🔒 Security Intelligence Dashboard

Updated: 2026-05-17 (UTC)
NVD CVEs (today)
5
CISA KEV (added)
0
GH Advisories
4
JVN Items
0
News Articles
20
NVD CVEs — 本日公開 (5 件)
CVE-2026-8723 5.3 MEDIUM
### Summary `qs.stringify` throws `TypeError` when called with `arrayFormat: 'comma'` and `encodeValuesOnly: true` on an array containing `null` or `undefined`. The throw is synchronous and not handled by any of qs's null-related options (`skipNulls`, `strictNullHandling`). ### Details In t
CVE-2026-8724 4.7 MEDIUM
A security flaw has been discovered in Dataease 2.10.20. Impacted is the function SqlparserUtils.transFilter of the file SqlparserUtils.java of the component Data Dashboard. The manipulation results in sql injection. The attack may be launched remotely. The exploit has been released to the public an
CVE-2026-8725 7.3 HIGH
A weakness has been identified in CoreWorxLab CAAL up to 1.6.0. The affected element is an unknown function of the file src/caal/webhooks.py of the component test-hass Endpoint. This manipulation causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been
CVE-2026-8719 8.8 HIGH
The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPress is vulnerable to Privilege Escalation in version 3.4.9. This is due to missing WordPress capability enforcement in the MCP OAuth bearer-token authorization path, where any valid OAuth token causes MCP access to be gra
CVE-2026-8728 4.3 MEDIUM
A security vulnerability has been detected in Open5GS up to 2.7.7. The impacted element is the function ogs_sbi_discovery_option_parse_plmn_list in the library /lib/sbi/conv.c of the component NRF. Such manipulation of the argument target-plmn-list leads to denial of service. The attack can be execu
CISA Known Exploited Vulnerabilities — 本日追加 (0 件 / 累計 1592 件)

本日の新規追加なし

GitHub Security Advisories — 本日公開 (4 件)
GHSA-988g-78qr-2cpm MEDIUM
A weakness has been identified in CoreWorxLab CAAL up to 1.6.0. The affected element is an...
GHSA-74x6-944v-7pxp LOW
A security flaw has been discovered in Dataease 2.10.20. Impacted is the function SqlparserUtils...
GHSA-rqcw-jqg3-qhwc UNKNOWN
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
GHSA-5cv5-vm4q-7wmx HIGH
Das U-Boot before 2026.04 allows FIT (Flat Image Tree) signature verification bypass because...
JVN / JPCERT·CC — 最新情報

本日の新着なし

Security News
Krebs on Security
Patch Tuesday, May 2026 Edition
Canvas Breach Disrupts Schools & Colleges Nationwide
Anti-DDoS Firm Heaped Attacks on Brazilian ISPs
‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty
Patch Tuesday, April 2026 Edition
Schneier on Security
Friday Squid Blogging: Bigfin Squid
Bypassing On-Camera Age-Verification Checks
Upcoming Speaking Engagements
How Dangerous Is Anthropic’s Mythos AI?
OpenAI’s GPT-5.5 is as Good as Mythos at Finding Security Vulnerabilities
SANS ISC
[Guest Diary] New Malware Libraries means New Signatures, (Fri, May 15th)
ISC Stormcast For Friday, May 15th, 2026 https://isc.sans.edu/podcastdetail/9934, (Fri, May 15th)
Simple bypass of the link preview function in Outlook Junk folder, (Thu, May 14th)
ISC Stormcast For Thursday, May 14th, 2026 https://isc.sans.edu/podcastdetail/9932, (Thu, May 14th)
[GUEST DIARY] Tearing apart website fraud to see how it works., (Wed, May 13th)
The Hacker News
Funnel Builder Flaw Under Active Exploitation Enables WooCommerce Checkout Skimming
Turla Turns Kazuar Backdoor Into Modular P2P Botnet for Persistent Access
Four OpenClaw Flaws Enable Data Theft, Privilege Escalation, and Persistence
What 45 Days of Watching Your Own Tools Will Tell You About Your Real Attack Surface
TanStack Supply Chain Attack Hits Two OpenAI Employee Devices, Forces macOS Updates