Secure Gatev1.0.0新着セキュリティニュース バックナンバー

新着セキュリティニュース バックナンバー

直近表示から外れた情報を確認できます。診断結果とは別情報として扱います。

総件数212402件
表示件数50件/ページ
ページ93

CVE-2026-54845

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Local File Inclusion in MDTF <= 1.3.8 versions.

CVE-2026-54844

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Broken Access Control in CheckView Automated Testing <= 2.1.0 versions.

CVE-2026-54843

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated SQL Injection in MDTF <= 1.3.7 versions.

CVE-2026-54842

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal MCP: from n/a through 1.4.25.

CVE-2026-54841

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Sensitive Data Exposure in Vitepos <= 3.4.2 versions.

CVE-2026-54838

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Subscriber SQL Injection in WC Vendors Marketplace <= 2.6.8 versions.

CVE-2026-54836

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in YMC Filter allows SQL Injection. This issue affects YMC Filter: from n/a through 3.11.5.

CVE-2026-54830

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Broken Access Control in Five Star Restaurant Reservations <= 2.7.19 versions.

CVE-2026-54829

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jacob N. Breetvelt WP Photo Album Plus allows Blind SQL Injection. This issue affects WP Photo Album Plus: from n/a through 9.1.13.005.

CVE-2026-54828

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Broken Access Control in Motors <= 1.4.109 versions.

CVE-2026-54823

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Contributor Remote Code Execution (RCE) in Widget Options <= 4.2.3 versions.

CVE-2026-54822

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Subscriber SQL Injection in SALESmanago & Leadoo <= 3.11.2 versions.

CVE-2026-54821

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Subscriber Sensitive Data Exposure in Visual Link Preview <= 2.3.1 versions.

CVE-2026-52690

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Spoofing replies to Recursor might mark an IP of an authoritative server as not supporting EDNS, causing valdiation of DNSSEC records served by that server to fail.

CVE-2026-4526

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed.

CVE-2026-49506

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution.

CVE-2026-47154

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

In EmberZNet v9.0.2 and earlier, a malformed GetProfileResponse message can trigger out-of-bounds reads while iterating interval entries and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devices supporting the Simple Metering cluster may be impacted.

CVE-2026-47153

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted.

CVE-2026-47152

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

In EmberZNet v9.0.2 and earlier, a malformed Level Control Move command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted.

CVE-2026-47151

Threat Intelligence NVD CVE 危険度: high 緊急度: high

In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can trigger out-of-bounds writes into Door Lock schedule state. The size and location of this data is limited. These messages must come from a device that has already joined the network. Only devices supporting the Door Lock cluster may be impacted.

CVE-2026-47150

Threat Intelligence NVD CVE 危険度: high 緊急度: high

In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and terminate the process. The size and location of this write is limited. These messages must come from a device that has already joined the network. Only devices supporting the IAS Zone cluster may be impacted.

CVE-2026-47149

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devices supporting the Door Lock cluster may be impacted.

CVE-2026-47148

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devices supporting the Groups cluster may be impacted.

CVE-2026-47147

Threat Intelligence NVD CVE 危険度: high 緊急度: high

In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server parser into out-of-bounds reads. A limited amount of data from RAM is read back to the requester. The size and location of this data is limited. These requests must come from a device that has already joined the network. Only devices supporting the OTA Server cluster may be impacted.

CVE-2026-47146

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted.

CVE-2026-47145

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted.

CVE-2026-46734

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass.

CVE-2026-46733

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Dell Display and Peripheral Manager (DDPM Windows), versions prior to 2.3, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution.

CVE-2026-46732

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Dell Display and Peripheral Manager (DDPM Mac), versions prior to 2.3, contain a Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.

CVE-2026-42390

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

An invalid zone might pass ZONEMD validation while it should not. This is only relevant if ZoneToCache is configured with ZONEMD validation.

CVE-2026-42389

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

This fix provides extra hardening for the 5.4.x branch by doing extra validation of incoming answers from authoritative servers.

CVE-2026-42388

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Incomplete validation of the SOA record present in a catalog zone might lead to a crash.

CVE-2026-42387

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to a crash of the Recursor due to insuffcient input validation.

CVE-2026-41120

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Dell Wyse Management Suite, versions prior to WMS 5.5 HF1, contain an Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Remote Code Execution.

CVE-2026-40012

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

ECS zero scoped answers are stored in the packet cache while they should not. This impacts only configurations that have ECS enabled;

CVE-2026-27366

Threat Intelligence NVD CVE 危険度: high 緊急度: high

Unauthenticated Broken Access Control in MainWP Child <= 6.1.1 versions.

CVE-2026-12755

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

Improper input validation in the PAM AD discovery endpoints in Devolutions Server 2026.2.4.0 through 2026.2.7.0 allows an authenticated user with the UserGroupsView permission to coerce server-side authentication to an attacker-controlled host, exposing PAM provider credentials as a NTLMv2 challenge-response, via a crafted DomainName parameter.

CVE-2026-42004

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

An attacker can send a crafted EDNS OPT record that will be ignored by DNSdist’s filtering rules, but will be rewritten as a valid OPT record when EDNS Client Subnet is inserted, causing the backend to see the EDNS option(s) that DNSdist did not filter.

CVE-2026-40211

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

An attacker can send crafted DNS over HTTP/3 queries, triggering an exception that prevents some buffer from being freed right away. The buffer will be freed at the end of the QUIC connection, but on some setups it might be possible to open enough concurrent DoH3 streams to trigger an out-of-memory condition, resulting in a denial of service.

CVE-2026-40210

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

An out-of-bounds read might happen when SetMacAddrAction is used, potentially resulting in uninitialized memory being sent over the network or a crash.

CVE-2026-40209

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

An attacker might be able to cause outgoing TCP connections to backend to be stuck until a timeout occurs instead of being released immediately, by sending IXFR queries. This could be used to cause a denial of service if there is a limit to the number of concurrent connections to this backend, or if the process runs out of file descriptors.

CVE-2026-40208

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

An attacker might be able to delay the processing of DoH3 queries by sending DoH3 GET queries with an invalid DATA frame.

CVE-2026-40011

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

An attacker sending a large number of crafted DNS queries might be able to trigger a dynamic block being inserted with a value causing invalid output to be produced in the prometheus endpoint. The prometheus endpoint will then be rejected by the scraper until the dynamic block expires.

CVE-2026-33612

Threat Intelligence NVD CVE 危険度: high 緊急度: high

A malicious authoritative server can send a crafted zone via the ZoneToCache function that leads to cache poisoning.

CVE-2026-42005

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default.

CVE-2026-56130

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

"Remember me" cookie age is not verified on the server. This potentially allows an attacker to intercept a valid cookie and reuse it indefinitely, even after the configured expiration time has passed. This issue affects all Apache Shiro versions from 1.2.4 through 2.x, and 3.0.0-alpha-1, only when RememberMe functionality is enabled. Upgrade to version 3.0.0 or later, which fixes the issue.

CVE-2026-56091

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

When using Apache Shiro with the shiro-guice module in a web servlet context, a specially crafted HTTP request may cause an authentication bypass. This vulnerability is similar to https://www.cve.org/CVERecord?id=CVE-2020-1957 https://www.cve.org/CVERecord , except that it affects the `shiro-guice` module instead of the `shiro-spring` module. This issue affects all Apache Shiro versions through 2.x, and 3.0.0-alpha-1 only when using `shiro-guice` module in a web servlet context. Upgrade to version 3.0.0 or later, which fixes the issue.

CVE-2026-54226

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

A vulnerability in Apache Kvrocks. This issue affects Apache Kvrocks: from 2.6.0 through 2.15.0. Users are recommended to upgrade to version 2.16.0, which fixes the issue.

CVE-2026-53277

Threat Intelligence NVD CVE 危険度: medium 緊急度: medium

In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Take the SRCU lock for page table walks in fault injection and AT emulation walk_s1() and kvm_walk_nested_s2() expect to be called while holding kvm->srcu to guard against memslot changes. While this is generally the case, __kvm_at_s12() and __kvm_find_s1_desc_level() call into the respective walkers without taking kvm->srcu. Fix by acquiring kvm->srcu prior to the table walk in both instances.