|
CVE-2026-58054
|
|
MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when...
MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when...
|
High
|
Cwe 269
Mybb
PHP
権限昇格
|
1週間前
|
|
CVE-2026-3652
|
|
The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value`...
The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value`...
|
High
|
WordPress
クロスサイトスクリプティング (XSS)
CWE-79: クロスサイトスクリプティング (XSS)
PHP
|
2週間前
|
|
CVE-2026-5415
|
|
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
|
High
|
WordPress
認証バイパス
Cwe 288
PHP
|
1ヶ月前
|
|
CVE-2026-5411
|
|
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
|
High
|
PHP
WordPress
リモートコード実行 (RCE)
Cwe 434
|
1ヶ月前
|
|
CVE-2026-46392
|
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filen...
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the `.htaccess` rule that forces `Content-Disposition: attachment` on HTML...
|
High
|
PHP
JavaScript
Cwe 178
Cwe 434
+1
|
1ヶ月前
|
|
CVE-2026-1829
|
|
The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code...
The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code...
|
High
|
WordPress
リモートコード実行 (RCE)
CWE-94: コードインジェクション
PHP
|
1ヶ月前
|
|
CVE-2026-39555
|
|
Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection.
...
Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection.
...
|
High
|
安全でないデシリアライゼーション
CWE-502: 安全でないデシリアライゼーション
WordPress
PHP
|
1ヶ月前
|
|
CVE-2026-39553
|
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
|
High
|
PHP
Cwe 98
WordPress
リモートコード実行 (RCE)
|
1ヶ月前
|
|
CVE-2026-39552
|
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
|
High
|
PHP
Cwe 98
WordPress
リモートコード実行 (RCE)
+1
|
1ヶ月前
|
|
CVE-2025-69369
|
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
|
High
|
PHP
Cwe 98
WordPress
ローカルファイル インクルージョン
|
1ヶ月前
|
|
CVE-2025-68886
|
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
|
High
|
PHP
Cwe 98
WordPress
リモートコード実行 (RCE)
|
1ヶ月前
|
|
CVE-2025-11262
|
|
The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
|
High
|
WordPress
クロスサイトスクリプティング (XSS)
CWE-79: クロスサイトスクリプティング (XSS)
PHP
|
1ヶ月前
|
|
CVE-2026-42762
|
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
|
High
|
クロスサイトスクリプティング (XSS)
CWE-79: クロスサイトスクリプティング (XSS)
WordPress
PHP
|
1ヶ月前
|
|
CVE-2026-42745
|
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online...
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online...
|
High
|
認証バイパス
Cwe 288
WordPress
PHP
|
1ヶ月前
|
|
CVE-2026-42737
|
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
|
High
|
パストラバーサル
CWE-22: パストラバーサル
WordPress
PHP
|
1ヶ月前
|
|
CVE-2026-42735
|
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare...
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare...
|
High
|
認証バイパス
Cwe 288
WordPress
PHP
|
1ヶ月前
|
|
CVE-2026-42730
|
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
|
High
|
SQLインジェクション
CWE-89: SQLインジェクション
WordPress
PHP
|
1ヶ月前
|
|
CVE-2026-46408
|
|
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the checkout endpoint accepts a user-controlled cart_id and uses it to enter t...
Vvveb is a powerful and easy to use CMS with page builder to build websites, blogs or ecommerce stores. Prior to 1.0.8.3, the checkout endpoint accepts a user-controlled cart_id and uses it to enter the payment flow without verifying cart ownership. A logged-in attacker can therefore reuse another u...
|
High
|
Cwe 639
Cms
PHP
|
1ヶ月前
|
|
CVE-2026-46367
|
|
Duplicate Advisory: phpMyFAQ: Stored XSS via Utils::parseUrl() in comment rendering
Duplicate Advisory: phpMyFAQ: Stored XSS via Utils::parseUrl() in comment rendering
|
High
|
JavaScript
クロスサイトスクリプティング (XSS)
CWE-79: クロスサイトスクリプティング (XSS)
PHP
+1
|
1ヶ月前
|
|
CVE-2026-46366
|
|
phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query
phpMyFAQ has unauthenticated FAQ permission bypass via getFaqBySolutionId fallback query
|
High
|
Cwe 863
phpMyFAQ
PHP
認証バイパス
|
1ヶ月前
|
|
CVE-2026-46359
|
|
phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields
phpMyFAQ has SQL Injection in CurrentUser::setTokenData through unescaped OAuth token fields
|
High
|
SQLインジェクション
CWE-89: SQLインジェクション
phpMyFAQ
PHP
+1
|
1ヶ月前
|
|
CVE-2021-47964
|
|
Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated...
Schlix CMS 2.2.6-6 contains a remote code execution vulnerability that allows authenticated...
|
High
|
PHP
リモートコード実行 (RCE)
CWE-94: コードインジェクション
Schlix
+1
|
1ヶ月前
|
|
CVE-2021-47959
|
|
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows...
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows...
|
High
|
WordPress
サービス拒否 (DoS)
Cwe 770
PHP
|
1ヶ月前
|
|
CVE-2026-4094
|
|
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to...
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to...
|
High
|
WordPress
Cwe 862
PHP
CSRF (クロスサイトリクエストフォージェリ)
|
1ヶ月前
|
|
CVE-2026-41902
|
|
laravel の脆弱性 (CVE-2026-41902)
laravel に 脆弱性 (CVE-2026-41902) が存在。機密情報が外部に流出する可能性があります。`Referer header` 経由で攻撃可能。
|
Critical
|
PHP
Laravel
Cwe 613
認証バイパス
+8
|
2ヶ月前
|