NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月10日5:00

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
249301	6.5	MEDIUM ネットワーク	multidots	add_social_share_messenger_buttons_whatsapp_and_viber	An issue was discovered in the MULTIDOTS Add Social Share Messenger Buttons Whatsapp and Viber plugin 1.0.8 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an at…	CWE-352 同一生成元ポリシー違反	CVE-2018-11632	2024-11-21 12:43	2018-06-1	表示	GitHub Exploit DB Packet Storm

249302	4.3	MEDIUM 隣接	rondaful_project	rondaful_m1_wristband_smart_band_1_firmware	Rondaful M1 Wristband Smart Band 1 devices allow remote attackers to send an arbitrary number of call or SMS notifications via crafted Bluetooth Low Energy (BLE) traffic.	NVD-CWE-noinfo	CVE-2018-11631	2024-11-21 12:43	2018-06-1	表示	GitHub Exploit DB Packet Storm

249303	6.1	MEDIUM ネットワーク	sinatrarb redhat	sinatra cloudforms	Sinatra before 2.0.2 has XSS via the 400 Bad Request page that occurs upon a params parser exception.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11627	2024-11-21 12:43	2018-06-1	表示	GitHub Exploit DB Packet Storm

249304	7.5	HIGH ネットワーク	simple_lossless_audio_project	simple_lossless_audio	SELA (aka SimplE Lossless Audio) v0.1.2-alpha has a stack-based buffer overflow in the core/apev2.c init_apev2_keys function.	CWE-787 境界外書き込み	CVE-2018-11626	2024-11-21 12:43	2018-06-1	表示	GitHub Exploit DB Packet Storm

249305	8.8	HIGH ネットワーク	imagemagick canonical	imagemagick ubuntu_linux	In ImageMagick 7.0.7-37 Q16, SetGrayscaleImage in the quantize.c file allows attackers to cause a heap-based buffer over-read via a crafted file.	CWE-125 境界外読み取り	CVE-2018-11625	2024-11-21 12:43	2018-06-1	表示	GitHub Exploit DB Packet Storm

249306	8.8	HIGH ネットワーク	imagemagick	imagemagick	In ImageMagick 7.0.7-36 Q16, the ReadMATImage function in coders/mat.c allows attackers to cause a use after free via a crafted file.	CWE-416 解放済みメモリの使用	CVE-2018-11624	2024-11-21 12:43	2018-06-1	表示	GitHub Exploit DB Packet Storm

249307	7.1	HIGH ローカル	espruino	espruino	Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Information Disclosure with user crafted input files via a Buffer Overflow or Out-of-bounds Read…	CWE-125 境界外読み取り	CVE-2018-11598	2024-11-21 12:43	2018-06-1	表示	GitHub Exploit DB Packet Storm

249308	5.5	MEDIUM ローカル	espruino	espruino	Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because of a missing check for stack …	CWE-674 不適切な再帰制御	CVE-2018-11597	2024-11-21 12:43	2018-06-1	表示	GitHub Exploit DB Packet Storm

249309	5.5	MEDIUM ローカル	espruino	espruino	Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing because a check for '\0' is made for …	CWE-119 バッファエラー	CVE-2018-11596	2024-11-21 12:43	2018-06-1	表示	GitHub Exploit DB Packet Storm

249310	7.8	HIGH ローカル	espruino	espruino	Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Escalation of Privileges with a user crafted input file via a Buffer Overflow during syntax pars…	CWE-119 バッファエラー	CVE-2018-11595	2024-11-21 12:43	2018-06-1	表示	GitHub Exploit DB Packet Storm

249311	5.5	MEDIUM ローカル	espruino	espruino	Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing of "VOID" tokens in jsparse.c.	CWE-119 バッファエラー	CVE-2018-11594	2024-11-21 12:43	2018-06-1	表示	GitHub Exploit DB Packet Storm

249312	7.1	HIGH ローカル	espruino	espruino	Espruino before 1.99 allows attackers to cause a denial of service (application crash) and potential Information Disclosure with a user crafted input file via a Buffer Overflow during syntax parsing …	CWE-787 境界外書き込み	CVE-2018-11593	2024-11-21 12:43	2018-06-1	表示	GitHub Exploit DB Packet Storm

249313	5.5	MEDIUM ローカル	espruino	espruino	Espruino before 1.98 allows attackers to cause a denial of service (application crash) with a user crafted input file via an Out-of-bounds Read during syntax parsing in which certain height validatio…	CWE-125 境界外読み取り	CVE-2018-11592	2024-11-21 12:43	2018-06-1	表示	GitHub Exploit DB Packet Storm

249314	5.5	MEDIUM ローカル	espruino	espruino	Espruino before 1.98 allows attackers to cause a denial of service (application crash) with a user crafted input file via a NULL pointer dereference during syntax parsing. This was addressed by addin…	CWE-476 NULL ポインタデリファレンス	CVE-2018-11591	2024-11-21 12:43	2018-06-1	表示	GitHub Exploit DB Packet Storm

249315	5.5	MEDIUM ローカル	espruino	espruino	Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via an integer overflow during syntax parsing. This was addressed by fixing stack…	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2018-11590	2024-11-21 12:43	2018-06-1	表示	GitHub Exploit DB Packet Storm

249316	6.1	MEDIUM ネットワーク	seacms	seacms	SeaCMS 6.61 has stored XSS in admin_collect.php via the siteurl parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11583	2024-11-21 12:43	2018-05-31	表示	GitHub Exploit DB Packet Storm

249317	5.4	MEDIUM ネットワーク	multidots	mass_pages\/posts_creator	An issue was discovered in mass-pages-posts-creator.php in the MULTIDOTS Mass Pages/Posts Creator plugin 1.2.2 for WordPress. Any logged in user can launch Mass Pages/Posts creation with custom conte…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11580	2024-11-21 12:43	2018-05-31	表示	GitHub Exploit DB Packet Storm

249318	5.3	MEDIUM ネットワーク	multidots	woocommerce_category_banner_management	class-woo-banner-management.php in the MULTIDOTS WooCommerce Category Banner Management plugin 1.1.0 for WordPress has an Unauthenticated Settings Change Vulnerability, related to certain wp_ajax_nop…	CWE-287 不適切な認証	CVE-2018-11579	2024-11-21 12:43	2018-05-31	表示	GitHub Exploit DB Packet Storm

249319	6.5	MEDIUM ネットワーク	miniupnp_project	ngiflib	GifIndexToTrueColor in ngiflib.c in MiniUPnP ngiflib 0.4 has a Segmentation fault.	CWE-119 バッファエラー	CVE-2018-11578	2024-11-21 12:43	2018-05-31	表示	GitHub Exploit DB Packet Storm

249320	8.8	HIGH ネットワーク	liblouis canonical opensuse	liblouis ubuntu_linux leap	Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c.	CWE-120 古典的バッファオーバーフロー	CVE-2018-11577	2024-11-21 12:43	2018-05-31	表示	GitHub Exploit DB Packet Storm

249321	9.8	CRITICAL ネットワーク	miniupnp_project	ngiflib	ngiflib.c in MiniUPnP ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor.	CWE-125 境界外読み取り	CVE-2018-11576	2024-11-21 12:43	2018-05-31	表示	GitHub Exploit DB Packet Storm

249322	9.8	CRITICAL ネットワーク	miniupnp_project	ngiflib	ngiflib.c in MiniUPnP ngiflib 0.4 has a stack-based buffer overflow in DecodeGifImg.	CWE-787 境界外書き込み	CVE-2018-11575	2024-11-21 12:43	2018-05-31	表示	GitHub Exploit DB Packet Storm

249323	5.4	MEDIUM ネットワーク	clippercms	clippercms	ClipperCMS 1.3.3 has XSS in the "Module name" field in a "Modules -> Manage modules -> edit" action to the manager/ URI.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11572	2024-11-21 12:43	2018-05-31	表示	GitHub Exploit DB Packet Storm

249324	8.8	HIGH ネットワーク	clippercms	clippercms	ClipperCMS 1.3.3 allows Session Fixation.	CWE-384 セッションの固定化	CVE-2018-11571	2024-11-21 12:43	2018-05-31	表示	GitHub Exploit DB Packet Storm

249325	6.1	MEDIUM ネットワーク	cactusthemes	gameplan-event_and_gym_fitness	Reflected XSS is possible in the GamePlan theme through 1.5.13.2 for WordPress because of insufficient input sanitization, as demonstrated by the s parameter. In some (but not all) cases, the '<' and…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11568	2024-11-21 12:43	2018-05-31	表示	GitHub Exploit DB Packet Storm

249326	5.3	MEDIUM ネットワーク	mahara	mahara	Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to mentioning the usernames that are already taken by people registered in the system rather than masking …	CWE-200 情報漏えい	CVE-2018-11565	2024-11-21 12:43	2018-05-31	表示	GitHub Exploit DB Packet Storm

249327	9.8	CRITICAL ネットワーク	tp-link	ipc_tl-ipc223\(p\)-6_firmware tl-ipc323k-d_firmware tl-ipc325\(kp\)_firmware tl-ipc40a-4_firmware	/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password.	CWE-798 ハードコードされた認証情報の使用	CVE-2018-11482	2024-11-21 12:43	2018-05-31	表示	GitHub Exploit DB Packet Storm

249328	8.8	HIGH ネットワーク	tp-link	ipc_tl-ipc223\(p\)-6_firmware tl-ipc323k-d_firmware tl-ipc325\(kp\)_firmware tl-ipc40a-4_firmware	TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua d…	CWE-20 不適切な入力確認	CVE-2018-11481	2024-11-21 12:43	2018-05-31	表示	GitHub Exploit DB Packet Storm

249329	8.8	HIGH 隣接	vgate	icar_2_wi-fi_obd2_firmware	An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The OBD port is used to receive measurement data and debug information from the car. This on-board diagnostics feature can also be u…	CWE-287 不適切な認証	CVE-2018-11478	2024-11-21 12:43	2018-05-31	表示	GitHub Exploit DB Packet Storm

249330	3.3	LOW ローカル	amazon	echo_show_firmware echo_plus_firmware echo_dot_firmware echo_spot_firmware echo_firmware	Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill. The reprompt feature is designed so that if Alexa does not receive an input within 8 seconds…	CWE-384 セッションの固定化	CVE-2018-11567	2024-11-21 12:43	2018-05-31	表示	GitHub Exploit DB Packet Storm

249331	6.5	MEDIUM 隣接	vgate	icar_2_wi-fi_obd2_firmware	An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The data packets that are sent between the iOS or Android application and the OBD dongle are not encrypted. The combination of this …	CWE-319 重要な情報の平文での送信	CVE-2018-11477	2024-11-21 12:43	2018-05-31	表示	GitHub Exploit DB Packet Storm

249332	8.8	HIGH 隣接	vgate	icar_2_wi-fi_obd2_firmware	An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The dongle opens an unprotected wireless LAN that cannot be configured with encryption or a password. This enables anyone within the…	CWE-306 重要な機能に対する認証の欠如解説	CVE-2018-11476	2024-11-21 12:43	2018-05-31	表示	GitHub Exploit DB Packet Storm

249333	6.1	MEDIUM ネットワーク	misp	misp	An issue was discovered in MISP 2.4.91. A vulnerability in app/View/Elements/eventattribute.ctp allows reflected XSS if a user clicks on a malicious link for an event view and then clicks on the dele…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11562	2024-11-21 12:43	2018-05-31	表示	GitHub Exploit DB Packet Storm

249334	6.5	MEDIUM ネットワーク	taglib debian	taglib debian_linux	The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file.	CWE-125 境界外読み取り	CVE-2018-11439	2024-11-21 12:43	2018-05-30	表示	GitHub Exploit DB Packet Storm

249335	8.8	HIGH ネットワーク	libmobi_project	libmobi	The mobi_decompress_lz77 function in compression.c in Libmobi 0.3 allows remote attackers to cause remote code execution (heap-based buffer overflow) via a crafted mobi file.	CWE-787 境界外書き込み	CVE-2018-11438	2024-11-21 12:43	2018-05-30	表示	GitHub Exploit DB Packet Storm

249336	6.5	MEDIUM ネットワーク	libmobi_project	libmobi	The mobi_reconstruct_parts function in parse_rawml.c in Libmobi 0.3 allows remote attackers to cause information disclosure (read access violation) via a crafted mobi file.	CWE-200 情報漏えい	CVE-2018-11437	2024-11-21 12:43	2018-05-30	表示	GitHub Exploit DB Packet Storm

249337	6.5	MEDIUM ネットワーク	libmobi_project	libmobi	The buffer_addraw function in buffer.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file.	CWE-125 境界外読み取り	CVE-2018-11436	2024-11-21 12:43	2018-05-30	表示	GitHub Exploit DB Packet Storm

249338	8.1	HIGH ネットワーク	hcltech	legacy_ivr_firmware	A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. These IVR systems rely on various frequencies of audio signals; based on the frequency, certain commands and …	CWE-20 不適切な入力確認	CVE-2018-11518	2024-11-21 12:43	2018-05-31	表示	GitHub Exploit DB Packet Storm

249339	6.5	MEDIUM ネットワーク	libmobi_project	libmobi	The mobi_decompress_huffman_internal function in compression.c in Libmobi 0.3 allows remote attackers to cause information disclosure (read access violation) via a crafted mobi file.	CWE-200 情報漏えい	CVE-2018-11435	2024-11-21 12:43	2018-05-30	表示	GitHub Exploit DB Packet Storm

249340	6.5	MEDIUM ネットワーク	libmobi_project	libmobi	The buffer_fill64 function in compression.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file.	CWE-125 境界外読み取り	CVE-2018-11434	2024-11-21 12:43	2018-05-30	表示	GitHub Exploit DB Packet Storm

249341	6.5	MEDIUM ネットワーク	libmobi_project	libmobi	The mobi_get_kf8boundary_seqnumber function in util.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file.	CWE-125 境界外読み取り	CVE-2018-11433	2024-11-21 12:43	2018-05-30	表示	GitHub Exploit DB Packet Storm

249342	6.5	MEDIUM ネットワーク	libmobi_project	libmobi	The mobi_parse_mobiheader function in read.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file.	CWE-125 境界外読み取り	CVE-2018-11432	2024-11-21 12:43	2018-05-30	表示	GitHub Exploit DB Packet Storm

249343	5.4	MEDIUM ネットワーク	domainmod	domainmod	DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_last_name parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11559	2024-11-21 12:43	2018-05-30	表示	GitHub Exploit DB Packet Storm

249344	5.4	MEDIUM ネットワーク	domainmod	domainmod	DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_first_name parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11558	2024-11-21 12:43	2018-05-30	表示	GitHub Exploit DB Packet Storm

249345	6.1	MEDIUM ネットワーク	yiban	easy_class_education_platform	YIBAN Easy class education platform 2.0 has XSS via the articlelist.php k parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11557	2024-11-21 12:43	2018-05-30	表示	GitHub Exploit DB Packet Storm

249346	7.8	HIGH ローカル	littlecms	little_cms	tificc in Little CMS 2.9 has an out-of-bounds write in the cmsPipelineCheckAndRetreiveStages function in cmslut.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a…	CWE-787 境界外書き込み	CVE-2018-11556	2024-11-21 12:43	2018-05-30	表示	GitHub Exploit DB Packet Storm

249347	7.8	HIGH ローカル	littlecms	little_cms	tificc in Little CMS 2.9 has an out-of-bounds write in the PrecalculatedXFORM function in cmsxform.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a vulnerabilit…	CWE-787 境界外書き込み	CVE-2018-11555	2024-11-21 12:43	2018-05-30	表示	GitHub Exploit DB Packet Storm

249348	5.4	MEDIUM ネットワーク	wuzhicms	wuzhi_cms	An issue was discovered in WUZHI CMS 4.1.0 There is a Stored XSS Vulnerability in "Account Settings -> Member Centre -> Chinese information -> Ordinary member" via a QQ number, as demonstrated by a f…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11549	2024-11-21 12:43	2018-05-30	表示	GitHub Exploit DB Packet Storm

249349	7.5	HIGH ネットワーク	block	eos	An issue was discovered in EOS.IO DAWN 4.2. plugins/net_plugin/net_plugin.cpp does not limit the number of P2P connections from the same source IP address.	CWE-20 不適切な入力確認	CVE-2018-11548	2024-11-21 12:43	2018-05-30	表示	GitHub Exploit DB Packet Storm

249350	9.8	CRITICAL ネットワーク	md4c_project	md4c	md_is_link_reference_definition_helper in md4c 0.2.5 has a heap-based buffer over-read because md_is_link_label mishandles loop termination.	CWE-125 境界外読み取り	CVE-2018-11547	2024-11-21 12:43	2018-05-30	表示	GitHub Exploit DB Packet Storm