🔒 Security Intelligence Dashboard

Updated: 2026-07-11 (UTC)
NVD CVEs (today)
2
CISA KEV (added)
0
GH Advisories
20
JVN Items
0
News Articles
20
NVD CVEs — 本日公開 (2 件)
CVE-2026-11426 6.5 MEDIUM
The UnderConstructionPage PRO plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.76. This is due to the plugin accepting arbitrary local file paths in the template_thumbnail parameter and copying their contents into a publicly accessible uploads file. T
CVE-2026-13756 8.8 HIGH
The WP Grid Builder plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.3.3. This is due to missing authorization and meta key validation in the `update()` handler for the `/wp-json/wpgb/v2/metadata` REST endpoint. This makes it possible for authenticat
CISA Known Exploited Vulnerabilities — 本日追加 (0 件 / 累計 1637 件)

本日の新規追加なし

GitHub Security Advisories — 本日公開 (20 件)
GHSA-wcfj-4phh-x3w3 MEDIUM
The UnderConstructionPage PRO plugin for WordPress is vulnerable to Arbitrary File Read in all...
GHSA-9qvw-92r9-h632 HIGH
The WP Grid Builder plugin for WordPress is vulnerable to Privilege Escalation in all versions up...
GHSA-v4hh-p8gf-c722 CRITICAL
The charging station websocket endpoint accepts connections without proper authentication, which...
GHSA-m6q8-j665-f2qg UNKNOWN
vulnerability in Drupal Clean RESTful allows . This issue affects Clean RESTful versions: *.*.
GHSA-7wpg-27g9-f8vc HIGH
Multiple connections to the backend using the same charging station ID are allowed, which could...
GHSA-5688-w7cj-j738 UNKNOWN
vulnerability in Drupal Commerce guest registration allows . This issue affects Commerce guest...
GHSA-88vc-rc72-29f3 HIGH
Previously, there was no throttling on repeated authentication attempts to the charging station...
GHSA-wfpx-3cw4-cw3g UNKNOWN
Missing Authorization vulnerability in Drupal FlowDrop allows Forceful Browsing. This issue...
GHSA-xvx3-jwjj-m2g9 UNKNOWN
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
GHSA-vx3g-w5hr-294x UNKNOWN
Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting")...
JVN / JPCERT·CC — 最新情報

本日の新着なし

Security News