Secure Gatev1.0.0新着セキュリティニュース バックナンバー

新着セキュリティニュース バックナンバー

直近表示から外れた情報を確認できます。診断結果とは別情報として扱います。

総件数212402件
表示件数50件/ページ
ページ85

CVE-2026-57641

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Unauthenticated Cross Site Request Forgery (CSRF) in Real Estate 7 <= 3.5.9 versions.

CVE-2026-57640

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Subscriber Broken Access Control in MasterStudy LMS <= 3.7.30 versions.

CVE-2026-57638

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Contributor Cross Site Scripting (XSS) in Fluent Booking <= 2.1.0 versions.

CVE-2026-57637

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Unauthenticated Cross Site Request Forgery (CSRF) in Abandoned Cart Lite for WooCommerce <= 6.8.0 versions.

CVE-2026-57636

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Contributor SQL Injection in wpForo Forum <= 3.0.9 versions.

CVE-2026-57635

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Unauthenticated Cross Site Request Forgery (CSRF) in FunnelKit Payment Gateway for Stripe WooCommerce <= 1.14.0.3 versions.

CVE-2026-57634

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Contributor Insecure Direct Object References (IDOR) in PPWP <= 1.9.19 versions.

CVE-2026-57633

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Unauthenticated Sensitive Data Exposure in WCBoost &#8211; Products Compare <= 1.1.0 versions.

CVE-2026-57632

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Subscriber Broken Access Control in Email Marketing for WooCommerce by Omnisend <= 1.19.0 versions.

CVE-2026-57631

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Administrator SQL Injection in Popup box <= 6.0.1 versions.

CVE-2026-57630

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Unauthenticated Insecure Direct Object References (IDOR) in Blocksy Companion Pro <= 2.1.46 versions.

CVE-2026-57629

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Contributor Cross Site Scripting (XSS) in StatCounter <= 2.1.1 versions.

CVE-2026-57628

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Administrator SQL Injection in WP All Import <= 4.0.1 versions.

CVE-2026-57627

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Subscriber Server Side Request Forgery (SSRF) in Kirki <= 6.0.11 versions.

CVE-2026-57622

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Subscriber Broken Access Control in WPCafe <= 3.0.14 versions.

CVE-2026-57618

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Contributor Cross Site Scripting (XSS) in Neve PRO <= 3.1.2 versions.

CVE-2026-57617

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Contributor Cross Site Scripting (XSS) in SeedProd Pro < 6.19.5 versions.

CVE-2026-57527

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Zed Attack Proxy (ZAP) ViewState add-on before version 4 contains an insecure deserialization vulnerability that allows attackers who control a proxied web server to achieve arbitrary code execution by embedding a malicious serialized Java object in the javax.faces.ViewState HTTP response parameter. The JSFViewState.decode() method base64-decodes the ViewState value and passes it directly to ObjectInputStream.readObject() without a deserialization filter, allowlist, or type restriction, causing the malicious object to be deserialized within the ZAP JVM when the Desktop UI renders the ViewState panel.

CVE-2026-57431

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Author Cross Site Scripting (XSS) in Featured Image <= 2.1 versions.

CVE-2026-57430

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Contributor Broken Access Control in SEOPress PRO <= 9.1.1 versions.

CVE-2026-57325

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in NanoMag <= 1.8 versions.

CVE-2026-57324

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Unauthenticated Broken Access Control in GIFT4U <= 1.0.10 versions.

CVE-2026-57323

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Unauthenticated Broken Access Control in Flash & HTML5 Video <= 2.11.0 versions.

CVE-2026-57322

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in weMail <= 2.1.2 versions.

CVE-2026-57321

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Contributor Arbitrary File Deletion in H5P <= 1.17.7 versions.

CVE-2026-57319

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in FOX <= 1.4.8 versions.

CVE-2026-57318

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Subscriber Sensitive Data Exposure in Site Reviews <= 8.0.11 versions.

CVE-2026-57317

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in Simply Schedule Appointments <= 1.6.12.2 versions.

CVE-2026-57316

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Subscriber Sensitive Data Exposure in GetGenie <= 4.4.2 versions.

CVE-2026-57315

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.45 versions.

CVE-2026-57314

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in SureCart <= 4.3.2 versions.

CVE-2026-57313

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Subscriber Cross Site Scripting (XSS) in SureCart <= 4.2.2 versions.

CVE-2026-57312

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in Everest Forms <= 3.4.8 versions.

CVE-2026-56773

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Teable's v2 REST API controller lacks @Permissions metadata on ORPC endpoints, allowing any authenticated user to bypass authorization checks. Attackers can read table schemas, create tables, and modify or delete records across bases and tables via endpoints like GET /api/v2/tables/get and POST /api/v2/tables/updateRecords.

CVE-2026-56072

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in WoodMart <= 8.5.3 versions.

CVE-2026-56070

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated SQL Injection in Advance Product Search <= 1.4.4 versions.

CVE-2026-56069

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Insecure Direct Object References (IDOR) in Toolset Forms <= 2.6.24 versions.

CVE-2026-56068

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated SQL Injection in JetEngine <= 3.8.10.2 versions.

CVE-2026-56067

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated SQL Injection in JetSmartFilters <= 3.8.3 versions.

CVE-2026-56066

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Unauthenticated Arbitrary File Deletion in ShortPixel Adaptive Images <= 3.11.4 versions.

CVE-2026-56064

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Subscriber SQL Injection in Tourfic <= 2.22.5 versions.

CVE-2026-56063

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Broken Access Control in MailChimp Block <= 1.1.15 versions.

CVE-2026-56062

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated SQL Injection in Quotes llama <= 3.1.5 versions.

CVE-2026-56061

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Broken Access Control in Subscriptions for WooCommerce <= 1.9.5 versions.

CVE-2026-56060

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Sensitive Data Exposure in Print Invoice & Delivery Notes for WooCommerce <= 7.1.1 versions.

CVE-2026-56059

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Subscriber Arbitrary File Upload in Travel Booking <= 2.2.5 versions.

CVE-2026-56058

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Subscriber Arbitrary File Upload in Quform <= 2.23.0 versions.

CVE-2026-56057

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Subscriber PHP Object Injection in Uncanny Automator Pro <= 7.3.0.6 versions.

CVE-2026-56055

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Subscriber PHP Object Injection in RealHomes <= 4.5.3 versions.

CVE-2026-56048

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Unauthenticated Insecure Direct Object References (IDOR) in Payment Gateway Based Fees and Discounts for WooCommerce <= 3.0.0 versions.