Secure Gatev1.0.0新着セキュリティニュース バックナンバー

新着セキュリティニュース バックナンバー

直近表示から外れた情報を確認できます。診断結果とは別情報として扱います。

総件数213418件
表示件数50件/ページ
ページ105

CVE-2026-57657

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Unauthenticated Cross Site Request Forgery (CSRF) in Gmail SMTP <= 1.2.3.19 versions.

CVE-2026-57656

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Author Cross Site Scripting (XSS) in Hester Core <= 1.1.8 versions.

CVE-2026-57655

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Request Forgery (CSRF) in Child Theme Wizard <= 1.4 versions.

CVE-2026-57654

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Affiliate Broken Access Control in Affiliates Manager <= 2.9.49 versions.

CVE-2026-57653

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Contributor SQL Injection in WP Job Portal <= 2.5.2 versions.

CVE-2026-57652

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Unauthenticated Insecure Direct Object References (IDOR) in JS Help Desk <= 3.1.0 versions.

CVE-2026-57651

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Contributor Cross Site Scripting (XSS) in Ghost Kit <= 3.6.0 versions.

CVE-2026-57650

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Contributor Cross Site Scripting (XSS) in Magazine Blocks <= 1.8.3 versions.

CVE-2026-57649

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Subscriber Broken Access Control in Shoppable Images Lite <= 1.3 versions.

CVE-2026-57648

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Contributor Broken Access Control in Nelio Content <= 4.3.4 versions.

CVE-2026-57647

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Contributor Local File Inclusion in Panorama Viewer – 360 Degree Image + Video Viewer <= 1.6.1 versions.

CVE-2026-57646

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Subscriber Insecure Direct Object References (IDOR) in Majestic Support <= 1.1.7 versions.

CVE-2026-57645

Threat Intelligence NVD CVE 危険度: high 緊急度: high

newsletters_subscribers Broken Access Control in Newsletters <= 4.13 versions.

CVE-2026-57644

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Contributor SQL Injection in Restaurant Menu by MotoPress <= 2.4.10 versions.

CVE-2026-57643

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Contributor SQL Injection in WP Post Author <= 3.9.1 versions.

CVE-2026-57642

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Contributor SQL Injection in Gallery <= 4.7.8 versions.

CVE-2026-57641

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7 <= 3.5.9 versions.

CVE-2026-57640

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Subscriber Broken Access Control in MasterStudy LMS <= 3.7.30 versions.

CVE-2026-57638

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Contributor Cross Site Scripting (XSS) in Fluent Booking <= 2.1.0 versions.

CVE-2026-57637

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Unauthenticated Cross Site Request Forgery (CSRF) in Abandoned Cart Lite for WooCommerce <= 6.8.0 versions.

CVE-2026-57636

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Contributor SQL Injection in wpForo Forum <= 3.0.9 versions.

CVE-2026-57635

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Unauthenticated Cross Site Request Forgery (CSRF) in FunnelKit Payment Gateway for Stripe WooCommerce <= 1.14.0.3 versions.

CVE-2026-57634

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Contributor Insecure Direct Object References (IDOR) in PPWP <= 1.9.19 versions.

CVE-2026-57633

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Unauthenticated Sensitive Data Exposure in WCBoost &#8211; Products Compare <= 1.1.0 versions.

CVE-2026-57632

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Subscriber Broken Access Control in Email Marketing for WooCommerce by Omnisend <= 1.19.0 versions.

CVE-2026-57631

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Administrator SQL Injection in Popup box <= 6.0.1 versions.

CVE-2026-57630

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Unauthenticated Insecure Direct Object References (IDOR) in Blocksy Companion Pro <= 2.1.46 versions.

CVE-2026-57629

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Contributor Cross Site Scripting (XSS) in StatCounter <= 2.1.1 versions.

CVE-2026-57628

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Administrator SQL Injection in WP All Import <= 4.0.1 versions.

CVE-2026-57627

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Subscriber Server Side Request Forgery (SSRF) in Kirki <= 6.0.11 versions.

CVE-2026-57622

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Subscriber Broken Access Control in WPCafe <= 3.0.14 versions.

CVE-2026-57618

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Contributor Cross Site Scripting (XSS) in Neve PRO <= 3.1.2 versions.

CVE-2026-57617

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Contributor Cross Site Scripting (XSS) in SeedProd Pro < 6.19.5 versions.

CVE-2026-57527

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Zed Attack Proxy (ZAP) ViewState add-on before version 4 contains an insecure deserialization vulnerability that allows attackers who control a proxied web server to achieve arbitrary code execution by embedding a malicious serialized Java object in the javax.faces.ViewState HTTP response parameter. The JSFViewState.decode() method base64-decodes the ViewState value and passes it directly to ObjectInputStream.readObject() without a deserialization filter, allowlist, or type restriction, causing the malicious object to be deserialized within the ZAP JVM when the Desktop UI renders the ViewState panel.

CVE-2026-57431

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Author Cross Site Scripting (XSS) in Featured Image <= 2.1 versions.

CVE-2026-57430

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Contributor Broken Access Control in SEOPress PRO <= 9.1.1 versions.

CVE-2026-57325

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in NanoMag <= 1.8 versions.

CVE-2026-57324

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Unauthenticated Broken Access Control in GIFT4U <= 1.0.10 versions.

CVE-2026-57323

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Unauthenticated Broken Access Control in Flash & HTML5 Video <= 2.11.0 versions.

CVE-2026-57322

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in weMail <= 2.1.2 versions.

CVE-2026-57321

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Contributor Arbitrary File Deletion in H5P <= 1.17.7 versions.

CVE-2026-57319

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in FOX <= 1.4.8 versions.

CVE-2026-57318

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Subscriber Sensitive Data Exposure in Site Reviews <= 8.0.11 versions.

CVE-2026-57317

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.12.2 versions.

CVE-2026-57316

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Subscriber Sensitive Data Exposure in GetGenie <= 4.4.2 versions.

CVE-2026-57315

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.45 versions.

CVE-2026-57314

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in SureCart <= 4.3.2 versions.

CVE-2026-57313

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Subscriber Cross Site Scripting (XSS) in SureCart <= 4.2.2 versions.

CVE-2026-57312

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in Everest Forms <= 3.4.8 versions.

CVE-2026-56773

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Teable's v2 REST API controller lacks @Permissions metadata on ORPC endpoints, allowing any authenticated user to bypass authorization checks. Attackers can read table schemas, create tables, and modify or delete records across bases and tables via endpoints like GET /api/v2/tables/get and POST /api/v2/tables/updateRecords.