NVD CVEs — 本日公開 (42 件)
CVE-2026-44597 3.7 LOW
Tor before 0.4.9.7 has an out-of-bounds read when an END, a TRUNCATE, or a TRUNCATED cell lacks a reason in its payload, aka TROVE-2026-011.
CVE-2026-40003 5.1 MEDIUM
ZTE ZX297520V3 BootROM contains a vulnerability that allows arbitrary memory writes via USB. Attackers can exploit the lack of target address validation in the USB download mode to write data to any location in BootROM runtime memory, thereby overwriting the stack, hijacking the execution flow, bypa
CVE-2026-6222 5.3 MEDIUM
The Forminator Forms plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.51.1. This is due to the `processRequest()` method in `Forminator_Admin_Module_Edit_Page` (admin/abstracts/class-admin-module-edit-page.php) dispatching sensitive module-management acti
CVE-2026-44599 3.7 LOW
Tor before 0.4.9.7 can attempt or accept BEGIN_DIR via conflux legs, aka TROVE-2026-008.
CVE-2026-44600 3.7 LOW
Tor before 0.4.9.7 mishandles accounting of the conflux out-of-order queue during the clearing of a queue, aka TROVE-2026-010.
CVE-2026-4807 6.5 MEDIUM
The Appointment Booking Calendar plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.6.10.6. This is due to a flawed authorization logic in the nonce_permissions_check() method combined with the public exposure of a site-wide reusable nonce. The plugin expos
CVE-2026-40004 5.5 MEDIUM
There exists an openssl.cnf privilege escalation vulnerability in ZTE Cloud PC client uSmartview. An attacker can execute arbitrary code locally and escalate privileges.
CVE-2026-40981 7.5 HIGH
When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects.
Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 (inclusive); upgrade to 3.1.14 or greater (Ente
CVE-2026-40982 9.1 CRITICAL
Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A malicious user, or attacker, can send a request using a specially crafted URL that can lead to a directory traversal attack.
Spring Cloud Config 3.1.x: affected from 3.1.
CVE-2026-41002 7.2 HIGH
The base directory (`spring.cloud.config.server.git.basedir`) used by the Spring Cloud Config Server to clone Git repositories to is susceptible to time-of-check-time-of-use (TOCTOU) attacks.
Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 (inclusive); upgrade to 3.1.14 or greater (Ent
GitHub Security Advisories — 本日公開 (20 件)
GHSA-6785-pvv7-mvg7
HIGH
npm
vm2 Sandbox Access to Host Buffer.alloc Allows timeout Bypass Resulting in Memory Exhaustion
GHSA-hw58-p9xv-2mjh
HIGH
npm
vm2 has a Sandbox Escape via Promise Constructor Unhandled Rejection (Process Crash DoS)
GHSA-947f-4v7f-x2v8
CRITICAL
npm
vm2 has a NodeVM builtin allowlist bypass via `module` builtin's `Module._load` that allows sandbox escape
GHSA-vwrp-x96c-mhwq
CRITICAL
npm
vm2: Mutable Proxies for Host Intrinsic Prototypes Allows Sandbox Escape
GHSA-47x8-96vw-5wg6
CRITICAL
npm
vm2 Access to Host Object Enables Sandbox Escape
GHSA-qcp4-v2jj-fjx8
CRITICAL
npm
vm2 has a Sandbox Escape Vulnerability
GHSA-q6v9-r226-v65f
MEDIUM
erlang
Bandit HTTP/2 Frame Size Limit Bypass via Late Buffer Check Enables Memory Exhaustion
GHSA-375f-4r2h-f99j
MEDIUM
erlang
Bandit trusts client-supplied URI scheme on plaintext connections
GHSA-c67r-gc9j-2qf7
MEDIUM
erlang
Bandit is vulnerable to CL.CL request smuggling via unrejected duplicate `Content-Length` header
GHSA-pf94-94m9-536p
HIGH
erlang
Bandit Buffers Unbounded WebSocket Continuation Frames, Allowing Unauthenticated Memory Exhaustion