NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2025-71261 | An attacker with network-level access between the SUSE Virtualization and Rancher Manager in SUSE Harvester before 1.8.0 could interfere with the TLS handshake and abuse it to bypass TLS as a security control. | 8.6 | 0.06% | 2026-06-16 | 2026-06-16 |
| CVE-2025-14272 | A security issue was identified in Pavilion due to improper authorization enforcement in API endpoints. This vulnerability can allow an unauthorized actor to execute privileged operations, including user/role management and other administrative actions. | 8.3 | 該当なし | 2026-06-16 | 2026-06-16 |
| CVE-2025-13036 | An authentication bypass security issue exists within FactoryTalk Historian Site Edition. By continually sending requests to the login endpoint, an attacker may obtain a valid authentication token. | 9.2 | 該当なし | 2026-06-16 | 2026-06-16 |
| CVE-2025-11694 | A security issue exists within 1769 CompactLogix controllers due to the missing validation of sequence numbers and source IP addresses in the CIP protocol. This allows attacker to abuse the exposed Connection ID’s visible on the web interface to perform denial-of-service attacks, resulting in a minor fault. | 8.7 | 該当なし | 2026-06-16 | 2026-06-16 |
| CVE-2025-68045 | Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.12 versions. | 7.5 | 0.39% | 2026-06-16 | 2026-06-16 |
| CVE-2025-9912 | Nokia SR Linux is vulnerable to a local privilege escalation vulnerability. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands with superuser privilege. | 6.3 | 0.15% | 2026-06-16 | 2026-06-16 |
| CVE-2025-10262 | Nokia SR Linux is vulnerable to local privilege escalation vulnerability due to unsanitized format validation. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands with superuser privileges. | 6.3 | 0.15% | 2026-06-16 | 2026-06-16 |
| CVE-2025-69332 | Subscriber Broken Access Control in Bookify <= 1.1.1 versions. | 6.5 | 0.33% | 2026-06-15 | 2026-06-15 |
| CVE-2025-68872 | Unauthenticated Cross Site Scripting (XSS) in Eli's WordCents adSense Widget with Analytics <= 1.3.03.27 versions. | 7.1 | 0.18% | 2026-06-15 | 2026-06-15 |
| CVE-2025-68851 | Unauthenticated Cross Site Scripting (XSS) in Okay Toolkit <= 2.3 versions. | 7.1 | 0.19% | 2026-06-15 | 2026-06-15 |
| CVE-2025-68840 | Unauthenticated Cross Site Scripting (XSS) in iRobots.txt SEO <= 1.1.2 versions. | 7.1 | 0.18% | 2026-06-15 | 2026-06-15 |
| CVE-2025-68049 | Subscriber Broken Access Control in bunny.net <= 2.3.6 versions. | 6.3 | 0.24% | 2026-06-15 | 2026-06-15 |
| CVE-2025-60175 | Administrator Server Side Request Forgery (SSRF) in PopAd <= 1.0.4 versions. | 4.4 | 0.17% | 2026-06-15 | 2026-06-15 |
| CVE-2025-59133 | Custom role Insecure Direct Object References (IDOR) in Projectopia <= 5.1.25.2 versions. | 7.5 | 0.29% | 2026-06-15 | 2026-06-15 |
| CVE-2025-70102 | A NULL pointer dereference occurs in Roy Marples NetworkConfiguration/dhcpcd 10.3.0 while parsing configuration options. In parse_option() (src/if-options.c:1886), the code performs a member access on a NULL pointer of type 'struct dhcp_opt' when an unexpected/invalid option token or parsing state causes the lookup to yield NULL. The instrumented fuzzing build reports 'runtime error: member access within null pointer of type struct dhcp_opt' and aborts. | 6.3 | 0.15% | 2026-06-15 | 2026-06-16 |
| CVE-2025-68713 | An issue was discovered in Rakuten Send Anywhere (File Transfer) for Android (com.estmob.android.sendanywhere) 23.2.9. The vulnerability allows untrusted applications (with no permissions) to force arbitrary file downloads into the app's scoped storage. The resulting files appear in the application's trusted Received interface. These conditions establish a vector for arbitrary code execution if the payload is an APK file, or a denial-of-service condition through resource exhaustion from oversize | 8.0 | 0.17% | 2026-06-15 | 2026-06-16 |
| CVE-2025-56814 | A code injection vulnerability in the wxExecute() function of OpenCPN v5.12.0 allows attackers to execute arbitrary code via embedding shell metacharacters. | 7.8 | 0.17% | 2026-06-15 | 2026-06-16 |
| CVE-2025-55663 | A segmentation violation in the Track_SetStreamDescriptor function (isomedia/track.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | 5.5 | 0.15% | 2026-06-15 | 2026-06-16 |
| CVE-2025-55661 | A heap buffer overflow in the Opus audio stream parser component of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | 5.5 | 0.16% | 2026-06-15 | 2026-06-16 |
| CVE-2025-55660 | A stack overflow in the gf_opus_read_length function (media_tools/av_parsers.c) of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service (DoS) via supplying a crafted MP4 file. | 5.5 | 0.16% | 2026-06-15 | 2026-06-16 |