NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月10日5:00

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
249251	8.1	HIGH ネットワーク	sleuthkit	the_sleuth_kit	An issue was discovered in libtskimg.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function raw_read in tsk/img/raw.c which …	CWE-125 境界外読み取り	CVE-2018-11739	2024-11-21 12:43	2018-06-5	表示	GitHub Exploit DB Packet Storm

249252	8.1	HIGH ネットワーク	sleuthkit	the_sleuth_kit	An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_make_data_run in tsk/fs/ntfs…	CWE-125 境界外読み取り	CVE-2018-11738	2024-11-21 12:43	2018-06-5	表示	GitHub Exploit DB Packet Storm

249253	8.1	HIGH ネットワーク	sleuthkit	the_sleuth_kit	An issue was discovered in libtskfs.a in The Sleuth Kit (TSK) from release 4.0.2 through to 4.6.1. An out-of-bounds read of a memory region was found in the function ntfs_fix_idxrec in tsk/fs/ntfs_de…	CWE-125 境界外読み取り	CVE-2018-11737	2024-11-21 12:43	2018-06-5	表示	GitHub Exploit DB Packet Storm

249254	9.8	CRITICAL ネットワーク	monstra	monstra_cms	plugins/box/users/users.plugin.php in Monstra CMS 3.0.4 allows Login Rate Limiting Bypass via manipulation of the login_attempts cookie.	CWE-20 不適切な入力確認	CVE-2018-11678	2024-11-21 12:43	2018-06-5	表示	GitHub Exploit DB Packet Storm

249255	9.8	CRITICAL ネットワーク	yzmcms	yzmcms	The forgotten-password feature in index.php/member/reset/reset_email.html in YzmCMS v3.2 through v3.7 has a Response Discrepancy Information Exposure issue and an unexpectedly long lifetime for a ver…	CWE-200 情報漏えい	CVE-2018-11554	2024-11-21 12:43	2018-06-5	表示	GitHub Exploit DB Packet Storm

249256	9.8	CRITICAL ネットワーク	pluck-cms	pluck	An issue was discovered in Pluck before 4.7.7-dev2. /data/inc/images.php allows remote attackers to upload and execute arbitrary PHP code by using the image/jpeg content type for a .htaccess file.	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2018-11736	2024-11-21 12:43	2018-06-5	表示	GitHub Exploit DB Packet Storm

249257	6.1	MEDIUM ネットワーク	ximdex	ximdex	index.php?action=createaccount in Ximdex 4.0 has XSS via the sname or fname parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11735	2024-11-21 12:43	2018-06-5	表示	GitHub Exploit DB Packet Storm

249258	5.4	MEDIUM ネットワーク	recent_threads_project	recent_threads	The Recent Threads plugin before 1.1 for MyBB allows XSS via a thread subject.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11715	2024-11-21 12:43	2018-06-5	表示	GitHub Exploit DB Packet Storm

249259	9.8	CRITICAL ネットワーク	tp-link	tl-wr840n_firmware tl-wr841n_firmware	An issue was discovered on TP-Link TL-WR840N v5 00000005 0.9.1 3.16 v0001.0 Build 170608 Rel.58696n and TL-WR841N v13 00000013 0.9.1 4.16 v0001.0 Build 170622 Rel.64334n devices. This issue is caused…	CWE-384 セッションの固定化	CVE-2018-11714	2024-11-21 12:43	2018-06-4	表示	GitHub Exploit DB Packet Storm

249260	6.5	MEDIUM ネットワーク	webkitgtk gnome	webkitgtk\+ libsoup	WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ prior to version 2.20.0 or without libsoup 2.62.0, unexpectedly failed to …	NVD-CWE-noinfo	CVE-2018-11713	2024-11-21 12:43	2018-06-4	表示	GitHub Exploit DB Packet Storm

249261	7.5	HIGH ネットワーク	webkitgtk	webkitgtk\+	WebCore/platform/network/soup/SocketStreamHandleImplSoup.cpp in the libsoup network backend of WebKit, as used in WebKitGTK+ versions 2.20.0 and 2.20.1, failed to perform TLS certificate verification…	CWE-295 不正な証明書検証	CVE-2018-11712	2024-11-21 12:43	2018-06-4	表示	GitHub Exploit DB Packet Storm

249262	9.8	CRITICAL ネットワーク	canon	mf210_firmware mf220_firmware	A remote attacker can bypass the System Manager Mode on the Canon MF210 and MF220 web interface without knowing the PIN for /login.html via vectors involving /portal_top.html to get full access to th…	CWE-287 不適切な認証	CVE-2018-11711	2024-11-21 12:43	2018-06-4	表示	GitHub Exploit DB Packet Storm

249263	8.8	HIGH ネットワーク	openmpt	libopenmpt	soundlib/pattern.h in libopenmpt before 0.3.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted AMS file because of an i…	CWE-787 境界外書き込み	CVE-2018-11710	2024-11-21 12:43	2018-06-4	表示	GitHub Exploit DB Packet Storm

249264	6.1	MEDIUM ネットワーク	gvectors	wpforo_forum	wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the URI.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11709	2024-11-21 12:43	2018-06-4	表示	GitHub Exploit DB Packet Storm

249265	8.1	HIGH ネットワーク	sass-lang	libsass	An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::handle_error which could be leveraged by an attacker to disclose information…	CWE-125 境界外読み取り	CVE-2018-11698	2024-11-21 12:43	2018-06-4	表示	GitHub Exploit DB Packet Storm

249266	8.1	HIGH ネットワーク	sass-lang	libsass	An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::exactly() which could be leveraged by an attacker to disclose info…	CWE-125 境界外読み取り	CVE-2018-11697	2024-11-21 12:43	2018-06-4	表示	GitHub Exploit DB Packet Storm

249267	8.8	HIGH ネットワーク	sass-lang	libsass	An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Inspect::operator which could be leveraged by an attacker to cause a denial of service (ap…	CWE-476 NULL ポインタデリファレンス	CVE-2018-11696	2024-11-21 12:43	2018-06-4	表示	GitHub Exploit DB Packet Storm

249268	8.8	HIGH ネットワーク	sass-lang	libsass	An issue was discovered in LibSass <3.5.3. A NULL pointer dereference was found in the function Sass::Expand::operator which could be leveraged by an attacker to cause a denial of service (applicatio…	CWE-476 NULL ポインタデリファレンス	CVE-2018-11695	2024-11-21 12:43	2018-06-4	表示	GitHub Exploit DB Packet Storm

249269	8.8	HIGH ネットワーク	sass-lang	libsass	An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of se…	CWE-476 NULL ポインタデリファレンス	CVE-2018-11694	2024-11-21 12:43	2018-06-4	表示	GitHub Exploit DB Packet Storm

249270	8.1	HIGH ネットワーク	sass-lang	libsass	An issue was discovered in LibSass through 3.5.4. An out-of-bounds read of a memory region was found in the function Sass::Prelexer::skip_over_scopes which could be leveraged by an attacker to disclo…	CWE-125 境界外読み取り	CVE-2018-11693	2024-11-21 12:43	2018-06-4	表示	GitHub Exploit DB Packet Storm

249271	9.8	CRITICAL ネットワーク	canon	lbp3370_firmware lbp3460_firmware lbp7750c_firmware lbp6650_firmware	An issue was discovered on Canon LBP6650, LBP3370, LBP3460, and LBP7750C devices. It is possible to bypass the Administrator Mode authentication for /tlogin.cgi via vectors involving frame.cgi?page=D…	CWE-287 不適切な認証	CVE-2018-11692	2024-11-21 12:43	2018-06-4	表示	GitHub Exploit DB Packet Storm

249272	8.8	HIGH ネットワーク	liblouis canonical opensuse	liblouis ubuntu_linux leap	Liblouis 3.5.0 has a stack-based Buffer Overflow in the function compileHyphenation in compileTranslationTable.c.	CWE-787 境界外書き込み	CVE-2018-11685	2024-11-21 12:43	2018-06-4	表示	GitHub Exploit DB Packet Storm

249273	8.8	HIGH ネットワーク	liblouis canonical opensuse	liblouis ubuntu_linux leap	Liblouis 3.5.0 has a stack-based Buffer Overflow in the function includeFile in compileTranslationTable.c.	CWE-787 境界外書き込み	CVE-2018-11684	2024-11-21 12:43	2018-06-4	表示	GitHub Exploit DB Packet Storm

249274	8.8	HIGH ネットワーク	liblouis canonical opensuse	liblouis ubuntu_linux leap	Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c, a different vulnerability than CVE-2018-11440.	CWE-787 境界外書き込み	CVE-2018-11683	2024-11-21 12:43	2018-06-4	表示	GitHub Exploit DB Packet Storm

249275	6.5	MEDIUM ネットワーク	cmseasy	cmseasy	An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability in the rich text editor that can add an IFRAME element. This might be used in a DoS attack if a referenced remote URL is…	CWE-352 同一生成元ポリシー違反	CVE-2018-11680	2024-11-21 12:43	2018-06-2	表示	GitHub Exploit DB Packet Storm

249276	8.8	HIGH ネットワーク	cmseasy	cmseasy	An issue was discovered in CmsEasy 6.1_20180508. There is a CSRF vulnerability that can add an article via /index.php?case=table&act=add&table=archive&admin_dir=admin.	CWE-352 同一生成元ポリシー違反	CVE-2018-11679	2024-11-21 12:43	2018-06-2	表示	GitHub Exploit DB Packet Storm

249277	9.8	CRITICAL ネットワーク	lutron	stanza_firmware radiora_2_firmware homeworks_qs_firmware	Default and unremovable support credentials allow attackers to gain total super user control of an IoT device through a TELNET session to products using the Stanza Lutron integration protocol Revisio…	CWE-798 ハードコードされた認証情報の使用	CVE-2018-11682	2024-11-21 12:43	2018-06-2	表示	GitHub Exploit DB Packet Storm

249278	9.8	CRITICAL ネットワーク	lutron	stanza_firmware radiora_2_firmware homeworks_qs_firmware	Default and unremovable support credentials (user:nwk password:nwk2) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the RadioRA 2 Lutron …	CWE-798 ハードコードされた認証情報の使用	CVE-2018-11681	2024-11-21 12:43	2018-06-2	表示	GitHub Exploit DB Packet Storm

249279	9.8	CRITICAL ネットワーク	lutron	stanza_firmware radiora_2_firmware homeworks_qs_firmware	Default and unremovable support credentials (user:lutron password:integration) allow attackers to gain total super user control of an IoT device through a TELNET session to products using the HomeWor…	CWE-798 ハードコードされた認証情報の使用	CVE-2018-11629	2024-11-21 12:43	2018-06-2	表示	GitHub Exploit DB Packet Storm

249280	4.8	MEDIUM ネットワーク	pagekit	pagekit	Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upload malicious code via the picture upload feature. A user with elevated privileges could upload a photo to the system in an SVG f…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11564	2024-11-21 12:43	2018-06-2	表示	GitHub Exploit DB Packet Storm

249281	6.1	MEDIUM ネットワーク	yosoro_project	yosoro	Yosoro 1.0.4 has stored XSS.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11522	2024-11-21 12:43	2018-06-2	表示	GitHub Exploit DB Packet Storm

249282	8.8	HIGH ネットワーク	searchblox	searchblox	servlet/UserServlet in SearchBlox 8.6.6 has CSRF via the u_name, u_passwd1, u_passwd2, role, and X-XSRF-TOKEN POST parameters because of CSRF Token Bypass.	CWE-352 同一生成元ポリシー違反	CVE-2018-11538	2024-11-21 12:43	2018-06-2	表示	GitHub Exploit DB Packet Storm

249283	8.8	HIGH ネットワーク	njtech	greencms	An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that can add an admin account via index.php?m=admin&c=access&a=adduserhandle.	CWE-352 同一生成元ポリシー違反	CVE-2018-11671	2024-11-21 12:43	2018-06-2	表示	GitHub Exploit DB Packet Storm

249284	8.8	HIGH ネットワーク	njtech	greencms	An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to execute arbitrary PHP code via the content parameter to index.php?m=admin&c=media&a=fileconnect.	CWE-352 同一生成元ポリシー違反	CVE-2018-11670	2024-11-21 12:43	2018-06-2	表示	GitHub Exploit DB Packet Storm

249285	4.8	MEDIUM ネットワーク	brother	hl-l2340d_firmware hl-l2380dw_firmware	Cross-site scripting (XSS) vulnerability on Brother HL series printers allows remote attackers to inject arbitrary web script or HTML via the url parameter to etc/loginerror.html.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11581	2024-11-21 12:43	2018-06-2	表示	GitHub Exploit DB Packet Storm

249286	6.1	MEDIUM ネットワーク	nch	axon_pbx	There is a reflected XSS vulnerability in AXON PBX 2.02 via the "AXON->Auto-Dialer->Agents->Name" field. The vulnerability exists due to insufficient filtration of user-supplied data. A remote attack…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11552	2024-11-21 12:43	2018-06-2	表示	GitHub Exploit DB Packet Storm

249287	7.8	HIGH ローカル	nch	axon_pbx	AXON PBX 2.02 contains a DLL hijacking vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code on a targeted system. The vulnerability exists because a DLL file i…	CWE-426 信頼性のない検索パス	CVE-2018-11551	2024-11-21 12:43	2018-06-2	表示	GitHub Exploit DB Packet Storm

249288	7.5	HIGH ネットワーク	miniupnp_project	ngiflib	ngiflib.c in MiniUPnP ngiflib 0.4 has an infinite loop in DecodeGifImg and LoadGif.	CWE-835 無限ループ	CVE-2018-11657	2024-11-21 12:43	2018-06-2	表示	GitHub Exploit DB Packet Storm

249289	6.5	MEDIUM ネットワーク	imagemagick canonical	imagemagick ubuntu_linux	In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function ReadDCMImage in coders/dcm.c, which allows attackers to cause a denial of service via a crafted DCM image fil…	CWE-772 有効なライフタイム後のリソースの解放の欠如	CVE-2018-11656	2024-11-21 12:43	2018-06-2	表示	GitHub Exploit DB Packet Storm

249290	6.5	MEDIUM ネットワーク	imagemagick canonical	imagemagick ubuntu_linux	In ImageMagick 7.0.7-20 Q16 x86_64, a memory leak vulnerability was found in the function GetImagePixelCache in MagickCore/cache.c, which allows attackers to cause a denial of service via a crafted C…	CWE-772 有効なライフタイム後のリソースの解放の欠如	CVE-2018-11655	2024-11-21 12:43	2018-06-2	表示	GitHub Exploit DB Packet Storm

249291	9.8	CRITICAL ネットワーク	cirt.net	nikto	CSV Injection vulnerability in Nikto 2.1.6 and earlier allows remote attackers to inject arbitrary OS commands via the Server field in an HTTP response header, which is directly injected into a CSV r…	CWE-1236 CSV ファイル内の数式要素の不適切な中和	CVE-2018-11652	2024-11-21 12:43	2018-06-2	表示	GitHub Exploit DB Packet Storm

249292	6.1	MEDIUM ネットワーク	emssoftware	ems_master_calendar	Data input into EMS Master Calendar before 8.0.0.201805210 via URL parameters is not properly sanitized, allowing malicious attackers to send a crafted URL for XSS.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11628	2024-11-21 12:43	2018-06-2	表示	GitHub Exploit DB Packet Storm

249293	6.1	MEDIUM ネットワーク	multidots	advance_search_for_woocommerce	An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. This plugin is vulnerable to a stored Cross-site scripting (XSS) vulnerability. A non-a…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11486	2024-11-21 12:43	2018-06-2	表示	GitHub Exploit DB Packet Storm

249294	6.1	MEDIUM ネットワーク	multidots	woocommerce_quick_reports	The MULTIDOTS WooCommerce Quick Reports plugin 1.0.6 and earlier for WordPress is vulnerable to Stored XSS. It allows an attacker to inject malicious JavaScript code on the WooCommerce -> Orders admi…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11485	2024-11-21 12:43	2018-06-2	表示	GitHub Exploit DB Packet Storm

249295	6.1	MEDIUM ネットワーク	graylog	graylog	Graylog before v2.4.4 has an XSS security issue with unescaped text in dashboard names, related to components/dashboard/Dashboard.jsx, components/dashboard/EditDashboardModal.jsx, and pages/ShowDashb…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11651	2024-11-21 12:43	2018-06-1	表示	GitHub Exploit DB Packet Storm

249296	6.1	MEDIUM ネットワーク	graylog	graylog	Graylog before v2.4.4 has an XSS security issue with unescaped text in notifications, related to toastr and util/UserNotification.js.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11650	2024-11-21 12:43	2018-06-1	表示	GitHub Exploit DB Packet Storm

249297	6.1	MEDIUM ネットワーク	gethue	hue	Hue 3.12 has XSS via the /pig/save/ name and script parameters.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11649	2024-11-21 12:43	2018-06-1	表示	GitHub Exploit DB Packet Storm

249298	7.5	HIGH ネットワーク	webkitgtk	webkitgtk\+	webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as used in WebKitGTK+ through 2.21.3, mishandle an unse…	NVD-CWE-noinfo	CVE-2018-11646	2024-11-21 12:43	2018-06-1	表示	GitHub Exploit DB Packet Storm

249299	5.3	MEDIUM ネットワーク	artifex	ghostscript	psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a simi…	CWE-200 情報漏えい	CVE-2018-11645	2024-11-21 12:43	2018-06-1	表示	GitHub Exploit DB Packet Storm

249300	6.5	MEDIUM ネットワーク	multidots	woo_checkout_for_digital_goods	An issue was discovered in the MULTIDOTS Woo Checkout for Digital Goods plugin 2.1 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker (via spear phishin…	CWE-352 同一生成元ポリシー違反	CVE-2018-11633	2024-11-21 12:43	2018-06-1	表示	GitHub Exploit DB Packet Storm