NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月15日4:10

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
249151	4.8	MEDIUM ネットワーク	anelectron	advanced_electron_forum	An XSS issue was discovered in Advanced Electron Forum (AEF) v1.0.9. A persistent XSS vulnerability is located in the `FTP Link` element of the `Private Message` module. The editor of the private mes…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-13000	2024-11-21 12:46	2018-06-29	表示	GitHub Exploit DB Packet Storm

249152	6.1	MEDIUM ネットワーク	zohocorp	manageengine_netflow_analyzer firewall_analyzer manageengine_opmanager manageengine_oputils manageengine_network_configuration_manager	A reflected Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUti…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-12998	2024-11-21 12:46	2018-06-29	表示	GitHub Exploit DB Packet Storm

249153	7.5	HIGH ネットワーク	zohocorp	manageengine_netflow_analyzer firewall_analyzer manageengine_opmanager manageengine_oputils manageengine_network_configuration_manager	Incorrect Access Control in FailOverHelperServlet in Zoho ManageEngine Netflow Analyzer before build 123137, Network Configuration Manager before build 123128, OpManager before build 123148, OpUtils …	CWE-200 情報漏えい	CVE-2018-12997	2024-11-21 12:46	2018-06-29	表示	GitHub Exploit DB Packet Storm

249154	8.8	HIGH ネットワーク	onefilecms	onefilecms	onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the Upload screen.	CWE-94 コード・インジェクション	CVE-2018-12995	2024-11-21 12:46	2018-06-29	表示	GitHub Exploit DB Packet Storm

249155	8.8	HIGH ネットワーク	onefilecms	onefilecms	onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to execute arbitrary PHP code via a .php filename on the New File screen.	CWE-94 コード・インジェクション	CVE-2018-12994	2024-11-21 12:46	2018-06-29	表示	GitHub Exploit DB Packet Storm

249156	9.8	CRITICAL ネットワーク	onefilecms	onefilecms	onefilecms.php in OneFileCMS through 2012-04-14 might allow attackers to conduct brute-force attacks via the onefilecms_username and onefilecms_password fields.	CWE-307 過度な認証試行の不適切な制限	CVE-2018-12993	2024-11-21 12:46	2018-06-29	表示	GitHub Exploit DB Packet Storm

249157	4.8	MEDIUM ネットワーク	maelostore_project	maelostore	An issue was discovered CMS MaeloStore V.1.5.0. There is stored XSS in the Telephone field of the admin interface.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-12992	2024-11-21 12:46	2018-06-29	表示	GitHub Exploit DB Packet Storm

249158	7.5	HIGH ネットワーク	greencms	greencms	GreenCMS 2.3.0603 has an arbitrary file download vulnerability via an index.php?m=admin&c=media&a=downfile URI.	CWE-20 不適切な入力確認	CVE-2018-12988	2024-11-21 12:46	2018-06-29	表示	GitHub Exploit DB Packet Storm

249159	9.8	CRITICAL ネットワーク	hycus_cms_project	hycus_cms	Hycus CMS 1.0.4 allows Authentication Bypass via "'=' 'OR'" credentials.	CWE-287 不適切な認証	CVE-2018-12984	2024-11-21 12:46	2018-06-29	表示	GitHub Exploit DB Packet Storm

249160	7.8	HIGH ローカル	podofo_project	podofo	A stack-based buffer over-read in the PdfEncryptMD5Base::ComputeEncryptionKey() function in PdfEncrypt.cpp in PoDoFo 0.9.6-rc1 could be leveraged by remote attackers to cause a denial-of-service via …	CWE-125 境界外読み取り	CVE-2018-12983	2024-11-21 12:46	2018-06-29	表示	GitHub Exploit DB Packet Storm

249161	5.5	MEDIUM ローカル	podofo_project	podofo	Invalid memory read in the PoDoFo::PdfVariant::DelayedLoad() function in PdfVariant.h in PoDoFo 0.9.6-rc1 allows remote attackers to have denial-of-service impact via a crafted file.	CWE-119 バッファエラー	CVE-2018-12982	2024-11-21 12:46	2018-06-29	表示	GitHub Exploit DB Packet Storm

249162	6.1	MEDIUM ネットワーク	opentsdb	opentsdb	An issue was discovered in OpenTSDB 2.3.0. There is XSS in parameter 'json' to the /q URI.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-12973	2024-11-21 12:46	2018-06-29	表示	GitHub Exploit DB Packet Storm

249163	9.8	CRITICAL ネットワーク	opentsdb	opentsdb	An issue was discovered in OpenTSDB 2.3.0. Many parameters to the /q URI can execute commands, including o, key, style, and yrange and y2range and their JSON input.	CWE-78 OSコマンド・インジェクション	CVE-2018-12972	2024-11-21 12:46	2018-06-29	表示	GitHub Exploit DB Packet Storm

249164	6.5	MEDIUM ネットワーク	easycms	easycms	EasyCMS 1.3 has CSRF via the index.php?s=/admin/user/delAll URI to delete users.	CWE-352 同一生成元ポリシー違反	CVE-2018-12971	2024-11-21 12:46	2018-06-29	表示	GitHub Exploit DB Packet Storm

249165	7.5	HIGH ネットワーク	gnu	binutils	remember_Ktype in cplus-dem.c in GNU libiberty, as distributed in GNU Binutils 2.30, allows attackers to trigger excessive memory consumption (aka OOM). This can occur during execution of cxxfilt.	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2018-12934	2024-11-21 12:46	2018-06-28	表示	GitHub Exploit DB Packet Storm

249166	9.8	CRITICAL ネットワーク	winehq	wine	PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact because the attacker controls the pCre…	CWE-787 境界外書き込み	CVE-2018-12933	2024-11-21 12:46	2018-06-28	表示	GitHub Exploit DB Packet Storm

249167	9.8	CRITICAL ネットワーク	winehq	wine	PlayEnhMetaFileRecord in enhmetafile.c in Wine 3.7 allows attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact by triggering a large pAlphaBle…	CWE-787 境界外書き込み	CVE-2018-12932	2024-11-21 12:46	2018-06-28	表示	GitHub Exploit DB Packet Storm

249168	7.8	HIGH ローカル	linux canonical	linux_kernel ubuntu_linux	ntfs_attr_find in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or panic) or possib…	CWE-787 境界外書き込み	CVE-2018-12931	2024-11-21 12:46	2018-06-28	表示	GitHub Exploit DB Packet Storm

249169	7.8	HIGH ローカル	linux canonical	linux_kernel ubuntu_linux	ntfs_end_buffer_async_read in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a stack-based out-of-bounds write and cause a denial of service (kernel oops or pani…	CWE-787 境界外書き込み	CVE-2018-12930	2024-11-21 12:46	2018-06-28	表示	GitHub Exploit DB Packet Storm

249170	5.5	MEDIUM ローカル	linux canonical	linux_kernel ubuntu_linux	ntfs_read_locked_inode in the ntfs.ko filesystem driver in the Linux kernel 4.15.0 allows attackers to trigger a use-after-free read and possibly cause a denial of service (kernel oops or panic) via …	CWE-416 解放済みメモリの使用	CVE-2018-12929	2024-11-21 12:46	2018-06-28	表示	GitHub Exploit DB Packet Storm

249171	5.5	MEDIUM ローカル	linux canonical	linux_kernel ubuntu_linux	In the Linux kernel 4.15.0, a NULL pointer dereference was discovered in hfs_ext_read_extent in hfs.ko. This can occur during a mount of a crafted hfs filesystem.	CWE-476 NULL ポインタデリファレンス	CVE-2018-12928	2024-11-21 12:46	2018-06-28	表示	GitHub Exploit DB Packet Storm

249172	7.5	HIGH ネットワーク	northernnep	northern_electric_\&_power_inverter_firmware	Northern Electric & Power (NEP) inverter devices allow remote attackers to obtain potentially sensitive information via a direct request for the nep/status/index/1 URI.	CWE-200 情報漏えい	CVE-2018-12927	2024-11-21 12:46	2018-06-28	表示	GitHub Exploit DB Packet Storm

249173	7.5	HIGH ネットワーク	pharoscontrols	pharos_firmware	Pharos Controls devices allow remote attackers to obtain potentially sensitive information via a direct request for the default/index.lsp or default/log.lsp URI.	CWE-200 情報漏えい	CVE-2018-12926	2024-11-21 12:46	2018-06-28	表示	GitHub Exploit DB Packet Storm

249174	9.8	CRITICAL ネットワーク	lantronix	mss_firmware	Baseon Lantronix MSS devices do not require a password for TELNET access.	CWE-521 脆弱なパスワードポリシー	CVE-2018-12925	2024-11-21 12:46	2018-06-28	表示	GitHub Exploit DB Packet Storm

249175	9.8	CRITICAL ネットワーク	eztcp	cie-h10_firmware cie-h12_firmware cie-h14_firmware cse-m53n_firmware cse-m32_firmware cse-m24_firmware cse-m73_firmware cse-b63n2_firmware	Sollae Serial-Ethernet-Module and Remote-I/O-Device-Server devices have a default password of sollae for the TELNET service.	CWE-798 ハードコードされた認証情報の使用	CVE-2018-12924	2024-11-21 12:46	2018-06-28	表示	GitHub Exploit DB Packet Storm

249176	7.5	HIGH ネットワーク	bwssystems	ha_bridge	BWS Systems HA-Bridge devices allow remote attackers to obtain potentially sensitive information via a direct request for the #!/system URI.	CWE-200 情報漏えい	CVE-2018-12923	2024-11-21 12:46	2018-06-28	表示	GitHub Exploit DB Packet Storm

249177	7.5	HIGH ネットワーク	vertiv	liebert_intellislot_firmware	Emerson Liebert IntelliSlot Web Card devices allow remote attackers to reconfigure access control via the config/configUser.htm or config/configTelnet.htm URI.	CWE-732 重要なリソースに対する不適切なパーミッションの割り当て	CVE-2018-12922	2024-11-21 12:46	2018-06-28	表示	GitHub Exploit DB Packet Storm

249178	7.5	HIGH ネットワーク	electroind	gaugetech_nexus_firmware	Electro Industries GaugeTech Nexus devices allow remote attackers to obtain potentially sensitive information via a direct request for the meter_information.htm, diag_system.htm, or diag_dnp_lan_wan.…	CWE-200 情報漏えい	CVE-2018-12921	2024-11-21 12:46	2018-06-28	表示	GitHub Exploit DB Packet Storm

249179	7.5	HIGH ネットワーク	flir	brickstream_2300_firmware	Brickstream 2300 devices allow remote attackers to obtain potentially sensitive information via a direct request for the basic.html#ipsettings or basic.html#datadelivery URI.	CWE-200 情報漏えい	CVE-2018-12920	2024-11-21 12:46	2018-06-28	表示	GitHub Exploit DB Packet Storm

249180	6.1	MEDIUM ネットワーク	craftedweb_project	craftedweb	In CraftedWeb through 2013-09-24, aasp_includes/pages/notice.php allows XSS via the e parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-12919	2024-11-21 12:46	2018-06-28	表示	GitHub Exploit DB Packet Storm

249181	9.8	CRITICAL ネットワーク	pbc_project	pbc	In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcB_register_fields in bootstrap.c.	CWE-119 バッファエラー	CVE-2018-12918	2024-11-21 12:46	2018-06-28	表示	GitHub Exploit DB Packet Storm

249182	9.8	CRITICAL ネットワーク	pbc_project	pbc	In libpbc.a in PBC through 2017-03-02, there is a heap-based buffer over-read in _pbcM_ip_new in map.c.	CWE-125 境界外読み取り	CVE-2018-12917	2024-11-21 12:46	2018-06-28	表示	GitHub Exploit DB Packet Storm

249183	9.8	CRITICAL ネットワーク	pbc_project	pbc	In libpbc.a in PBC through 2017-03-02, there is a Segmentation fault in _pbcP_message_default in proto.c.	CWE-119 バッファエラー	CVE-2018-12916	2024-11-21 12:46	2018-06-28	表示	GitHub Exploit DB Packet Storm

249184	9.8	CRITICAL ネットワーク	pbc_project	pbc	In libpbc.a in PBC through 2017-03-02, there is a buffer over-read in calc_hash in map.c.	CWE-125 境界外読み取り	CVE-2018-12915	2024-11-21 12:46	2018-06-28	表示	GitHub Exploit DB Packet Storm

249185	9.8	CRITICAL ネットワーク	publiccms	publiccms	A remote code execution issue was discovered in PublicCMS V4.0.20180210. An attacker can upload a ZIP archive that contains a .jsp file with a directory traversal pathname. After an unzip operation, …	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2018-12914	2024-11-21 12:46	2018-06-28	表示	GitHub Exploit DB Packet Storm

249186	7.5	HIGH ネットワーク	miniz_project	miniz	In Miniz 2.0.7, tinfl_decompress in miniz_tinfl.c has an infinite loop because sym2 and counter can both remain equal to zero.	CWE-835 無限ループ	CVE-2018-12913	2024-11-21 12:46	2018-06-28	表示	GitHub Exploit DB Packet Storm

249187	7.2	HIGH ネットワーク	hongcms_project	hongcms	An issue wan discovered in admin\controllers\database.php in HongCMS 3.0.0. There is a SQL Injection vulnerability via an admin/index.php/database/operate?dbaction=emptytable&tablename= URI.	CWE-89 SQLインジェクション	CVE-2018-12912	2024-11-21 12:46	2018-06-28	表示	GitHub Exploit DB Packet Storm

249188	7.5	HIGH ネットワーク	webgrind_project	webgrind	Webgrind 1.5 relies on user input to display a file, which lets anyone view files from the local filesystem (that the webserver user has access to) via an index.php?op=fileviewer&file= URI. NOTE: the…	CWE-22 パス・トラバーサル	CVE-2018-12909	2024-11-21 12:46	2018-06-28	表示	GitHub Exploit DB Packet Storm

249189	9.8	CRITICAL ネットワーク	brynamics	brynamics	Brynamics "Online Trade - Online trading and cryptocurrency investment system" allows remote attackers to obtain sensitive information via a direct request for the /dashboard/deposit URI, as demonstr…	CWE-200 情報漏えい	CVE-2018-12908	2024-11-21 12:46	2018-06-28	表示	GitHub Exploit DB Packet Storm

249190	7.5	HIGH ネットワーク	rclone	rclone	In Rclone 1.42, use of "rclone sync" to migrate data between two Google Cloud Storage buckets might allow attackers to trigger the transmission of any URL's content to Google, because there is no val…	CWE-200 情報漏えい	CVE-2018-12907	2024-11-21 12:46	2018-06-27	表示	GitHub Exploit DB Packet Storm

249191	6.1	MEDIUM ネットワーク	joyplus-cms_project	joyplus-cms	joyplus-cms 1.6.0 has XSS in admin_player.php, related to manager/index.php "system manage" and "add" actions.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-12905	2024-11-21 12:46	2018-06-27	表示	GitHub Exploit DB Packet Storm

249192	4.9	MEDIUM ローカル	linux canonical	linux_kernel ubuntu_linux	In arch/x86/kvm/vmx.c in the Linux kernel before 4.17.2, when nested virtualization is used, local attackers could cause L1 KVM guests to VMEXIT, potentially allowing privilege escalations and denial…	NVD-CWE-noinfo	CVE-2018-12904	2024-11-21 12:46	2018-06-27	表示	GitHub Exploit DB Packet Storm

249193	5.4	MEDIUM ネットワーク	cyberark	endpoint_privilege_manager	In CyberArk Endpoint Privilege Manager (formerly Viewfinity) 10.2.1.603, there is persistent XSS via an account name on the create token screen, the VfManager.asmx SelectAccounts->DisplayName screen,…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-12903	2024-11-21 12:46	2018-06-27	表示	GitHub Exploit DB Packet Storm

249194	6.1	MEDIUM ネットワーク	easymagazine_project	easymagazine	In Easy Magazine through 2012-10-26, there is XSS in the search bar of the web site.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-12902	2024-11-21 12:46	2018-06-27	表示	GitHub Exploit DB Packet Storm

249195	8.8	HIGH ネットワーク	libtiff canonical	libtiff ubuntu_linux	Heap-based buffer overflow in the cpSeparateBufToContigBuf function in tiffcp.c in LibTIFF 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 4.0.0beta7, 4.0.0alpha4, 4.0.0alpha5, 4.0.0alpha6, 4.0.0, 4.0.1, 4.0.2, 4…	CWE-787 境界外書き込み	CVE-2018-12900	2024-11-21 12:46	2018-06-27	表示	GitHub Exploit DB Packet Storm

249196	8.8	HIGH ネットワーク	wordpress debian	wordpress debian_linux	WordPress through 4.9.6 allows Author users to execute arbitrary code by leveraging directory traversal in the wp-admin/post.php thumb parameter, which is passed to the PHP unlink function and can de…	CWE-22 パス・トラバーサル	CVE-2018-12895	2024-11-21 12:46	2018-06-27	表示	GitHub Exploit DB Packet Storm

249197	9.8	CRITICAL ネットワーク	ccn-lite	ccn-lite	An issue was discovered in CCN-lite 2.0.1. There is a heap-based buffer overflow in mkAddToRelayCacheRequest and in ccnl_populate_cache for an array lacking '\0' termination when reading a binary CCN…	CWE-787 境界外書き込み	CVE-2018-12889	2024-11-21 12:46	2018-06-26	表示	GitHub Exploit DB Packet Storm

249198	6.5	MEDIUM ネットワーク	octopus	octopus_deploy	In Octopus Deploy 3.0 onwards (before 2018.6.7), an authenticated user with incorrect permissions may be able to create Accounts under the Infrastructure menu.	CWE-269 不適切な権限管理	CVE-2018-12884	2024-11-21 12:46	2018-06-26	表示	GitHub Exploit DB Packet Storm

249199	9.8	CRITICAL ネットワーク	php canonical netapp	php ubuntu_linux storage_automation_store	exif_read_from_impl in ext/exif/exif.c in PHP 7.2.x through 7.2.7 allows attackers to trigger a use-after-free (in exif_read_from_file) because it closes a stream that it is not responsible for closi…	CWE-416 解放済みメモリの使用	CVE-2018-12882	2024-11-21 12:46	2018-06-26	表示	GitHub Exploit DB Packet Storm

249200	5.4	MEDIUM ネットワーク	opensuse	open_build_service	A Externally Controlled Reference to a Resource in Another Sphere vulnerability in obs-service-download_files of openSUSE Open Build Service allows authenticated users to generate HTTP request agains…	-	CVE-2018-12475	2024-11-21 12:45	2020-09-1	表示	GitHub Exploit DB Packet Storm