Secure Gatev1.0.0新着セキュリティニュース バックナンバー

新着セキュリティニュース バックナンバー

直近表示から外れた情報を確認できます。診断結果とは別情報として扱います。

総件数210784件
表示件数50件/ページ
ページ52

CVE-2026-12411

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Broken Access Control in the devLXDInstancePatchHandler component of Canonical LXD allows an untrusted guest to mount, read, and overwrite another guest's custom storage volume via a crafted device PATCH request over /dev/lxd when security.devlxd.management.volumes is enabled.

CVE-2026-0828

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64 , versions 10.5.75.0 and 11.11.4.0, allows unprivileged user to abuse IOCTL path and terminate protected system processes.

CVE-2026-0685

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Server side template inject (SSTI) in the expression evaluation component in Genshi Template Engine version 0.7.9 allows a remote attacker to achieve remote code execution (RCE) via crafted template expressions.

CVE-2025-11919

Threat Intelligence NVD CVE 危険度: high 緊急度: high

The default JVM can access files and directories under `/tmp/` including the `$TemporaryDirectory` of other users on the same cloud instance (`/tmp/UserTemporaryFiles/`). The `-init` file for the the JVM initialization exists in the vulnerable directory during the startup of the JVM. An attacker with access to the shared `/tmp/` space can preemptively create or replace `.jar` files or directories (via the `-init` file) that the victim JVM will resolve first in its classpath. By strategically placing a malicious version of a commonly used library (e.g., `commons-io`) in a location that is included in the classpath before the legitimate version, an attacker can cause the JVM to load the malicious class during startup, thereby executing the attacker's code.

CVE-2023-20572

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing the input of an arbitrary message, potentially leading to a loss of data integrity.

CVE-2023-20540

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

An observable timing discrepancy in the ASP could allow a privileged attacker to perform a brute-force attack against the hash message authentication code, allowing arbitrary message input, potentially leading to a loss of data integrity.

CVE-2026-9699

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Mattermost Plugins versions <=11.6 10.18.11 11.3.6 11.6.5.0 fail to sanitize error responses from the OpenAI API before logging, which allows a user with access to server logs or support packets to obtain a valid or partially reconstructable OpenAI API key via inspection of mattermost.log entries generated during authentication failures. Mattermost Advisory ID: MMSA-2026-00609

CVE-2026-57667

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Sales Representative SQL Injection in Groundhogg <= 4.5 versions.

CVE-2026-57665

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Unauthenticated Insecure Direct Object References (IDOR) in GravityView <= 3.0.0 versions.

CVE-2026-57664

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Unauthenticated Sensitive Data Exposure in Bopo – WooCommerce Product Bundle Builder <= 1.1.6 versions.

CVE-2026-57663

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Contributor SQL Injection in Recipe Maker For Your Food Blog from Zip Recipes <= 8.2.7 versions.

CVE-2026-57662

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Contributor SQL Injection in Contest Gallery <= 30.0.0 versions.

CVE-2026-57661

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Subscriber Broken Access Control in WPComplete <= 2.9.5.5 versions.

CVE-2026-57660

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Unauthenticated Broken Access Control in Booking and Rental Manager <= 2.7.1 versions.

CVE-2026-57659

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Request Forgery (CSRF) in Paid Memberships Pro - Add Member From Admin <= 0.7.2 versions.

CVE-2026-57658

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Administrator Arbitrary File Upload in TemplateSpare <= 4.2.0 versions.

CVE-2026-57657

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP <= 1.2.3.19 versions.

CVE-2026-57656

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Author Cross Site Scripting (XSS) in Hester Core <= 1.1.8 versions.

CVE-2026-57655

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions.

CVE-2026-57654

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Affiliate Broken Access Control in Affiliates Manager <= 2.9.49 versions.

CVE-2026-57653

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Contributor SQL Injection in WP Job Portal <= 2.5.2 versions.

CVE-2026-57652

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Unauthenticated Insecure Direct Object References (IDOR) in JS Help Desk <= 3.1.0 versions.

CVE-2026-57651

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Contributor Cross Site Scripting (XSS) in Ghost Kit <= 3.6.0 versions.

CVE-2026-57650

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Contributor Cross Site Scripting (XSS) in Magazine Blocks <= 1.8.3 versions.

CVE-2026-57649

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Subscriber Broken Access Control in Shoppable Images Lite <= 1.3 versions.

CVE-2026-57648

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Contributor Broken Access Control in Nelio Content <= 4.3.4 versions.

CVE-2026-57647

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer <= 1.6.1 versions.

CVE-2026-57646

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Subscriber Insecure Direct Object References (IDOR) in Majestic Support <= 1.1.7 versions.

CVE-2026-57645

Threat Intelligence NVD CVE 危険度: high 緊急度: high

newsletters_subscribers Broken Access Control in Newsletters <= 4.13 versions.

CVE-2026-57644

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions.

CVE-2026-57643

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Contributor SQL Injection in WP Post Author <= 3.9.1 versions.

CVE-2026-57642

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Contributor SQL Injection in Gallery <= 4.7.8 versions.

CVE-2026-57641

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7 <= 3.5.9 versions.

CVE-2026-57640

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Subscriber Broken Access Control in MasterStudy LMS <= 3.7.30 versions.

CVE-2026-57638

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Contributor Cross Site Scripting (XSS) in Fluent Booking <= 2.1.0 versions.

CVE-2026-57637

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Unauthenticated Cross Site Request Forgery (CSRF) in Abandoned Cart Lite for WooCommerce <= 6.8.0 versions.

CVE-2026-57636

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Contributor SQL Injection in wpForo Forum <= 3.0.9 versions.

CVE-2026-57635

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Unauthenticated Cross Site Request Forgery (CSRF) in FunnelKit Payment Gateway for Stripe WooCommerce <= 1.14.0.3 versions.

CVE-2026-57634

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Contributor Insecure Direct Object References (IDOR) in PPWP <= 1.9.19 versions.

CVE-2026-57633

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Unauthenticated Sensitive Data Exposure in WCBoost &#8211; Products Compare <= 1.1.0 versions.

CVE-2026-57632

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Subscriber Broken Access Control in Email Marketing for WooCommerce by Omnisend <= 1.19.0 versions.

CVE-2026-57631

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Administrator SQL Injection in Popup box <= 6.0.1 versions.

CVE-2026-57630

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Unauthenticated Insecure Direct Object References (IDOR) in Blocksy Companion Pro <= 2.1.46 versions.

CVE-2026-57629

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Contributor Cross Site Scripting (XSS) in StatCounter <= 2.1.1 versions.

CVE-2026-57628

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Administrator SQL Injection in WP All Import <= 4.0.1 versions.

CVE-2026-57627

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Subscriber Server Side Request Forgery (SSRF) in Kirki <= 6.0.11 versions.

CVE-2026-57622

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Subscriber Broken Access Control in WPCafe <= 3.0.14 versions.

CVE-2026-57618

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Contributor Cross Site Scripting (XSS) in Neve PRO <= 3.1.2 versions.

CVE-2026-57617

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Contributor Cross Site Scripting (XSS) in SeedProd Pro < 6.19.5 versions.

CVE-2026-57527

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Zed Attack Proxy (ZAP) ViewState add-on before version 4 contains an insecure deserialization vulnerability that allows attackers who control a proxied web server to achieve arbitrary code execution by embedding a malicious serialized Java object in the javax.faces.ViewState HTTP response parameter. The JSFViewState.decode() method base64-decodes the ViewState value and passes it directly to ObjectInputStream.readObject() without a deserialization filter, allowlist, or type restriction, causing the malicious object to be deserialized within the ZAP JVM when the Desktop UI renders the ViewState panel.