NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2026-55726 | The Azure Blob Storage container used for Gardyn device logs is publicly listable without authentication. A malicious user would be able to access any device log file available in the blob storage container. | 6.9 | 該当なし | 2026-07-02 | 2026-07-02 |
| CVE-2026-54477 | The admin panel lacks standard security headers, enabling clickjacking and cross-site scripting attacks. | 5.1 | 該当なし | 2026-07-02 | 2026-07-02 |
| CVE-2026-13768 | Gardyn devices expose a privileged iothubowner key. Access to this key will allow a malicious user to invoke an IoTHub Registry Manager function which returns connection information for all Gardyn Home Kit and Studio devices. Access to this key also allows a malicious user to execute arbitrary commands on a specific connected device and may allow the malicious user to pivot to other devices on the user's network. | 9.5 | 該当なし | 2026-07-02 | 2026-07-02 |
| CVE-2026-13743 | CubeSpace CW0057 Reaction Wheel firmware versions prior to 5.0.20 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. This could allow an attacker with physical access to the product to upload arbitrary malicious firmware to the device without authentication. | 3.3 | 0.12% | 2026-07-02 | 2026-07-02 |
| CVE-2026-56415 | Storage Concentrator (SC & SCVM) contains a command injection vulnerability within the debug.pl script that is reachable without authentication. A remote attacker can submit a specially crafted HTTP request containing a malicious payload that is processed without adequate input sanitization, resulting in arbitrary command execution with root-level privileges on the underlying system. | 10.0 | 3.07% | 2026-06-30 | 2026-07-01 |
| CVE-2026-56413 | Storage Concentrator (SC & SCVM) contains a command injection vulnerability in the ms_service.pl service, which listens on TCP port 9000 by default and accepts custom network packets to perform device actions. An unauthenticated remote attacker can send a specially crafted packet containing a malicious payload that is processed without adequate sanitization, resulting in arbitrary command execution with root-level privileges. | 10.0 | 3.08% | 2026-06-30 | 2026-07-01 |
| CVE-2026-55721 | Storage Concentrator (SC & SCVM) is vulnerable to SQL injection through cookie values processed by the login.pl and debug.pl scripts. The cookie value is incorporated directly into database queries without adequate sanitization, allowing an unauthenticated remote attacker to manipulate those queries and extract sensitive information from the underlying database, including session tokens, password hashes, and stored secret keys. | 9.2 | 0.41% | 2026-06-30 | 2026-07-01 |
| CVE-2026-50110 | Storage Concentrator (SC & SCVM) contains hardcoded credentials for numerous internal services embedded within a configuration file. While the credentials are stored in an encoded format, the encoding can be reversed to plaintext. The exposed credentials span a broad range of internal services, including database accounts, licensing, replication services, and third-party integrations, meaning successful exploitation of this vulnerability could provide an attacker with unauthorized access to mult | 9.3 | 0.13% | 2026-06-30 | 2026-07-01 |
| CVE-2026-50040 | Storage Concentrator (SC & SCVM) is vulnerable to reflected cross-site scripting due to unsanitized content being echoed back in 404 error pages. An attacker can craft a malicious URL that, when visited by an authenticated user, causes arbitrary script content to execute within the victim's browser session in the context of the application. This could be leveraged to steal session cookies, redirect users, or perform unauthorized actions on behalf of the victim. | 5.1 | 0.24% | 2026-06-30 | 2026-07-01 |
| CVE-2026-52868 | An unauthenticated attacker can read worklist records from a directory outside the intended per-AE worklist storage area. In a multi-area deployment, this can cross departmental or clinic data separation. | 8.8 | 0.37% | 2026-06-30 | 2026-07-01 |
| CVE-2026-50254 | An unauthenticated remote attacker can repeatedly send a single crafted connection request to leak memory. Against storescp in its default single-process mode, memory grows quickly and the service is eventually killed, after which it stops accepting connections until an operator restarts it. | 8.7 | 0.38% | 2026-06-30 | 2026-07-01 |
| CVE-2026-50003 | A malicious or compromised server can make a DCMTK client using bit-preserving C-GET storage mode write files outside the chosen output directory, using both relative (../) paths and absolute paths. | 9.3 | 0.43% | 2026-06-30 | 2026-07-01 |
| CVE-2026-35505 | An unauthenticated remote attacker can repeatedly send crafted connection requests to leak memory. In single-process deployments the memory grows until the service is killed and the port stops responding until restart. | 8.7 | 0.38% | 2026-06-30 | 2026-07-01 |
| CVE-2026-44628 | An unauthenticated attacker can crash the worklist server with a single crafted query when the server has a valid Called AE Title / storage directory, the expected lockfile, and at least one matching worklist record. | 8.7 | 0.40% | 2026-06-30 | 2026-07-01 |
| CVE-2026-13207 | FUXA versions 1.3.1 and prior contain an authentication bypass vulnerability via dot-segment path normalization in the REST API. The API router fails to normalize dot-segment sequences before applying authentication middleware, allowing unauthenticated requests to access protected endpoints by prefixing paths with dot-segments such as /api/./users, /api/./roles, and /api/project/../users. These requests bypass authentication checks and return sensitive user and role data without credentials. | 8.7 | 0.35% | 2026-06-30 | 2026-07-01 |
| CVE-2026-56414 | A vulnerability exists in H.View IP cameras certificate-related upload interfaces allow authenticated users to store arbitrary file content to fixed, persistent filesystem locations without validating file type, structure, or size. This design omission enables the placement of unexpected or malformed data in locations intended for trusted certificate material, which could affect system integrity or behavior even after reboot. | 8.6 | 0.40% | 2026-06-26 | 2026-06-29 |
| CVE-2026-55975 | A vulnerability exists in H.View IP cameras that could allow an authenticated user to supply unsanitized XML fields to the device's certificate generation interface, which are incorporated into a backend certificate creation command without proper input validation. This may allow for command execution with elevated privileges during certificate generation. | 8.6 | 0.65% | 2026-06-26 | 2026-06-29 |
| CVE-2026-33560 | The DMP-5000 file service exposes authenticated arbitrary file upload functionality. There are exposed endpoints which allows authenticated users to upload files of any type without validation. No file extension filtering or content inspection is enforced which allows executable binaries and scripts to be accepted and written directly to the server. | 8.4 | 0.34% | 2026-06-26 | 2026-06-29 |
| CVE-2026-31928 | The DMP-5000 devices are shipped with a default administrative web account with weak authentication controls, which are not required to be changed during initial configuration or operation. Using these accounts provides full system access. | 9.3 | 0.45% | 2026-06-26 | 2026-06-29 |
| CVE-2026-28701 | Various versions of Daktronics Controller Firmware could allow authenticated and unauthenticated remote users to escape the intended directory and enumerate arbitrary file system paths. | 9.3 | 0.84% | 2026-06-26 | 2026-06-29 |