実際の悪用を確認
CVE-2026-48282 Adobe ColdFusion Path Traversal
- 実環境での悪用(CISA KEV)
- CISA KEV に掲載
- リモートコード実行の露出リスク
Adobe ColdFusion RCE は CISA KEV に掲載 — 実環境での悪用が確認されています。掲載中は継続的な標的化が想定されます。
日次の脆弱性動向:KEV 追加、公開 exploit、重大開示、EPSS リスクの変化。
最優先の 3 件の変化 — アナリストによる短評。CVE ダンプではありません。
実際の悪用を確認
Adobe ColdFusion RCE は CISA KEV に掲載 — 実環境での悪用が確認されています。掲載中は継続的な標的化が想定されます。
悪用活動を確認
Mcpjam Inspector RCE に公開エクスプロイトまたは PoC が関連 — 日和見的スキャンと続く標的型活動を想定してください。
重大な露出リスク
新たな重大公開(CVSS 9.9)— 深刻度が高く、エクスプロイト出現前の認知ウィンドウが短いです。
CISA KEV — 実環境での悪用が確認
Adobe ColdFusion Path Traversal
Joomlack Page Builder Improper Access Control
Langflow Authorization Bypass Through User-Controlled Key
JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type
Flowise before 3.1.3 validates Custom MCP stdio environment variables against a denylist using a case-sensitive comparison, so on Windows...
Hydra through 9.7, fixed in commit 9cc84c2, contains a stack buffer overflow in NTLM authentication across SMTP, POP3, IMAP, NNTP, HTTP,...
A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user...
Discuz!
MCPJam inspector is the local-first development platform for MCP servers.
Improper Control of Generation of Code ('Code Injection') vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue...
本ダイジェストではこのカテゴリに該当なし。
DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders.
DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment.
Trueview Security camera T18161- AF v4.9.60.0 contains an authentication bypass vulnerability caused by improper password validation and...
Fire-Boltt Smartwatch FB BGS001 Firmware: MOY-JS14-2.0.4 is vulnerable to Improper Authentication, The device accepts GATT Write Request...
Coder allows organizations to provision remote development environments via Terraform.
Incorrect authorization in the XML-RPC API of WebPros Plesk before 18.0.78.4 allows a low-privileged authenticated customer to look up do...
Cognee before 1.2.0 contains an improper access control vulnerability that allows unauthenticated attackers to overwrite the global LLM p...
mem0's openmemory/api component contains an unauthenticated access vulnerability that allows unauthenticated attackers to read, write, an...
mem0 contains unauthenticated config API endpoints that expose LLM API keys in plaintext and allow server-side request forgery via attack...
LocalAI contains an unauthenticated server-side request forgery vulnerability in the POST /models/apply endpoint that allows attackers to...