NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月11日5:13

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
249701	8.8	HIGH ネットワーク	cscms_project	cscms	An issue was discovered in CScms v4.1. A Cross-site request forgery (CSRF) vulnerability in plugins/sys/admin/Sys.php allows remote attackers to change the administrator's username and password via /…	CWE-352 同一生成元ポリシー違反	CVE-2018-11527	2024-11-21 12:43	2018-05-29	表示	GitHub Exploit DB Packet Storm

249702	9.8	CRITICAL ネットワーク	nuuo	nvrmini_2_firmware	upload.php on NUUO NVRmini 2 devices allows Arbitrary File Upload, such as upload of .php files.	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2018-11523	2024-11-21 12:43	2018-05-29	表示	GitHub Exploit DB Packet Storm

249703	7.5	HIGH ネットワーク	dtsearch	dtsearch	A stack exhaustion vulnerability in the search function of dtSearch 7.90.8538.1 and prior allows remote attackers to cause a denial of service condition by sending a specially crafted HTTP request.	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2018-11488	2024-11-21 12:43	2018-05-29	表示	GitHub Exploit DB Packet Storm

249704	5.3	MEDIUM ネットワーク	myscada	mypro	mySCADA myPRO 7 allows remote attackers to discover all ProjectIDs in a project by sending all of the prj parameter values from 870000 to 875000 in t=0&rq=0 requests to TCP port 11010.	CWE-200 情報漏えい	CVE-2018-11517	2024-11-21 12:43	2018-05-29	表示	GitHub Exploit DB Packet Storm

249705	8.8	HIGH ネットワーク	videolan	vlc_media_player	The vlc_demux_chained_Delete function in input/demux_chained.c in VideoLAN VLC media player 3.0.1 allows remote attackers to cause a denial of service (heap corruption and application crash) or possi…	CWE-416 解放済みメモリの使用	CVE-2018-11516	2024-11-21 12:43	2018-05-29	表示	GitHub Exploit DB Packet Storm

249706	5.4	MEDIUM ネットワーク	moderator_log_notes_project	moderator_log_notes	An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. The XSS is located in the mod notes textarea.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11430	2024-11-21 12:43	2018-05-29	表示	GitHub Exploit DB Packet Storm

249707	9.8	CRITICAL ネットワーク	membermouse	membermouse	Blind SQL injection in coupon_code in the MemberMouse plugin 2.2.8 and prior for WordPress allows an unauthenticated attacker to dump the WordPress MySQL database via an applyCoupon action in an admi…	CWE-89 SQLインジェクション	CVE-2018-11309	2024-11-21 12:43	2018-05-29	表示	GitHub Exploit DB Packet Storm

249708	9.8	CRITICAL ネットワーク	gvectors	wpforo	The wpForo plugin through 2018-02-05 for WordPress has SQL Injection via a search with the /forum/ wpfo parameter.	CWE-89 SQLインジェクション	CVE-2018-11515	2024-11-21 12:43	2018-05-28	表示	GitHub Exploit DB Packet Storm

249709	8.8	HIGH ネットワーク	naukri_clone_script_project	naukri_clone_script	PHP Scripts Mall Naukri Clone Script through 3.0.3 allows Unrestricted Upload of a File with a Dangerous Type in edit_resume_det.php, as demonstrated by changing .docx to .php.	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2018-11514	2024-11-21 12:43	2018-05-28	表示	GitHub Exploit DB Packet Storm

249710	4.8	MEDIUM ネットワーク	creatiwity	witycms	Stored cross-site scripting (XSS) vulnerability in the "Website's name" field found in the "Settings" page under the "General" menu in Creatiwity wityCMS 0.6.1 allows remote attackers to inject arbit…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11512	2024-11-21 12:43	2018-05-28	表示	GitHub Exploit DB Packet Storm

249711	5.5	MEDIUM ローカル	linux canonical	linux_kernel ubuntu_linux	The compat_get_timex function in kernel/compat.c in the Linux kernel before 4.16.9 allows local users to obtain sensitive information from kernel memory via adjtimex.	CWE-200 情報漏えい	CVE-2018-11508	2024-11-21 12:43	2018-05-28	表示	GitHub Exploit DB Packet Storm

249712	6.5	MEDIUM ネットワーク	flif	flif	An issue was discovered in Free Lossless Image Format (FLIF) 0.3. An attacker can trigger a long loop in image_load_pnm in image/image-pnm.cpp.	CWE-834 過度なイテレーション	CVE-2018-11507	2024-11-21 12:43	2018-05-28	表示	GitHub Exploit DB Packet Storm

249713	7.8	HIGH ローカル	linux canonical debian	linux_kernel ubuntu_linux debian_linux	The sr_do_ioctl function in drivers/scsi/sr_ioctl.c in the Linux kernel through 4.16.12 allows local users to cause a denial of service (stack-based buffer overflow) or possibly have unspecified othe…	CWE-787 境界外書き込み	CVE-2018-11506	2024-11-21 12:43	2018-05-28	表示	GitHub Exploit DB Packet Storm

249714	7.5	HIGH ネットワーク	werewolf_online_project	werewolf_online	The Werewolf Online application 0.8.8 for Android allows attackers to discover the Firebase token by reading logcat output.	CWE-200 情報漏えい	CVE-2018-11505	2024-11-21 12:43	2018-05-27	表示	GitHub Exploit DB Packet Storm

249715	5.5	MEDIUM ローカル	discount_project debian	discount debian_linux	The islist function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2htm…	CWE-125 境界外読み取り	CVE-2018-11504	2024-11-21 12:43	2018-05-27	表示	GitHub Exploit DB Packet Storm

249716	5.5	MEDIUM ローカル	discount_project debian	discount debian_linux	The isfootnote function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd…	CWE-125 境界外読み取り	CVE-2018-11503	2024-11-21 12:43	2018-05-27	表示	GitHub Exploit DB Packet Storm

249717	8.8	HIGH ネットワーク	website_seller_script_project	website_seller_script	PHP Scripts Mall Website Seller Script 2.0.3 has CSRF via user_submit.php?upd=2, with resultant XSS.	CWE-352 CWE-79 同一生成元ポリシー違反クロスサイト・スクリプティング（XSS）	CVE-2018-11501	2024-11-21 12:43	2018-05-27	表示	GitHub Exploit DB Packet Storm

249718	8.8	HIGH ネットワーク	publiccms	publiccms	An issue was discovered in PublicCMS V4.0.20180210. There is a CSRF vulnerability in "admin/sysUser/save.do?callbackType=closeCurrent&navTabId=sysUser/list" that can add an admin account.	CWE-352 同一生成元ポリシー違反	CVE-2018-11500	2024-11-21 12:43	2018-05-27	表示	GitHub Exploit DB Packet Storm

249719	9.8	CRITICAL ネットワーク	sass-lang	libsass	A use-after-free vulnerability exists in handle_error() in sass_context.cpp in LibSass 3.4.x and 3.5.x through 3.5.4 that could be leveraged to cause a denial of service (application crash) or possib…	CWE-416 解放済みメモリの使用	CVE-2018-11499	2024-11-21 12:43	2018-05-27	表示	GitHub Exploit DB Packet Storm

249720	7.8	HIGH ローカル	lizard_project	lz5 lizard	In Lizard v1.0 and LZ5 v2.0 (the prior release, before the product was renamed), there is an unchecked buffer size during a memcpy in the Lizard_decompress_LIZv1 function (lib/lizard_decompress_liz.h…	CWE-119 バッファエラー	CVE-2018-11498	2024-11-21 12:43	2018-05-27	表示	GitHub Exploit DB Packet Storm

249721	6.5	MEDIUM ネットワーク	long_range_zip_project debian	long_range_zip debian_linux	In Long Range Zip (aka lrzip) 0.631, there is a use-after-free in read_stream in stream.c, because decompress_file in lrzip.c lacks certain size validation.	CWE-416 解放済みメモリの使用	CVE-2018-11496	2024-11-21 12:43	2018-05-27	表示	GitHub Exploit DB Packet Storm

249722	4.9	MEDIUM ネットワーク	opencart	opencart	OpenCart through 3.0.2.0 allows directory traversal in the editDownload function in admin\model\catalog\download.php via admin/index.php?route=catalog/download/edit, related to the download_id. For e…	CWE-22 パス・トラバーサル	CVE-2018-11495	2024-11-21 12:43	2018-05-27	表示	GitHub Exploit DB Packet Storm

249723	8.0	HIGH ネットワーク	opencart	opencart	The "program extension upload" feature in OpenCart through 3.0.2.0 has a six-step process (upload, install, unzip, move, xml, remove) that allows attackers to execute arbitrary code if the remove ste…	CWE-22 CWE-434 パス・トラバーサル危険なタイプのファイルの無制限アップロード	CVE-2018-11494	2024-11-21 12:43	2018-05-27	表示	GitHub Exploit DB Packet Storm

249724	8.8	HIGH ネットワーク	wuzhicms	wuzhi_cms	An issue was discovered in WUZHI CMS 4.1.0. There is a CSRF vulnerability that can add a friendship link via index.php?m=link&f=index&v=add.	CWE-352 同一生成元ポリシー違反	CVE-2018-11493	2024-11-21 12:43	2018-05-27	表示	GitHub Exploit DB Packet Storm

249725	8.8	HIGH ネットワーク	sam2p_project giflib_project debian canonical	sam2p giflib debian_linux ubuntu_linux	The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain "Private->RunningCode …	CWE-787 CWE-129 境界外書き込み配列インデックスの不適切な検証	CVE-2018-11490	2024-11-21 12:43	2018-05-27	表示	GitHub Exploit DB Packet Storm

249726	8.8	HIGH ネットワーク	sam2p_project giflib_project	sam2p giflib	The DGifDecompressLine function in dgif_lib.c in GIFLIB (possibly version 3.0.x), as later shipped in cgif.c in sam2p 0.49.4, has a heap-based buffer overflow because a certain CrntCode array index i…	CWE-787 CWE-129 境界外書き込み配列インデックスの不適切な検証	CVE-2018-11489	2024-11-21 12:43	2018-05-27	表示	GitHub Exploit DB Packet Storm

249727	6.1	MEDIUM ネットワーク	phpmywind	phpmywind	PHPMyWind 5.5 has XSS via the cid parameter to newsshow.php, or the query string to news.php or about.php.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11487	2024-11-21 12:43	2018-05-27	表示	GitHub Exploit DB Packet Storm

249728	8.0	HIGH ネットワーク	monstra	monstra	Monstra CMS 3.0.4 has a Session Management Issue in the Users tab. A password change at users/1/edit does not invalidate a session that is open in a different browser.	CWE-384 セッションの固定化	CVE-2018-11475	2024-11-21 12:43	2018-05-26	表示	GitHub Exploit DB Packet Storm

249729	8.0	HIGH ネットワーク	monstra	monstra	Monstra CMS 3.0.4 has a Session Management Issue in the Administrations Tab. A password change at admin/index.php?id=users&action=edit&user_id=1 does not invalidate a session that is open in a differ…	CWE-384 セッションの固定化	CVE-2018-11474	2024-11-21 12:43	2018-05-26	表示	GitHub Exploit DB Packet Storm

249730	7.8	HIGH ローカル	windscribe	windscribe	The VPN component in Windscribe 1.81 uses the OpenVPN client for connections. Also, it creates a WindScribeService.exe system process that establishes a \\.\pipe\WindscribeService named pipe endpoint…	CWE-20 不適切な入力確認	CVE-2018-11479	2024-11-21 12:43	2018-05-26	表示	GitHub Exploit DB Packet Storm

249731	6.1	MEDIUM ネットワーク	monstra	monstra	Monstra CMS 3.0.4 has XSS in the registration Form (i.e., the login parameter to users/registration).	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11473	2024-11-21 12:43	2018-05-26	表示	GitHub Exploit DB Packet Storm

249732	6.1	MEDIUM ネットワーク	monstra	monstra	Monstra CMS 3.0.4 has Reflected XSS during Login (i.e., the login parameter to admin/index.php).	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11472	2024-11-21 12:43	2018-05-26	表示	GitHub Exploit DB Packet Storm

249733	5.4	MEDIUM ネットワーク	getcockpit	cockpit	Cockpit 0.5.5 has XSS via a collection, form, or region.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11471	2024-11-21 12:43	2018-05-26	表示	GitHub Exploit DB Packet Storm

249734	8.8	HIGH ネットワーク	iscripts	eswap	iScripts eSwap v2.4 has SQL injection via the "search.php" 'Told' parameter in the User Panel.	CWE-89 SQLインジェクション	CVE-2018-11470	2024-11-21 12:43	2018-05-25	表示	GitHub Exploit DB Packet Storm

249735	5.9	MEDIUM ネットワーク	haproxy canonical	haproxy ubuntu_linux	Incorrect caching of responses to requests including an Authorization header in HAProxy 1.8.0 through 1.8.9 (if cache enabled) allows attackers to achieve information disclosure via an unauthenticate…	CWE-200 情報漏えい	CVE-2018-11469	2024-11-21 12:43	2018-05-25	表示	GitHub Exploit DB Packet Storm

249736	5.5	MEDIUM ローカル	discount_project debian	discount debian_linux	The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by m…	CWE-125 境界外読み取り	CVE-2018-11468	2024-11-21 12:43	2018-05-25	表示	GitHub Exploit DB Packet Storm

249737	8.8	HIGH ネットワーク	easyservice_billing_project	easyservice_billing	A CSRF issue was discovered on the User Add/System Settings Page (system-settings-user-new2.php) in EasyService Billing 1.0. A User can be added with the Admin role.	CWE-352 同一生成元ポリシー違反	CVE-2018-11445	2024-11-21 12:43	2018-05-25	表示	GitHub Exploit DB Packet Storm

249738	9.8	CRITICAL ネットワーク	easyservice_billing_project	easyservice_billing	A SQL Injection issue was observed in the parameter "q" in jobcard-ongoing.php in EasyService Billing 1.0.	CWE-89 SQLインジェクション	CVE-2018-11444	2024-11-21 12:43	2018-05-25	表示	GitHub Exploit DB Packet Storm

249739	6.1	MEDIUM ネットワーク	easyservice_billing_project	easyservice_billing	The parameter q is affected by Cross-site Scripting in jobcard-ongoing.php in EasyService Billing 1.0.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11443	2024-11-21 12:43	2018-05-25	表示	GitHub Exploit DB Packet Storm

249740	8.8	HIGH ネットワーク	easyservice_billing_project	easyservice_billing	A CSRF issue was discovered in EasyService Billing 1.0, which was triggered via a quotation-new3-new2.php?add=true&id= URI, as demonstrated by adding a new quotation.	CWE-352 同一生成元ポリシー違反	CVE-2018-11442	2024-11-21 12:43	2018-05-25	表示	GitHub Exploit DB Packet Storm

249741	8.8	HIGH ネットワーク	liblouis canonical opensuse	liblouis ubuntu_linux leap	Liblouis 3.5.0 has a stack-based Buffer Overflow in the function parseChars in compileTranslationTable.c.	CWE-787 境界外書き込み	CVE-2018-11440	2024-11-21 12:43	2018-05-25	表示	GitHub Exploit DB Packet Storm

249742	9.8	CRITICAL ネットワーク	jerryscript	jerryscript	An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_hex function via a RegExp("[\\u0") payload, related to re_parse_char_class in parser/…	CWE-125 境界外読み取り	CVE-2018-11419	2024-11-21 12:43	2018-05-25	表示	GitHub Exploit DB Packet Storm

249743	9.8	CRITICAL ネットワーク	jerryscript	jerryscript	An issue was discovered in JerryScript 1.0. There is a heap-based buffer over-read in the lit_read_code_unit_from_utf8 function via a RegExp("[\\u0020") payload, related to re_parse_char_class in par…	CWE-125 境界外読み取り	CVE-2018-11418	2024-11-21 12:43	2018-05-25	表示	GitHub Exploit DB Packet Storm

249744	8.8	HIGH ネットワーク	jpegoptim_project	jpegoptim	jpegoptim.c in jpegoptim 1.4.5 (fixed in 1.4.6) has an invalid use of realloc() and free(), which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified…	CWE-415 二重解放	CVE-2018-11416	2024-11-21 12:43	2018-05-25	表示	GitHub Exploit DB Packet Storm

249745	6.1	MEDIUM ネットワーク	sap	internet_transaction_server	SAP Internet Transaction Server (ITS) 6200.X.X has Reflected Cross Site Scripting (XSS) via certain wgate URIs. NOTE: the vendor has reportedly indicated that there will not be any further releases o…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11415	2024-11-21 12:43	2018-05-25	表示	GitHub Exploit DB Packet Storm

249746	8.8	HIGH ネットワーク	bearadmin_project	bearadmin	An issue was discovered in BearAdmin 0.5. There is admin/admin_log/index.html?user_id= SQL injection because admin\controller\AdminLog.php constructs a MySQL query improperly.	CWE-89 SQLインジェクション	CVE-2018-11414	2024-11-21 12:43	2018-05-25	表示	GitHub Exploit DB Packet Storm

249747	6.5	MEDIUM ネットワーク	bearadmin_project	bearadmin	An issue was discovered in BearAdmin 0.5. Remote attackers can download arbitrary files via /admin/databack/download.html?name= directory traversal sequences, as demonstrated by name=../application/d…	CWE-22 パス・トラバーサル	CVE-2018-11413	2024-11-21 12:43	2018-05-25	表示	GitHub Exploit DB Packet Storm

249748	5.9	MEDIUM ネットワーク	linux canonical	linux_kernel ubuntu_linux	In the Linux kernel 4.13 through 4.16.11, ext4_read_inline_data() in fs/ext4/inline.c performs a memcpy with an untrusted length value in certain circumstances involving a crafted filesystem that sto…	CWE-416 解放済みメモリの使用	CVE-2018-11412	2024-11-21 12:43	2018-05-25	表示	GitHub Exploit DB Packet Storm

249749	4.8	MEDIUM ネットワーク	clippercms	clippercms	Stored cross-site scripting (XSS) vulnerability in the "Site Name" field found in the "site" tab under configurations in ClipperCMS 1.3.3 allows remote attackers to inject arbitrary web script or HTM…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11332	2024-11-21 12:43	2018-05-25	表示	GitHub Exploit DB Packet Storm

249750	7.5	HIGH ネットワーク	dimoncoin	dimoncoin	The transferFrom function of a smart contract implementation for DimonCoin (FUD), an Ethereum ERC20 token, allows attackers to steal assets (e.g., transfer all victims' balances into their account) b…	CWE-20 不適切な入力確認	CVE-2018-11411	2024-11-21 12:43	2018-05-24	表示	GitHub Exploit DB Packet Storm