Security assessment and information provision

This site provides information on security and offers web audit tools.

Annoucement Show List

NVD Vulnerability Information NVD Vulnerability Search Top

Update Date":June 27, 2026, 4:35 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date
1	9.9	CRITICAL Network	dokku	dokku	Dokku is a docker-powered PaaS. Prior to 0.38.7, the cron plugin utilizes commands in the app.json file to manage system cron running as the Dokku user. An app.json cron command utilizing special shell characters - including, but not limited to, > or ; - can break out of the Docker container and ex… New	CWE-78 OS Command	CVE-2026-54636	2026-06-27 04:01	2026-06-27
2	8.8	HIGH Network	dokku	dokku	Dokku is a docker-powered PaaS. Prior to 0.38.2, the openresty-vhosts plugin copies files from an app's openresty/http-includes/ git repository directory to the host and then interpolates their filenames, unescaped, into a single-quoted shell string that is later parsed by eval. A filename containi… New	CWE-95 Eval Injection	CVE-2026-45406	2026-06-27 04:01	2026-06-27
3	5.4	MEDIUM Network	getgrav	grav	Grav before 1.6.30 contains a cross-site scripting vulnerability in the Admin plugin page editor default security configuration. Privileged users with page editing capabilities can inject malicious scripts to execute arbitrary code and install malicious plugins for system access. New	CWE-79 Cross-site Scripting	CVE-2020-37256	2026-06-27 03:58	2026-06-26
4	5.5	MEDIUM Local	freebsd	freebsd	When used to deliver a signal to a specific thread, thr_kill2(2) called p_cansignal() to determine whether the operation was permitted but did not check the result before delivering the signal. The signal was sent even when the permission check failed. The system call returned the resulting error… New	CWE-269 Improper Privilege Management	CVE-2026-45256	2026-06-27 03:58	2026-06-27
5	7.5	HIGH Network	apache	apache-airflow-providers-ftp	The Apache Airflow FTP provider's `FTPSHook.get_conn()` created an `ftplib.FTP_TLS` connection but never called `prot_p()`, so although the control channel was TLS-protected the data channel was transmitted in cleartext. Any deployment using `FTPSHook` or `FTPSFileTransmitOperator` to move files ov… New	CWE-319 Cleartext Transmission of Sensitive Information	CVE-2026-49486	2026-06-27 03:58	2026-06-26
6	5.4	MEDIUM Network	jupyter	jupyter_server	Jupyter Server is the backend for Jupyter web applications. Prior to 2.20, the nbconvert HTTP handlers in jupyter_server render user-authored notebook HTML under the Jupyter origin without a sandbox directive in their Content-Security-Policy. Combined with nbconvert.HTMLExporter's default non-sanit… New	CWE-79 CWE-1021 Cross-site Scripting Improper Restriction of Rendered UI Layers or Frames	CVE-2026-44727	2026-06-27 03:57	2026-06-23
7	7.8	HIGH Local	freebsd	freebsd	The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile(2), which can reference file-backed memory directly through non-anonymous M_EXTPG pages or EX… New	CWE-123 Write-what-where Condition	CVE-2026-45257	2026-06-27 03:56	2026-06-27
8	8.8	HIGH Network	dokku	dokku	Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:from-archive and certs:add commands extract user-supplied tar/zip archives into temporary directories without sanitizing member paths or preventing symlink traversal. GNU tar creates symlinks during extraction and follows them for subsequent … New	CWE-59 Link Following	CVE-2026-45405	2026-06-27 03:56	2026-06-27
9	5.5	MEDIUM Local	dokku	dokku	Dokku is a docker-powered PaaS. Prior to 0.38.2, the git:auth command creates $DOKKU_ROOT/.netrc using bash's touch command, which applies the default umask of 0644. This pre-creation defeats the netrc binary's built-in 0600 permission setting, leaving git credentials readable by any local user who… New	CWE-522 Insufficiently Protected Credentials	CVE-2026-45407	2026-06-27 03:55	2026-06-27
10	9.0	CRITICAL Network	dokku	dokku	Dokku is a docker-powered PaaS. Prior to 0.38.2, the app name validation regex (^[a-z0-9][^/:_A-Z]*$) permits shell metacharacters. When an authenticated user pushes to a git remote with a crafted app name, the name is embedded unquoted into a bash pre-receive hook script via an unquoted heredoc (<… New	CWE-78 OS Command	CVE-2026-45408	2026-06-27 03:55	2026-06-27

JVN Vulnerability Information JVN Vulnerability Search Top

Update Date:June 27, 2026, 10 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date
1	7.8	重要 Local	日本電気	ExpressUpdate Agent for Windows	ExpressUpdate Agent for Windowsにおける名前付きパイプに対するアクセス制御不備の脆弱性 New	CWE-Other その他	CVE-2026-8797	2026-06-26 14:17	2026-06-26
2	7.5	重要 Network	Linux	Linux Kernel	LinuxのLinux Kernelにおける不特定の脆弱性 New	CWE-noinfo 情報不足	CVE-2026-45860	2026-06-26 12:01	2026-05-27
3	7.8	重要 Local	Linux	Linux Kernel	LinuxのLinux Kernelにおける解放済みメモリの使用に関する脆弱性 New	CWE-416 解放済みメモリの使用	CVE-2026-45861	2026-06-26 12:01	2026-05-27
4	7.8	重要 Local	Linux	Linux Kernel	LinuxのLinux Kernelにおける不特定の脆弱性 New	CWE-noinfo 情報不足	CVE-2026-45862	2026-06-26 12:01	2026-05-27
5	5.5	警告 Local	Linux	Linux Kernel	LinuxのLinux Kernelにおける有効期限後のメモリの解放の欠如に関する脆弱性 New	CWE-401 有効期限後のメモリの解放の欠如	CVE-2026-45863	2026-06-26 12:01	2026-05-27
6	5.5	警告 Local	Linux	Linux Kernel	LinuxのLinux Kernelにおける無限ループに関する脆弱性 New	CWE-835 無限ループ	CVE-2026-45864	2026-06-26 12:01	2026-05-27
7	5.5	警告 Local	Linux	Linux Kernel	LinuxのLinux Kernelにおける不特定の脆弱性 New	CWE-noinfo 情報不足	CVE-2026-45865	2026-06-26 12:00	2026-05-27
8	7.8	重要 Local	Linux	Linux Kernel	LinuxのLinux Kernelにおける解放済みメモリの使用に関する脆弱性 New	CWE-416 解放済みメモリの使用	CVE-2026-45866	2026-06-26 12:00	2026-05-27
9	7.8	重要 Local	Linux	Linux Kernel	LinuxのLinux Kernelにおける解放済みメモリの使用に関する脆弱性 New	CWE-416 解放済みメモリの使用	CVE-2026-45867	2026-06-26 12:00	2026-05-27
10	5.5	警告 Local	Linux	Linux Kernel	LinuxのLinux Kernelにおける不特定の脆弱性 New	CWE-Other その他	CVE-2026-45868	2026-06-26 12:00	2026-05-27

Version update history excerpt Go To Version Update History

Support Expiration Date Go to Support Expiration Information

Target Period : 2026-05-01 〜 2026-09-30

No	Name	Normal Support	Security Support	Extended Support
1	Red Hat OpenJDK 8 for Windows		2026-05-31
2	Red Hat OpenJDK 8		2026-05-31
3	Java 8 (LTS)		2026-05-31
4	MariaDB 10.6	2026-06-30
5	SQL Server 2016 Service Pack 2	2021-07-13		2026-07-14
6	Oracle JDK 11 (LTS)	2023-09-30		2026-09-30

Excerpts from security information sites updated in the past two days Go to the Provide Information Site

2026-6-27 JST

media_news

No	Name	URL	Excerpt Of Changes	Tag
1	Ars Technica	https://arstechnica.com/	429,South Korea plans to train entire military as “drone warriors”,Half-million strong military will train on drones as “universal combat tool.”,Jeremy Hsu,–,6/26/2026,\|,1,Doctors suspected man had br ...	English News Foreign Country Blog Site Information Gathering
2	cnet	https://www.cnet.com/	Prime Day Ends Today,Apple Price Increase: How Much Everything Costs Now,Best Apple Prime Day Deals,130+ Best Last-Minute Prime Day Deals,These Products Dodged Apple's Price Hikes,Prime Day Ends Today ...	English News Foreign Country Blog
3	ScanNetSecurity	https://scan.netsecurity.ne.jp/	2026.06.27（土）,2026.6.26 Fri 8:05,苫小牧民報社記者が個人情報含む文書をSNS投稿、「報道機関としてはあってはならない」,株式会社苫小牧民報社は6月15日、同社記者による個人情報を含む一部内容のSNS投稿について発表した。,Kaizen Tech Agent で元従業員が情報を不正取得し社外に持ち出した可能性、不正取得はしていない旨の誓約書を提出,2026.6.26 ...	Japanese News Information Provision
4	scmagazine	https://www.scmagazine.com/	Identiverse,From M2M to A2A: Why your identity stack wasn’t built for what’s coming,Vulnerability Management,AI Brain Harvest, Fortibleed, Win 10, Blacksite, Windchill, Cisco, BB-8, Josh Marpet – SWN ...	English News Foreign Country Information Provision

blog

No	Image	Name	URL	Excerpt Of Changes	Tag
1		Compass Security Blog	https://blog.compass-security.com/	Cyber Resilience Act – Part I,June 26, 2026,/,Tobias Hort-Giess,/,0 Comments,The Cyber Resilience Act (CRA) is a regulation introduced by the European Union to strengthen cybersecurity requirements fo ...	English Foreign Country Company Blog Information Provision

organization

No	Image	Name	URL	Excerpt Of Changes	Tag
1		JPCERT/CC	https://www.jpcert.or.jp/	2026-06-26 09:00,CISA ICS Advisory / ICS Medical Advisory（2026年06月25日）,2026-06-25 15:30,Optical Disc Archive Software（Windows版）のインストーラにおけるインストール時の不適切なファイルアクセス権設定の脆弱性,2026-06-25 15:00,東芝製およびDynabook製PC ...	Japanese Organization Government Incident Response

vulnerability_notification_site

No	Image	Name	URL	Excerpt Of Changes	Tag
1		Vulnerability countermeasure information database	https://jvndb.jvn.jp/index.html	最終更新日：2026/06/26,現在の登録件数：289599件,2026/06/26,JVNDB-2026-000088,ExpressUpdate Agent for Windowsにおける名前付きパイプに対するアクセス制御不備の脆弱性,7.8（重要）,2026/06/26,JVNDB-2026-021090,LinuxのLinux Kernelにおける不特定の脆弱性,7.5（重要）,2026 ...	Japanese News Organization Government Windows Linux/Unix Mac OS Information Provision

2026-6-26 JST

media_news

No	Name	URL	Excerpt Of Changes	Tag
1	Bleeping Computer®	https://www.bleepingcomputer.com/	Microsoft quietly extends free Windows 10 ESU support to October 2027,Mandiant reveals how Cisco SD-WAN zero-day attacks gained root access,Malicious Edge extension abuses Native Messaging as bridge t ...	English News Foreign Country Information Provision
2	Cybersecurity News	https://securityonline.info/	Critical Alert,2 Active Exploits Detected Today,CVE-2026-12569,—,PTC Windchill and FlexPLM Improper Input Validation Vulnerability →,CVE-2026-20230,—,Cisco Unified Communications Manager Server-Side R ...	English News Foreign Country Information Provision
3	Engadget	https://www.engadget.com/	Big Tech,As everything gets more expensive, it's time to make do and mend,The skyrocketing cost of computer components needs to foster a new mindset.,By,Daniel Cooper,Read More,Photography,Sony A7R VI ...	English News Foreign Country Blog
4	Gizmodo	https://gizmodo.com/	Hackers Steal Funds From Polymarket Users, Potentially Millions,"We're contacting impacted users & refunding them in full.",Privacy & Security,Matt Novak,Jun 25,Xbox Forces a Third Price Hike Down Pla ...	English News Foreign Country Blog
5	HELPNETSECURITY	https://www.helpnetsecurity.com/	Stealthy new backdoor surfaces in attacks on multiple sectors,June 25, 2026,Hacker gets 18 months for attack that compromised 60,000 betting accounts,June 25, 2026,WhatsApp will warn users before they ...	English News Foreign Country Information Provision
6	Mashable	https://mashable.com/	Safety Net,Mashable's Best: E-readers, robovacs, laptops, earbuds, smart home and more,Mashable Selects,save on Apple, DJI, and Lego favorites 🛍️,Amazon Prime Day ends soon: We found 100+ deals to sho ...	English News Foreign Country Blog
7	Schneier on Security	https://www.schneier.com/	AI and Liability,Earlier this month, a German court,ruled,that Google is liable for its AI search summaries. Rejecting defenses like “users can check for themselves,” and that they generally know “tha ...	English News Foreign Country Blog
8	securityweek	https://www.securityweek.com/	Runlayer Raises $30 Million in Series A Funding,The startup’s platform functions as a secure control layer, aiming to secure AI tools across enterprises.,Cal Water Says No OT Systems Breached in Irani ...	English News Foreign Country Information Provision
9	TechCrunch	https://techcrunch.com/	AI,Databricks’ former AI chief thinks he can cut AI’s power bill by 1,000x,Russell Brandom,6 hours ago,AI,Anthropic’s Claude is winning over paid consumers, a market owned by ChatGPT,Julie Bort,5 hour ...	English News Foreign Country Blog Site Information Gathering
10	TechNadu.com	https://www.technadu.com/	Kaspersky 2026 SMB Threat Report: Fake AI Tools Used in 33,000+ Attacks,By,Lore Apostol,\|,Published,Vulnerability Prioritization is Not Just About Severity, But Exploitability in Context,By,Vishwa Pan ...	English News Foreign Country Information Provision
11	TechRadar	https://www.techradar.com/	Apple just announced big price hikes across its major products — and yes, RAM prices are to blame,Apple is raising the price of most of its product lines including iPads, MacBooks and more,iOS 27 coul ...	English News Foreign Country Blog
12	The Verge	https://www.theverge.com/	RAMageddon just got extremely real,You know things are bad when Apple raises prices.,Allison Johnson,8:00 PM UTC,Instagram wants to monopolize your attention,Charles Pulliam-Moore,Xbox prices spike an ...	English News Foreign Country Blog
13	wired	https://www.wired.com/	Minority Report,British Police Built a Sprawling Crime-Prediction Machine. Some Results Couldn’t Be Trusted,As UK police embrace the AI revolution, a WIRED investigation reveals the messy inside story ...	English News Blog
14	ZDNet Japan Security	https://japan.zdnet.com/security/	人気：「OpenClaw」が突き付けるAIエージェント時代の現実,Yubicoに聞く、なぜ今物理的な「セキュリティキー」が必要なのか,2026-06-26 07:00,誰かがアカウントを監視・不正アクセスしている10の兆候と対策,2026-06-26 07:00,読まれている記事,旧型の「iPhone」や「iPad」に修正不能な脆弱性--対象機種は？,KDDIのISP向けシステムに不正アクセス、最 ...	Japanese News Information Provision
15	Malware Information Bureau	https://eset-info.canon-its.jp/malware_info/	BitLockerはどう解除する？そもそも解除すべきか？,生成AIを悪用した初のAndroidマルウェアPromptSpyの脅威,トロイの木馬に感染したらどうなる？どう対処すればよいのか？,Akira（マルウェア図鑑）	Japanese News Information Provision

security_company

No	Name	URL	Excerpt Of Changes	Tag
1	Positive Technologies	https://www.ptsecurity.com/	9 июля 2026,Новый релиз MaxPatrol Endpoint Security 10.0 — разберем на вебинаре 9 июля,Вероника Мякшинова, Кирилл Черкинский,Зарегистрироваться,01:20 МСК \| 26.06.2026,741.2₽,Сертификаты продуктов	English News News Web Audit Network Audit Company Smartphone Audit WAF Forensic Pentest SIEM Vulnerability Management Vulnerability Management ERP Security ERP Security Infra Security
2	Trustwave	https://www.trustwave.com/ja-jp/	UPCOMING WEBINAR,Discover How Security Leaders Maximize Microsoft Security \| Thursday, July 9,Threat Spotlight: QuimaRAT, A Java RAT with Burning Ambitions,Operation FlutterBridge: The FlutterShell ma ...	English Web Audit Web Audit Network Audit Tools Tools Company Company Consulting WAF Education Incident Response Security enhancement support Requirements Consulting SIEM Vulnerability Management SOC Mail Security Support for PCIDSS IDS/IPS Management DDos protection
3	NTT Advanced Technology Corporation	https://www.ntt-at.co.jp/	06.25,[木],お知らせ,コラム「AI時代における新たなリスクに対する防御線。ー F5 AI Guardrails」を掲載しました。,2026/,2026-06-25,AI時代における新たなリスクに対する防御線。ー F5 AI Guardrails	Japanese Web Audit Network Audit Company Consulting Education Endpoint Detection and Response(EDR) Incident Response Forensic Security enhancement support Security enhancement support Automatic Audit tools Targeted Email Attack Training SIEM Cloud IDS/IPS Management DDos protection Endpoint Audit Monitoring CSPM（Cloud Security Posture Management） Internal information leakage countermeasures
4	GSX	http://www.gsx.co.jp/	2026年6月25日,人材サービス提供企業、上場企業の代表取締役を歴任する森本宏一氏を社外取締役へ招聘企業経営や人材マネジメントに関する豊富な経験を活かしAI時代のGSXグループ成長を加速,2026年6月25日,役員人事に関するお知らせ,2026年6月25日,Press Release,人材サービス提供企業、上場企業の代表取締役を歴任する森本宏一氏を社外取締役へ招聘,企業経営や人材マネジメントに ...	Japanese Web Audit Network Audit Major Company Smartphone Audit IoT Audit Consulting Consulting Qualifications WAF Endpoint Detection and Response(EDR) Incident Response Pentest Targeted Email Attack Training Database Audit Support for PCIDSS Building CSIRTs Vulnerability assessment Design document review

blog

No	Name	URL	Excerpt Of Changes	Tag
1	Rapid7 Blog	https://www.rapid7.com/blog/	Rapid7’s 2026 Global Cybersecurity Summit is now available on-demand.,Watch sessions.,Industry Trends,Experts on Experts: Why AI and Compliance Are Forcing A New Security Operating Model,Corey Thomas	English Major Foreign Country Company Blog Information Provision
2	Redhat's Official Blog	https://www.redhat.com/ja/blog	お使いのアプリケーション・プラットフォームは、今後の展開に対応できる準備ができていますか？,2026 年 5 月 12 日,\|,Jaleh Reeves,Red Hat OpenShift を AI を活用したアプリケーションのソリューションとしてご検討ください。GPU リソースの共有や、オンプレミス環境とクラウド環境をまたいだ一貫したセキュリティの維持が可能であり、管理の複雑さに対応するために人 ...	English Major Company Blog Information Provision
3	Security hole memo	http://www.st.ryukoku.ac.jp/~kjm/security/memo/	Last modified: Thu Jun 25 19:33:28 2026,■,2026.06.25,》,インドのデータセンター火災、20年超の蓄積データが消失も,(ロイター, 6/25),火災が起きたのは、シンガポールのＳＴテレメディアとインドのタタ・コミュニケーションズ(TATA.NS), opens new tabが所有する「ＳＴＴグローバル・データ・センターズ・インディア」の施設。(中 ...	Japanese Celebrated Person Celebrated Person Blog Blog Information Provision Information Provision

organization

No	Image	Name	URL	Excerpt Of Changes	Tag
1		National Vulnerability Database	https://nvd.nist.gov/	CVE-2026-46108,- In the Linux kernel, the following vulnerability has been resolved: ipmi:si: Return state to normal if message allocation fails There were places where nothing would get started if ...	English Organization Government
2		日本シーサート協議会	https://www.nca.gr.jp/	2026.06.17,お知らせ,「シーサートワークショップ in 関東〜問答無用の攻撃に備える〜」開催報告,2026.06.05,お知らせ,2026年8月20日仙台開催「CSIRTのはじめ方ｰそして続けられるように」,2026.06.05,お知らせ,2026年8月6日大阪開催「CSIRTのはじめ方ｰそして続けられるように」,2026.06.17,「シーサートワークショップ in 関東 ...	Japanese Organization Building CSIRTs

ctf_bug_bounty

No	Image	Name	URL	Excerpt Of Changes	Tag
1		Hacker One	https://www.hackerone.com/	H1 Bounty,Elite researchers find your most critical vulnerabilities.,H1 Agentic Pentest,AI-driven pentesting that scales with your attack surface.,H1 AI Red Teaming,Adversarial testing for your AI sys ...	English Hacking Bug Bounty

wordpress

No	Image	Name	URL	Excerpt Of Changes	Tag
1		All In One WP Security & Firewall	https://ja.wordpress.org/plugins/all-in-one-wp-security-and-firewall/	27 sites we just had to fix,Core,2026年6月25日,27 sites suddenly unable to log into until I cleared and cleaned them of AIOS. AGAIN.this has happened before, but will not happen to me or my clients again ...	Japanese WordPress WordPress Security Enhancement

proxy

No	Image	Name	URL	Excerpt Of Changes	Tag
1		Fiddler	https://www.telerik.com/fiddler	Overview,Agent Cache,Which Fiddler Do You Need?,Choose based on platform support, debugging workflow, and feature set.,Fiddler Everywhere,Fiddler Classic,FiddlerCore,Enterprise-ready debugging and tes ...	English Tools

Security Advisary

No	Image	Name	URL	Excerpt Of Changes	Tag
1		Debian Security Advisory	https://www.debian.org/security/	[25 Jun 2026],T,DSA-6366-1 sogo,security update,[25 Jun 2026],T,DSA-6365-1 libssh2,security update,[25 Jun 2026],T,DSA-6364-1 chromium,security update,Last Modified: Sat, Oct 18 11:51:55 UTC 2025 La ...	English Linux/Unix Security Advisories