NVD脆弱性情報トップ

検索メニュー表示

ベンダー名
プロダクト・サービス名
タイトル
CVE
CRITICAL
HIGH
MEDIUM
LOW
CWE
公表日降順
更新日降順
表示数

NVD（National Vulnerability Database）で管理されている脆弱性の一覧を検索することが出来ます。
JVN（Japan Vulnerability Note）より先に脆弱性情報が更新される事が多いため、JVNに未記載の脆弱性が更新されている場合があります。

JVN（Japan Vulnerability Note）に関連した脆弱性がある場合は詳細画面で情報を表示します。

CWEで検索する場合は、CWE概要を参照して、CWE番号を確認してください。

CRITICAL
HIGH
MEDIUM
LOW

更新日:2026年6月11日5:13

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日	影響表示	Exploit PoC 検索
249801	7.2	HIGH ネットワーク	asustor	as6202t_firmware	An unrestricted file upload vulnerability in importuser.cgi in ASUSTOR AS6202T ADM 3.1.0.RFQ3 allows attackers to upload supplied data to a specified filename. This can be used to place attacker cont…	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2018-11340	2024-11-21 12:43	2018-05-22	表示	GitHub Exploit DB Packet Storm

249802	6.1	MEDIUM ネットワーク	frappe	erpnext	An XSS issue was discovered in Frappe ERPNext v11.x.x-develop b1036e5 via a comment.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11339	2024-11-21 12:43	2018-05-22	表示	GitHub Exploit DB Packet Storm

249803	9.8	CRITICAL ネットワーク	pluck-cms	pluck	An issue was discovered in Pluck before 4.7.6. Remote PHP code execution is possible because the set of disallowed filetypes for uploads in missing some applicable ones such as .phtml and .htaccess.	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2018-11331	2024-11-21 12:43	2018-05-22	表示	GitHub Exploit DB Packet Storm

249804	4.8	MEDIUM ネットワーク	pluck-cms	pluck	An issue was discovered in Pluck before 4.7.6. There is authenticated stored XSS because the character set for filenames is not properly restricted.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11330	2024-11-21 12:43	2018-05-22	表示	GitHub Exploit DB Packet Storm

249805	7.5	HIGH ネットワーク	ethercartel	ether_cartel	The DrugDealer function of a smart contract implementation for Ether Cartel, an Ethereum game, allows attackers to take over the contract's ownership, aka ceoAnyone. After that, all the digital asset…	NVD-CWE-noinfo	CVE-2018-11329	2024-11-21 12:43	2018-05-22	表示	GitHub Exploit DB Packet Storm

249806	7.5	HIGH ネットワーク	wizardmac	readstat	sas/readstat_sas7bcat_read.c in libreadstat.a in ReadStat 0.1.1 has an infinite loop.	CWE-835 無限ループ	CVE-2018-11365	2024-11-21 12:43	2018-05-22	表示	GitHub Exploit DB Packet Storm

249807	7.5	HIGH ネットワーク	wizardmac	readstat	sav_parse_machine_integer_info_record in spss/readstat_sav_read.c in libreadstat.a in ReadStat 0.1.1 has a memory leak related to an iconv_open call.	CWE-772 有効なライフタイム後のリソースの解放の欠如	CVE-2018-11364	2024-11-21 12:43	2018-05-22	表示	GitHub Exploit DB Packet Storm

249808	9.8	CRITICAL ネットワーク	octopus	octopus_server	In Octopus Deploy 2018.4.4 through 2018.5.1, Octopus variables that are sourced from the target do not have sensitive values obfuscated in the deployment logs.	CWE-532 ログファイルからの情報漏えい	CVE-2018-11320	2024-11-21 12:43	2018-05-21	表示	GitHub Exploit DB Packet Storm

249809	9.1	CRITICAL ネットワーク	myscada	mypro	A hardcoded FTP username of myscada and password of Vikuk63 in 'myscadagate.exe' in mySCADA myPRO 7 allows remote attackers to access the FTP server on port 2121, and upload files or list directories…	CWE-798 ハードコードされた認証情報の使用	CVE-2018-11311	2024-11-21 12:43	2018-05-21	表示	GitHub Exploit DB Packet Storm

249810	7.5	HIGH ネットワーク	syntastic_project debian	syntastic debian_linux	Syntastic (aka vim-syntastic) through 3.9.0 does not properly handle searches for configuration files (it searches the current directory up to potentially the root). This improper handling might be e…	CWE-22 パス・トラバーサル	CVE-2018-11319	2024-11-21 12:43	2018-05-21	表示	GitHub Exploit DB Packet Storm

249811	6.5	MEDIUM 隣接	radiothermostat	ct50_firmware ct80_firmware	The Local HTTP API in Radio Thermostat CT50 and CT80 1.04.84 and below products allows unauthorized access via a DNS rebinding attack. This can result in remote device temperature control, as demonst…	CWE-20 不適切な入力確認	CVE-2018-11315	2024-11-21 12:43	2018-05-20	表示	GitHub Exploit DB Packet Storm

249812	6.5	MEDIUM ネットワーク	podofo_project	podofo	An issue was discovered in PoDoFo 0.9.5. The function PdfDocument::Append() in PdfDocument.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service (NULL pointer dereference and appli…	CWE-476 NULL ポインタデリファレンス	CVE-2018-11256	2024-11-21 12:43	2018-05-19	表示	GitHub Exploit DB Packet Storm

249813	7.5	HIGH ネットワーク	axiosys	bento4	The AP4_CttsAtom class in Core/Ap4CttsAtom.cpp in Bento4 1.5.1.0 allows remote attackers to cause a denial of service (application crash), related to a memory allocation failure, as demonstrated by m…	CWE-770 制限またはスロットリング無しのリソースの割り当て	CVE-2018-10790	2024-11-21 12:42	2021-08-25	表示	GitHub Exploit DB Packet Storm

249814	7.5	HIGH ネットワーク	redhat	certification	redhat-certification 7 does not properly restrict the number of recursive definitions of entities in XML documents, allowing an unauthenticated user to run a "Billion Laugh Attack" by replying to XML…	CWE-400 CWE-776 リソースの枯渇 DTD の再帰的なエンティティ参照の不適切な制限	CVE-2018-10868	2024-11-21 12:42	2021-05-27	表示	GitHub Exploit DB Packet Storm

249815	9.1	CRITICAL ネットワーク	redhat	certification	Files are accessible without restrictions from the /update/results page of redhat-certification 7 package, allowing an attacker to remove any file accessible by the apached user.	CWE-552 外部からアクセス可能なファイルまたはディレクトリ	CVE-2018-10867	2024-11-21 12:42	2021-05-27	表示	GitHub Exploit DB Packet Storm

249816	9.1	CRITICAL ネットワーク	redhat	certification	It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to remove a "system" file, that is an xml file w…	CWE-862 認証の欠如	CVE-2018-10866	2024-11-21 12:42	2021-05-27	表示	GitHub Exploit DB Packet Storm

249817	7.5	HIGH ネットワーク	redhat	certification	It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to call a "restart" RPC method on any host acces…	CWE-862 認証の欠如	CVE-2018-10865	2024-11-21 12:42	2021-05-27	表示	GitHub Exploit DB Packet Storm

249818	7.5	HIGH ネットワーク	redhat	certification	It was discovered that redhat-certification 7 is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory, through the /rhcert-transfer URL. An u…	CWE-552 外部からアクセス可能なファイルまたはディレクトリ	CVE-2018-10863	2024-11-21 12:42	2021-05-27	表示	GitHub Exploit DB Packet Storm

249819	7.5	HIGH ネットワーク	k7computing	enterprise_security ultimate_security total_security antivrius	K7TSMngr.exe in K7Computing K7AntiVirus Premium 15.1.0.53 has a Memory Leak.	CWE-401 有効期限後のメモリの解放の欠如	CVE-2018-11246	2024-11-21 12:42	2021-01-12	表示	GitHub Exploit DB Packet Storm

249820	7.8	HIGH ローカル	k7computing	enterprise_security ultimate_security total_security antivrius	A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.	CWE-787 境界外書き込み	CVE-2018-11010	2024-11-21 12:42	2021-01-12	表示	GitHub Exploit DB Packet Storm

249821	7.8	HIGH ローカル	k7computing	enterprise_security ultimate_security total_security antivrius	A Buffer Overflow issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.	CWE-787 境界外書き込み	CVE-2018-11009	2024-11-21 12:42	2021-01-12	表示	GitHub Exploit DB Packet Storm

249822	5.5	MEDIUM ローカル	k7computing	enterprise_security ultimate_security total_security antivrius	An Incorrect Access Control issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.	CWE-269 不適切な権限管理	CVE-2018-11008	2024-11-21 12:42	2021-01-12	表示	GitHub Exploit DB Packet Storm

249823	5.5	MEDIUM ローカル	k7computing	enterprise_security ultimate_security total_security antivrius	A Memory Leak issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.	CWE-787 境界外書き込み	CVE-2018-11007	2024-11-21 12:42	2021-01-12	表示	GitHub Exploit DB Packet Storm

249824	5.5	MEDIUM ローカル	k7computing	enterprise_security ultimate_security total_security antivrius	An Incorrect Access Control issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.	CWE-269 不適切な権限管理	CVE-2018-11006	2024-11-21 12:42	2021-01-12	表示	GitHub Exploit DB Packet Storm

249825	5.5	MEDIUM ローカル	k7computing	enterprise_security ultimate_security total_security antivrius	A Memory Leak issue was discovered in K7Computing K7AntiVirus Premium 15.01.00.53.	CWE-125 境界外読み取り	CVE-2018-11005	2024-11-21 12:42	2021-01-12	表示	GitHub Exploit DB Packet Storm

249826	9.8	CRITICAL ネットワーク	netgear	wc7500_firmware wc7520_firmware wc7600v1_firmware wc7600v2_firmware wc9500_firmware	NETGEAR has released fixes for a pre-authentication command injection in request_handler.php security vulnerability on the following product models: WC7500, running firmware versions prior to 6.5.3.5…	CWE-77 コマンドインジェクション	CVE-2018-11106	2024-11-21 12:42	2020-04-2	表示	GitHub Exploit DB Packet Storm

249827	5.4	MEDIUM ネットワーク	redhat	cloudforms_management_engine	cloudforms version, cloudforms 5.8 and cloudforms 5.9, is vulnerable to a cross-site-scripting. A flaw was found in CloudForms's v2v infrastructure mapping delete feature. A stored cross-site scripti…	-	CVE-2018-10854	2024-11-21 12:42	2019-11-22	表示	GitHub Exploit DB Packet Storm

249828	6.1	MEDIUM ネットワーク	acquia	mautic	An issue was discovered in Mautic 2.13.1. It has Stored XSS via the company name field.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11200	2024-11-21 12:42	2019-09-21	表示	GitHub Exploit DB Packet Storm

249829	6.1	MEDIUM ネットワーク	acquia	mautic	An issue was discovered in Mautic 2.13.1. There is Stored XSS via the authorUrl field in config.json.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11198	2024-11-21 12:42	2019-09-7	表示	GitHub Exploit DB Packet Storm

249830	8.8	HIGH ネットワーク	jolokia redhat	jolokia openstack	A flaw was found in Jolokia versions from 1.2 to before 1.6.1. Affected versions are vulnerable to a system-wide CSRF. This holds true for properly configured instances with strict checking for origi…	CWE-352 同一生成元ポリシー違反	CVE-2018-10899	2024-11-21 12:42	2019-08-1	表示	GitHub Exploit DB Packet Storm

249831	8.8	HIGH ネットワーク	open-xchange	ox_guard	OX Guard 2.8.0 has CSRF.	CWE-352 同一生成元ポリシー違反	CVE-2018-10986	2024-11-21 12:42	2019-07-4	表示	GitHub Exploit DB Packet Storm

249832	6.1	MEDIUM ネットワーク	monstra	monstra_cms	Monstra CMS 3.0.4 and earlier has XSS via index.php.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-11227	2024-11-21 12:42	2019-07-4	表示	GitHub Exploit DB Packet Storm

249833	9.8	CRITICAL ネットワーク	cloudera	data_science_workbench	Remote code execution is possible in Cloudera Data Science Workbench version 1.3.0 and prior releases via unspecified attack vectors.	CWE-200 CWE-78 情報漏えい OSコマンド・インジェクション	CVE-2018-11215	2024-11-21 12:42	2019-07-4	表示	GitHub Exploit DB Packet Storm

249834	3.1	LOW 隣接	polycom	realpresence_debut_firmware	An issue was discovered in versions earlier than 1.3.2 for Polycom RealPresence Debut where the admin cookie is reset only after a Debut is rebooted.	CWE-20 不適切な入力確認	CVE-2018-10947	2024-11-21 12:42	2019-06-14	表示	GitHub Exploit DB Packet Storm

249835	6.8	MEDIUM 隣接	polycom	realpresence_debut_firmware	An issue was discovered in versions earlier than 1.3.0-66872 for Polycom RealPresence Debut that allows attackers to arbitrarily read the admin user's password via the admin web UI.	CWE-200 情報漏えい	CVE-2018-10946	2024-11-21 12:42	2019-06-14	表示	GitHub Exploit DB Packet Storm

249836	4.8	MEDIUM ネットワーク	synacor	zimbra_collaboration_suite	Synacor Zimbra Admin UI in Zimbra Collaboration Suite before 8.8.0 beta 2 has Persistent XSS via mail addrs.	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-10948	2024-11-21 12:42	2019-05-31	表示	GitHub Exploit DB Packet Storm

249837	6.5	MEDIUM ネットワーク	cloudera	cloudera_manager	An issue was discovered in Cloudera Manager before 5.13.4, 5.14.x before 5.14.4, and 5.15.x before 5.15.1. A read-only user can access sensitive cluster information.	CWE-200 情報漏えい	CVE-2018-10815	2024-11-21 12:42	2019-05-25	表示	GitHub Exploit DB Packet Storm

249838	7.5	HIGH ネットワーク	beyondtrust	avecto_defendpoint	Avecto Defendpoint 4 prior to 4.4 SR6 and 5 prior to 5.1 SR1 has an Untrusted Search Path vulnerability, exploitable by modifying environment variables to trigger automatic elevation of an attacker's…	CWE-426 信頼性のない検索パス	CVE-2018-10959	2024-11-21 12:42	2019-04-18	表示	GitHub Exploit DB Packet Storm

249839	5.4	MEDIUM ネットワーク	redhat	jboss_enterprise_application_platform single_sign-on	A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. Users with roles that can create objects in the application can exploit this …	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2018-10934	2024-11-21 12:42	2019-03-27	表示	GitHub Exploit DB Packet Storm

249840	3.3	LOW ローカル	bluez canonical	bluez ubuntu_linux	A bug in Bluez may allow for the Bluetooth Discoverable state being set to on when no Bluetooth agent is registered with the system. This situation could lead to the unauthorized pairing of certain B…	-	CVE-2018-10910	2024-11-21 12:42	2019-01-29	表示	GitHub Exploit DB Packet Storm

249841	7.5	HIGH ネットワーク	powerdns	recursor authoritative	PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed rec…	CWE-772 有効なライフタイム後のリソースの解放の欠如	CVE-2018-10851	2024-11-21 12:42	2018-11-30	表示	GitHub Exploit DB Packet Storm

249842	5.5	MEDIUM ローカル	pulsesecure	pulse_secure_desktop_client	Pulse Secure Desktop Client 5.3 up to and including R6.0 build 1769 on Windows has Insecure Permissions.	CWE-732 重要なリソースに対する不適切なパーミッションの割り当て	CVE-2018-11002	2024-11-21 12:42	2018-11-30	表示	GitHub Exploit DB Packet Storm

249843	6.7	MEDIUM ローカル	dell vmware	emc_integrated_data_protection_appliance emc_avamar vsphere_data_protection	'getlogs' utility in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1 and 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2.1 and 2.2…	CWE-78 OSコマンド・インジェクション	CVE-2018-11077	2024-11-21 12:42	2018-11-27	表示	GitHub Exploit DB Packet Storm

249844	6.5	MEDIUM 隣接	dell vmware	emc_integrated_data_protection_appliance emc_avamar vsphere_data_protection	Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0 and 7.4.1 and Dell EMC Integrated Data Protection Appliance (IDPA) 2.0 are affected by an information exposure vulnerability. Avamar …	NVD-CWE-noinfo	CVE-2018-11076	2024-11-21 12:42	2018-11-27	表示	GitHub Exploit DB Packet Storm

249845	6.1	MEDIUM ネットワーク	dell vmware	emc_integrated_data_protection_appliance emc_avamar vsphere_data_protection	Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2…	CWE-601 オープンリダイレクト	CVE-2018-11067	2024-11-21 12:42	2018-11-27	表示	GitHub Exploit DB Packet Storm

249846	9.8	CRITICAL ネットワーク	dell vmware	emc_integrated_data_protection_appliance emc_avamar vsphere_data_protection	Dell EMC Avamar Client Manager in Dell EMC Avamar Server versions 7.2.0, 7.2.1, 7.3.0, 7.3.1, 7.4.0, 7.4.1, 7.5.0, 7.5.1, 18.1 and Dell EMC Integrated Data Protection Appliance (IDPA) versions 2.0, 2…	NVD-CWE-noinfo	CVE-2018-11066	2024-11-21 12:42	2018-11-27	表示	GitHub Exploit DB Packet Storm

249847	8.8	HIGH ネットワーク	dell	emc_integrated_data_protection_appliance	Integrated Data Protection Appliance versions 2.0, 2.1, and 2.2 contain undocumented accounts named 'support' and 'admin' that are protected with default passwords. These accounts have limited privil…	CWE-798 ハードコードされた認証情報の使用	CVE-2018-11062	2024-11-21 12:42	2018-11-3	表示	GitHub Exploit DB Packet Storm

249848	7.8	HIGH ローカル	emc	secure_remote_services	Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains Improper File Permission Vulnerabilities. The application contains multiple configuration files with world-readable permissions…	CWE-732 重要なリソースに対する不適切なパーミッションの割り当て	CVE-2018-11080	2024-11-21 12:42	2018-10-19	表示	GitHub Exploit DB Packet Storm

249849	7.8	HIGH ローカル	emc	secure_remote_services	Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains a Plaintext Password Storage vulnerability. Database credentials are stored in plaintext in a configuration file. An authentica…	CWE-522 認証情報の不十分な保護	CVE-2018-11079	2024-11-21 12:42	2018-10-19	表示	GitHub Exploit DB Packet Storm

249850	9.8	CRITICAL ネットワーク	dlink	dwr-116_firmware dir-140l_firmware dir-640l_firmware dwr-512_firmware dwr-712_firmware dwr-912_firmware dwr-921_firmware dwr-111_firmware	An issue was discovered on D-Link DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02, DWR-512 through 2.02, DWR-712 through 2.02, DWR-912 through 2.02, DWR-921 through 2.02, and DWR-1…	CWE-22 CWE-522 パス・トラバーサル認証情報の不十分な保護	CVE-2018-10824	2024-11-21 12:42	2018-10-17	表示	GitHub Exploit DB Packet Storm