Secure Gatev1.0.0新着セキュリティニュース バックナンバー

新着セキュリティニュース バックナンバー

直近表示から外れた情報を確認できます。診断結果とは別情報として扱います。

総件数212402件
表示件数50件/ページ
ページ86

CVE-2026-56047

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in perfmatters <= 2.6.3 versions.

CVE-2026-56046

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Subscriber Cross Site Scripting (XSS) in ListingPro <= 2.9.11 versions.

CVE-2026-56045

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in Automatic < 3.135.1 versions.

CVE-2026-56044

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in Blog2Social <= 8.9.2 versions.

CVE-2026-56043

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in Customer Reviews for WooCommerce <= 5.110.1 versions.

CVE-2026-56041

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in Responsive Lightbox <= 2.7.6 versions.

CVE-2026-56040

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in Gutenverse Form <= 2.4.7 versions.

CVE-2026-56039

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in Quick Interest Slider <= 3.1.6 versions.

CVE-2026-56038

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Contributor Privilege Escalation in Frisbii Pay <= 1.8.2 versions.

CVE-2026-56036

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated SQL Injection in 워드프레스 결제 심플페이 <= 5.5.6 versions.

CVE-2026-56035

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Multiple Vulnerabilities in BitFire Security <= 5.0.3 versions.

CVE-2026-56034

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated SQL Injection in Library Management System <= 3.5.7 versions.

CVE-2026-56033

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Privilege Escalation in Dokan Pro <= 5.0.4 versions.

CVE-2026-56032

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Subscriber PHP Object Injection in Buddyboss Platform <= 3.0.4 versions.

CVE-2026-56031

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated PHP Object Injection in Uncanny Automator <= 7.3.1.2 versions.

CVE-2026-56030

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Privilege Escalation in Paytium <= 5.0.2 versions.

CVE-2026-56029

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Broken Authentication in CorvusPay WooCommerce Payment Gateway <= 2.7.4 versions.

CVE-2026-56028

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Privilege Escalation in Easy Elements for Elementor &#8211; Addons &amp; Website Templates <= 1.4.9 versions.

CVE-2026-56027

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Customer Arbitrary File Upload in Booster for WooCommerce <= 8.0.1 versions.

CVE-2026-56026

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Subscriber Server Side Request Forgery (SSRF) in utm.codes <= 1.9.0 versions.

CVE-2026-56025

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Broken Access Control in Paymob for WooCommerce <= 4.1.2 versions.

CVE-2026-56011

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in MapPress Maps for WordPress <= 2.97.3 versions.

CVE-2026-56010

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Subscriber Privilege Escalation in Abandoned Cart Pro for WooCommerce <= 10.4.0 versions.

CVE-2026-56008

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Contributor Privilege Escalation in Fusion Builder <= 3.15.4 versions.

CVE-2026-54847

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Broken Access Control in Stylish Cost Calculator <= 8.3.9 versions.

CVE-2026-54846

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Broken Access Control in Syncee Premium Dropshipping &amp; Wholesale <= 1.0.27 versions.

CVE-2026-54840

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Broken Access Control in Newsletters <= 4.13 versions.

CVE-2026-54839

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Sensitive Data Exposure in Trinity Backup &#8211; Backup, Migrate, Restore, Clone &amp; Schedule Backups <= 2.0.9 versions.

CVE-2026-54837

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Broken Access Control in Intranet &amp; Private Site &#8211; All-In-One Intranet <= 1.8.1 versions.

CVE-2026-54835

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Broken Access Control in Five Star Restaurant Menu <= 2.5.2 versions.

CVE-2026-54834

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Sensitive Data Exposure in Object Cache 4 everyone <= 2.3.2 versions.

CVE-2026-54833

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Backdoor in Enable CORS <= 2.0.3 versions.

CVE-2026-54832

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Broken Access Control in Gutenverse Companion <= 2.5.0 versions.

CVE-2026-54831

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated SQL Injection in GeoDirectory <= 2.8.162 versions.

CVE-2026-54827

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated SQL Injection in Real Estate 7 <= 3.5.9 versions.

CVE-2026-54826

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Subscriber Insecure Direct Object References (IDOR) in SupportCandy <= 3.4.6 versions.

CVE-2026-54825

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated SQL Injection in wpDataTables <= 7.4 versions.

CVE-2026-54824

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Sensitive Data Exposure in Ads by WPQuads <= 3.0.3 versions.

CVE-2026-54820

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated SQL Injection in JetBooking <= 4.0.4.1 versions.

CVE-2026-52701

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Unauthenticated Broken Access Control in User Registration <= 5.2.2 versions.

CVE-2026-4339

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to validate attachment URLs against internal or private IP ranges in the Mattermost Agents plugin MCP server which allows an attacker with access to the MCP server in stdio mode to perform server-side request forgery (SSRF) and exfiltrate data from internal network services via supplying internal URLs as file attachments in post creation requests.. Mattermost Advisory ID: MMSA-2026-00635

CVE-2026-45257

Threat Intelligence NVD CVE 危険度: high 緊急度: high

The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile(2), which can reference file-backed memory directly through non-anonymous M_EXTPG pages or EXT_SFBUF mbufs. When the sender transmits such data over a loopback connection without enabling KTLS on the transmit side, the file-backed mbufs reach the receiver's decryption path unchanged. Decrypting a record in place then overwrites the backing file's page cache instead of a private copy of the data. An unprivileged local user who can read a file can overwrite its contents with data of their choosing by sending the file over a loopback connection on which they have enabled KTLS receive. The write modifies the page cache directly, so it bypasses file flags such as schg and is written back to disk. By overwriting a setuid binary or other trusted file, a local user can escalate privileges, potentially gaining full control of the affected system.

CVE-2026-45256

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

When used to deliver a signal to a specific thread, thr_kill2(2) called p_cansignal() to determine whether the operation was permitted but did not check the result before delivering the signal. The signal was sent even when the permission check failed. The system call returned the resulting error to the caller, but by then the signal had already been delivered. The missing check allows an unprivileged local user who knows or can guess a target's process and thread IDs to send any signal to a process they would not normally be permitted to signal, including processes owned by other users or by root. The same check enforces jail boundaries, so a jailed process can signal processes on the host or in other jails. Thread IDs are allocated globally and sequentially, and so can be discovered by brute force with no visibility into the target. An attacker can stop or terminate arbitrary processes, including critical system daemons, resulting in a Denial of Service (DoS).

CVE-2026-3472

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Mattermost versions 10.11.x <= 10.11.18, 11.6.x <= 11.6.3, 11.5.x <= 11.5.6 fail to properly apply markdown image rendering restrictions to AI bot tool result posts, which allows an authenticated attacker to exfiltrate data to an attacker-controlled server via injecting markdown image syntax into tool result content rendered by a victim's client.. Mattermost Advisory ID: MMSA-2026-00619

CVE-2026-30041

Threat Intelligence NVD CVE 危険度: high 緊急度: high

An integer overflow in the PSD parser compnent of FastStone Image Viewer v8.3 allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via supplying a crafted PSD file.

CVE-2026-30040

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

A heap overflow in the FSViewer.exe process of FastStone Image Viewer v8.3 allows attackers to cause a execute arbitrary code in the context of the current process via supplying a crafted JPEG 2000 (JP2) file.

CVE-2026-24547

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Unauthenticated Broken Access Control in SiteGround Email Marketing <= 1.7.5 versions.

CVE-2025-68075

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Contributor Cross Site Scripting (XSS) in BNE Testimonials <= 2.0.8 versions.

CVE-2025-68074

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Contributor Cross Site Scripting (XSS) in Image Carousel <= 1.0.0.41 versions.

CVE-2025-68064

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Contributor Local File Inclusion in Goya Core < 1.0.9.4 versions.