NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月11日5:13

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
249651	7.8	HIGH ローカル	espruino	espruino	Espruino before 1.99 allows attackers to cause a denial of service (application crash) and a potential Escalation of Privileges with a user crafted input file via a Buffer Overflow during syntax pars…	CWE-119 バッファエラー	CVE-2018-11595	2024-11-21 12:43	2018-06-1	表示	GitHub Exploit DB Packet Storm

249652	5.5	MEDIUM ローカル	espruino	espruino	Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via a Buffer Overflow during syntax parsing of "VOID" tokens in jsparse.c.	CWE-119 バッファエラー	CVE-2018-11594	2024-11-21 12:43	2018-06-1	表示	GitHub Exploit DB Packet Storm

249653	7.1	HIGH ローカル	espruino	espruino	Espruino before 1.99 allows attackers to cause a denial of service (application crash) and potential Information Disclosure with a user crafted input file via a Buffer Overflow during syntax parsing …	CWE-787 境界外書き込み	CVE-2018-11593	2024-11-21 12:43	2018-06-1	表示	GitHub Exploit DB Packet Storm

249654	5.5	MEDIUM ローカル	espruino	espruino	Espruino before 1.98 allows attackers to cause a denial of service (application crash) with a user crafted input file via an Out-of-bounds Read during syntax parsing in which certain height validatio…	CWE-125 境界外読み取り	CVE-2018-11592	2024-11-21 12:43	2018-06-1	表示	GitHub Exploit DB Packet Storm

249655	5.5	MEDIUM ローカル	espruino	espruino	Espruino before 1.98 allows attackers to cause a denial of service (application crash) with a user crafted input file via a NULL pointer dereference during syntax parsing. This was addressed by addin…	CWE-476 NULL ポインタデリファレンス	CVE-2018-11591	2024-11-21 12:43	2018-06-1	表示	GitHub Exploit DB Packet Storm

249656	5.5	MEDIUM ローカル	espruino	espruino	Espruino before 1.99 allows attackers to cause a denial of service (application crash) with a user crafted input file via an integer overflow during syntax parsing. This was addressed by fixing stack…	CWE-190 整数オーバーフローまたはラップアラウンド	CVE-2018-11590	2024-11-21 12:43	2018-06-1	表示	GitHub Exploit DB Packet Storm

249657	6.1	MEDIUM ネットワーク	seacms	seacms	SeaCMS 6.61 has stored XSS in admin_collect.php via the siteurl parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11583	2024-11-21 12:43	2018-05-31	表示	GitHub Exploit DB Packet Storm

249658	5.4	MEDIUM ネットワーク	multidots	mass_pages\/posts_creator	An issue was discovered in mass-pages-posts-creator.php in the MULTIDOTS Mass Pages/Posts Creator plugin 1.2.2 for WordPress. Any logged in user can launch Mass Pages/Posts creation with custom conte…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11580	2024-11-21 12:43	2018-05-31	表示	GitHub Exploit DB Packet Storm

249659	5.3	MEDIUM ネットワーク	multidots	woocommerce_category_banner_management	class-woo-banner-management.php in the MULTIDOTS WooCommerce Category Banner Management plugin 1.1.0 for WordPress has an Unauthenticated Settings Change Vulnerability, related to certain wp_ajax_nop…	CWE-287 不適切な認証	CVE-2018-11579	2024-11-21 12:43	2018-05-31	表示	GitHub Exploit DB Packet Storm

249660	6.5	MEDIUM ネットワーク	miniupnp_project	ngiflib	GifIndexToTrueColor in ngiflib.c in MiniUPnP ngiflib 0.4 has a Segmentation fault.	CWE-119 バッファエラー	CVE-2018-11578	2024-11-21 12:43	2018-05-31	表示	GitHub Exploit DB Packet Storm

249661	8.8	HIGH ネットワーク	liblouis canonical opensuse	liblouis ubuntu_linux leap	Liblouis 3.5.0 has a Segmentation fault in lou_logPrint in logging.c.	CWE-120 古典的バッファオーバーフロー	CVE-2018-11577	2024-11-21 12:43	2018-05-31	表示	GitHub Exploit DB Packet Storm

249662	9.8	CRITICAL ネットワーク	miniupnp_project	ngiflib	ngiflib.c in MiniUPnP ngiflib 0.4 has a heap-based buffer over-read in GifIndexToTrueColor.	CWE-125 境界外読み取り	CVE-2018-11576	2024-11-21 12:43	2018-05-31	表示	GitHub Exploit DB Packet Storm

249663	9.8	CRITICAL ネットワーク	miniupnp_project	ngiflib	ngiflib.c in MiniUPnP ngiflib 0.4 has a stack-based buffer overflow in DecodeGifImg.	CWE-787 境界外書き込み	CVE-2018-11575	2024-11-21 12:43	2018-05-31	表示	GitHub Exploit DB Packet Storm

249664	5.4	MEDIUM ネットワーク	clippercms	clippercms	ClipperCMS 1.3.3 has XSS in the "Module name" field in a "Modules -> Manage modules -> edit" action to the manager/ URI.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11572	2024-11-21 12:43	2018-05-31	表示	GitHub Exploit DB Packet Storm

249665	8.8	HIGH ネットワーク	clippercms	clippercms	ClipperCMS 1.3.3 allows Session Fixation.	CWE-384 セッションの固定化	CVE-2018-11571	2024-11-21 12:43	2018-05-31	表示	GitHub Exploit DB Packet Storm

249666	6.1	MEDIUM ネットワーク	cactusthemes	gameplan-event_and_gym_fitness	Reflected XSS is possible in the GamePlan theme through 1.5.13.2 for WordPress because of insufficient input sanitization, as demonstrated by the s parameter. In some (but not all) cases, the '<' and…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11568	2024-11-21 12:43	2018-05-31	表示	GitHub Exploit DB Packet Storm

249667	5.3	MEDIUM ネットワーク	mahara	mahara	Mahara 17.04 before 17.04.8 and 17.10 before 17.10.5 and 18.04 before 18.04.1 are vulnerable to mentioning the usernames that are already taken by people registered in the system rather than masking …	CWE-200 情報漏えい	CVE-2018-11565	2024-11-21 12:43	2018-05-31	表示	GitHub Exploit DB Packet Storm

249668	9.8	CRITICAL ネットワーク	tp-link	ipc_tl-ipc223\(p\)-6_firmware tl-ipc323k-d_firmware tl-ipc325\(kp\)_firmware tl-ipc40a-4_firmware	/usr/lib/lua/luci/websys.lua on TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices has a hardcoded zMiVw8Kw0oxKXL0 password.	CWE-798 ハードコードされた認証情報の使用	CVE-2018-11482	2024-11-21 12:43	2018-05-31	表示	GitHub Exploit DB Packet Storm

249669	8.8	HIGH ネットワーク	tp-link	ipc_tl-ipc223\(p\)-6_firmware tl-ipc323k-d_firmware tl-ipc325\(kp\)_firmware tl-ipc40a-4_firmware	TP-LINK IPC TL-IPC223(P)-6, TL-IPC323K-D, TL-IPC325(KP)-*, and TL-IPC40A-4 devices allow authenticated remote code execution via crafted JSON data because /usr/lib/lua/luci/torchlight/validator.lua d…	CWE-20 不適切な入力確認	CVE-2018-11481	2024-11-21 12:43	2018-05-31	表示	GitHub Exploit DB Packet Storm

249670	8.8	HIGH 隣接	vgate	icar_2_wi-fi_obd2_firmware	An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The OBD port is used to receive measurement data and debug information from the car. This on-board diagnostics feature can also be u…	CWE-287 不適切な認証	CVE-2018-11478	2024-11-21 12:43	2018-05-31	表示	GitHub Exploit DB Packet Storm

249671	3.3	LOW ローカル	amazon	echo_show_firmware echo_plus_firmware echo_dot_firmware echo_spot_firmware echo_firmware	Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill. The reprompt feature is designed so that if Alexa does not receive an input within 8 seconds…	CWE-384 セッションの固定化	CVE-2018-11567	2024-11-21 12:43	2018-05-31	表示	GitHub Exploit DB Packet Storm

249672	6.5	MEDIUM 隣接	vgate	icar_2_wi-fi_obd2_firmware	An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The data packets that are sent between the iOS or Android application and the OBD dongle are not encrypted. The combination of this …	CWE-319 重要な情報の平文での送信	CVE-2018-11477	2024-11-21 12:43	2018-05-31	表示	GitHub Exploit DB Packet Storm

249673	8.8	HIGH 隣接	vgate	icar_2_wi-fi_obd2_firmware	An issue was discovered on Vgate iCar 2 Wi-Fi OBD2 Dongle devices. The dongle opens an unprotected wireless LAN that cannot be configured with encryption or a password. This enables anyone within the…	CWE-306 重要な機能に対する認証の欠如解説	CVE-2018-11476	2024-11-21 12:43	2018-05-31	表示	GitHub Exploit DB Packet Storm

249674	6.1	MEDIUM ネットワーク	misp	misp	An issue was discovered in MISP 2.4.91. A vulnerability in app/View/Elements/eventattribute.ctp allows reflected XSS if a user clicks on a malicious link for an event view and then clicks on the dele…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11562	2024-11-21 12:43	2018-05-31	表示	GitHub Exploit DB Packet Storm

249675	6.5	MEDIUM ネットワーク	taglib debian	taglib debian_linux	The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file.	CWE-125 境界外読み取り	CVE-2018-11439	2024-11-21 12:43	2018-05-30	表示	GitHub Exploit DB Packet Storm

249676	8.8	HIGH ネットワーク	libmobi_project	libmobi	The mobi_decompress_lz77 function in compression.c in Libmobi 0.3 allows remote attackers to cause remote code execution (heap-based buffer overflow) via a crafted mobi file.	CWE-787 境界外書き込み	CVE-2018-11438	2024-11-21 12:43	2018-05-30	表示	GitHub Exploit DB Packet Storm

249677	6.5	MEDIUM ネットワーク	libmobi_project	libmobi	The mobi_reconstruct_parts function in parse_rawml.c in Libmobi 0.3 allows remote attackers to cause information disclosure (read access violation) via a crafted mobi file.	CWE-200 情報漏えい	CVE-2018-11437	2024-11-21 12:43	2018-05-30	表示	GitHub Exploit DB Packet Storm

249678	6.5	MEDIUM ネットワーク	libmobi_project	libmobi	The buffer_addraw function in buffer.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file.	CWE-125 境界外読み取り	CVE-2018-11436	2024-11-21 12:43	2018-05-30	表示	GitHub Exploit DB Packet Storm

249679	8.1	HIGH ネットワーク	hcltech	legacy_ivr_firmware	A vulnerability allows a phreaking attack on HCL legacy IVR systems that do not use VoIP. These IVR systems rely on various frequencies of audio signals; based on the frequency, certain commands and …	CWE-20 不適切な入力確認	CVE-2018-11518	2024-11-21 12:43	2018-05-31	表示	GitHub Exploit DB Packet Storm

249680	6.5	MEDIUM ネットワーク	libmobi_project	libmobi	The mobi_decompress_huffman_internal function in compression.c in Libmobi 0.3 allows remote attackers to cause information disclosure (read access violation) via a crafted mobi file.	CWE-200 情報漏えい	CVE-2018-11435	2024-11-21 12:43	2018-05-30	表示	GitHub Exploit DB Packet Storm

249681	6.5	MEDIUM ネットワーク	libmobi_project	libmobi	The buffer_fill64 function in compression.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file.	CWE-125 境界外読み取り	CVE-2018-11434	2024-11-21 12:43	2018-05-30	表示	GitHub Exploit DB Packet Storm

249682	6.5	MEDIUM ネットワーク	libmobi_project	libmobi	The mobi_get_kf8boundary_seqnumber function in util.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file.	CWE-125 境界外読み取り	CVE-2018-11433	2024-11-21 12:43	2018-05-30	表示	GitHub Exploit DB Packet Storm

249683	6.5	MEDIUM ネットワーク	libmobi_project	libmobi	The mobi_parse_mobiheader function in read.c in Libmobi 0.3 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted mobi file.	CWE-125 境界外読み取り	CVE-2018-11432	2024-11-21 12:43	2018-05-30	表示	GitHub Exploit DB Packet Storm

249684	5.4	MEDIUM ネットワーク	domainmod	domainmod	DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_last_name parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11559	2024-11-21 12:43	2018-05-30	表示	GitHub Exploit DB Packet Storm

249685	5.4	MEDIUM ネットワーク	domainmod	domainmod	DomainMod 4.10.0 has Stored XSS in the "/settings/profile/index.php" new_first_name parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11558	2024-11-21 12:43	2018-05-30	表示	GitHub Exploit DB Packet Storm

249686	6.1	MEDIUM ネットワーク	yiban	easy_class_education_platform	YIBAN Easy class education platform 2.0 has XSS via the articlelist.php k parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11557	2024-11-21 12:43	2018-05-30	表示	GitHub Exploit DB Packet Storm

249687	7.8	HIGH ローカル	littlecms	little_cms	tificc in Little CMS 2.9 has an out-of-bounds write in the cmsPipelineCheckAndRetreiveStages function in cmslut.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a…	CWE-787 境界外書き込み	CVE-2018-11556	2024-11-21 12:43	2018-05-30	表示	GitHub Exploit DB Packet Storm

249688	7.8	HIGH ローカル	littlecms	little_cms	tificc in Little CMS 2.9 has an out-of-bounds write in the PrecalculatedXFORM function in cmsxform.c in liblcms2.a via a crafted TIFF file. NOTE: Little CMS developers do consider this a vulnerabilit…	CWE-787 境界外書き込み	CVE-2018-11555	2024-11-21 12:43	2018-05-30	表示	GitHub Exploit DB Packet Storm

249689	5.4	MEDIUM ネットワーク	wuzhicms	wuzhi_cms	An issue was discovered in WUZHI CMS 4.1.0 There is a Stored XSS Vulnerability in "Account Settings -> Member Centre -> Chinese information -> Ordinary member" via a QQ number, as demonstrated by a f…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11549	2024-11-21 12:43	2018-05-30	表示	GitHub Exploit DB Packet Storm

249690	7.5	HIGH ネットワーク	block	eos	An issue was discovered in EOS.IO DAWN 4.2. plugins/net_plugin/net_plugin.cpp does not limit the number of P2P connections from the same source IP address.	CWE-20 不適切な入力確認	CVE-2018-11548	2024-11-21 12:43	2018-05-30	表示	GitHub Exploit DB Packet Storm

249691	9.8	CRITICAL ネットワーク	md4c_project	md4c	md_is_link_reference_definition_helper in md4c 0.2.5 has a heap-based buffer over-read because md_is_link_label mishandles loop termination.	CWE-125 境界外読み取り	CVE-2018-11547	2024-11-21 12:43	2018-05-30	表示	GitHub Exploit DB Packet Storm

249692	9.8	CRITICAL ネットワーク	md4c_project	md4c	md4c 0.2.5 has a heap-based buffer over-read because md_is_named_entity_contents has an off-by-one error.	CWE-125 境界外読み取り	CVE-2018-11546	2024-11-21 12:43	2018-05-30	表示	GitHub Exploit DB Packet Storm

249693	9.8	CRITICAL ネットワーク	md4c_project	md4c	md4c 0.2.5 has a heap-based buffer overflow in md_merge_lines because md_is_link_label mishandles the case of a link label composed solely of backslash escapes.	CWE-787 境界外書き込み	CVE-2018-11545	2024-11-21 12:43	2018-05-30	表示	GitHub Exploit DB Packet Storm

249694	9.8	CRITICAL ネットワーク	theolivetree	ftp_server	The Olive Tree Ftp Server application 1.32 for Android has Insecure Data Storage because a username and password are stored in the /data/data/com.theolivetree.ftpserver/shared_prefs/com.theolivetree.…	CWE-522 認証情報の不十分な保護	CVE-2018-11544	2024-11-21 12:43	2018-05-30	表示	GitHub Exploit DB Packet Storm

249695	8.8	HIGH ネットワーク	jigowatt	php_login_\&_user_management	An arbitrary file upload vulnerability in /classes/profile.class.php in Jigowatt "PHP Login & User Management" before 4.1.1, as distributed in the Envato Market, allows any remote authenticated user …	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2018-11392	2024-11-21 12:43	2018-05-30	表示	GitHub Exploit DB Packet Storm

249696	9.8	CRITICAL ネットワーク	md4c_project	md4c	md4c before 0.2.5 has a heap-based buffer overflow because md_split_simple_pairing_mark mishandles splits.	CWE-787 境界外書き込み	CVE-2018-11536	2024-11-21 12:43	2018-05-29	表示	GitHub Exploit DB Packet Storm

249697	9.8	CRITICAL ネットワーク	sitemakin	slac	An issue was discovered in SITEMAKIN SLAC (Site Login and Access Control) v1.0. The parameter "my_item_search" in users.php is exploitable using SQL injection.	CWE-89 SQLインジェクション	CVE-2018-11535	2024-11-21 12:43	2018-05-29	表示	GitHub Exploit DB Packet Storm

249698	6.1	MEDIUM ネットワーク	changuondyu_advanced_statistics_project	changuondyu_advanced_statistics	An issue was discovered in the ChangUonDyU Advanced Statistics plugin 1.0.2 for MyBB. changstats.php has XSS, as demonstrated by a subject field.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11532	2024-11-21 12:43	2018-05-29	表示	GitHub Exploit DB Packet Storm

249699	9.8	CRITICAL ネットワーク	exiv2 debian canonical	exiv2 debian_linux ubuntu_linux	Exiv2 0.26 has a heap-based buffer overflow in getData in preview.cpp.	CWE-787 境界外書き込み	CVE-2018-11531	2024-11-21 12:43	2018-05-29	表示	GitHub Exploit DB Packet Storm

249700	9.8	CRITICAL ネットワーク	wuzhicms	wuzhi_cms	WUZHI CMS 4.1.0 has SQL Injection via an api/sms_check.php?param= URI.	CWE-89 SQLインジェクション	CVE-2018-11528	2024-11-21 12:43	2018-05-29	表示	GitHub Exploit DB Packet Storm