NVD CVEs — 本日公開 (11 件)
CVE-2026-44405 3.4 LOW
In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm.
CVE-2025-71251 7.5 HIGH
In IMS, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVE-2025-71252 7.5 HIGH
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVE-2025-71253 7.5 HIGH
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVE-2025-71254 7.5 HIGH
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVE-2025-71255 7.5 HIGH
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVE-2025-71256 7.5 HIGH
In nr modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.
CVE-2026-7572 4.4 MEDIUM
An off-by-one error (CWE-193) in the ConsumeUnit16Array and ConsumeUnit64Array functions in Velocidex Velociraptor before version 0.76.5 on Windows and Linux allows a local attacker to cause a Denial of Service (DoS) via a process crash by providing a specially crafted .evtx file to the parse_evtx V
CVE-2026-7573 5.0 MEDIUM
An authorization bypass (CWE-639) in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy (roles and permissions) for any user across all organizations by supplying targeted Name and Org para
CVE-2026-3208 5.3 MEDIUM
The Mercado Pago payments for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'mp_pix_image' WooCommerce API endpoint in all versions up to, and including, 8.7.11. This makes it possible for unauthenticated attackers to retrieve
GitHub Security Advisories — 本日公開 (10 件)
GHSA-3c93-g9g6-p5j4
MEDIUM
An authorization bypass (CWE-639) in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor...
GHSA-6cmp-qv2f-x97x
MEDIUM
An off-by-one error (CWE-193) in the ConsumeUnit16Array and ConsumeUnit64Array functions in...
GHSA-67w8-jv42-4j2q
HIGH
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of...
GHSA-rvm7-7x4c-96v8
HIGH
In IMS, there is a possible system crash due to improper input validation. This could lead to...
GHSA-9x33-p28p-x395
HIGH
In nr modem, there is a possible improper input validation. This could lead to remote denial of...
GHSA-4g9h-2wqx-gcgm
HIGH
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of...
GHSA-x7wj-r2hg-35fm
HIGH
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of...
GHSA-g5mc-j2xf-869g
HIGH
In Modem IMS, there is a possible improper input validation. This could lead to remote denial of...
GHSA-r374-rxx8-8654
LOW
In Paramiko through 4.0.0 before a448945, rsakey.py allows the SHA-1 algorithm.
GHSA-wpww-4qvv-xpv8
UNKNOWN
Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server.
If mod_proxy_ajp...