脆弱性一覧
CVE / GHSA / KEV / OSV を統合監視。タグ・カテゴリで絞り込み可能。
| ID | タイトル | |
|---|---|---|
| CVE-2026-50722 |
|
Libreswan, via the function RSA_authenticate_hash_signature_pkcs1_1_5_rsa(), did not correctly...
Libreswan, via the function RSA_authenticate_hash_signature_pkcs1_1_5_rsa(), did not correctly...
|
| CVE-2026-50721 |
|
Libreswan, via the function RSA_authenticate_hash_signature_raw_rsa(), did not correctly verify...
Libreswan, via the function RSA_authenticate_hash_signature_raw_rsa(), did not correctly verify...
|
| CVE-2026-12413 |
|
An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart....
An invalidly formatted IKEv2 fragment causes the Libreswan pluto daemon to crash and restart....
|
| CVE-2026-57278 |
|
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
|
| CVE-2026-57274 |
|
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
|
| CVE-2026-57272 |
|
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
|
| CVE-2026-13539 |
|
A vulnerability was identified in Wavlink WL-NU516U1-A M16U1_V240425. The impacted element is the...
A vulnerability was identified in Wavlink WL-NU516U1-A M16U1_V240425. The impacted element is the...
|
| CVE-2026-13518 |
|
A vulnerability has been found in Tenda JD12L 16.03.53.23. This affects the function...
A vulnerability has been found in Tenda JD12L 16.03.53.23. This affects the function...
|
| CVE-2026-58050 |
|
libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey...
libssh2 through 1.11.1 reads an attacker-controlled 32-bit attribute count from a publickey...
|
| CVE-2026-54100 |
|
A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container...
A flaw was found in the Windows Machine Config Operator (WMCO) for Red Hat OpenShift Container...
|
| CVE-2026-52720 |
|
CVE-2026-52720 の脆弱性 (CVE-2026-52720)
CVE-2026-52720 に 脆弱性 (CVE-2026-52720) が存在。悪用されるとシステム全体を乗っ取られる可能性があります。
|
| CVE-2026-11503 |
|
A security vulnerability has been detected in Tenda CX12L 16.03.53.12. The affected element is...
A security vulnerability has been detected in Tenda CX12L 16.03.53.12. The affected element is...
|
| CVE-2026-10192 |
|
A vulnerability was identified in Tenda W12 3.0.0.7(4763). The affected element is the function...
A vulnerability was identified in Tenda W12 3.0.0.7(4763). The affected element is the function...
|
| CVE-2026-10189 |
|
A vulnerability has been found in Tenda W12 3.0.0.7(4763). This vulnerability affects the...
A vulnerability has been found in Tenda W12 3.0.0.7(4763). This vulnerability affects the...
|
| CVE-2026-10191 |
|
A vulnerability was determined in Tenda W12 3.0.0.7(4763). Impacted is the function...
A vulnerability was determined in Tenda W12 3.0.0.7(4763). Impacted is the function...
|
| CVE-2026-44421 |
|
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs....
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdi_CacheToSurface: it validates a destination rectangle that is clamped to UINT16_MAX...
|
| CVE-2026-44420 |
|
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel b...
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel by sending a CB_CLIP_CAPS PDU with a too-small capabilitySetLength. This can crash the server process...
|
| CVE-2026-42083 |
|
Free5GC PCF: Missing authentication middleware in Npcf_SMPolicyControl allows access to SM policy handlers and disclosure of subscriber SUPI
Free5GC PCF: Missing authentication middleware in Npcf_SMPolicyControl allows access to SM policy handlers and disclosure of subscriber SUPI
|
| CVE-2026-3012 |
|
A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate...
A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate...
|
| CVE-2026-44905 |
|
Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the cryptographic verification pipeline of Vanetza....
Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the cryptographic verification pipeline of Vanetza. When processing incoming V2X messages, the ASN.1 decoder accepts the structure as syntactically val...
|
| CVE-2026-43988 |
|
Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the ASN.1/OER parsing pipeline of Vanetza. When pro...
Vanetza is an open-source implementation of the ETSI C-ITS protocol suite. In 26.02 and earlier, a denial-of-service vulnerability was identified in the ASN.1/OER parsing pipeline of Vanetza. When processing malformed network packets containing corrupted ASN.1/OER structures (e.g., invalid length fi...
|
| CVE-2026-6973 KEV |
|
【KEV】Ivanti endpoint-manager-mobile-epmm の脆弱性 (CVE-2026-6973)
Ivanti endpoint-manager-mobile-epmm に 脆弱性 (CVE-2026-6973) が存在。不正な操作・情報露出のリスクがあります。CISA KEV登録済 — 実環境で悪用が確認されている。
|
| CVE-2026-33846 |
|
A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of...
A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of...
|
| CVE-2026-31780 |
|
In the Linux kernel, the following vulnerability has been resolved:
wifi: wilc1000: fix u8...
In the Linux kernel, the following vulnerability has been resolved:
wifi: wilc1000: fix u8...
|
| CVE-2026-33845 |
|
A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero...
A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero...
|
| CVE-2024-1708 KEV |
|
【KEV】Connectwise screenconnect に パストラバーサル (CVE-2024-1708)
Connectwise screenconnect に パストラバーサル (CVE-2024-1708) が存在。不正な操作・情報露出のリスクがあります。CISA KEV登録済 — 実環境で悪用が確認されている。
|
| CVE-2025-29635 KEV |
|
【KEV】D-link dir-823x に コマンドインジェクション (CVE-2025-29635)
D-link dir-823x に コマンドインジェクション (CVE-2025-29635) が存在。不正な操作・情報露出のリスクがあります。CISA KEV登録済 — 実環境で悪用が確認されている。
|
| CVE-2024-7399 KEV |
|
【KEV】Samsung magicinfo-9-server に パストラバーサル (CVE-2024-7399)
Samsung magicinfo-9-server に パストラバーサル (CVE-2024-7399) が存在。不正な操作・情報露出のリスクがあります。CISA KEV登録済 — 実環境で悪用が確認されている。
|
| CVE-2026-39987 KEV |
|
【KEV】Marimo remote-attack の脆弱性 (CVE-2026-39987)
Marimo remote-attack に 脆弱性 (CVE-2026-39987) が存在。不正な操作・情報露出のリスクがあります。CISA KEV登録済 — 実環境で悪用が確認されている。
|
| CVE-2026-20122 KEV |
|
【KEV】Cisco catalyst-sd-wan-manger の脆弱性 (CVE-2026-20122)
Cisco catalyst-sd-wan-manger に 脆弱性 (CVE-2026-20122) が存在。不正な操作・情報露出のリスクがあります。CISA KEV登録済 — 実環境で悪用が確認されている。
|
| CVE-2026-20133 KEV |
|
【KEV】Cisco catalyst-sd-wan-manager に 情報漏洩 (CVE-2026-20133)
Cisco catalyst-sd-wan-manager に 脆弱性 (CVE-2026-20133) が存在。不正な操作・情報露出のリスクがあります。CISA KEV登録済 — 実環境で悪用が確認されている。
|
| CVE-2023-27351 KEV |
|
【KEV】Papercut ngmf に 認証バイパス (CVE-2023-27351)
Papercut ngmf に 認証バイパス (CVE-2023-27351) が存在。不正な操作・情報露出のリスクがあります。CISA KEV登録済 — 実環境で悪用が確認されている。
|
| CVE-2026-20128 KEV |
|
【KEV】Cisco catalyst-sd-wan-manager の脆弱性 (CVE-2026-20128)
Cisco catalyst-sd-wan-manager に 脆弱性 (CVE-2026-20128) が存在。不正な操作・情報露出のリスクがあります。CISA KEV登録済 — 実環境で悪用が確認されている。
|
| CVE-2025-32975 KEV |
|
【KEV】Quest kace-systems-management-appliance-sma に 認証バイパス (CVE-2025-32975)
Quest kace-systems-management-appliance-sma に 認証バイパス (CVE-2025-32975) が存在。不正な操作・情報露出のリスクがあります。CISA KEV登録済 — 実環境で悪用が確認されている。
|
| CVE-2026-40170 |
|
ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buf...
ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transpo...
|
| CVE-2026-41035 |
|
In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort...
In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort...
|
| CVE-2026-34197 KEV |
|
【KEV】Apache activemq の脆弱性 (CVE-2026-34197)
Apache activemq に 脆弱性 (CVE-2026-34197) が存在。不正な操作・情報露出のリスクがあります。CISA KEV登録済 — 実環境で悪用が確認されている。
|
| CVE-2026-21643 KEV |
|
【KEV】Fortinet forticlient-ems に SQLインジェクション (CVE-2026-21643)
Fortinet forticlient-ems に SQLインジェクション (CVE-2026-21643) が存在。不正な操作・情報露出のリスクがあります。CISA KEV登録済 — 実環境で悪用が確認されている。
|
| CVE-2023-21529 KEV |
|
【KEV】Microsoft exchange-server に 安全でないデシリアライゼーション (CVE-2023-21529)
Microsoft exchange-server に 脆弱性 (CVE-2023-21529) が存在。不正な操作・情報露出のリスクがあります。CISA KEV登録済 — 実環境で悪用が確認されている。
|
| CVE-2026-3055 KEV |
|
【KEV】Citrix netscaler に 境界外読み取り (CVE-2026-3055)
Citrix netscaler に 脆弱性 (CVE-2026-3055) が存在。不正な操作・情報露出のリスクがあります。CISA KEV登録済 — 実環境で悪用が確認されている。
|
| CVE-2025-53521 KEV |
|
【KEV】F5 big-ip の脆弱性 (CVE-2025-53521)
F5 big-ip に 脆弱性 (CVE-2025-53521) が存在。不正な操作・情報露出のリスクがあります。CISA KEV登録済 — 実環境で悪用が確認されている。
|
| CVE-2022-20773 |
|
A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance...
A vulnerability in the key-based SSH authentication mechanism of Cisco Umbrella Virtual Appliance...
|
| CVE-2021-25667 |
|
A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE S...
A vulnerability has been identified in RUGGEDCOM RM1224 (All versions >= V4.3 and < V6.4), SCALANCE M-800 (All versions >= V4.3 and < V6.4), SCALANCE S615 (All versions >= V4.3 and < V6.4), SCALANCE SC-600 Family (All versions >= V2.0 and < V2.1.3), SCALANCE XB-200 (All versions < V4.1), SCALANCE XC...
|
| CVE-2021-22703 |
|
schneider-electric の脆弱性 (CVE-2021-22703)
schneider-electric に 脆弱性 (CVE-2021-22703) が存在。機密情報が外部に流出する可能性があります。
|
| CVE-2021-22702 |
|
schneider-electric の脆弱性 (CVE-2021-22702)
schneider-electric に 脆弱性 (CVE-2021-22702) が存在。機密情報が外部に流出する可能性があります。
|
| CVE-2020-7563 |
|
schneider-electric に 境界外書き込み (CVE-2020-7563)
schneider-electric に 境界外書き込み (CVE-2020-7563) が存在。悪用されるとシステム全体を乗っ取られる可能性があります。
|
| CVE-2020-7562 |
|
schneider-electric に 境界外読み取り (CVE-2020-7562)
schneider-electric に 脆弱性 (CVE-2020-7562) が存在。機密情報が外部に流出する可能性があります。
|
| CVE-2016-10401 |
|
ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists w...
ZyXEL PK5001Z devices have zyad5001 as the su password, which makes it easier for remote attackers to obtain root access if a non-root account password is known (or a non-root default account exists within an ISP's deployment of these devices).
|
| CVE-2017-2273 |
|
Cross-site request forgery (CSRF) vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to hijack the authentication of administrators...
Cross-site request forgery (CSRF) vulnerability in WMR-433 firmware Ver.1.02 and earlier, WMR-433W firmware Ver.1.40 and earlier allows remote attackers to hijack the authentication of administrators via unspecified vectors.
|
| CVE-2015-6564 |
|
Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in...
Use-after-free vulnerability in the mm_answer_pam_free_ctx function in monitor.c in sshd in...
|