🔒 Security Intelligence Dashboard

Updated: 2026-07-07 (UTC)
NVD CVEs (today)
24
CISA KEV (added)
0
GH Advisories
6
JVN Items
0
News Articles
20
NVD CVEs — 本日公開 (24 件)
CVE-2024-56141 5.0 MEDIUM
Minosoft is an open-source, multi-version Minecraft Java Edition client written in Kotlin. Starting in commit f1ae30e2b046a490026a8413b075685deb795122, the CryptManager  encryption routine ( CryptManager.kt ) initializes its AES cipher using an initialization vector (IV) that is set equal to the sec
CVE-2026-13356
A malicious webpage could interrupt a pending navigation by enqueuing a synchronous JavaScript dialog, causing the browser UI to display the destination origin in the address bar while continuing to render attacker-controlled content. This vulnerability was fixed in Firefox for iOS 152.3.
CVE-2026-53647
FOSSBilling is a free, open-source billing and client management system. In versions 0.5.3 through 0.7.2, the Guest `serviceapikey/get_info` API endpoint is accessible without authentication. Any caller with a valid API key can retrieve all custom configuration parameters (`custom_*` fields) stored
CVE-2026-53648
FOSSBilling is a free, open-source billing and client management system. Prior to version 0.8.1, downloadable product files are stored using a deterministic filename-derived path. When an administrator uploads a file for a downloadable product, FOSSBilling stores the file as `md5(<original filename>
CVE-2026-11328 6.4 MEDIUM
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post title parameter in all versions up to, and including, 2.7.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contrib
CVE-2026-34034 8.8 HIGH
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the sentinel_token setting is used in shell commands without sufficient validation, allowing an authenticated user with access to server Sentinel settings to inject shell synt
CVE-2026-34035 8.8 HIGH
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, log drain secret and environment values were interpolated into shell commands without sufficient encoding, allowing an authenticated user to inject commands executed on the ho
CVE-2026-34037 9.9 CRITICAL
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.464, the cloneTo() Livewire action in ResourceOperations.php authorizes the source resource but resolves destination resources with unscoped Eloquent lookups, allowing an authentic
CVE-2026-34044 7.7 HIGH
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.466, the Logs::mount() component looks up resources by UUID without scoping the lookup to the current team, allowing an authenticated user to access logs for applications owned by
CVE-2026-34047 9.9 CRITICAL
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.471, terminal WebSocket bootstrap routes did not enforce the expected authorization middleware, allowing an authenticated user to access terminal functionality for resources outsid
CISA Known Exploited Vulnerabilities — 本日追加 (0 件 / 累計 1631 件)

本日の新規追加なし

GitHub Security Advisories — 本日公開 (6 件)
GHSA-8jc9-q52q-8p76 MEDIUM
The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site...
GHSA-66fv-p34j-fwgr UNKNOWN
A malicious webpage could interrupt a pending navigation by enqueuing a synchronous JavaScript...
GHSA-ff2c-rpvx-jp6m UNKNOWN
mrubyc through 3.4.1 was found to contain a NULL pointer dereference in src/vm.c in op_super() /...
GHSA-677j-gfv9-ppcc UNKNOWN
ajenti through v2.2.13 has a clickjacking weakness in the browser-facing login and administrative...
GHSA-r4w3-7jp7-m9g5 UNKNOWN
mrubyc through release3.4.1 was found to contain an out-of-bounds read in builtin missing-method...
GHSA-22g5-r2x5-97cx MEDIUM
showdown contains a stored cross-site scripting vulnerability in the parseHeaders function of src...
JVN / JPCERT·CC — 最新情報

本日の新着なし

Security News