脆弱性一覧
CVE / GHSA / KEV / OSV を統合監視。タグ・カテゴリで絞り込み可能。
| ID | タイトル | |
|---|---|---|
| CVE-2026-39447 |
|
Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.10.6 versions.
Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.10.6 versions.
|
| CVE-2026-39491 |
|
Subscriber Cross Site Scripting (XSS) in JupiterX Core <= 4.14.1 versions.
Subscriber Cross Site Scripting (XSS) in JupiterX Core <= 4.14.1 versions.
|
| CVE-2026-39463 |
|
Unauthenticated Cross Site Scripting (XSS) in ManageWP Worker <= 4.9.31 versions.
Unauthenticated Cross Site Scripting (XSS) in ManageWP Worker <= 4.9.31 versions.
|
| CVE-2026-39450 |
|
Subscriber Broken Authentication in FunnelKit Automations <= 3.7.3 versions.
Subscriber Broken Authentication in FunnelKit Automations <= 3.7.3 versions.
|
| CVE-2026-39468 |
|
wordpress に パストラバーサル (CVE-2026-39468)
wordpress に パストラバーサル (CVE-2026-39468) が存在。不正な操作・情報露出のリスクがあります。
|
| CVE-2026-39489 |
|
Author Arbitrary File Download in Download Monitor <= 5.1.9 versions.
Author Arbitrary File Download in Download Monitor <= 5.1.9 versions.
|
| CVE-2026-39498 |
|
Shop manager PHP Object Injection in YayMail <= 4.3.3 versions.
Shop manager PHP Object Injection in YayMail <= 4.3.3 versions.
|
| CVE-2026-39499 |
|
CVE-2026-39499 に 安全でないデシリアライゼーション (CVE-2026-39499)
CVE-2026-39499 に 脆弱性 (CVE-2026-39499) が存在。悪用されるとシステム全体を乗っ取られる可能性があります。
|
| CVE-2026-39481 |
|
Author PHP Object Injection in Modula Image Gallery <= 2.14.18 versions.
Author PHP Object Injection in Modula Image Gallery <= 2.14.18 versions.
|
| CVE-2026-39472 |
|
Shop manager PHP Object Injection in WooCommerce PDF Invoices & Packing Slips < 5.9.0 versions.
Shop manager PHP Object Injection in WooCommerce PDF Invoices & Packing Slips < 5.9.0 versions.
|
| CVE-2026-39478 |
|
CVE-2026-39478 に 安全でないデシリアライゼーション (CVE-2026-39478)
CVE-2026-39478 に 脆弱性 (CVE-2026-39478) が存在。悪用されるとシステム全体を乗っ取られる可能性があります。
|
| CVE-2026-39471 |
|
Author PHP Object Injection in ShortPixel Image Optimizer <= 6.4.3 versions.
Author PHP Object Injection in ShortPixel Image Optimizer <= 6.4.3 versions.
|
| CVE-2026-39474 |
|
Contributor PHP Object Injection in Post Duplicator <= 3.0.10 versions.
Contributor PHP Object Injection in Post Duplicator <= 3.0.10 versions.
|
| CVE-2026-39524 |
|
Unauthenticated Broken Access Control in Masteriyo - LMS <= 2.1.5 versions.
Unauthenticated Broken Access Control in Masteriyo - LMS <= 2.1.5 versions.
|
| CVE-2026-39525 |
|
Unauthenticated Broken Access Control in Booking Activities <= 1.16.48.1 versions.
Unauthenticated Broken Access Control in Booking Activities <= 1.16.48.1 versions.
|
| CVE-2026-39513 |
|
Unauthenticated Broken Access Control in Easy Appointments <= 3.12.21 versions.
Unauthenticated Broken Access Control in Easy Appointments <= 3.12.21 versions.
|
| CVE-2026-39503 |
|
Unauthenticated Broken Access Control in Easy Digital Downloads <= 3.6.5 versions.
Unauthenticated Broken Access Control in Easy Digital Downloads <= 3.6.5 versions.
|
| CVE-2026-39515 |
|
Subscriber Broken Access Control in Motors < 1.4.107 versions.
Subscriber Broken Access Control in Motors < 1.4.107 versions.
|
| CVE-2026-39465 |
|
Editor Remote Code Execution (RCE) in Responsive Slider by MetaSlider <= 3.106.0 versions.
Editor Remote Code Execution (RCE) in Responsive Slider by MetaSlider <= 3.106.0 versions.
|
| CVE-2026-27333 |
|
deserialization に 安全でないデシリアライゼーション (CVE-2026-27333)
deserialization に 脆弱性 (CVE-2026-27333) が存在。悪用されるとシステム全体を乗っ取られる可能性があります。
|
| CVE-2026-39434 |
|
Shop manager PHP Object Injection in CTX Feed <= 6.6.26 versions.
Shop manager PHP Object Injection in CTX Feed <= 6.6.26 versions.
|
| CVE-2026-27053 |
|
Unauthenticated PHP Object Injection in Broadcast Live Video < 7.1.3 versions.
Unauthenticated PHP Object Injection in Broadcast Live Video < 7.1.3 versions.
|
| CVE-2026-25440 |
|
Unauthenticated Broken Access Control in Essential Addons for Elementor < 6.6.0 versions.
Unauthenticated Broken Access Control in Essential Addons for Elementor < 6.6.0 versions.
|
| CVE-2025-69332 |
|
Subscriber Broken Access Control in Bookify <= 1.1.1 versions.
Subscriber Broken Access Control in Bookify <= 1.1.1 versions.
|
| CVE-2026-25425 |
|
Unauthenticated Broken Access Control in User Registration <= 5.1.2 versions.
Unauthenticated Broken Access Control in User Registration <= 5.1.2 versions.
|
| CVE-2026-34886 |
|
Unauthenticated Broken Access Control in Simple Membership <= 4.7.1 versions.
Unauthenticated Broken Access Control in Simple Membership <= 4.7.1 versions.
|
| CVE-2026-34898 |
|
Unauthenticated Broken Access Control in Event Tickets Manager for WooCommerce <= 1.5.3 versions.
Unauthenticated Broken Access Control in Event Tickets Manager for WooCommerce <= 1.5.3 versions.
|
| CVE-2026-34892 |
|
Subscriber Broken Access Control in Rank Math SEO <= 1.0.271 versions.
Subscriber Broken Access Control in Rank Math SEO <= 1.0.271 versions.
|
| CVE-2025-68049 |
|
Subscriber Broken Access Control in bunny.net <= 2.3.6 versions.
Subscriber Broken Access Control in bunny.net <= 2.3.6 versions.
|
| CVE-2026-39441 |
|
Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free <= 5.3 versions.
Unauthenticated SQL Injection in Feed KuantoKusta for WooCommerce – Free <= 5.3 versions.
|
| CVE-2026-24637 |
|
Contributor SQL Injection in PowerPress Podcasting <= 11.15.10 versions.
Contributor SQL Injection in PowerPress Podcasting <= 11.15.10 versions.
|
| CVE-2026-34900 |
|
Unauthenticated Cross Site Scripting (XSS) in GiveWP <= 4.14.2 versions.
Unauthenticated Cross Site Scripting (XSS) in GiveWP <= 4.14.2 versions.
|
| CVE-2025-68851 |
|
Unauthenticated Cross Site Scripting (XSS) in Okay Toolkit <= 2.3 versions.
Unauthenticated Cross Site Scripting (XSS) in Okay Toolkit <= 2.3 versions.
|
| CVE-2026-34902 |
|
Unauthenticated Cross Site Scripting (XSS) in WooCommerce Product Table Lite <= 4.6.3 versions.
Unauthenticated Cross Site Scripting (XSS) in WooCommerce Product Table Lite <= 4.6.3 versions.
|
| CVE-2026-23970 |
|
Unauthenticated Cross Site Scripting (XSS) in Redirection for Contact Form 7 <= 3.2.8 versions.
Unauthenticated Cross Site Scripting (XSS) in Redirection for Contact Form 7 <= 3.2.8 versions.
|
| CVE-2025-68872 |
|
CVE-2025-68872 に クロスサイトスクリプティング (CVE-2025-68872)
CVE-2025-68872 に XSS (クロスサイトスクリプティング) (CVE-2025-68872) が存在。不正な操作・情報露出のリスクがあります。
|
| CVE-2026-39435 |
|
Unauthenticated Cross Site Scripting (XSS) in CformsII <= 15.1.3 versions.
Unauthenticated Cross Site Scripting (XSS) in CformsII <= 15.1.3 versions.
|
| CVE-2025-68840 |
|
Unauthenticated Cross Site Scripting (XSS) in iRobots.txt SEO <= 1.1.2 versions.
Unauthenticated Cross Site Scripting (XSS) in iRobots.txt SEO <= 1.1.2 versions.
|
| CVE-2026-34891 |
|
Unauthenticated Sensitive Data Exposure in IDPay Payment Gateway for Woocommerce <= 2.2.5 versions.
Unauthenticated Sensitive Data Exposure in IDPay Payment Gateway for Woocommerce <= 2.2.5 versions.
|
| CVE-2026-27089 |
|
Unauthenticated Bypass Vulnerability in WpTravelly <= 2.1.7 versions.
Unauthenticated Bypass Vulnerability in WpTravelly <= 2.1.7 versions.
|
| CVE-2025-60175 |
|
Administrator Server Side Request Forgery (SSRF) in PopAd <= 1.0.4 versions.
Administrator Server Side Request Forgery (SSRF) in PopAd <= 1.0.4 versions.
|
| CVE-2026-48708 |
|
github.com/OliveTin/OliveTin の脆弱性 (CVE-2026-48708)
github.com/OliveTin/OliveTin に 脆弱性 (CVE-2026-48708) が存在。悪用されるとシステム全体を乗っ取られる可能性があります。``tpl`` 経由で攻撃可能。対策: `0.0.0-20260521225117-d74da9314005` 以上に更新。
|
| CVE-2026-48709 |
|
github.com/OliveTin/OliveTin の脆弱性 (CVE-2026-48709)
github.com/OliveTin/OliveTin に 脆弱性 (CVE-2026-48709) が存在。不正な操作・情報露出のリスクがあります。``ValidateArgumentType`` 経由で攻撃可能。対策: `0.0.0-20260521230847-a3865704c854` 以上に更新。
|
| CVE-2026-48518 |
|
CVE-2026-48518 に CSRF (CVE-2026-48518)
CVE-2026-48518 に 脆弱性 (CVE-2026-48518) が存在。不正な操作・情報露出のリスクがあります。`POST /multi-juicer/api/teams/{team}/join` 経由で攻撃可能。
|
| CVE-2026-48124 |
|
CVE-2026-48124 に コードインジェクション (CVE-2026-48124)
CVE-2026-48124 に コードインジェクション (CVE-2026-48124) が存在。不正な操作・情報露出のリスクがあります。
|
| CVE-2026-48988 |
|
markdown-it の脆弱性 (CVE-2026-48988)
markdown-it に 脆弱性 (CVE-2026-48988) が存在。不正な操作・情報露出のリスクがあります。``token.content`` 経由で攻撃可能。対策: `14.2.0` 以上に更新。
|
| CVE-2026-54283 |
|
starlette の脆弱性 (CVE-2026-54283)
starlette に 脆弱性 (CVE-2026-54283) が存在。不正な操作・情報露出のリスクがあります。``max_fields`` 経由で攻撃可能。対策: `1.3.1` 以上に更新。
|
| CVE-2026-54285 |
|
@opentelemetry/core の脆弱性 (CVE-2026-54285)
@opentelemetry/core に 脆弱性 (CVE-2026-54285) が存在。不正な操作・情報露出のリスクがあります。``baggage`` 経由で攻撃可能。対策: `2.8.0` 以上に更新。
|
| CVE-2026-54282 |
|
Starlette の脆弱性 (CVE-2026-54282)
Starlette に 脆弱性 (CVE-2026-54282) が存在。不正な操作・情報露出のリスクがあります。``request.url`` 経由で攻撃可能。対策: `1.3.0` 以上に更新。
|
| CVE-2026-54281 |
|
@nestjs/platform-fastify に 認可不備 (CVE-2026-54281)
@nestjs/platform-fastify に 脆弱性 (CVE-2026-54281) が存在。不正な操作・情報露出のリスクがあります。`GET /resource` 経由で攻撃可能。対策: `11.1.24` 以上に更新。
|