NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月11日5:13

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
249751	9.8	CRITICAL ネットワーク	liblouis canonical	liblouis ubuntu_linux	An issue was discovered in Liblouis 3.5.0. A invalid free in the compileRule function in compileTranslationTable.c allows remote attackers to cause a denial of service (application crash) or possibly…	CWE-416 解放済みメモリの使用	CVE-2018-11410	2024-11-21 12:43	2018-05-24	表示	GitHub Exploit DB Packet Storm

249752	8.8	HIGH ネットワーク	kliqqi	kliqqi_cms	Kliqqi 2.0.2 has CSRF in admin/admin_users.php.	CWE-352 同一生成元ポリシー違反	CVE-2018-11405	2024-11-21 12:43	2018-05-24	表示	GitHub Exploit DB Packet Storm

249753	6.1	MEDIUM ネットワーク	domainmod	domainmod	DomainMod v4.09.03 has XSS via the assets/edit/ssl-provider-account.php sslpaid parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11404	2024-11-21 12:43	2018-05-24	表示	GitHub Exploit DB Packet Storm

249754	5.4	MEDIUM ネットワーク	domainmod	domainmod	DomainMod v4.09.03 has XSS via the assets/edit/account-owner.php oid parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11403	2024-11-21 12:43	2018-05-24	表示	GitHub Exploit DB Packet Storm

249755	6.6	MEDIUM 物理	simplisafe	u9k-kp1000_firmware	SimpliSafe Original has Unencrypted Keypad Transmissions, which allows physically proximate attackers to discover the PIN.	CWE-319 重要な情報の平文での送信	CVE-2018-11402	2024-11-21 12:43	2018-05-24	表示	GitHub Exploit DB Packet Storm

249756	4.6	MEDIUM 物理	simplisafe	u9k-bs1000_firmware	In SimpliSafe Original, RF Interference (e.g., an extremely strong 433.92 MHz signal) by a physically proximate attacker does not cause a notification.	NVD-CWE-noinfo	CVE-2018-11401	2024-11-21 12:43	2018-05-24	表示	GitHub Exploit DB Packet Storm

249757	4.6	MEDIUM 物理	simplisafe	u9k-bs1000_firmware	In SimpliSafe Original, the Base Station fails to detect tamper attempts: it does not send a notification if a physically proximate attacker removes the battery and external power.	NVD-CWE-noinfo	CVE-2018-11400	2024-11-21 12:43	2018-05-24	表示	GitHub Exploit DB Packet Storm

249758	4.3	MEDIUM 物理	simplisafe	u9k-es1000_firmware u9k-kr1_firmware u9k-ms1000_firmware u9k-wt1000_firmware	SimpliSafe Original has Unencrypted Sensor Transmissions, which allows physically proximate attackers to obtain potentially sensitive information about the specific times when alarm-system events occ…	CWE-319 重要な情報の平文での送信	CVE-2018-11399	2024-11-21 12:43	2018-05-24	表示	GitHub Exploit DB Packet Storm

249759	7.5	HIGH ネットワーク	gnome	epiphany	ephy-session.c in libephymain.so in GNOME Web (aka Epiphany) through 3.28.2.1 allows remote attackers to cause a denial of service (application crash) via JavaScript code that triggers access to a NU…	NVD-CWE-noinfo	CVE-2018-11396	2024-11-21 12:43	2018-05-23	表示	GitHub Exploit DB Packet Storm

249760	7.8	HIGH ローカル	windscribe	windscribe	Windscribe 1.81 creates a named pipe with a NULL DACL that allows Everyone users to gain privileges or cause a denial of service via \\.\pipe\WindscribeService.	CWE-732 重要なリソースに対する不適切なパーミッションの割り当て	CVE-2018-11334	2024-11-21 12:43	2018-05-23	表示	GitHub Exploit DB Packet Storm

249761	7.5	HIGH ネットワーク	wireshark debian	wireshark debian_linux	In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LDSS dissector could crash. This was addressed in epan/dissectors/packet-ldss.c by avoiding a buffer over-read upon encountering a missing…	CWE-125 境界外読み取り	CVE-2018-11362	2024-11-21 12:43	2018-05-23	表示	GitHub Exploit DB Packet Storm

249762	7.5	HIGH ネットワーク	wireshark	wireshark	In Wireshark 2.6.0, the IEEE 802.11 protocol dissector could crash. This was addressed in epan/crypt/dot11decrypt.c by avoiding a buffer overflow during FTE processing in Dot11DecryptTDLSDeriveKey.	CWE-119 バッファエラー	CVE-2018-11361	2024-11-21 12:43	2018-05-23	表示	GitHub Exploit DB Packet Storm

249763	7.5	HIGH ネットワーク	wireshark debian	wireshark debian_linux	In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the GSM A DTAP dissector could crash. This was addressed in epan/dissectors/packet-gsm_a_dtap.c by fixing an off-by-one error that caused a bu…	CWE-119 バッファエラー	CVE-2018-11360	2024-11-21 12:43	2018-05-23	表示	GitHub Exploit DB Packet Storm

249764	7.5	HIGH ネットワーク	wireshark debian	wireshark debian_linux	In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the RRC dissector and other dissectors could crash. This was addressed in epan/proto.c by avoiding a NULL pointer dereference.	CWE-476 NULL ポインタデリファレンス	CVE-2018-11359	2024-11-21 12:43	2018-05-23	表示	GitHub Exploit DB Packet Storm

249765	7.5	HIGH ネットワーク	wireshark debian	wireshark debian_linux	In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the Q.931 dissector could crash. This was addressed in epan/dissectors/packet-q931.c by avoiding a use-after-free after a malformed packet pre…	CWE-416 解放済みメモリの使用	CVE-2018-11358	2024-11-21 12:43	2018-05-23	表示	GitHub Exploit DB Packet Storm

249766	7.5	HIGH ネットワーク	wireshark debian	wireshark debian_linux	In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the LTP dissector and other dissectors could consume excessive memory. This was addressed in epan/tvbuff.c by rejecting negative lengths.	CWE-20 不適切な入力確認	CVE-2018-11357	2024-11-21 12:43	2018-05-23	表示	GitHub Exploit DB Packet Storm

249767	7.5	HIGH ネットワーク	wireshark debian	wireshark debian_linux	In Wireshark 2.6.0, 2.4.0 to 2.4.6, and 2.2.0 to 2.2.14, the DNS dissector could crash. This was addressed in epan/dissectors/packet-dns.c by avoiding a NULL pointer dereference for an empty name in …	CWE-476 NULL ポインタデリファレンス	CVE-2018-11356	2024-11-21 12:43	2018-05-23	表示	GitHub Exploit DB Packet Storm

249768	7.5	HIGH ネットワーク	wireshark	wireshark	In Wireshark 2.6.0, the RTCP dissector could crash. This was addressed in epan/dissectors/packet-rtcp.c by avoiding a buffer overflow for packet status chunks.	CWE-119 バッファエラー	CVE-2018-11355	2024-11-21 12:43	2018-05-23	表示	GitHub Exploit DB Packet Storm

249769	7.5	HIGH ネットワーク	wireshark	wireshark	In Wireshark 2.6.0, the IEEE 1905.1a dissector could crash. This was addressed in epan/dissectors/packet-ieee1905.c by making a certain correction to string handling.	CWE-20 不適切な入力確認	CVE-2018-11354	2024-11-21 12:43	2018-05-23	表示	GitHub Exploit DB Packet Storm

249770	5.5	MEDIUM ローカル	radare	radare2	The sh_op() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file.	CWE-125 境界外読み取り	CVE-2018-11384	2024-11-21 12:43	2018-05-23	表示	GitHub Exploit DB Packet Storm

249771	5.5	MEDIUM ローカル	radare	radare2	The r_strbuf_fini() function in radare2 2.5.0 allows remote attackers to cause a denial of service (invalid free and application crash) via a crafted ELF file because of an uninitialized variable in …	CWE-908 初期化されていないリソースの使用	CVE-2018-11383	2024-11-21 12:43	2018-05-23	表示	GitHub Exploit DB Packet Storm

249772	5.5	MEDIUM ローカル	radare	radare2	The _inst__sts() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.	CWE-125 境界外読み取り	CVE-2018-11382	2024-11-21 12:43	2018-05-23	表示	GitHub Exploit DB Packet Storm

249773	5.5	MEDIUM ローカル	radare	radare2	The string_scan_range() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.	CWE-125 境界外読み取り	CVE-2018-11381	2024-11-21 12:43	2018-05-23	表示	GitHub Exploit DB Packet Storm

249774	5.5	MEDIUM ローカル	radare	radare2	The parse_import_ptr() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted Mach-O file.	CWE-125 境界外読み取り	CVE-2018-11380	2024-11-21 12:43	2018-05-23	表示	GitHub Exploit DB Packet Storm

249775	5.5	MEDIUM ローカル	radare	radare2	The get_debug_info() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted PE file.	CWE-125 境界外読み取り	CVE-2018-11379	2024-11-21 12:43	2018-05-23	表示	GitHub Exploit DB Packet Storm

249776	7.8	HIGH ローカル	radare	radare2	The wasm_dis() function in libr/asm/arch/wasm/wasm.c in or possibly have unspecified other impact via a crafted WASM file.	CWE-119 バッファエラー	CVE-2018-11378	2024-11-21 12:43	2018-05-23	表示	GitHub Exploit DB Packet Storm

249777	5.5	MEDIUM ローカル	radare	radare2	The avr_op_analyze() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.	CWE-125 境界外読み取り	CVE-2018-11377	2024-11-21 12:43	2018-05-23	表示	GitHub Exploit DB Packet Storm

249778	5.5	MEDIUM ローカル	radare	radare2	The r_read_le32() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted ELF file.	CWE-125 境界外読み取り	CVE-2018-11376	2024-11-21 12:43	2018-05-23	表示	GitHub Exploit DB Packet Storm

249779	5.5	MEDIUM ローカル	radare	radare2	The _inst__lds() function in radare2 2.5.0 allows remote attackers to cause a denial of service (heap-based out-of-bounds read and application crash) via a crafted binary file.	CWE-125 境界外読み取り	CVE-2018-11375	2024-11-21 12:43	2018-05-23	表示	GitHub Exploit DB Packet Storm

249780	9.8	CRITICAL ネットワーク	iscripts	eswap	iScripts eSwap v2.4 has SQL injection via the "salelistdetailed.php" User Panel ToId parameter.	CWE-89 SQLインジェクション	CVE-2018-11373	2024-11-21 12:43	2018-05-23	表示	GitHub Exploit DB Packet Storm

249781	9.8	CRITICAL ネットワーク	iscripts	eswap	iScripts eSwap v2.4 has SQL injection via the wishlistdetailed.php User Panel ToId parameter.	CWE-89 SQLインジェクション	CVE-2018-11372	2024-11-21 12:43	2018-05-23	表示	GitHub Exploit DB Packet Storm

249782	8.8	HIGH ネットワーク	skycaiji	skycaiji	SkyCaiji 1.2 allows CSRF to add an Administrator user.	CWE-352 同一生成元ポリシー違反	CVE-2018-11371	2024-11-21 12:43	2018-05-23	表示	GitHub Exploit DB Packet Storm

249783	9.8	CRITICAL ネットワーク	pbootcms	pbootcms	An issue was discovered in PbootCMS v1.0.9. There is a SQL Injection that can get important information from the database via the \apps\home\controller\ParserController.php scode parameter.	CWE-89 SQLインジェクション	CVE-2018-11369	2024-11-21 12:43	2018-05-23	表示	GitHub Exploit DB Packet Storm

249784	4.7	MEDIUM ネットワーク	joomla	joomla\!	An issue was discovered in Joomla! Core before 3.8.8. Under specific circumstances (a redirect issued with a URI containing a username and password when the Location: header cannot be used), a lack o…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11328	2024-11-21 12:43	2018-05-23	表示	GitHub Exploit DB Packet Storm

249785	4.3	MEDIUM ネットワーク	joomla	joomla\!	An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to see the names of tags that were either unpublished or published with restricted view permission.	CWE-200 情報漏えい	CVE-2018-11327	2024-11-21 12:43	2018-05-23	表示	GitHub Exploit DB Packet Storm

249786	4.8	MEDIUM ネットワーク	joomla	joomla\!	An issue was discovered in Joomla! Core before 3.8.8. Inadequate input filtering leads to a multiple XSS vulnerabilities. Additionally, the default filtering settings could potentially allow users of…	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11326	2024-11-21 12:43	2018-05-23	表示	GitHub Exploit DB Packet Storm

249787	9.8	CRITICAL ネットワーク	joomla	joomla\!	An issue was discovered in Joomla! Core before 3.8.8. The web install application would autofill password fields after either a form validation error or navigating to a previous install step, and dis…	CWE-209 エラーメッセージによる情報漏えい	CVE-2018-11325	2024-11-21 12:43	2018-05-23	表示	GitHub Exploit DB Packet Storm

249788	5.9	MEDIUM ネットワーク	joomla	joomla\!	An issue was discovered in Joomla! Core before 3.8.8. A long running background process, such as remote checks for core or extension updates, could create a race condition where a session that was ex…	CWE-362 競合状態	CVE-2018-11324	2024-11-21 12:43	2018-05-23	表示	GitHub Exploit DB Packet Storm

249789	8.8	HIGH ネットワーク	joomla	joomla\!	An issue was discovered in Joomla! Core before 3.8.8. Inadequate checks allowed users to modify the access levels of user groups with higher permissions.	CWE-269 不適切な権限管理	CVE-2018-11323	2024-11-21 12:43	2018-05-23	表示	GitHub Exploit DB Packet Storm

249790	7.5	HIGH ネットワーク	joomla	joomla\!	An issue was discovered in Joomla! Core before 3.8.8. Depending on the server configuration, PHAR files might be handled as executable PHP scripts by the webserver.	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2018-11322	2024-11-21 12:43	2018-05-23	表示	GitHub Exploit DB Packet Storm

249791	6.5	MEDIUM ネットワーク	joomla	joomla\!	An issue was discovered in com_fields in Joomla! Core before 3.8.8. Inadequate filtering allows users authorised to create custom fields to manipulate the filtering options and inject an unvalidated …	CWE-20 不適切な入力確認	CVE-2018-11321	2024-11-21 12:43	2018-05-23	表示	GitHub Exploit DB Packet Storm

249792	7.5	HIGH ネットワーク	cppcms	cppcms	An issue was discovered in CppCMS before 1.2.1. There is a denial of service in the JSON parser module.	CWE-20 不適切な入力確認	CVE-2018-11367	2024-11-21 12:43	2018-05-22	表示	GitHub Exploit DB Packet Storm

249793	6.1	MEDIUM ネットワーク	loginizer	loginizer	init.php in the Loginizer plugin 1.3.8 through 1.3.9 for WordPress has Unauthenticated Stored Cross-Site Scripting (XSS) because logging is mishandled. This is fixed in 1.4.0.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11366	2024-11-21 12:43	2018-05-22	表示	GitHub Exploit DB Packet Storm

249794	7.5	HIGH ネットワーク	pdfgen	pdfgen	jpeg_size in pdfgen.c in PDFGen before 2018-04-09 has a heap-based buffer over-read.	CWE-125 境界外読み取り	CVE-2018-11363	2024-11-21 12:43	2018-05-22	表示	GitHub Exploit DB Packet Storm

249795	4.3	MEDIUM ネットワーク	asustor	as6202t_firmware	An insecure direct object reference vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows the ability to reference the "download_sys_settings" action and then specify files arbitrari…	CWE-425 リクエストの直接送信	CVE-2018-11346	2024-11-21 12:43	2018-05-22	表示	GitHub Exploit DB Packet Storm

249796	8.8	HIGH ネットワーク	asustor	as6202t_firmware	An unrestricted file upload vulnerability in upload.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data via the POST parameter filename. This can be used to place attacker …	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2018-11345	2024-11-21 12:43	2018-05-22	表示	GitHub Exploit DB Packet Storm

249797	6.5	MEDIUM ネットワーク	asustor	as6202t_firmware	A path traversal vulnerability in download.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a file on the system to download via the file1 parameter.	CWE-22 パス・トラバーサル	CVE-2018-11344	2024-11-21 12:43	2018-05-22	表示	GitHub Exploit DB Packet Storm

249798	5.4	MEDIUM ネットワーク	asustor	soundsgood	A persistent cross site scripting vulnerability in playlistmanger.cgi in the ASUSTOR SoundsGood application allows attackers to store cross site scripting payloads via the 'playlist' POST parameter.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11343	2024-11-21 12:43	2018-05-22	表示	GitHub Exploit DB Packet Storm

249799	4.3	MEDIUM ネットワーク	asustor	as6202t_firmware	A path traversal vulnerability in fileExplorer.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to arbitrarily specify a path to a file on the system to create folders via the dest_folder param…	CWE-22 パス・トラバーサル	CVE-2018-11342	2024-11-21 12:43	2018-05-22	表示	GitHub Exploit DB Packet Storm

249800	7.2	HIGH ネットワーク	asustor	as6202t_firmware	Directory traversal in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to navigate the file system via the filename parameter.	CWE-22 パス・トラバーサル	CVE-2018-11341	2024-11-21 12:43	2018-05-22	表示	GitHub Exploit DB Packet Storm