NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2026-57589 | sys/kern/sysv_sem.c in OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root. This is a context switch use-after-free after tsleep in sys_semget(). | 7.4 | 該当なし | 2026-06-24 | 2026-06-24 |
| CVE-2025-60473 | A NULL pointer dereference in the gf_filter_in_parent_chain function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted file. | 該当なし | 該当なし | 2026-06-24 | 2026-06-24 |
| CVE-2025-60466 | A use-after-free in the gf_filter_pid_get_packet function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted media file. | 該当なし | 該当なし | 2026-06-24 | 2026-06-24 |
| CVE-2025-60474 | A buffer overflow in the gf_media_import function (/media_tools/av_parsers.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input. | 該当なし | 該当なし | 2026-06-24 | 2026-06-24 |
| CVE-2025-60467 | A use-after-free in the gf_filter_pid_inst_swap_delete_task function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted media file. | 該当なし | 該当なし | 2026-06-24 | 2026-06-24 |
| CVE-2025-60468 | GPAC Multimedia Open Source Project GPAC Project/MP4Box 2.5-DEV-rev1593-gfe88c3545-master is affected by: Buffer Overflow. The impact is: cause a denial of service (local). The component is: filter_core/filter_pid.c (L:574-580): function gf_filter_pid_inst_swap_delete_task() improperly accesses freed objects during PID instance swap/delete cleanup, leading to heap use-after-free. The attack vector is: Local (AV:L): a local, authenticated user who processes a specially crafted MPEG-2 TS/MP4 file | 該当なし | 該当なし | 2026-06-24 | 2026-06-24 |
| CVE-2025-60471 | A use-after-free in the gf_filter_pid_reconfigure_task_discard function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted media file. | 5.5 | 該当なし | 2026-06-24 | 2026-06-24 |
| CVE-2026-49269 | Apple M1 GPUs retain register file data between compute shader dispatches from different processes. A sandboxed Metal attacker app can run a GPU reader shader that reads stale register values left by a separate sandboxed victim app. In the proof of concept, GPUVictim.app generates a fresh random 128-bit secret using SecRandomCopyBytes and loads it into GPU registers. GPUAttacker.app, a separate sandboxed app, recovers the exact secret from stale GPU register state. NOTE: The vendor stated that t | 8.6 | 該当なし | 2026-06-24 | 2026-06-24 |
| CVE-2026-39253 | An issue in Pivotal CRM v.6.6.04.08 allows a remote attacker to execute arbitrary code via the Pivotal.Core.Common.dll and Pivotal.Engine.Client.Services.Conversion.dll components. | 8.1 | 0.80% | 2026-06-23 | 2026-06-23 |
| CVE-2026-57062 | CMS (Cryptographic Message Syntax) parsing in gpgsm in GnuPG through 2.5.20 mishandles the CMS format for AES-GCM because aes-ICVlen is supposed to be 12 bytes but 4 bytes is accepted. NOTE: this is related to CVE-2026-34182. | 2.9 | 0.11% | 2026-06-23 | 2026-06-23 |
| CVE-2026-57053 | GNU libidn before 1.44 is prone to out-of-bounds reads of uninitialized memory in the ToUnicode APIs because of mishandling in idna_to_unicode_internal. The affected code is not present in libidn2. | 4.0 | 0.12% | 2026-06-23 | 2026-06-23 |
| CVE-2026-50221 | In OpenStack Swift before 2.37.2, proxy-server does not strip internal update headers (X-Container-Host, X-Container-Device, X-Delete-At-Host, X-Delete-At-Device) from client requests before forwarding them to object-servers. An authenticated user with write access can inject these headers to redirect container update requests to an attacker-controlled server, enabling server-side request forgery. The SSRF requests expose internal cluster metadata including storage policy indexes, partition mapp | 5.3 | 0.20% | 2026-06-23 | 2026-06-23 |
| CVE-2025-61029 | An issue in the sqlo_untry component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 7.5 | 0.35% | 2026-06-23 | 2026-06-23 |
| CVE-2025-61024 | An issue in the sqlo_try_in_loop component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 7.5 | 0.35% | 2026-06-23 | 2026-06-23 |
| CVE-2026-56968 | GNU SASL before 2.2.4 lacks sanitization of a short challenge in _gsasl_ntlm_client_step in the NTLM client, which could result in memory disclosure via a crafted server. | 3.7 | 0.23% | 2026-06-23 | 2026-06-23 |
| CVE-2025-61028 | An issue in the time_t_to_dt component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 該当なし | 0.15% | 2026-06-23 | 2026-06-23 |
| CVE-2025-61027 | An issue in the t_set_push component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 該当なし | 0.15% | 2026-06-23 | 2026-06-23 |
| CVE-2025-61025 | An issue in the sslr_qst_get component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 7.5 | 0.35% | 2026-06-23 | 2026-06-23 |
| CVE-2025-61023 | An issue in the st_compare component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 該当なし | 0.15% | 2026-06-23 | 2026-06-23 |
| CVE-2025-61022 | An issue in the sqlo_tb_col_preds component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 7.5 | 0.35% | 2026-06-23 | 2026-06-23 |