CVE-2026-22730
8.8HIGH
A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands. The vulnerability ...
3/18/2026
セキュリティデータベース
脆弱性
データベース
CVE、Exploit-DBのエクスプロイト、CISA KEVカタログの包括的なデータベース。毎日更新。
CVE
3K+
エクスプロイト
2K+
KEV
54
毎日
ライブ
重大 & 悪用済み
CRITICAL
CVE-2026-4312
GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability, allowing u...
CRITICAL
CVE-2026-3826
IFTOP developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated rem...
CRITICAL
CVE-2026-27842
Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypa...
CRITICAL
CVE-2026-24448
Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker...
CRITICAL
CVE-2023-27573
netbox-docker before 2.5.0 has a superuser account with default credentials (admin password for the ...
最新のCVE
CVE-2026-22729
8.6HIGH
A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-control...
3/18/2026
CVE-2026-22323
7.1HIGH
A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by lur...
3/18/2026CWE-352
CVE-2026-22322
7.1HIGH
A stored cross‑site scripting (XSS) vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create a trunk entry containing malicious HTML/JavaScript...
3/18/2026CWE-79
CVE-2026-22321
5.3MEDIUM
A stack-based buffer overflow in the device's Telnet/SSH CLI login routine occurs when a unauthenticated attacker send an oversized or unexpected username input. An overflow condition crashes the thre...
3/18/2026CWE-121
CVE-2026-22320
6.5MEDIUM
A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized...
3/18/2026CWE-121
最新のエクスプロイト
EDB-52465
webappsmultiple
WordPress Quiz Maker 6.7.0.56 - SQL Injection
CVE-2025-10042
Rahul Sreenivasan12/25/2025
EDB-52463
webappsmultiple
FreeBSD rtsold 15.x - Remote Code Execution via DNSSL
CVE-2025-14558
Lukas Johannes Möller12/25/2025
EDB-52464
webappsmultiple
Chained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie
CVE-2025-10493
0xsabre12/25/2025
EDB-52462
webappsmultiple
Summar Employee Portal 3.98.0 - Authenticated SQL Injection
CVE-2025-40677
Peter Gabaldon12/16/2025
EDB-52461
webappsmultiple
esm-dev 136 - Path Traversal
CVE-2025-59342
Byte Reaper12/16/2025
EDB-52460
webappsphp
Pluck 4.7.7-dev2 - PHP Code Execution
CVE-2018-11736
CodeSecLab12/8/2025
CISA KEVカタログ
| CVE ID | ベンダー | 製品 | 追加日 | ランサムウェア |
|---|---|---|---|---|
| CVE-2025-47813 | Wing FTP Server | Wing FTP Server | 2026-03-16 | - |
| CVE-2026-3909 | Skia | 2026-03-13 | - | |
| CVE-2026-3910 | Chromium V8 | 2026-03-13 | - | |
| CVE-2025-68613 | n8n | n8n | 2026-03-11 | - |
| CVE-2026-1603 | Ivanti | Endpoint Manager (EPM) | 2026-03-09 | - |
データソース
このデータベースは教育および許可されたセキュリティ研究目的でのみ提供されています。