crafted LIMIT clause to front/computer.php. CWE-89
SQLインジェクション 		CVE-2018-13049 2024-11-21 12:46 2018-07-2 表示 GitHub Exploit DB Packet Storm
249122 9.8 CRITICAL
ネットワーク 		debian
canonical 		devscripts
ubuntu_linux 		scripts/grep-excuses.pl in Debian devscripts through 2.18.3 allows code execution through unsafe YAML loading because YAML::Syck is used without a configuration that prevents unintended blessing. CWE-94
コード・インジェクション 		CVE-2018-13043 2024-11-21 12:46 2018-07-2 表示 GitHub Exploit DB Packet Storm
249123 7.5 HIGH
ネットワーク 		linktoken_project linktoken The mint function of a smart contract implementation for Link Platform (LNK), an Ethereum ERC20 token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary… CWE-190
整数オーバーフローまたはラップアラウンド 		CVE-2018-13041 2024-11-21 12:46 2018-07-2 表示 GitHub Exploit DB Packet Storm
249124 8.8 HIGH
ネットワーク 		opendesa opensid OpenSID 18.06-pasca has a CSRF vulnerability. This vulnerability can add an account (at the admin level) via the index.php/man_user/insert URI. CWE-352
同一生成元ポリシー違反 		CVE-2018-13040 2024-11-21 12:46 2018-07-2 表示 GitHub Exploit DB Packet Storm
249125 6.1 MEDIUM
ネットワーク 		opendesa opensid OpenSID 18.06-pasca has reflected Cross Site Scripting (XSS) via the cari parameter, aka an index.php/first?cari= URI. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2018-13039 2024-11-21 12:46 2018-07-2 表示 GitHub Exploit DB Packet Storm
249126 9.8 CRITICAL
ネットワーク 		opendesa opensid OpenSID 18.06-pasca has an Unrestricted File Upload vulnerability via an Attachment Document in the article feature. This vulnerability leads to uploading arbitrary PHP code via a .php filename with … CWE-434
危険なタイプのファイルの無制限アップロード 		CVE-2018-13038 2024-11-21 12:46 2018-07-2 表示 GitHub Exploit DB Packet Storm
249127 7.8 HIGH
ローカル 		jpeg-compressor_project jpeg_compressor An issue was discovered in jpeg-compressor 0.1. The bmp_load function in stb_image.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibl… CWE-787
境界外書き込み 		CVE-2018-13037 2024-11-21 12:46 2018-07-2 表示 GitHub Exploit DB Packet Storm
249128 5.5 MEDIUM
ローカル 		gnu
redhat 		binutils
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
openshift_container_platform 		The Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.30, allows remote attackers to cause a denial of service (excessive memory allocation and application crash) vi… CWE-770
制限またはスロットリング無しのリソースの割り当て 		CVE-2018-13033 2024-11-21 12:46 2018-07-2 表示 GitHub Exploit DB Packet Storm
249129 8.8 HIGH
ネットワーク 		ecessa shieldlink_sl175ehq_firmware ECESSA ShieldLink SL175EHQ 10.7.4 devices have CSRF to add superuser accounts via the cgi-bin/pl_web.cgi/util_configlogin_act URI. CWE-352
同一生成元ポリシー違反 		CVE-2018-13032 2024-11-21 12:46 2018-07-2 表示 GitHub Exploit DB Packet Storm
249130 5.3 MEDIUM
ネットワーク 		phpwcms phpwcms phpwcms 1.8.9 allows remote attackers to discover the installation path via an invalid csrf_token_value field. CWE-200
情報漏えい 		CVE-2018-12990 2024-11-21 12:46 2018-06-30 表示 GitHub Exploit DB Packet Storm
249131 7.8 HIGH
ローカル 		jpeg-compressor_project jpeg_compressor An issue was discovered in jpeg-compressor 0.1. The build_huffman function in stb_image.c allows remote attackers to cause a denial of service (stack-based buffer overflow and application crash) or p… CWE-787
境界外書き込み 		CVE-2018-13030 2024-11-21 12:46 2018-06-30 表示 GitHub Exploit DB Packet Storm
249132 9.8 CRITICAL
ネットワーク 		gopro gpmf-parser An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Type. CWE-125
境界外読み取り 		CVE-2018-13026 2024-11-21 12:46 2018-06-30 表示 GitHub Exploit DB Packet Storm
249133 4.9 MEDIUM
ネットワーク 		yxcms yxcms protected/apps/admin/controller/photoController.php in YXcms 1.4.7 allows remote attackers to delete arbitrary files via the index.php?r=admin/photo/delpic picname parameter. CWE-732
重要なリソースに対する不適切なパーミッションの割り当て 		CVE-2018-13025 2024-11-21 12:46 2018-06-30 表示 GitHub Exploit DB Packet Storm
249134 7.2 HIGH
ネットワーク 		metinfo metinfo Metinfo v6.0.0 allows remote attackers to write code into a .php file, and execute that code, via the module parameter to admin/column/save.php in an editor upload action. CWE-434
危険なタイプのファイルの無制限アップロード 		CVE-2018-13024 2024-11-21 12:46 2018-06-30 表示 GitHub Exploit DB Packet Storm
249135 7.2 HIGH
ネットワーク 		hongcms_project hongcms An issue was discovered in HongCMS 3.0.0. There is an Arbitrary Script File Upload issue that can result in PHP code execution via the admin/index.php/template/upload URI. CWE-434
危険なタイプのファイルの無制限アップロード 		CVE-2018-13021 2024-11-21 12:46 2018-06-30 表示 GitHub Exploit DB Packet Storm
249136 7.8 HIGH
ローカル 		safensoft enterprise_suite
tpsecure
syswatch 		Storing password in recoverable format in safensec.com (SysWatch service) in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite befo… CWE-522
認証情報の不十分な保護 		CVE-2018-13014 2024-11-21 12:46 2018-06-30 表示 GitHub Exploit DB Packet Storm
249137 7.8 HIGH
ローカル 		safensoft syswatch
tpsecure
enterprise_suite 		Improper check of unusual conditions when launching msiexec.exe in safensec.com (SysWatch service) in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenS… CWE-754
例外的な状態における不適切なチェック 		CVE-2018-13013 2024-11-21 12:46 2018-06-30 表示 GitHub Exploit DB Packet Storm
249138 8.1 HIGH
ネットワーク 		safensoft softcontrol_enterprise_suite
softcontrol_tpsecure
softcontrol_syswatch 		Download of code with improper integrity check in snsupd.exe and upd.exe in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSoft Enterprise Suite befor… CWE-494
ダウンロードしたコードの完全性検証不備 		CVE-2018-13012 2024-11-21 12:46 2018-06-30 表示 GitHub Exploit DB Packet Storm
249139 9.8 CRITICAL
ネットワーク 		gopro gpmf-parser An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Validate. CWE-125
境界外読み取り 		CVE-2018-13011 2024-11-21 12:46 2018-06-30 表示 GitHub Exploit DB Packet Storm
249140 8.8 HIGH
ネットワーク 		wstmall wstmall WSTMall v1.9.1_170316 has CSRF via the index.php?m=Admin&c=Users&a=edit URI to add a user account. CWE-352
同一生成元ポリシー違反 		CVE-2018-13010 2024-11-21 12:46 2018-06-29 表示 GitHub Exploit DB Packet Storm
249141 9.8 CRITICAL
ネットワーク 		gopro gpmf-parser An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Next, related to certain checks for GPMF_KEY_END and nest_level (conditional… CWE-125
境界外読み取り 		CVE-2018-13009 2024-11-21 12:46 2018-06-29 表示 GitHub Exploit DB Packet Storm
249142 9.8 CRITICAL
ネットワーク 		gopro gpmf-parser An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Next, related to certain checks for a positive nest_level. CWE-125
境界外読み取り 		CVE-2018-13008 2024-11-21 12:46 2018-06-29 表示 GitHub Exploit DB Packet Storm
249143 9.8 CRITICAL
ネットワーク 		gopro gpmf-parser An issue was discovered in gpmf-parser 1.1.2. There is a heap-based buffer over-read in GPMF_parser.c in the function GPMF_Next, related to certain checks for GPMF_KEY_END and nest_level (not conditi… CWE-125
境界外読み取り 		CVE-2018-13007 2024-11-21 12:46 2018-06-29 表示 GitHub Exploit DB Packet Storm
249144 9.8 CRITICAL
ネットワーク 		debian
gpac
canonical 		debian_linux
gpac
ubuntu_linux 		An issue was discovered in MP4Box in GPAC 0.7.1. There is a heap-based buffer over-read in the isomedia/box_dump.c function hdlr_dump. CWE-125
境界外読み取り 		CVE-2018-13006 2024-11-21 12:46 2018-06-29 表示 GitHub Exploit DB Packet Storm
249145 9.8 CRITICAL
ネットワーク 		debian
gpac
canonical 		debian_linux
gpac
ubuntu_linux 		An issue was discovered in MP4Box in GPAC 0.7.1. The function urn_Read in isomedia/box_code_base.c has a heap-based buffer over-read. CWE-125
境界外読み取り 		CVE-2018-13005 2024-11-21 12:46 2018-06-29 表示 GitHub Exploit DB Packet Storm
249146 6.1 MEDIUM
ネットワーク 		opentsdb opentsdb An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'type' to the /suggest URI. CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2018-13003 2024-11-21 12:46 2018-06-29 表示 GitHub Exploit DB Packet Storm
249147 6.1 MEDIUM
ネットワーク 		sandoba cp\ An XSS issue was discovered in Sandoba CP:Shop v2016.1. The vulnerability is located in the `admin.php` file of the `./cpshop/` module. Remote attackers are able to inject their own script codes to t… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2018-13001 2024-11-21 12:46 2018-06-29 表示 GitHub Exploit DB Packet Storm
249148 7.5 HIGH
ネットワーク 		zohocorp manageengine_desktop_central Incorrect Access Control in AgentTrayIconServlet in Zoho ManageEngine Desktop Central 10.0.255 allows attackers to delete certain files on the web server without login by sending a specially crafted … CWE-20
不適切な入力確認 		CVE-2018-12999 2024-11-21 12:46 2018-06-29 表示 GitHub Exploit DB Packet Storm
249149 6.1 MEDIUM
ネットワーク 		zohocorp manageengine_applications_manager A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager before 13 (Build 13800) allows remote attackers to inject arbitrary web script or HTML via the parameter… CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2018-12996 2024-11-21 12:46 2018-06-29 表示 GitHub Exploit DB Packet Storm
249150 4.8 MEDIUM
ネットワーク 		weblication cms_core_\&_grid An XSS issue was discovered in Inhaltsprojekte in Weblication CMS Core & Grid v12.6.24. The vulnerability is located in the `wFilemanager.php` and `index.php` files of the `/grid5/scripts/` modules. … CWE-79
クロスサイト・スクリプティング(XSS) 		CVE-2018-13002 2024-11-21 12:46 2018-06-29 表示 GitHub Exploit DB Packet Storm