脆弱性一覧

CVE / GHSA / KEV / OSV を統合監視。タグ・カテゴリで絞り込み可能。

フィルタ中: グループ: cwe クリア
ID タイトル
CVE-2026-48967 Subscriber SQL Injection in Geo Mashup <= 1.13.19 versions.
Subscriber SQL Injection in Geo Mashup <= 1.13.19 versions.
CVE-2026-49080 Unauthenticated SQL Injection in wpDataTables <= 7.3.6 versions.
Unauthenticated SQL Injection in wpDataTables <= 7.3.6 versions.
CVE-2026-49084 Unauthenticated SQL Injection in JetEngine < 3.8.9.1 versions.
Unauthenticated SQL Injection in JetEngine < 3.8.9.1 versions.
CVE-2026-49778 Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions.
Unauthenticated Cross Site Scripting (XSS) in WPFunnels Pro <= 2.9.4 versions.
CVE-2026-48869 Unauthenticated Cross Site Scripting (XSS) in Enfold <= 7.1.4 versions.
Unauthenticated Cross Site Scripting (XSS) in Enfold <= 7.1.4 versions.
CVE-2026-49074 Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.9.1 versions.
Unauthenticated Cross Site Scripting (XSS) in JetEngine <= 3.8.9.1 versions.
CVE-2026-47340 org.apache.dolphinscheduler:dolphinscheduler-api に 情報漏洩 (CVE-2026-47340)
org.apache.dolphinscheduler:dolphinscheduler-api に 脆弱性 (CVE-2026-47340) が存在。機密情報が外部に流出する可能性があります。対策: `3.4.2` 以上に更新。
CVE-2026-49071 Unauthenticated Broken Authentication in WooCommerce Dropshipping <= 5.2.4 versions.
Unauthenticated Broken Authentication in WooCommerce Dropshipping <= 5.2.4 versions.
CVE-2026-49767 Unauthenticated Broken Authentication in wpForo Forum <= 3.1.0 versions.
Unauthenticated Broken Authentication in wpForo Forum <= 3.1.0 versions.
CVE-2026-40748 Subscriber Arbitrary File Upload in Kids Gift Shop <= 0.5.4 versions.
Subscriber Arbitrary File Upload in Kids Gift Shop <= 0.5.4 versions.
CVE-2026-40749 Subscriber Arbitrary File Upload in Charity Zone <= 1.1.1 versions.
Subscriber Arbitrary File Upload in Charity Zone <= 1.1.1 versions.
CVE-2026-40746 Subscriber Arbitrary File Upload in Restaurant Zone <= 0.7.8 versions.
Subscriber Arbitrary File Upload in Restaurant Zone <= 0.7.8 versions.
CVE-2026-40747 Subscriber Arbitrary File Upload in Ecommerce Zone <= 0.9.7 versions.
Subscriber Arbitrary File Upload in Ecommerce Zone <= 0.9.7 versions.
CVE-2026-42629 Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions.
Unauthenticated Broken Authentication in PowerPack Pro for Elementor < v2.13.0 versions.
CVE-2026-40731 Unauthenticated Local File Inclusion in ChapterOne <= 1.7 versions.
Unauthenticated Local File Inclusion in ChapterOne <= 1.7 versions.
CVE-2026-40724 CP Client Arbitrary File Download in Client Portal (Pro) <= 5.6.2 versions.
CP Client Arbitrary File Download in Client Portal (Pro) <= 5.6.2 versions.
CVE-2026-42380 Unauthenticated PHP Object Injection in AI Lab < 5.4.2 versions.
Unauthenticated PHP Object Injection in AI Lab < 5.4.2 versions.
CVE-2026-40760 Unauthenticated PHP Object Injection in Behold <= 1.5 versions.
Unauthenticated PHP Object Injection in Behold <= 1.5 versions.
CVE-2026-40761 Unauthenticated PHP Object Injection in Valeska <= 1.2.2 versions.
Unauthenticated PHP Object Injection in Valeska <= 1.2.2 versions.
CVE-2026-40725 Unauthenticated PHP Object Injection in WooCommerce Product Filters < 2.0.6 versions.
Unauthenticated PHP Object Injection in WooCommerce Product Filters < 2.0.6 versions.
CVE-2026-40755 Unauthenticated PHP Object Injection in TechLink <= 1.3 versions.
Unauthenticated PHP Object Injection in TechLink <= 1.3 versions.
CVE-2026-40736 Unauthenticated PHP Object Injection in Laurits <= 1.5.1 versions.
Unauthenticated PHP Object Injection in Laurits <= 1.5.1 versions.
CVE-2026-40739 Unauthenticated PHP Object Injection in LuxeDrive <= 1.4 versions.
Unauthenticated PHP Object Injection in LuxeDrive <= 1.4 versions.
CVE-2026-40758 Unauthenticated PHP Object Injection in Léonie <= 1.2.1 versions.
Unauthenticated PHP Object Injection in Léonie <= 1.2.1 versions.
CVE-2026-40759 Unauthenticated PHP Object Injection in Esmée <= 1.4 versions.
Unauthenticated PHP Object Injection in Esmée <= 1.4 versions.
CVE-2026-40735 Unauthenticated PHP Object Injection in Reina <= 2.1 versions.
Unauthenticated PHP Object Injection in Reina <= 2.1 versions.
CVE-2026-40754 Unauthenticated PHP Object Injection in Roisin <= 1.4 versions.
Unauthenticated PHP Object Injection in Roisin <= 1.4 versions.
CVE-2026-40751 Unauthenticated PHP Object Injection in Ashtanga <= 1.2 versions.
Unauthenticated PHP Object Injection in Ashtanga <= 1.2 versions.
CVE-2026-40753 Unauthenticated PHP Object Injection in EasyMeals <= 1.5.1 versions.
Unauthenticated PHP Object Injection in EasyMeals <= 1.5.1 versions.
CVE-2026-42357 org.apache.dolphinscheduler:dolphinscheduler-api に 認可不備 (CVE-2026-42357)
org.apache.dolphinscheduler:dolphinscheduler-api に 脆弱性 (CVE-2026-42357) が存在。機密情報が外部に流出する可能性があります。対策: `3.4.2` 以上に更新。
CVE-2026-41280 org.apache.dolphinscheduler:dolphinscheduler-api に 認可不備 (CVE-2026-41280)
org.apache.dolphinscheduler:dolphinscheduler-api に 脆弱性 (CVE-2026-41280) が存在。データの不正な改ざんを許す可能性があります。対策: `3.4.2` 以上に更新。
CVE-2026-40726 Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.14 versions.
Unauthenticated Broken Access Control in User Registration Stripe <= 1.3.14 versions.
CVE-2026-40783 Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions.
Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions.
CVE-2026-42385 Unauthenticated Cross Site Scripting (XSS) in Profile Builder Pro <= 3.15.0 versions.
Unauthenticated Cross Site Scripting (XSS) in Profile Builder Pro <= 3.15.0 versions.
CVE-2026-40765 Unauthenticated Cross Site Scripting (XSS) in collectchat <= 2.4.9 versions.
Unauthenticated Cross Site Scripting (XSS) in collectchat <= 2.4.9 versions.
CVE-2026-41557 Unauthenticated Cross Site Scripting (XSS) in Kapee < 1.7.1 versions.
Unauthenticated Cross Site Scripting (XSS) in Kapee < 1.7.1 versions.
CVE-2026-39596 Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions.
Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions.
CVE-2026-39597 Unauthenticated Cross Site Scripting (XSS) in WPZOOM Addons for Elementor <= 1.3.4 versions.
Unauthenticated Cross Site Scripting (XSS) in WPZOOM Addons for Elementor <= 1.3.4 versions.
CVE-2026-39548 Unauthenticated Cross Site Scripting (XSS) in MagOne <= 9.0 versions.
Unauthenticated Cross Site Scripting (XSS) in MagOne <= 9.0 versions.
CVE-2026-39598 CVE-2026-39598 に 危険なファイルアップロード (CVE-2026-39598)
CVE-2026-39598 に 脆弱性 (CVE-2026-39598) が存在。悪用されるとシステム全体を乗っ取られる可能性があります。
CVE-2026-39589 Subscriber Arbitrary File Upload in Webenvo <= 0.0.6 versions.
Subscriber Arbitrary File Upload in Webenvo <= 0.0.6 versions.
CVE-2026-39547 Unauthenticated Local File Inclusion in Getaway < 1.8 versions.
Unauthenticated Local File Inclusion in Getaway < 1.8 versions.
CVE-2026-40721 Contributor Local File Inclusion in Element Pack Pro <= 9.0.6 versions.
Contributor Local File Inclusion in Element Pack Pro <= 9.0.6 versions.
CVE-2026-39549 Unauthenticated Local File Inclusion in Aperitif <= 1.5 versions.
Unauthenticated Local File Inclusion in Aperitif <= 1.5 versions.
CVE-2026-39582 Unauthenticated Local File Inclusion in Hitek < 1.8.3 versions.
Unauthenticated Local File Inclusion in Hitek < 1.8.3 versions.
CVE-2026-39537 Unauthenticated Local File Inclusion in Mikado Core <= 1.6 versions.
Unauthenticated Local File Inclusion in Mikado Core <= 1.6 versions.
CVE-2026-39558 Unauthenticated Local File Inclusion in Malmö <= 2.2 versions.
Unauthenticated Local File Inclusion in Malmö <= 2.2 versions.
CVE-2026-39568 Unauthenticated Local File Inclusion in Mr. SEO <= 2.0 versions.
Unauthenticated Local File Inclusion in Mr. SEO <= 2.0 versions.
CVE-2026-39580 Unauthenticated PHP Object Injection in Micdrop <= 1.3.1 versions.
Unauthenticated PHP Object Injection in Micdrop <= 1.3.1 versions.
CVE-2026-39577 Unauthenticated PHP Object Injection in Playroom <= 1.4.1 versions.
Unauthenticated PHP Object Injection in Playroom <= 1.4.1 versions.

🍪 Cookie について

当サイトはログイン状態の保持・言語設定・サービス改善のために Cookie を使用します。詳細は下記リンクをご確認ください。

詳細 →