Secure Gatev1.0.0新着セキュリティニュース バックナンバー

新着セキュリティニュース バックナンバー

直近表示から外れた情報を確認できます。診断結果とは別情報として扱います。

総件数212281件
表示件数50件/ページ
ページ36

CVE-2026-14618

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

A vulnerability was detected in Open5GS up to 2.7.7. Affected by this vulnerability is the function amf_nnrf_handle_nf_discover of the file src/amf/nnrf-handler.c of the component AMF. The manipulation results in denial of service. The attack may be launched remotely. The exploit is now public and may be used. The patch is identified as fb5f67703de0213fb9c6e6ef3b48b6c1707e9503. It is best practice to apply a patch to resolve this issue.

CVE-2026-12252

Threat Intelligence NVD CVE 危険度: high 緊急度: high

In nltk/nltk versions 3.9.3 and earlier, five Stanford interface classes (StanfordPOSTagger, StanfordNERTagger, StanfordParser, StanfordDependencyParser, and StanfordNeuralDependencyParser) are vulnerable to untrusted JAR code execution. These classes accept user-controllable JAR paths and execute them via the `java()` function, which invokes `subprocess.Popen()` without integrity verification. This vulnerability is identical to CVE-2026-0848, which was fixed for StanfordSegmenter by adding SHA256 verification. However, the fix was not applied to these additional classes, leaving them susceptible to arbitrary code execution when loading untrusted JAR files.

CVE-2025-71380

Threat Intelligence NVD CVE 危険度: high 緊急度: high

The Execute Command node in n8n allows authenticated users to execute arbitrary commands on the host system where n8n runs. Attackers with user access or compromised credentials can exploit this node to run malicious commands, potentially leading to data exfiltration, service disruption, or complete system compromise.

CVE-2025-71375

Threat Intelligence NVD CVE 危険度: high 緊急度: high

picklescan before 0.0.34 fails to detect the _operator.methodcaller built-in function when scanning pickle files for malicious code. Attackers can craft malicious pickle payloads using _operator.methodcaller that evade detection and execute arbitrary code when loaded by pickle.load().

CVE-2025-71373

Threat Intelligence NVD CVE 危険度: high 緊急度: high

picklescan before 0.0.33 fails to detect operator.methodcaller function calls in pickle files, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle payloads using operator.methodcaller that execute arbitrary code when loaded, compromising systems relying on picklescan for validation.

CVE-2025-71372

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Picklescan before 0.0.33 fails to detect the numpy.f2py.crackfortran.getlincoef gadget in pickle __reduce__ methods, allowing arbitrary code execution. Attackers can craft malicious pickle files that execute arbitrary Python code when loaded, bypassing Picklescan's safety checks and enabling supply-chain poisoning of shared model files.

CVE-2025-71369

Threat Intelligence NVD CVE 危険度: high 緊急度: high

picklescan before 0.0.28 fails to detect malicious pickle files that use torch.utils.data.datapipes.utils.decoder.basichandlers in reduce methods, allowing attackers to bypass safety checks. Remote attackers can embed undetected malicious code in pickle files that executes during deserialization, enabling remote code execution.

CVE-2025-71367

Threat Intelligence NVD CVE 危険度: high 緊急度: high

picklescan before 0.0.34 fails to detect _operator.attrgetter function calls in pickle payloads, allowing attackers to bypass security checks. Remote attackers can craft malicious pickle files using _operator.attrgetter in reduce methods to execute arbitrary code when pickle.load() processes the file.

CVE-2025-71366

Threat Intelligence NVD CVE 危険度: high 緊急度: high

picklescan before 0.0.28 fails to detect malicious torch.utils.bottleneck.__main__.run_cprofile function calls in pickle files, allowing attackers to bypass safety checks. Remote attackers can embed undetected code in pickle files to achieve arbitrary code execution when victims load the files.

CVE-2025-71364

Threat Intelligence NVD CVE 危険度: high 緊急度: high

picklescan before 0.0.30 fails to detect the asyncio.unix_events._UnixSubprocessTransport._start function in pickle reduce methods, allowing remote code execution. Attackers can craft malicious pickle files embedding this built-in function that evade detection but execute arbitrary commands when loaded.

CVE-2025-71362

Threat Intelligence NVD CVE 危険度: high 緊急度: high

picklescan before 0.0.33 fails to detect unsafe deserialization when numpy.f2py.crackfortran functions call eval on arbitrary strings. Attackers can embed malicious code in pickle files that executes when loaded from untrusted sources.

CVE-2025-71360

Threat Intelligence NVD CVE 危険度: high 緊急度: high

picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.calltip.get_entity function in reduce methods. Attackers can embed undetected code in pickle files that executes remote commands when loaded by victims.

CVE-2025-71359

Threat Intelligence NVD CVE 危険度: high 緊急度: high

picklescan before 0.0.29 fails to detect malicious pickle payloads that utilize lib2to3.pgen2.grammar.Grammar.loads in the reduce method, allowing remote code execution. Attackers can craft pickle files embedding dangerous code that evades picklescan detection and executes during pickle.load() deserialization.

CVE-2025-71356

Threat Intelligence NVD CVE 危険度: high 緊急度: high

picklescan before 0.0.28 fails to detect malicious torch.fx.experimental.symbolic_shapes.ShapeEnv.evaluate_guards_expression function calls in pickle files. Attackers can embed undetected code in pickle files that executes remote code when loaded by victims.

CVE-2025-71353

Threat Intelligence NVD CVE 危険度: high 緊急度: high

picklescan before 0.0.28 fails to detect malicious pickle files that exploit torch._dynamo.guards.GuardBuilder.get function in reduce methods. Attackers can craft pickle files with embedded code that evades picklescan detection and executes arbitrary commands when loaded.

CVE-2025-71347

Threat Intelligence NVD CVE 危険度: high 緊急度: high

picklescan before 0.0.33 fails to detect malicious pickle files using numpy.f2py.crackfortran.param_eval function in reduce methods, allowing attackers to bypass security checks. Remote attackers can embed undetected code in pickle files that executes during deserialization, enabling arbitrary code execution in applications loading untrusted pickle data.

CVE-2025-71345

Threat Intelligence NVD CVE 危険度: high 緊急度: high

picklescan before 0.0.30 fails to detect malicious pickle files that invoke torch.utils.bottleneck.__main__.run_autograd_prof function. Attackers can embed undetected code in pickle files that executes during deserialization, enabling remote code execution.

CVE-2025-71343

Threat Intelligence NVD CVE 危険度: high 緊急度: high

picklescan before 0.0.30 fails to detect malicious pickle files that exploit lib2to3.pgen2.pgen.ParserGenerator.make_label function in the reduce method. Attackers can craft malicious pickle files with embedded code that evades detection but executes arbitrary commands when pickle.load() is called.

CVE-2025-71342

Threat Intelligence NVD CVE 危険度: high 緊急度: high

picklescan before 0.0.30 fails to detect malicious pickle files using idlelib.run.Executive.runcode in reduce methods. Attackers can embed undetected code in pickle files that executes during pickle.load, enabling remote code execution in PyTorch models and supply chain attacks.

CVE-2026-54424

Threat Intelligence NVD CVE 危険度: high 緊急度: high

An Incorrect Use of Privileged APIs vulnerability in Unity Parsec on Windows hosts leads to a potential Elevation of Privilege. This issue affects Parsec through v2026-05-04.0. The patched version is Parsec for Windows version 150-104a. A user can generate a situation where there is an instance of parsecd.exe running as NT AUTHORITY\SYSTEM with a user-controlled value of the AppData environment variable.

CVE-2026-58523

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Improper access control in Microsoft Edge for Android allows an unauthorized attacker to bypass a security feature over a network.

CVE-2026-14617

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. Affected is the function GatewayStreamConsumer._filter_and_accumulate of the file gateway/stream_consumer.py of the component Streaming Reasoning Tag Filter. The manipulation leads to improper handling of case sensitivity. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is told to be difficult. The exploit has been disclosed publicly and may be used. The project decided to not implement a dedicated fix: "[T]he analysis and the fix are both sound. It just lands below the bar for the maintenance cost of a duplicated scrub path."

CVE-2026-58597

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Insufficient ui warning of dangerous operations in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-58524

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-58522

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Relative path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.

CVE-2026-58300

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Absolute path traversal in Microsoft Edge for Android allows an unauthorized attacker to disclose information locally.

CVE-2026-58299

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Time-of-check time-of-use (toctou) race condition in Microsoft Edge for Android allows an unauthorized attacker to execute code over a network.

CVE-2026-58298

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-58297

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network.

CVE-2026-58296

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Exposure of private personal information to an unauthorized actor in Microsoft Edge for Android allows an unauthorized attacker to disclose information over a network.

CVE-2026-58295

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to bypass a security feature over a network.

CVE-2026-58294

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2026-58293

Threat Intelligence NVD CVE 危険度: high 緊急度: high

External control of file name or path in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2026-58292

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Improper input validation in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2026-58291

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Operation on a resource after expiration or release in Microsoft Edge (Chromium-based) allows an unauthorized attacker to disclose information over a network.

CVE-2026-58290

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2026-58289

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2026-58288

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2026-58287

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Use after free in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2026-58286

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Improper access control in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.

CVE-2026-58285

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2026-58284

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Improper authorization in Microsoft Edge (Chromium-based) allows an unauthorized attacker to execute code over a network.

CVE-2026-58283

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network.