脆弱性一覧

CVE / GHSA / KEV / OSV を統合監視。タグ・カテゴリで絞り込み可能。

フィルタ中: カテゴリ: web-application グループ: web-frameworks クリア
ID タイトル
CVE-2026-14802 A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the...
A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the...
CVE-2026-57950 ruoyi-vue-pro through 2026.05, fixed in commit 5d1fd70 contains a broken access control...
ruoyi-vue-pro through 2026.05, fixed in commit 5d1fd70 contains a broken access control...
CVE-2026-3652 The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value`...
The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value`...
CVE-2026-41708 dos の脆弱性 (CVE-2026-41708)
dos に 脆弱性 (CVE-2026-41708) が存在。不正な操作・情報露出のリスクがあります。
CVE-2026-5415 The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
CVE-2026-5411 The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
CVE-2026-42211 React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE
React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE
CVE-2026-33245 React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets
React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets
CVE-2026-1829 The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code...
The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code...
CVE-2026-39555 Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection. ...
Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection. ...
CVE-2026-39552 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
CVE-2025-69369 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
CVE-2025-68886 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
CVE-2026-48557 Spatie Laravel Media Library contains a file upload restriction bypass
Spatie Laravel Media Library contains a file upload restriction bypass
CVE-2025-11262 The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
CVE-2026-42762 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
CVE-2026-42760 Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and...
Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and...
CVE-2026-42753 Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows...
Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows...
CVE-2026-42746 Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for...
Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for...
CVE-2026-42745 Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online...
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online...
CVE-2026-42737 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
CVE-2026-42736 Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp...
Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp...
CVE-2026-42735 Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare...
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare...
CVE-2026-42730 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
CVE-2021-47959 WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows...
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows...
CVE-2026-4094 The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to...
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to...
CVE-2026-44313 ssrf に SSRF (サーバー側リクエスト偽造) (CVE-2026-44313)
ssrf に SSRF (CVE-2026-44313) が存在。機密情報が外部に流出する可能性があります。`GET /api/v1/archives/{linkId}` 経由で攻撃可能。
CVE-2013-10075 apache の脆弱性 (CVE-2013-10075)
apache に 脆弱性 (CVE-2013-10075) が存在。機密情報が外部に流出する可能性があります。
CVE-2026-33844 apache の脆弱性 (CVE-2026-33844)
apache に 脆弱性 (CVE-2026-33844) が存在。悪用されるとシステム全体を乗っ取られる可能性があります。
CVE-2026-41902 laravel の脆弱性 (CVE-2026-41902)
laravel に 脆弱性 (CVE-2026-41902) が存在。機密情報が外部に流出する可能性があります。`Referer header` 経由で攻撃可能。
CVE-2026-34084 phpoffice/phpspreadsheet に 安全でないデシリアライゼーション (CVE-2026-34084)
phpoffice/phpspreadsheet に 脆弱性 (CVE-2026-34084) が存在。悪用されるとシステム全体を乗っ取られる可能性があります。``is_file`` 経由で攻撃可能。対策: `1.30.3` 以上に更新。
CVE-2026-41940 KEV 【KEV】Webpros cpanel-whm-and-wp2-wordpress-squared の脆弱性 (CVE-2026-41940)
Webpros cpanel-whm-and-wp2-wordpress-squared に 脆弱性 (CVE-2026-41940) が存在。不正な操作・情報露出のリスクがあります。CISA KEV登録済 — 実環境で悪用が確認されている。
CVE-2026-40316 OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflo...
OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflows/regenerate-migrations.yml workflow. The workflow uses the pull_request_target trigger to run with...

🍪 Cookie について

当サイトはログイン状態の保持・言語設定・サービス改善のために Cookie を使用します。詳細は下記リンクをご確認ください。

詳細 →