CVE-2026-1622
NONE
Neo4j Enterprise and Community editions versions prior to 2026.01.3 and 5.26.21 are vulnerable to a potential information disclosure by a user who has ability to access the local log files. The "obf...
2/4/2026CWE-532
セキュリティデータベース
脆弱性
データベース
CVE、Exploit-DBのエクスプロイト、CISA KEVカタログの包括的なデータベース。毎日更新。
CVE
787
エクスプロイト
2K+
KEV
1K+
毎日
ライブ
重大 & 悪用済み
CRITICAL
CVE-2025-5319
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability i...
CRITICAL
CVE-2026-25202
The database account and password are hardcoded, allowing login with the account to manipulate the d...
CRITICAL
CVE-2026-25200
A vulnerability in MagicInfo9 Server allows authorized users to upload HTML files without authentica...
CRITICAL
CVE-2020-37056
Crystal Shard http-protection 0.2.0 contains an IP spoofing vulnerability that allows attackers to b...
CRITICAL
CVE-2020-37052
AirControl 1.4.2 contains a pre-authentication remote code execution vulnerability that allows unaut...
最新のCVE
CVE-2025-41085
NONE
Stored Cross-Site Scripting (XSS) vulnerability type in Apidog in the version 2.7.15, where SVG image uploads are not properly sanitized. This allows attackers to embed malicious scripts in SVG files...
2/4/2026CWE-79
CVE-2026-1370
4.9MEDIUM
The SIBS woocommerce payment gateway plugin for WordPress is vulnerable to time-based SQL Injection via the ‘referencedId’ parameter in all versions up to, and including, 2.2.0 due to insufficient esc...
2/4/2026CWE-89
CVE-2026-0816
4.9MEDIUM
The All push notification for WP plugin for WordPress is vulnerable to time-based SQL Injection via the 'delete_id' parameter in all versions up to, and including, 1.5.3 due to insufficient escaping o...
2/4/2026CWE-89
CVE-2026-0743
4.4MEDIUM
The WP Content Permission plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ohmem-message' parameter in all versions up to, and including, 1.2 due to insufficient input saniti...
2/4/2026CWE-79
CVE-2026-0742
6.4MEDIUM
The Smart Appointment & Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the saab_save_form_data AJAX action in all versions up to, and including, 1.0.7 due to insufficien...
2/4/2026CWE-79
最新のエクスプロイト
EDB-52465
webappsmultiple
WordPress Quiz Maker 6.7.0.56 - SQL Injection
CVE-2025-10042
Rahul Sreenivasan12/25/2025
EDB-52463
webappsmultiple
FreeBSD rtsold 15.x - Remote Code Execution via DNSSL
CVE-2025-14558
Lukas Johannes Möller12/25/2025
EDB-52464
webappsmultiple
Chained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie
CVE-2025-10493
0xsabre12/25/2025
EDB-52462
webappsmultiple
Summar Employee Portal 3.98.0 - Authenticated SQL Injection
CVE-2025-40677
Peter Gabaldon12/16/2025
EDB-52461
webappsmultiple
esm-dev 136 - Path Traversal
CVE-2025-59342
Byte Reaper12/16/2025
EDB-52460
webappsphp
Pluck 4.7.7-dev2 - PHP Code Execution
CVE-2018-11736
CodeSecLab12/8/2025
CISA KEVカタログ
| CVE ID | ベンダー | 製品 | 追加日 | ランサムウェア |
|---|---|---|---|---|
| CVE-2026-20805 | Microsoft | Windows | 2026-01-13 | - |
| CVE-2025-8110 | Gogs | Gogs | 2026-01-12 | - |
| CVE-2025-37164 | Hewlett Packard Enterprise (HPE) | OneView | 2026-01-07 | - |
| CVE-2009-0556 | Microsoft | Office | 2026-01-07 | - |
| CVE-2025-14847 | MongoDB | MongoDB and MongoDB Server | 2025-12-29 | - |
データソース
このデータベースは教育および許可されたセキュリティ研究目的でのみ提供されています。