|
1
|
5.3 |
MEDIUM
ネットワーク
|
-
|
-
|
webpack-dev-server versions 5.2.5 and earlier terminate the whole Node.js process when an unauthenticated peer sends either a normal HTTP request with a malformed Host header or a WebSocket upgrade to the default /ws endpoint with a malformed Origin header. The malformed value causes an uncaught ex…
New
|
CWE-20 CWE-248
不適切な入力確認 キャッチされない例外
|
CVE-2026-14631
|
2026-07-4 03:16 |
2026-07-4 |
|
2
|
- |
|
-
|
-
|
Net::IP::LPM versions through 1.10 for Perl allow a heap out-of-bounds read via an unbounded prefix length.
add() passes the prefix string to the trie builder addPrefixToTrie() without checking it against the address width.
addPrefixToTrie() then walks the prefix buffer by prefix_length bits, rea…
New
|
CWE-125
境界外読み取り
|
CVE-2026-56015
|
2026-07-4 02:16 |
2026-07-3 |
|
3
|
4.7 |
MEDIUM
ネットワーク
|
-
|
-
|
webpack-dev-server versions 5.2.5 and earlier expose two internal developer endpoints, /webpack-dev-server/open-editor and /webpack-dev-server/invalidate, that perform state-changing actions on any GET request without verifying that the request originated from the dev server's own page. Any website…
New
|
CWE-352 CWE-749
同一生成元ポリシー違反 危険なメソッドや機能の公開
|
CVE-2026-14620
|
2026-07-4 02:16 |
2026-07-4 |
|
4
|
4.3 |
MEDIUM
ネットワーク
|
-
|
-
|
A flaw was found in the Fine-Grained Admin Permissions (FGAP) v2 implementation within Keycloak's administrative services. When FGAP v2 is enabled, the system fails to properly filter child groups based on the caller's specific permissions when requested through a parent group. This allows a delega…
New
|
CWE-1220
アクセス制御の不十分な粒度
|
CVE-2026-14615
|
2026-07-4 01:16 |
2026-07-4 |
|
5
|
5.4 |
MEDIUM
ネットワーク
|
-
|
-
|
A flaw was found in the ClientResource component of Keycloak's admin services when Fine-Grained Admin Permissions (FGAP) v2 is enabled. This issue allows a delegated administrator, who should only have limited control over specific clients, to attach or remove hidden client scopes that they are not…
New
|
-
|
CVE-2026-14614
|
2026-07-4 01:16 |
2026-07-4 |
|
6
|
4.3 |
MEDIUM
ネットワーク
|
-
|
-
|
A vulnerability was discovered in Keycloak's administrative interface that allows certain administrators to see information about groups they shouldn't have access to. When the new Fine-Grained Admin Permissions (FGAP v2) are turned on, an administrator who is allowed to see a specific "role" can a…
New
|
-
|
CVE-2026-14613
|
2026-07-4 01:16 |
2026-07-4 |
|
7
|
4.2 |
MEDIUM
ネットワーク
|
-
|
-
|
Two off-by-one errors in the FreeIPA ipa-otpd daemon's OAuth2 device authorization handler can cause out-of-bounds memory access when processing an oversized response from a configured external OAuth2/OIDC Identity Provider. An attacker who controls or can man-in-the-middle the IdP endpoint may be …
New
|
CWE-787
境界外書き込み
|
CVE-2026-14612
|
2026-07-4 01:16 |
2026-07-4 |
|
8
|
7.2 |
HIGH
ネットワーク
|
-
|
-
|
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special elements used in an OS command ('OS comm…
New
|
CWE-78
OSコマンド・インジェクション
|
CVE-2026-53478
|
2026-07-4 00:16 |
2026-07-4 |
|
9
|
7.2 |
HIGH
ネットワーク
|
-
|
-
|
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper neutralization of special Elements used in an OS command ('OS comm…
New
|
CWE-78
OSコマンド・インジェクション
|
CVE-2026-49815
|
2026-07-4 00:16 |
2026-07-4 |
|
10
|
7.2 |
HIGH
ネットワーク
|
-
|
-
|
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an Improper Neutralization of Special Elements used in an OS Command ('OS Comm…
New
|
CWE-78
OSコマンド・インジェクション
|
CVE-2026-49814
|
2026-07-4 00:16 |
2026-07-4 |