|
CVE-2026-57277
|
|
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
|
High
|
Cwe 120
リモートコード実行 (RCE)
バッファオーバーフロー
WebSocket
+1
|
6日前
|
|
CVE-2026-57276
|
|
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
|
High
|
Cwe 120
Geovision
WebSocket
バッファオーバーフロー
|
6日前
|
|
CVE-2026-57275
|
|
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
|
High
|
Cwe 120
Geovision
リモートコード実行 (RCE)
バッファオーバーフロー
+1
|
6日前
|
|
CVE-2026-57274
|
|
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
|
High
|
Cwe 120
バッファオーバーフロー
WebSocket
Geovision
+1
|
6日前
|
|
CVE-2026-57271
|
|
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud)...
|
High
|
Cwe 129
リモートコード実行 (RCE)
WebSocket
Geovision
|
6日前
|
|
CVE-2026-13521
|
|
A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0/5.php....
A vulnerability was identified in SourceCodester Class and Exam Timetabling System 1.0/5.php....
|
High
|
PHP
SQLインジェクション
Cwe 74
CWE-89: SQLインジェクション
|
1週間前
|
|
CVE-2026-13498
|
|
A vulnerability was identified in yashpokharna2555 restaurent-management-system. This affects an...
A vulnerability was identified in yashpokharna2555 restaurent-management-system. This affects an...
|
High
|
PHP
SQLインジェクション
Cwe 74
CWE-89: SQLインジェクション
|
1週間前
|
|
CVE-2026-58054
|
|
MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when...
MyBB 1.8.40 does not restrict which usergroup a limited Admin Control Panel user may assign when...
|
High
|
Cwe 269
Mybb
PHP
権限昇格
|
1週間前
|
|
CVE-2026-3652
|
|
The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value`...
The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value`...
|
High
|
WordPress
クロスサイトスクリプティング (XSS)
CWE-79: クロスサイトスクリプティング (XSS)
PHP
|
2週間前
|
|
CVE-2026-53866
|
|
OpenClaw: Shell inline-command parsing could miss an allowlist check
OpenClaw: Shell inline-command parsing could miss an allowlist check
|
High
|
Cwe 862
リモートコード実行 (RCE)
Openclaw
|
3週間前
|
|
CVE-2026-53864
|
|
OpenClaw: Host environment sanitizer missed two Node.js control variables
OpenClaw: Host environment sanitizer missed two Node.js control variables
|
High
|
JavaScript
Cwe 184
Nodejs
Openclaw
|
3週間前
|
|
CVE-2026-53857
|
|
OpenClaw: Zalo allowFrom could bind to mutable display names
OpenClaw: Zalo allowFrom could bind to mutable display names
|
High
|
Cwe 290
Policy Enforcement
リモートコード実行 (RCE)
Web Application
+2
|
3週間前
|
|
CVE-2026-53855
|
|
OpenClaw: Shell positional parameters could weaken strict inline-eval checks
OpenClaw: Shell positional parameters could weaken strict inline-eval checks
|
High
|
Cwe 184
Cwe 863
リモートコード実行 (RCE)
Openclaw
|
3週間前
|
|
CVE-2026-53849
|
|
OpenClaw: Discord allowFrom could bind to mutable display names
OpenClaw: Discord allowFrom could bind to mutable display names
|
High
|
権限昇格
Cwe 290
Web Application
Openclaw
|
3週間前
|
|
CVE-2026-53843
|
|
OpenClaw: Pairing-scoped device session could restore revoked node token authority
OpenClaw: Pairing-scoped device session could restore revoked node token authority
|
High
|
Cwe 613
WebSocket
認証バイパス
Openclaw
|
3週間前
|
|
CVE-2026-41708
|
|
dos の脆弱性 (CVE-2026-41708)
dos に 脆弱性 (CVE-2026-41708) が存在。不正な操作・情報露出のリスクがあります。
|
High
|
サービス拒否 (DoS)
Cwe 400
Spring
Broadcom
+1
|
3週間前
|
|
CVE-2026-47906
|
|
Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third...
Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third...
|
High
|
PHP
リモートコード実行 (RCE)
CWE-94: コードインジェクション
Adobe
+5
|
4週間前
|
|
CVE-2026-11501
|
|
A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System...
A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System...
|
High
|
PHP
SQLインジェクション
Cwe 74
CWE-89: SQLインジェクション
|
1ヶ月前
|
|
CVE-2026-11489
|
|
A vulnerability was found in code-projects Online Music Site 1.0. This vulnerability affects...
A vulnerability was found in code-projects Online Music Site 1.0. This vulnerability affects...
|
High
|
PHP
SQLインジェクション
Cwe 74
CWE-89: SQLインジェクション
+1
|
1ヶ月前
|
|
CVE-2026-11488
|
|
A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. This...
A vulnerability has been found in code-projects Simple Flight Ticket Booking System 1.0. This...
|
High
|
PHP
SQLインジェクション
Cwe 74
CWE-89: SQLインジェクション
|
1ヶ月前
|
|
CVE-2026-11486
|
|
A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. Affected by...
A vulnerability was detected in SourceCodester Class and Exam Timetabling System 1.0. Affected by...
|
High
|
PHP
SQLインジェクション
Cwe 74
CWE-89: SQLインジェクション
+1
|
1ヶ月前
|
|
CVE-2026-11485
|
|
A security vulnerability has been detected in SourceCodester Class and Exam Timetabling System 1...
A security vulnerability has been detected in SourceCodester Class and Exam Timetabling System 1...
|
High
|
PHP
SQLインジェクション
Cwe 74
CWE-89: SQLインジェクション
+1
|
1ヶ月前
|
|
CVE-2026-11484
|
|
A weakness has been identified in SourceCodester Class and Exam Timetabling System 1.0. This...
A weakness has been identified in SourceCodester Class and Exam Timetabling System 1.0. This...
|
High
|
PHP
SQLインジェクション
Cwe 74
CWE-89: SQLインジェクション
+1
|
1ヶ月前
|
|
CVE-2026-11483
|
|
A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0. This...
A security flaw has been discovered in SourceCodester Class and Exam Timetabling System 1.0. This...
|
High
|
PHP
SQLインジェクション
Cwe 74
CWE-89: SQLインジェクション
+2
|
1ヶ月前
|
|
CVE-2026-11462
|
|
A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. This...
A vulnerability was found in Chengdu Everbrite Network Technology BeikeShop up to 1.6.0.22. This...
|
High
|
PHP
Cwe 266
Cwe 285
リモートコード実行 (RCE)
|
1ヶ月前
|
|
CVE-2026-5415
|
|
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
|
High
|
WordPress
認証バイパス
Cwe 288
PHP
|
1ヶ月前
|
|
CVE-2026-5411
|
|
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
|
High
|
PHP
WordPress
リモートコード実行 (RCE)
Cwe 434
|
1ヶ月前
|
|
CVE-2026-46392
|
|
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filen...
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the `.htaccess` rule that forces `Content-Disposition: attachment` on HTML...
|
High
|
PHP
JavaScript
Cwe 178
Cwe 434
+1
|
1ヶ月前
|
|
CVE-2026-10777
|
|
A vulnerability was identified in ealpha072 Student-Management-System up to...
A vulnerability was identified in ealpha072 Student-Management-System up to...
|
High
|
PHP
Cwe 287
リモートコード実行 (RCE)
|
1ヶ月前
|
|
CVE-2026-10771
|
|
A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate...
A vulnerability was found in crmeb crmeb_java 1.4. Affected is the function RestTemplate...
|
High
|
Java
Cwe 918
SSRF (サーバーサイドリクエストフォージェリ)
|
1ヶ月前
|
|
CVE-2026-28299
|
|
SolarWinds Web Help Desk is found to be affected by a denial-of-service vulnerability, which when...
SolarWinds Web Help Desk is found to be affected by a denial-of-service vulnerability, which when...
|
High
|
Cwe 770
サービス拒否 (DoS)
Solarwinds
Web Help Desk
|
1ヶ月前
|
|
CVE-2026-1829
|
|
The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code...
The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code...
|
High
|
WordPress
リモートコード実行 (RCE)
CWE-94: コードインジェクション
PHP
|
1ヶ月前
|
|
CVE-2026-7313
|
|
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from...
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from...
|
High
|
Cwe 522
リモートコード実行 (RCE)
PHP
Progress
+1
|
1ヶ月前
|
|
CVE-2026-7201
|
|
CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity...
CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity...
|
High
|
Cwe 639
認証バイパス
Progress
Sitefinity
|
1ヶ月前
|
|
CVE-2026-7195
|
|
CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x,...
CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x,...
|
High
|
CWE-20: 入力検証の不備
Web Services
リモートコード実行 (RCE)
PHP
+2
|
1ヶ月前
|
|
CVE-2026-39555
|
|
Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection.
...
Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection.
...
|
High
|
安全でないデシリアライゼーション
CWE-502: 安全でないデシリアライゼーション
WordPress
PHP
|
1ヶ月前
|
|
CVE-2026-39552
|
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
|
High
|
PHP
Cwe 98
WordPress
リモートコード実行 (RCE)
+1
|
1ヶ月前
|
|
CVE-2025-69369
|
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
|
High
|
PHP
Cwe 98
WordPress
ローカルファイル インクルージョン
|
1ヶ月前
|
|
CVE-2025-68886
|
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
|
High
|
PHP
Cwe 98
WordPress
リモートコード実行 (RCE)
|
1ヶ月前
|
|
CVE-2024-21182
KEV
|
|
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)...
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core)...
|
High
|
Oracle Weblogic
リモートコード実行 (RCE)
CWE-94: コードインジェクション
C
+2
|
1ヶ月前
|
|
CVE-2026-48557
|
|
Spatie Laravel Media Library contains a file upload restriction bypass
Spatie Laravel Media Library contains a file upload restriction bypass
|
High
|
PHP
Laravel
Apache
Cwe 184
|
1ヶ月前
|
|
CVE-2026-49368
|
|
In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible
In JetBrains YouTrack before 2026.1.13162 stored XSS in project notification templates was possible
|
High
|
クロスサイトスクリプティング (XSS)
CWE-79: クロスサイトスクリプティング (XSS)
Jetbrains
High Severity
+1
|
1ヶ月前
|
|
CVE-2026-44698
|
|
CVE-2026-44698 に コードインジェクション (CVE-2026-44698)
CVE-2026-44698 に コードインジェクション (CVE-2026-44698) が存在。悪用されるとシステム全体を乗っ取られる可能性があります。``window.externalApp`` 経由で攻撃可能。対策: `2026.4.1` 以上に更新。
|
High
|
JavaScript
CWE-94: コードインジェクション
Cwe 346
Cwe 749
+3
|
1ヶ月前
|
|
CVE-2025-11262
|
|
The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
|
High
|
WordPress
クロスサイトスクリプティング (XSS)
CWE-79: クロスサイトスクリプティング (XSS)
PHP
|
1ヶ月前
|
|
CVE-2026-42760
|
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and...
Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and...
|
High
|
WordPress
認証バイパス
Cwe 288
|
1ヶ月前
|
|
CVE-2026-42762
|
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
|
High
|
クロスサイトスクリプティング (XSS)
CWE-79: クロスサイトスクリプティング (XSS)
WordPress
PHP
|
1ヶ月前
|
|
CVE-2026-42753
|
|
Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows...
Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows...
|
High
|
Cwe 862
WordPress
認証バイパス
|
1ヶ月前
|
|
CVE-2026-42746
|
|
Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for...
Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for...
|
High
|
Cwe 201
PHP
WordPress
|
1ヶ月前
|
|
CVE-2026-42745
|
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online...
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online...
|
High
|
認証バイパス
Cwe 288
WordPress
PHP
|
1ヶ月前
|
|
CVE-2026-42737
|
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
|
High
|
パストラバーサル
CWE-22: パストラバーサル
WordPress
PHP
|
1ヶ月前
|