NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2026-41031 | A Stored Cross-Site Scripting vulnerability in Vinna Process Monitor Version 4.0 Service Pack 1 (Build 63255) allows an authenticated remote attacker with low privileges to inject malicious JavaScript code into the application. This enables attackers to steal administrative access tokens and session credentials. | 9.3 | 0.24% | 2026-06-09 | 2026-06-09 |
| CVE-2024-56123 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | 該当なし | 該当なし | 2026-06-08 | 2026-06-08 |
| CVE-2024-56122 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | 該当なし | 該当なし | 2026-06-08 | 2026-06-08 |
| CVE-2024-56121 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | 該当なし | 該当なし | 2026-06-08 | 2026-06-08 |
| CVE-2024-56120 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | 該当なし | 該当なし | 2026-06-08 | 2026-06-08 |
| CVE-2026-35085 | A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root. | 8.7 | 0.42% | 2026-06-03 | 2026-06-08 |
| CVE-2026-35084 | A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root. | 8.7 | 0.41% | 2026-06-03 | 2026-06-08 |
| CVE-2026-35083 | A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root. | 8.7 | 0.41% | 2026-06-03 | 2026-06-08 |
| CVE-2026-35082 | The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input. | 8.7 | 0.49% | 2026-06-03 | 2026-06-08 |
| CVE-2026-35081 | The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of user-supplied input. | 7.2 | 0.37% | 2026-06-03 | 2026-06-08 |
| CVE-2026-35080 | The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. | 7.2 | 0.36% | 2026-06-03 | 2026-06-08 |
| CVE-2026-35079 | The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. | 7.2 | 0.36% | 2026-06-03 | 2026-06-08 |
| CVE-2026-35078 | The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. | 7.2 | 0.37% | 2026-06-03 | 2026-06-08 |
| CVE-2026-35077 | The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. | 7.2 | 0.37% | 2026-06-03 | 2026-06-08 |
| CVE-2026-35076 | The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. | 7.2 | 0.36% | 2026-06-03 | 2026-06-08 |
| CVE-2026-35075 | An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices. | 9.3 | 0.43% | 2026-06-03 | 2026-06-08 |
| CVE-2026-41032 | It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted information. | 7.5 | 0.26% | 2026-06-03 | 2026-06-04 |
| CVE-2026-40852 | A highly authenticated attacker can alter the config generator injecting a payload into future created configurations. The device is not correctly checking this configuration value before passing it to an system execute leading to code execution. This can result in a total loss of confidentiality, integrity and availability. | 7.2 | 0.40% | 2026-05-27 | 2026-05-27 |
| CVE-2026-40851 | A local attacker can perform a confusion attack on the cfgparser via a specially crafted file on an USB stick leading to code execution. This can result in a total loss of confidentiality, integrity and availability. | 8.4 | 0.14% | 2026-05-27 | 2026-05-27 |
| CVE-2026-40850 | An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAccountData function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality. | 8.7 | 0.41% | 2026-05-27 | 2026-05-27 |