|
CVE-2026-14802
|
|
A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the...
A vulnerability was detected in react create-react-app up to 5.0.1 on macOS. This affects the...
|
High
|
JavaScript
React
Cwe 77
CWE-78: OSコマンドインジェクション
+1
|
2日前
|
|
CVE-2026-57950
|
|
ruoyi-vue-pro through 2026.05, fixed in commit 5d1fd70 contains a broken access control...
ruoyi-vue-pro through 2026.05, fixed in commit 5d1fd70 contains a broken access control...
|
High
|
Vue.js
Cwe 863
リモートコード実行 (RCE)
コマンドインジェクション
|
1週間前
|
|
CVE-2026-3652
|
|
The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value`...
The ARForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `value`...
|
High
|
WordPress
クロスサイトスクリプティング (XSS)
CWE-79: クロスサイトスクリプティング (XSS)
PHP
|
2週間前
|
|
CVE-2026-41708
|
|
dos の脆弱性 (CVE-2026-41708)
dos に 脆弱性 (CVE-2026-41708) が存在。不正な操作・情報露出のリスクがあります。
|
High
|
サービス拒否 (DoS)
Cwe 400
Spring
Broadcom
+1
|
3週間前
|
|
CVE-2026-5415
|
|
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
|
High
|
WordPress
認証バイパス
Cwe 288
PHP
|
1ヶ月前
|
|
CVE-2026-5411
|
|
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
The WP Captcha PRO (the premium version of the Advanced Google reCAPTCHA plugin, both have the...
|
High
|
PHP
WordPress
リモートコード実行 (RCE)
Cwe 434
|
1ヶ月前
|
|
CVE-2026-42211
|
|
React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE
React Router's vendored turbo-stream v2 allows arbitrary constructor invocation via TYPE_ERROR deserialization leading to Unauth RCE
|
High
|
React
リモートコード実行 (RCE)
CWE-502: 安全でないデシリアライゼーション
Remote Code Execution
+3
|
1ヶ月前
|
|
CVE-2026-33245
|
|
React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets
React Router vulnerable to XSS in unstable RSC redirect handling via javascript: redirect targets
|
High
|
React
クロスサイトスクリプティング (XSS)
CWE-79: クロスサイトスクリプティング (XSS)
Shopify
+1
|
1ヶ月前
|
|
CVE-2026-1829
|
|
The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code...
The Content Visibility for Divi Builder plugin for WordPress is vulnerable to Remote Code...
|
High
|
WordPress
リモートコード実行 (RCE)
CWE-94: コードインジェクション
PHP
|
1ヶ月前
|
|
CVE-2026-39555
|
|
Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection.
...
Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection.
...
|
High
|
安全でないデシリアライゼーション
CWE-502: 安全でないデシリアライゼーション
WordPress
PHP
|
1ヶ月前
|
|
CVE-2026-39552
|
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
|
High
|
PHP
Cwe 98
WordPress
リモートコード実行 (RCE)
+1
|
1ヶ月前
|
|
CVE-2025-68886
|
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
|
High
|
PHP
Cwe 98
WordPress
リモートコード実行 (RCE)
|
1ヶ月前
|
|
CVE-2025-69369
|
|
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File...
|
High
|
PHP
Cwe 98
WordPress
ローカルファイル インクルージョン
|
1ヶ月前
|
|
CVE-2026-48557
|
|
Spatie Laravel Media Library contains a file upload restriction bypass
Spatie Laravel Media Library contains a file upload restriction bypass
|
High
|
PHP
Laravel
Apache
Cwe 184
|
1ヶ月前
|
|
CVE-2025-11262
|
|
The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
The Link Whisper Free plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the...
|
High
|
WordPress
クロスサイトスクリプティング (XSS)
CWE-79: クロスサイトスクリプティング (XSS)
PHP
|
1ヶ月前
|
|
CVE-2026-42762
|
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')...
|
High
|
クロスサイトスクリプティング (XSS)
CWE-79: クロスサイトスクリプティング (XSS)
WordPress
PHP
|
1ヶ月前
|
|
CVE-2026-42760
|
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and...
Authentication Bypass Using an Alternate Path or Channel vulnerability in revmakx Backup and...
|
High
|
WordPress
認証バイパス
Cwe 288
|
1ヶ月前
|
|
CVE-2026-42753
|
|
Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows...
Missing Authorization vulnerability in WC Lovers WCFM Membership wc-multivendor-membership allows...
|
High
|
Cwe 862
WordPress
認証バイパス
|
1ヶ月前
|
|
CVE-2026-42746
|
|
Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for...
Insertion of Sensitive Information Into Sent Data vulnerability in ZAYTECH Smart Online Order for...
|
High
|
Cwe 201
PHP
WordPress
|
1ヶ月前
|
|
CVE-2026-42745
|
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online...
Authentication Bypass Using an Alternate Path or Channel vulnerability in ZAYTECH Smart Online...
|
High
|
認証バイパス
Cwe 288
WordPress
PHP
|
1ヶ月前
|
|
CVE-2026-42737
|
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in...
|
High
|
パストラバーサル
CWE-22: パストラバーサル
WordPress
PHP
|
1ヶ月前
|
|
CVE-2026-42736
|
|
Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp...
Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp...
|
High
|
Cwe 639
WordPress
IDOR (安全でない直接オブジェクト参照)
|
1ヶ月前
|
|
CVE-2026-42735
|
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare...
Authentication Bypass Using an Alternate Path or Channel vulnerability in Iqonic Design KiviCare...
|
High
|
認証バイパス
Cwe 288
WordPress
PHP
|
1ヶ月前
|
|
CVE-2026-42730
|
|
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')...
|
High
|
SQLインジェクション
CWE-89: SQLインジェクション
WordPress
PHP
|
1ヶ月前
|
|
CVE-2021-47959
|
|
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows...
WordPress Plugin WPGraphQL 1.3.5 contains a denial of service vulnerability that allows...
|
High
|
WordPress
サービス拒否 (DoS)
Cwe 770
PHP
|
1ヶ月前
|
|
CVE-2026-4094
|
|
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to...
The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to...
|
High
|
WordPress
Cwe 862
PHP
CSRF (クロスサイトリクエストフォージェリ)
|
1ヶ月前
|
|
CVE-2026-41940
KEV
|
|
【KEV】Webpros cpanel-whm-and-wp2-wordpress-squared の脆弱性 (CVE-2026-41940)
Webpros cpanel-whm-and-wp2-wordpress-squared に 脆弱性 (CVE-2026-41940) が存在。不正な操作・情報露出のリスクがあります。CISA KEV登録済 — 実環境で悪用が確認されている。
|
High
|
Webpros
Cpanel Whm And Wp2 Wordpress Squared
Cwe 306
WordPress
+6
|
2ヶ月前
|
|
CVE-2026-40316
|
|
OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflo...
OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Versions prior to 2.1.1 contain an RCE vulnerability in the .github/workflows/regenerate-migrations.yml workflow. The workflow uses the pull_request_target trigger to run with...
|
High
|
Python
Django
リモートコード実行 (RCE)
CWE-94: コードインジェクション
+4
|
2ヶ月前
|