Secure Gatev1.0.0新着セキュリティニュース バックナンバー

新着セキュリティニュース バックナンバー

直近表示から外れた情報を確認できます。診断結果とは別情報として扱います。

総件数212402件
表示件数50件/ページ
ページ92

CVE-2026-55477

Threat Intelligence NVD CVE 危険度: high 緊急度: high

3X-UI is a web control panel for managing Xray-core servers. Prior to 3.3.1, an authenticated administrator can abuse the database import functionality to achieve arbitrary file write on the host by modifying Xray configuration values stored in the database. This can be leveraged to obtain code execution and persistent access as the user running Xray (including root when Xray is running as root). This vulnerability is fixed in 3.3.1.

CVE-2026-54036

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the GET /api/auth/2fa/enable endpoint can be called by an authenticated user (or attacker with a stolen session) even when 2FA is already fully enabled on the account. This endpoint overwrites the existing TOTP secret, generates new backup codes, and sets twoFactorEnabled to false — all without requiring any TOTP or backup code verification. An attacker with a valid session token can completely take over a victim's 2FA, locking the legitimate user out of their own two-factor authentication. This vulnerability is fixed in 0.8.4-rc1.

CVE-2026-4522

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Missing authentication for critical function vulnerability in HYPR Passwordless on Windows allows Credentials Interception. This issue affects HYPR Passwordless: before 11.1.1.

CVE-2026-48946

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

The K2 frontend article-attachment upload path accepts files whose extension is `.php`, and Apache's standard mod_php matches `\.php$` and executes them under the K2 web user. A K2 Author can upload a `shell.php`, then fetch `/media/k2/attachments/shell.php` and execute arbitrary PHP code in the web server's context.

CVE-2026-48945

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

The K2 article gallery upload path accepts a zip/tar archive, extracts it under `/media/k2/galleries/<id>/`, and only renames image files (gif/jpg/jpeg/png/webp) to safe names — non-image files (including `.php`) are extracted as-is and remain executable via direct HTTP access.

CVE-2026-48944

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

The K2 frontend article-save handler accepts an `attachment[N][existing]` POST field that is concatenated with `JPATH_SITE/` and passed to `JFile::copy()`. `JPath::clean` does NOT strip `..`, and there is no allow-list of source paths. An Author can therefore copy `configuration.php` (or any other file readable by the web user — including `../../../etc/passwd`) into `/media/k2/attachments/`, then retrieve the contents via the K2 attachment-download endpoint.

CVE-2026-48943

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

K2 ≤ 2.24 contains a mass-assignment defect in the K2 system user plugin `plg_user_k2`. A Registered Joomla user, by including the field `K2UserForm=1` in a standard `com_users` `profile.save` POST, can write arbitrary values into the `notes`, `image`, and `plugins` columns of their own row in the `#__k2_users` table — none of which are exposed by the K2 frontend profile-edit form.

CVE-2026-48942

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

K2 ≤ 2.26 renders the `#__k2_users.image` column directly into HTML `src` attributes via two distinct templates, in both cases without HTML escaping.

CVE-2026-48941

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

The K2 frontend `item.checkin` task accepts an unauthenticated `sigProFolder` query parameter and uses it directly to address a `JFolder::delete()` call under `/media/k2/galleries/`

CVE-2026-48940

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

A Joomla user with K2 "create item" rights (Author tier by default) can submit an article whose `embedVideo` POST field contains a raw `<script>` tag; K2 stores it verbatim and renders it unescaped to any visitor of the article page.

CVE-2026-12844

Threat Intelligence NVD CVE 危険度: high 緊急度: high

List::SomeUtils::XS versions before 0.59 for Perl have a heap buffer overflow in the pairwise function. pairwise() collects the values returned by the block into a heap buffer sized to the longer input array, then grows the buffer before each copy with a single quadrupling (alloc <<= 2) instead of a loop. A block call that returns more than four times the current allocation in one invocation outgrows that one quadrupling, and the copy writes past the end of the buffer. Any caller of pairwise() whose block returns, for a single pair, more than four times the longer input array's length writes past the buffer and corrupts the heap.

CVE-2026-6432

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Improper bounds validation in EmberZNet SDK versions 9.0.2 and earlier may result in crashes or dynamic memory leakage.

CVE-2026-57588

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data.

CVE-2026-57587

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

A SQL injection vulnerability in Nessus allows a remote, unauthenticated attacker who controls reverse DNS records for a scanned host to inject malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data.

CVE-2026-57536

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Our payment integration with Mollie did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one payment.

CVE-2026-57535

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Content injected to PDF rendering contexts could, in many places, include HTML content including <img> tags. If the src attribute of these images pointed to an URL, the PDF rendering engine would download the image from that place and display it, thereby leaking information about the rendering server and possibly creating an SSRF vector in the local network.

CVE-2026-57534

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Malicious HTML content could be injected into the content of a page in the pretix-pages plugin.

CVE-2026-57533

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Malicious HTML content could be injected into the page pretix shows when redirection to an untrusted page occurs. Since this page has a Content-Security-Policy, this can mainly be used for phishing purposes.

CVE-2026-57532

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Malicious HTML content contained in the layout specification of a PDF ticket or badge layout was executed when the PDF editor is opened in the browser. This could allow one backend user to inject JavaScript into the browser context of another backend user. Due to requirements of the PDF rendering and editing libraries used, this is one of the few pages in our backend that do not have a strong Content-Security-Policy that would render this capability useless for most scenarios.

CVE-2026-57437

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::XPathContext did not keep its source document alive for garbage collection. If an XPathContext outlived its document and the document was collected, evaluating an XPath expression could read invalid memory and potentially segfault. This is only reachable when application code constructs an XPathContext directly and lets the document become unreachable while continuing to use the context. The normal Document#xpath, #css, and related search methods are not affected, and it is not triggerable by malicious document input. This vulnerability is fixed in 1.19.4.

CVE-2026-57436

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::Document#root= validated only that the new root was a Nokogiri::XML::Node, allowing a DTD node to be set as the document root. The result is a heap use-after-free during garbage collection or finalization, leading to an invalid memory read or potentially a segfault. This vulnerability is fixed in 1.19.4.

CVE-2026-57435

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri’s CRuby native extension could leave a Ruby wrapper pointing to freed memory when replacing the value of an XML attribute. If Ruby code had already accessed an attribute child node, Nokogiri::XML::Attr#value= could free the underlying native child node while the wrapper remained reachable through the document node cache. A later use of the freed child node or a Ruby GC mark could dereference an invalid pointer, causing an invalid read and a possible segfault. This vulnerability is fixed in 1.19.4.

CVE-2026-57434

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri contains a bug when calling certain methods on allocated-but-uninitialized native wrapper classes that inherit from Nokogiri::XML::Node. This caused a NULL pointer dereference that could crash the process. This vulnerability is fixed in 1.19.4.

CVE-2026-57236

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, calling Document#encoding= with an invalid encoding (e.g., a non-string, or a string containing a null byte) raises an exception, but only after freeing the document's current encoding string without replacing it. The document is left referencing freed memory, so the next call to Document#encoding reads invalid memory, which can cause a segfault or leak freed bytes into a Ruby String. Affects the CRuby (libxml2) implementation only; JRuby is not affected. This vulnerability is fixed in 1.19.4.

CVE-2026-57235

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, Nokogiri::XML::NodeSet#[] (and its alias #slice) checked the requested index against the node set's bounds using a 32-bit-truncated copy of the index. A large negative index could pass the check and then be used at full width, reading outside the node set's storage. On CRuby this is an out-of-bounds read that typically crashes the process; on JRuby it is not memory-unsafe but returns an incorrect node. This vulnerability is fixed in 1.19.4.

CVE-2026-57234

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Nokogiri is an open source XML and HTML library for the Ruby programming language. Prior to 1.19.4, the NONET parse option, which Nokogiri turns on by default for Nokogiri::XML::Schema (see CVE-2020-26247), was not correctly enforced on the JRuby implementation. As a result, a schema parsed with default options could still cause external resources to be fetched over the network, potentially enabling SSRF or XXE attacks. This vulnerability is fixed in 1.19.4.

CVE-2026-49319

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Remote Keyless Entry System (RKES), using the 433 MHz key fob bearing FCC ID CWTR53R0 manufactured by ALPS ALPINE CO., LTD., is vulnerable to a roll-back attack against its rolling-code authentication.  An attacker within RF range who records two consecutive lock or unlock transmissions from a legitimate key fob can later replay the same pair of transmissions repeatedly. During testing, replaying the first captured transmission caused the RKES to enter a state in which replaying the second captured transmission resulted in a successful lock or unlock operation of the vehicle. Tested and confirmed on a 2024 Suzuki Swift (SWIFT ISG GLS AC 1.2 5P 4x2 TM).

CVE-2026-46735

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution.

CVE-2026-13314

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Malicious HTML content could be injected into the content rendered by the pretix-digital plugin.

CVE-2026-13225

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Malicious HTML content could be injected into the email address of an order, which pretix showed without sanitization on the confirmation page for individual tickets in that order.

CVE-2026-13223

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Our payment integration with Computop-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one payment.

CVE-2026-13222

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Our payment integration with Oppwa-based payment methods did not properly validate payment status responses. An attacker could use a successful payment status response from one payment and supply it to the system for a different payment, gaining access to multiple valid tickets with only one payment.

CVE-2026-57619

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Contributor Sensitive Data Exposure in Elementor Website Builder <= 4.1.3 versions.

CVE-2026-57429

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Contributor Broken Access Control in Slim SEO <= 4.6.2 versions.

CVE-2026-56122

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences that are not sanitized when serving static files from the configured webroot. Attackers can traverse outside the webroot directory using traversal-prefixed paths in a single HTTP request to read any file accessible to the servlet engine process, including sensitive system files when the service runs with elevated privileges.

CVE-2026-56071

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in Forminator <= 1.53.1 versions.

CVE-2026-56054

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Subscriber Arbitrary File Deletion in JS Help Desk <= 3.1.1 versions.

CVE-2026-56053

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Subscriber PHP Object Injection in EventPrime <= 4.3.4.1 versions.

CVE-2026-56051

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in TablePress <= 3.3.1 versions.

CVE-2026-56050

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PPOM for WooCommerce: from n/a through 33.0.18.

CVE-2026-56049

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Contributor Remote Code Execution (RCE) in Post Snippets <= 4.0.19 versions.

CVE-2026-56042

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Customer Cross Site Scripting (XSS) in Advanced Order Export For WooCommerce <= 4.0.9 versions.

CVE-2026-56023

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Customer Broken Access Control in UPI QR Code Payment Gateway for WooCommerce <= 1.6.2 versions.

CVE-2026-56014

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in Master Slider <= 3.11.2 versions.

CVE-2026-56013

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Unauthenticated Insecure Direct Object References (IDOR) in License Manager for WooCommerce <= 3.0.15 versions.

CVE-2026-56006

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Cross Site Scripting (XSS) in H5P <= 1.17.6 versions.

CVE-2026-56005

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Subscriber Cross Site Scripting (XSS) in WP Activity Log <= 5.6.3.1 versions.

CVE-2026-54849

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated SQL Injection in Premmerce Wishlist for WooCommerce <= 1.1.11 versions.

CVE-2026-54848

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Insertion of Sensitive Information Into Sent Data vulnerability in Saad Iqbal APIExperts Square for WooCommerce allows Retrieve Embedded Sensitive Data. This issue affects APIExperts Square for WooCommerce: from n/a through 4.7.3.