セキュリティ診断、情報提供

セキュリティに関する情報の提供、ウェブ診断ツールを提供しているサイトです。

アナウンス一覧表示

JVN脆弱性情報 JVN脆弱性検索トップへ

更新日:2025年5月21日12:02

No	CVSS	レベル攻撃区分	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日
1	4.6	警告ネットワーク	arnesonium	OpenPGP Form Encryption for WordPress	arnesonium の WordPress 用 OpenPGP Form Encryption for WordPress におけるクロスサイトスクリプティングの脆弱性 New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2024-3919	2025-05-21 11:57	2024-07-13
2	6.5	警告ローカル	三菱電機	GENESIS64 mc works64	三菱電機製 GENESIS64 および MC Works64 のマルチエージェント通知機能の実行時に必要以上に高い権限が割り当てられている脆弱性 New	CWE-250 不要な特権による実行	CVE-2025-0921	2025-05-21 11:56	2025-05-20
3	6.1	警告ネットワーク	Akadrama	Shipping with Venipak for WooCommerce	Akadrama の WordPress 用 Shipping with Venipak for WooCommerce におけるクロスサイトスクリプティングの脆弱性 New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2024-29805	2025-05-21 11:47	2024-03-27
4	7.1	重要隣接	Phillips Data, Inc.	Blesta	Phillips Data, Inc. の Blesta におけるパストラバーサルの脆弱性 New	CWE-22 パス・トラバーサル	CVE-2024-25859	2025-05-21 11:35	2024-02-28
5	8.8	重要ネットワーク	Martyn Chamberlin	Don't Muck My Markup	Martyn Chamberlin の WordPress 用 Don't Muck My Markup におけるクロスサイトリクエストフォージェリの脆弱性 New	CWE-352 CWE-352	CVE-2024-23510	2025-05-21 11:26	2024-03-27
6	6.1	警告ネットワーク	J. Isaac Friend	WP Dream Carousel	J. Isaac Friend の WP Dream Carousel におけるクロスサイトスクリプティングの脆弱性 New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2024-13331	2025-05-21 11:18	2025-02-4
7	6.1	警告ネットワーク	MarvinLabs	User Messages	MarvinLabs の WordPress 用 User Messages におけるクロスサイトスクリプティングの脆弱性 New	CWE-79 クロスサイト・スクリプティング（XSS）	CVE-2024-13222	2025-05-21 11:14	2025-01-31
8	7.8	重要ローカル	pdf-xchange	pdf-tools pdf-xchange editor	pdf-xchange の pdf-tools および pdf-xchange editor における境界外書き込みに関する脆弱性 New	CWE-787 CWE-787	CVE-2023-27340	2025-05-21 11:14	2023-02-28
9	7.8	重要ローカル	pdf-xchange	pdf-tools pdf-xchange editor	pdf-xchange の pdf-tools および pdf-xchange editor における境界外書き込みに関する脆弱性 New	CWE-787 CWE-787	CVE-2023-27343	2025-05-21 11:14	2023-02-28
10	5.5	警告ローカル	pdf-xchange	pdf-tools pdf-xchange editor	pdf-xchange の pdf-tools および pdf-xchange editor における境界外読み取りに関する脆弱性 New	CWE-125 CWE-125	CVE-2023-39483	2025-05-21 11:14	2023-08-2

NVD脆弱性情報 NVD脆弱性検索トップへ

更新日":2025年5月21日4:09

No	CVSS	ベンダー名	プロダクト名	タイトル	CWE	CVE	更新日	公表日
1	-	-	-	D-link DI-8100 16.07.26A1 is vulnerable to Command Injection. An attacker can exploit this vulnerability by crafting specific HTTP requests, triggering the command execution flaw and gaining the highest privilege shell access to the firmware system. New	-	CVE-2025-44084	2025-05-21 02:15	2025-05-21
2	-	-	-	In the Linux kernel, the following vulnerability has been resolved: wifi: wl1251: fix memory leak in wl1251_tx_work The skb dequeued from tx_queue is lost when wl1251_ps_elp_wakeup fails with a -ETIMEDOUT error. Fix that by queueing the skb back to tx_queue. New	-	CVE-2025-37982	2025-05-21 02:15	2025-05-21
3	-	-	-	In the Linux kernel, the following vulnerability has been resolved: scsi: smartpqi: Use is_kdump_kernel() to check for kdump The smartpqi driver checks the reset_devices variable to determine whether special adjustments need to be made for kdump. This has the effect that after a regular kexec reb… New	-	CVE-2025-37981	2025-05-21 02:15	2025-05-21
4	-	-	-	In the Linux kernel, the following vulnerability has been resolved: block: fix resource leak in blk_register_queue() error path When registering a queue fails after blk_mq_sysfs_register() is successful but the function later encounters an error, we need to clean up the blk_mq_sysfs resources. A… New	-	CVE-2025-37980	2025-05-21 02:15	2025-05-21
5	-	-	-	In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Fix sc7280 lpass potential buffer overflow Case values introduced in commit 5f78e1fb7a3e ("ASoC: qcom: Add driver support for audioreach solution") cause out of bounds access in arrays of sc7280 driver data (e.g. in c… New	-	CVE-2025-37979	2025-05-21 02:15	2025-05-21
6	-	-	-	In the Linux kernel, the following vulnerability has been resolved: block: integrity: Do not call set_page_dirty_lock() Placing multiple protection information buffers inside the same page can lead to oopses because set_page_dirty_lock() can't be called from interrupt context. Since a protection… New	-	CVE-2025-37978	2025-05-21 02:15	2025-05-21
7	-	-	-	In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: exynos: Disable iocc if dma-coherent property isn't set If dma-coherent property isn't set then descriptors are non-cacheable and the iocc shareability bits should be disabled. Without this UFS can end up in an incompa… New	-	CVE-2025-37977	2025-05-21 02:15	2025-05-21
8	-	-	-	In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Fix invalid entry fetch in ath12k_dp_mon_srng_process [ Upstream commit 63fdc4509bcf483e79548de6bc08bf3c8e504bb3 ] Currently, ath12k_dp_mon_srng_process uses ath12k_hal_srng_src_get_next_entry to fetch the next ent… New	-	CVE-2025-37976	2025-05-21 02:15	2025-05-21
9	-	-	-	In the Linux kernel, the following vulnerability has been resolved: riscv: module: Fix out-of-bounds relocation access The current code allows rel[j] to access one element past the end of the relocation section. Simplify to num_relocations which is equivalent to the existing size expression. New	-	CVE-2025-37975	2025-05-21 02:15	2025-05-21
10	-	-	-	In the Linux kernel, the following vulnerability has been resolved: s390/pci: Fix missing check for zpci_create_device() error return The zpci_create_device() function returns an error pointer that needs to be checked before dereferencing it as a struct zpci_dev pointer. Add the missing check in … New	-	CVE-2025-37974	2025-05-21 02:15	2025-05-21

バージョン更新履歴抜粋 バージョン更新履歴へ

対象期間 : 2025-05-14 〜 2025-05-21

No	名前	ジャンル	バージョン	リリース日	セキュリティ修正	リリース情報
1	New!! Linux Kernel 5.15（LTS）	OS	5.15.183	2025-05-19	不明	表示
2	New!! Tailwind 1	フレームワーク	4.1.7	2025-05-15	不明	表示
3	New!! Tornado 6	フレームワーク	6.5.0	2025-05-15	不明	表示

サポート期限 サポート期限情報へ

対象期間 : 2025-04-01 〜 2025-08-31

No	名前	通常サポート	セキュリティサポート	延長サポート
1	Node.js 18 (LTS)	2023-10-18	2025-04-30
2	Django5.0	2022-08-31		2025-04-30
3	MariaDB 10.5	2025-06-24
4	MongoDB 5.1	2025-06-30
5	MongoDB 6.0	2025-07-31

過去2日間に更新されたセキュリティ情報サイト抜粋 情報提供サイトへ

2025-5-21 JST

メディア・ニュース

No	名前	URL	変更部分の抜粋	タグ
1	Ars Technica	https://arstechnica.com/	AI changes everything,Zero-click searches: Google’s AI tools are the culmination of its hubris,Google's first year with AI search was a wild ride. It will get wilder.,Ryan Whitwam,–,5/20/2025,\|,131,Ho ...	English News 海外ブログサイト情報収集
2	cnet	https://www.cnet.com/	I Stepped Into the Future of Hyper-Connected Entertainment,4 Gut Healing Secrets to Stop Gas and Bloating,I Stepped Into the Future of Hyper-Connected Entertainment. It Made Me Surprisingly Emotional, ...	English News 海外ブログ
3	scmagazine	https://www.scmagazine.com/	SEO poisoning campaign swipes direct deposits from employees,May 20, 2025,Phishing pages targeting mobile devices showed up at the top of Google search results.,Vulnerability Management,WSL, Defendnot ...	English News 海外情報提供

ブログ

No	イメージ	名前	URL	変更部分の抜粋	タグ
1		Whitehat Security ブログ	https://www.blackduck.com:443/blog.html	How to build reliability into developer workflows without slowing down,By,Corey Hamilton,May 19, 2025,/,3 min read,Tags:,Build Security into DevOps,How to build reliability into developer workflows wi ...	English 海外ブログ情報提供

2025-5-20 JST

メディア・ニュース

No	名前	URL	変更部分の抜粋	タグ
1	Bleeping Computer®	https://www.bleepingcomputer.com/	Hackers earn $1,078,750 for 28 zero-days at Pwn2Own Berlin,UK Legal Aid Agency confirms applicant data stolen in data breach,Microsoft confirms new "Advanced" Settings for Windows 11,OpenAI plans to c ...	English News 海外情報提供
2	Cybersecurity News	https://securityonline.info/	May 19, 2025,2 min read,Windows,Warning: Windows Update Triggering BitLocker Recovery,Ddos,May 19, 2025,2 min read,Windows,Fix Windows Update Problems: Common Error Codes and Solutions,Ddos,May 19, 20 ...	English News 海外情報提供
3	Engadget	https://www.engadget.com/	LG 27 UltraGear OLED review: I finally get the 480Hz gaming hype,You might not see the difference between 480Hz and other high refresh rates, but you’ll feel it.,Devindra Hardawar,11 hours ago,ASUS un ...	English News 海外ブログ
4	Gizmodo	https://gizmodo.com/	FEMA Shifts Disaster Burden to States in Wake of Deadly Tornadoes,The agency’s policy shift is poised to drastically reduce the federal aid states receive for natural disaster recovery.,Ellyn Lapointe ...	English News 海外ブログ
5	HELPNETSECURITY	https://www.helpnetsecurity.com/	Malicious RVTools installer found on official site, researcher warns,May 19, 2025,CTM360 maps out real-time phishing infrastructure targeting corporate banking worldwide,May 19, 2025,AI hallucinations ...	English News 海外情報提供
6	Mashable	https://mashable.com/	From TikTok to A24,Boman Martinez-Reid is living the creator-to-TV dream,the cult of agi,‘Empire of AI’ author Karen Hao on why Sam Altman tried to discredit her book,and we're crying again,Did 'The L ...	English News 海外ブログ
7	Schneier on Security	https://www.schneier.com/	The NSA’s “Fifty Years of Mathematical Cryptanalysis (1937–1987)”,In response to a FOIA request, the NSA released “,Fifty Years of Mathematical Cryptanalysis (1937-1987),,” by Glenn F. Stahly, with a ...	English News 海外ブログ
8	securityweek	https://www.securityweek.com/	BreachRx Lands $15 Million as Investors Bet on Breach-Workflow Software,San Francisco incident response coordination startup banks $15 million in a Series A funding round led by Ballistic Ventures.,Pr ...	English News 海外情報提供
9	SensorsTechForum.com	https://sensorstechforum.com/	Hilipinge.com Notifications Virus – Removal Guide [Fix],What Is Hilipinge.com? Hilipinge.com may cause a lot of problems on your device due to redirects and pop-ups. Afterward, you might experience fr ...	English News 海外情報提供マルウェア・ランサムウェア対応
10	TechCrunch	https://techcrunch.com/	Apps,Judge pressures Apple to approve Fortnite or return to court,Sarah Perez,2 hours ago,Apps,Google launches stand-alone NotebookLM apps for Android and iOS,Aisha Malik,2 hours ago,Government & Poli ...	English News 海外ブログサイト情報収集
11	TechNadu.com	https://www.technadu.com/	Materialists: All About the Dating Market film Starring Dakota Johnson, Pedro Pascal, and Chris Evans,Published,Volkswagen’s Connected Car App Flaws Allow Brute Force Attacks, Expose Owner PII,Publish ...	English News 海外情報提供
12	TechRadar	https://www.techradar.com/	Memorial Day,Computex,Google I/O,Best laptop,Computex 2025: live from the world's biggest computing event,All of the biggest computing news from AMD, Nvidia and more, live from the show floor in Taiwa ...	English News 海外ブログ
13	The Verge	https://www.theverge.com/	Microsoft’s plan to fix the web: letting every website run AI search for cheap,NLWeb starts by offering ChatGPT-level search to any site or app, with just a few lines of code. It’s a new vision for th ...	English News 海外ブログ
14	wired	https://www.wired.com/	Special Edition,Untraceable,We Made Luigi Mangione’s 3D-Printed Gun—and Fired It,In the wake of Luigi Mangione’s alleged killing of a health care CEO with a partially 3D-printed pistol, we built and t ...	English News ブログ

組織

No	イメージ	名前	URL	変更部分の抜粋	タグ
1		National Vulnerability Database	https://nvd.nist.gov/	CVE-2024-4757,- The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make ...	English 組織行政

会議

No	イメージ	名前	URL	変更部分の抜粋	タグ
1		Positive Hack Days	https://www.phdays.com/	Strategic partner,Strategic partner,Strategic partner,Strategic partner,Strategic partner,Strategic partner,Strategic partner	Russia 組織

脆弱性通知サイト

No	イメージ	名前	URL	変更部分の抜粋	タグ
1		Packet Storm	https://packetstormsecurity.com/	2025-05-19:,8 news articles added,2025-05-19:,58 files added,Ransomware is quite evil. When you see things like a childrens' hospital unable to serve their clients because all of their computers are ...	English News Tools 海外 Hacking Exploit
2		vuldb.com	https://vuldb.com/	309'631,148.6,373.2,12'530,87'962,VulDB Mod Team queued a new entry to be reviewed,VulDB CTI Team identified activities by APT actor "United States of America",VulDB Data Team updated more than 75 ent ...	English 海外 Windows Linux/Unix Mac OS 情報提供 Android iOS Exploit