脆弱性一覧
CVE / GHSA / KEV / OSV を統合監視。タグ・カテゴリで絞り込み可能。
| ID | タイトル | |
|---|---|---|
| CVE-2026-39583 |
|
Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery <= 2.6.62 versions.
Unauthenticated Privilege Escalation in Datalogics Ecommerce Delivery <= 2.6.62 versions.
|
| CVE-2026-39579 |
|
Contributor Privilege Escalation in B Blocks <= 2.0.31 versions.
Contributor Privilege Escalation in B Blocks <= 2.0.31 versions.
|
| CVE-2026-39587 |
|
Unauthenticated Privilege Escalation in WP BASE Booking <= 5.9.0 versions.
Unauthenticated Privilege Escalation in WP BASE Booking <= 5.9.0 versions.
|
| CVE-2026-39502 |
|
Unauthenticated SQL Injection in Form Maker by 10Web <= 1.15.38 versions.
Unauthenticated SQL Injection in Form Maker by 10Web <= 1.15.38 versions.
|
| CVE-2026-39530 |
|
Unauthenticated SQL Injection in SpeakOut! Email Petitions <= 4.6.5 versions.
Unauthenticated SQL Injection in SpeakOut! Email Petitions <= 4.6.5 versions.
|
| CVE-2026-40762 |
|
Unauthenticated SQL Injection in WPGraphQL < 2.11.1 versions.
Unauthenticated SQL Injection in WPGraphQL < 2.11.1 versions.
|
| CVE-2026-39463 |
|
Unauthenticated Cross Site Scripting (XSS) in ManageWP Worker <= 4.9.31 versions.
Unauthenticated Cross Site Scripting (XSS) in ManageWP Worker <= 4.9.31 versions.
|
| CVE-2026-39491 |
|
Subscriber Cross Site Scripting (XSS) in JupiterX Core <= 4.14.1 versions.
Subscriber Cross Site Scripting (XSS) in JupiterX Core <= 4.14.1 versions.
|
| CVE-2026-39447 |
|
Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.10.6 versions.
Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.10.6 versions.
|
| CVE-2026-39451 |
|
Unauthenticated Cross Site Scripting (XSS) in WP Google Review Slider <= 18.0 versions.
Unauthenticated Cross Site Scripting (XSS) in WP Google Review Slider <= 18.0 versions.
|
| CVE-2026-39449 |
|
Unauthenticated Cross Site Scripting (XSS) in Contact Form to Any API <= 3.0.3 versions.
Unauthenticated Cross Site Scripting (XSS) in Contact Form to Any API <= 3.0.3 versions.
|
| CVE-2026-39507 |
|
Unauthenticated Cross Site Scripting (XSS) in Social Slider Feed <= 2.3.2 versions.
Unauthenticated Cross Site Scripting (XSS) in Social Slider Feed <= 2.3.2 versions.
|
| CVE-2026-39514 |
|
Unauthenticated Cross Site Scripting (XSS) in Paid Member Subscriptions <= 2.17.3 versions.
Unauthenticated Cross Site Scripting (XSS) in Paid Member Subscriptions <= 2.17.3 versions.
|
| CVE-2026-39470 |
|
Shop manager Privilege Escalation in WooCommerce Cart Abandonment Recovery < 2.1.0 versions.
Shop manager Privilege Escalation in WooCommerce Cart Abandonment Recovery < 2.1.0 versions.
|
| CVE-2026-39492 |
|
Unauthenticated SQL Injection in WP Maps <= 4.9.1 versions.
Unauthenticated SQL Injection in WP Maps <= 4.9.1 versions.
|
| CVE-2026-39511 |
|
Unauthenticated SQL Injection in WP Photo Album Plus <= 9.1.08.001 versions.
Unauthenticated SQL Injection in WP Photo Album Plus <= 9.1.08.001 versions.
|
| CVE-2026-39512 |
|
Unauthenticated SQL Injection in GeoDirectory <= 2.8.152 versions.
Unauthenticated SQL Injection in GeoDirectory <= 2.8.152 versions.
|
| CVE-2026-39493 |
|
Unauthenticated SQL Injection in Simply Schedule Appointments <= 1.6.9.27 versions.
Unauthenticated SQL Injection in Simply Schedule Appointments <= 1.6.9.27 versions.
|
| CVE-2026-39519 |
|
Unauthenticated SQL Injection in GeekyBot <= 1.2.0 versions.
Unauthenticated SQL Injection in GeekyBot <= 1.2.0 versions.
|
| CVE-2026-39465 |
|
Editor Remote Code Execution (RCE) in Responsive Slider by MetaSlider <= 3.106.0 versions.
Editor Remote Code Execution (RCE) in Responsive Slider by MetaSlider <= 3.106.0 versions.
|
| CVE-2025-68840 |
|
Unauthenticated Cross Site Scripting (XSS) in iRobots.txt SEO <= 1.1.2 versions.
Unauthenticated Cross Site Scripting (XSS) in iRobots.txt SEO <= 1.1.2 versions.
|
| CVE-2026-39435 |
|
Unauthenticated Cross Site Scripting (XSS) in CformsII <= 15.1.3 versions.
Unauthenticated Cross Site Scripting (XSS) in CformsII <= 15.1.3 versions.
|
| CVE-2025-68872 |
|
CVE-2025-68872 に クロスサイトスクリプティング (CVE-2025-68872)
CVE-2025-68872 に XSS (クロスサイトスクリプティング) (CVE-2025-68872) が存在。不正な操作・情報露出のリスクがあります。
|
| CVE-2026-23970 |
|
Unauthenticated Cross Site Scripting (XSS) in Redirection for Contact Form 7 <= 3.2.8 versions.
Unauthenticated Cross Site Scripting (XSS) in Redirection for Contact Form 7 <= 3.2.8 versions.
|
| CVE-2026-34902 |
|
Unauthenticated Cross Site Scripting (XSS) in WooCommerce Product Table Lite <= 4.6.3 versions.
Unauthenticated Cross Site Scripting (XSS) in WooCommerce Product Table Lite <= 4.6.3 versions.
|
| CVE-2025-68851 |
|
Unauthenticated Cross Site Scripting (XSS) in Okay Toolkit <= 2.3 versions.
Unauthenticated Cross Site Scripting (XSS) in Okay Toolkit <= 2.3 versions.
|
| CVE-2026-34900 |
|
Unauthenticated Cross Site Scripting (XSS) in GiveWP <= 4.14.2 versions.
Unauthenticated Cross Site Scripting (XSS) in GiveWP <= 4.14.2 versions.
|
| CVE-2026-34901 |
|
Unauthenticated Privilege Escalation in iControlWP <= 5.5.3 versions.
Unauthenticated Privilege Escalation in iControlWP <= 5.5.3 versions.
|
| CVE-2026-27407 |
|
Editor Privilege Escalation in AI Engine <= 3.4.9 versions.
Editor Privilege Escalation in AI Engine <= 3.4.9 versions.
|
| CVE-2026-39441 |
|
Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free <= 5.3 versions.
Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free <= 5.3 versions.
|
| CVE-2026-24637 |
|
Contributor SQL Injection in PowerPress Podcasting <= 11.15.10 versions.
Contributor SQL Injection in PowerPress Podcasting <= 11.15.10 versions.
|
| CVE-2026-27333 |
|
deserialization に 安全でないデシリアライゼーション (CVE-2026-27333)
deserialization に 脆弱性 (CVE-2026-27333) が存在。悪用されるとシステム全体を乗っ取られる可能性があります。
|
| CVE-2025-60175 |
|
Administrator Server Side Request Forgery (SSRF) in PopAd <= 1.0.4 versions.
Administrator Server Side Request Forgery (SSRF) in PopAd <= 1.0.4 versions.
|
| CVE-2026-54281 |
|
@nestjs/platform-fastify に 認可不備 (CVE-2026-54281)
@nestjs/platform-fastify に 脆弱性 (CVE-2026-54281) が存在。不正な操作・情報露出のリスクがあります。`GET /resource` 経由で攻撃可能。対策: `11.1.24` 以上に更新。
|
| CVE-2026-53705 |
|
CVE-2026-53705 の脆弱性 (CVE-2026-53705)
CVE-2026-53705 に 脆弱性 (CVE-2026-53705) が存在。不正な操作・情報露出のリスクがあります。
|
| CVE-2026-52720 |
|
CVE-2026-52720 の脆弱性 (CVE-2026-52720)
CVE-2026-52720 に 脆弱性 (CVE-2026-52720) が存在。悪用されるとシステム全体を乗っ取られる可能性があります。
|
| CVE-2026-50890 |
|
sqli に SQLインジェクション (CVE-2026-50890)
sqli に SQLインジェクション (CVE-2026-50890) が存在。悪用されるとシステム全体を乗っ取られる可能性があります。
|
| CVE-2026-52718 |
|
dos の脆弱性 (CVE-2026-52718)
dos に 脆弱性 (CVE-2026-52718) が存在。不正な操作・情報露出のリスクがあります。
|
| CVE-2026-50882 |
|
dos の脆弱性 (CVE-2026-50882)
dos に 脆弱性 (CVE-2026-50882) が存在。不正な操作・情報露出のリスクがあります。
|
| CVE-2026-50889 |
|
dos の脆弱性 (CVE-2026-50889)
dos に 脆弱性 (CVE-2026-50889) が存在。不正な操作・情報露出のリスクがあります。
|
| CVE-2026-50888 |
|
ssrf に SSRF (サーバー側リクエスト偽造) (CVE-2026-50888)
ssrf に SSRF (CVE-2026-50888) が存在。機密情報が外部に流出する可能性があります。
|
| CVE-2026-50887 |
|
ssrf に SSRF (サーバー側リクエスト偽造) (CVE-2026-50887)
ssrf に SSRF (CVE-2026-50887) が存在。機密情報が外部に流出する可能性があります。
|
| CVE-2026-50876 |
|
CVE-2026-50876 に クロスサイトスクリプティング (CVE-2026-50876)
CVE-2026-50876 に XSS (クロスサイトスクリプティング) (CVE-2026-50876) が存在。不正な操作・情報露出のリスクがあります。
|
| CVE-2026-50877 |
|
path-traversal に パストラバーサル (CVE-2026-50877)
path-traversal に パストラバーサル (CVE-2026-50877) が存在。機密情報が外部に流出する可能性があります。
|
| CVE-2026-48818 |
|
starlette に SSRF (サーバー側リクエスト偽造) (CVE-2026-48818)
starlette に SSRF (CVE-2026-48818) が存在。機密情報が外部に流出する可能性があります。``StaticFiles`` 経由で攻撃可能。対策: `1.1.0` 以上に更新。
|
| CVE-2026-50878 |
|
dos の脆弱性 (CVE-2026-50878)
dos に 脆弱性 (CVE-2026-50878) が存在。不正な操作・情報露出のリスクがあります。
|
| CVE-2026-50879 |
|
dos の脆弱性 (CVE-2026-50879)
dos に 脆弱性 (CVE-2026-50879) が存在。不正な操作・情報露出のリスクがあります。
|
| CVE-2026-49952 |
|
CVE-2026-49952 の脆弱性 (CVE-2026-49952)
CVE-2026-49952 に 脆弱性 (CVE-2026-49952) が存在。機密情報が外部に流出する可能性があります。
|
| CVE-2026-50869 |
|
path-traversal に パストラバーサル (CVE-2026-50869)
path-traversal に パストラバーサル (CVE-2026-50869) が存在。悪用されるとシステム全体を乗っ取られる可能性があります。
|
| CVE-2026-49954 |
|
path-traversal の脆弱性 (CVE-2026-49954)
path-traversal に 脆弱性 (CVE-2026-49954) が存在。悪用されるとシステム全体を乗っ取られる可能性があります。
|