Security assessment and information provision

This site provides information on security and offers web audit tools.

Annoucement Show List

March 6, 2026 - None

NVD Vulnerability Information NVD Vulnerability Search Top

Update Date":April 22, 2026, 4 a.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date
1	-		-	-	ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the GET /api/person/{personId} endpoint loads and returns person records without performing object-level authorization checks. Although the legacy PersonView.php page enforces canEditPerson() restrictions, the API lay… New	CWE-639 CWE-862 Authorization Bypass Through User-Controlled Key Missing Authorization	CVE-2026-40480	2026-04-21 03:59	2026-04-18
2	-		-	-	ChurchCRM is an open-source church management system. Versions prior to 7.2.0 have SQL injection in FinancialService::getMemberByScanString() via unsanitized $routeAndAccount concatenated into raw SQL. This issue has been fixed in version 7.2.0. New	CWE-89 SQL Injection	CVE-2026-40482	2026-04-21 03:59	2026-04-18
3	5.4	MEDIUM Network	-	-	ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the Pledge Editor renders donation comment values directly into HTML input value attributes without escaping via htmlspecialchars(). An authenticated user with Finance permissions can inject HTML attribute-breaking ch… New	CWE-79 CWE-116 Cross-site Scripting Improper Encoding or Escaping of Output	CVE-2026-40483	2026-04-21 03:59	2026-04-18
4	9.1	CRITICAL Network	-	-	ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the database backup restore functionality extracts uploaded archive contents and copies files from the Images/ directory into the web-accessible document root using recursiveCopyDirectory(), which performs no file ext… New	CWE-269 CWE-434 CWE-552 Improper Privilege Management Unrestricted Upload of File with Dangerous Type Files or Directories Accessible to External Parties	CVE-2026-40484	2026-04-21 03:59	2026-04-18
5	5.3	MEDIUM Network	-	-	ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the public API login endpoint (/api/public/user/login) returns distinguishable HTTP response codes based on whether a username exists: 404 for non-existent users and 401 for valid users with incorrect passwords. An un… New	CWE-204 CWE-307 Response Discrepancy Information Exposure mproper Restriction of Excessive Authentication Attempts	CVE-2026-40485	2026-04-21 03:59	2026-04-18
6	8.1	HIGH Network	-	-	ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the family record deletion endpoint (SelectDelete.php) performs permanent, irreversible deletion of family records and all associated data via a plain GET request with no CSRF token validation. An attacker can craft a… New	CWE-352 CWE-862 Origin Validation Error Missing Authorization	CVE-2026-40581	2026-04-21 03:59	2026-04-18
7	-		-	-	ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the /api/public/user/login endpoint validates only the username and password before returning the user's API key, bypassing the normal authentication flow that enforces account lockout and two-factor authentication ch… New	CWE-288 CWE-305 Authentication Bypass Using an Alternate Path or Channel Authentication Bypass by Primary Weakness	CVE-2026-40582	2026-04-21 03:59	2026-04-18
8	4.8	MEDIUM Network	-	-	ChurchCRM is an open-source church management system. In versions prior to 7.2.0, the User Editor (UserEditor.php) renders stored usernames directly into an HTML input value attribute without applying htmlspecialchars(). An administrator can save a username containing HTML attribute-breaking charac… New	CWE-79 CWE-116 Cross-site Scripting Improper Encoding or Escaping of Output	CVE-2026-40593	2026-04-21 03:59	2026-04-18
9	-		-	-	editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based buffer overflow in ec_glob() that allows an attacker to crash any application using libeditorconfig by providing a specially crafted direc… New	CWE-121 CWE-787 Stack-based Buffer Overflow Out-of-bounds Write	CVE-2026-40489	2026-04-21 03:59	2026-04-18
10	6.8	MEDIUM Network	-	-	The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When redirect following is enabled (followRedirect(true)), versions of AsyncHttpClient prior to 3.0.9 and 2.14.5 forward Authorization and Proxy-Authorization header… New	CWE-200 Information Exposure	CVE-2026-40490	2026-04-21 03:59	2026-04-18

JVN Vulnerability Information JVN Vulnerability Search Top

Update Date:Feb. 9, 2026, 12:59 p.m.

No	CVSS	Level Attach Vector	Vendor Name	Project Name	Title	CWE	CVE	Update Date	Publication Date
1	9.8	緊急 Network	scshr	hr portal	scshrのhr portalにおける信頼できないデータのデシリアライゼーションに関する脆弱性	CWE-502 信頼性のないデータのデシリアライゼーション	CVE-2025-48780	2026-02-6 10:41	2025-06-6
2	7.5	重要 Network	scshr	hr portal	scshrのhr portalにおけるファイル名やパス名の外部制御に関する脆弱性	CWE-73 ファイル名やパス名の外部制御	CVE-2025-48781	2026-02-6 10:41	2025-06-6
3	9.8	緊急 Network	scshr	hr portal	scshrのhr portalにおける危険なタイプのファイルの無制限アップロードに関する脆弱性	CWE-434 危険なタイプのファイルの無制限アップロード	CVE-2025-48782	2026-02-6 10:41	2025-06-6
4	7.5	重要 Network	scshr	hr portal	scshrのhr portalにおけるファイル名やパス名の外部制御に関する脆弱性	CWE-73 ファイル名やパス名の外部制御	CVE-2025-48783	2026-02-6 10:41	2025-06-6
5	7.5	重要 Network	scshr	hr portal	scshrのhr portalにおける認証の欠如に関する脆弱性	CWE-862 認証の欠如	CVE-2025-48784	2026-02-6 10:41	2025-06-6
6	7.5	重要 Network	scshr	hr portal	scshrのhr portalにおける重要な機能に対する認証の欠如に関する脆弱性	CWE-306 重要な機能に対する認証の欠如解説	CVE-2025-5192	2026-02-6 10:41	2025-06-6
7	6.8	警告 Physics	Elspec LTD	G5DFR ファームウェア	Elspec LTDのG5DFR ファームウェアにおける代替パスまたはチャネルを使用した認証回避に関する脆弱性	CWE-288 代替パスまたはチャネルを使用した認証回避	CVE-2025-59392	2026-02-6 10:41	2025-11-6
8	7.2	重要 Network	Sangoma	freepbx	SangomaのfreepbxにおけるOS コマンドインジェクションの脆弱性	CWE-78 OSコマンド・インジェクション	CVE-2025-64328	2026-02-6 10:41	2025-11-7
9	6.5	警告 Network	Salesforce.com, inc.	MuleSoft Anypoint Extension Pack	Salesforce.com, inc.のMuleSoft Anypoint Extension Packにおけるコードインジェクションの脆弱性	CWE-94 コード・インジェクション	CVE-2025-10875	2026-02-6 10:41	2025-11-4
10	7.5	重要 Network	Intelbras	ICIP 30 Firmware	IntelbrasのICIP 30 Firmwareにおける複数の脆弱性	CWE-255 CWE-256 CWE-522	CVE-2025-13187	2026-02-6 10:41	2025-11-14

Version update history excerpt Go To Version Update History

Target Period : 2026-04-15 〜 2026-04-22

No	Name	Genre	Version	Release date	Security Fix	Release Information
1	New!! Cockpit	systemadmin	360	2026-04-18	Yes	Show
2	New!! Linux Kernel 5.10（LTS）	os	5.10.253	2026-04-18	Yes	Show

Support Expiration Date Go to Support Expiration Information

Target Period : 2026-03-01 〜 2026-07-31

No	Name	Normal Support	Security Support	Extended Support
1	Ruby 3.2	2026-03-31
2	MySQL 8	2026-04-19
3	Django4.2 LTS	2023-12-31		2026-04-30
4	Red Hat OpenJDK 8 for Windows		2026-05-31
5	Red Hat OpenJDK 8		2026-05-31
6	Java 8 (LTS)		2026-05-31
7	MariaDB 10.6	2026-06-30
8	SQL Server 2016 Service Pack 2	2021-07-13		2026-07-14

Excerpts from security information sites updated in the past two days Go to the Provide Information Site

2026-4-22 JST

media_news

No	Name	URL	Excerpt Of Changes	Tag
1	Ars Technica	https://arstechnica.com/	181,Pentagon wants $54B for drones, more than most nations’ military budgets,The proposed Pentagon drone investment rivals Ukraine’s entire military budget.,Jeremy Hsu,–,4/21/2026,\|,32,Mozilla: Anthro ...	English News Foreign Country Blog Site Information Gathering
2	Bleeping Computer®	https://www.bleepingcomputer.com/	French govt agency confirms breach as hacker offers to sell data,New Lotus data wiper used against Venezuelan energy, utility firms,Lifetime cybersecurity training is on sale for a one-time $53,Stoppi ...	English News Foreign Country Information Provision
3	cnet	https://www.cnet.com/	Apple CEO Tim Cook Steps Down, John Ternus Replaces Him,02,Top 5 Apple Products That Tim Cook Launched,03,Survey: Less Than 40% of Us Recycle Old Tech,04,05,A Compact Short-Throw Projector for Tiny Li ...	English News Foreign Country Blog
4	Cyber Security Intelligence	https://www.cybersecurityintelligence.com/	2026-04-21,Top Website Security Threats Every Site Owner Should Know,Small enterprises are targeted constantly and not one is 'too small to target'. Here are the pressing threats they genuinely need t ...	English News Foreign Country Information Provision
5	Cybersecurity News	https://securityonline.info/	April 21, 2026,Three Silent Vulnerabilities Discovered in the glibc Core,Ddos,April 21, 2026,0,Vulnerability Report,The Dual CVSS 10.0 RCE Flaws Threatening Spinnaker Pipelines,Ddos,April 21, 2026,0,V ...	English News Foreign Country Information Provision
6	Engadget	https://www.engadget.com/	Xbox cuts Game Pass prices but new Call of Duty games will no longer hit the service on day one,Effective immediately, both Game Pass Ultimate and PC Game Pass will be a bit cheaper.,Kris Holt,7 hours ...	English News Foreign Country Blog
7	Gizmodo	https://gizmodo.com/	NASA Breaks Silence on Deaths and Disappearances of Scientists With Ties to Space Tech,Eleven missing or dead scientists are now at the center of a federal investigation, and three had direct ties to ...	English News Foreign Country Blog
8	HELPNETSECURITY	https://www.helpnetsecurity.com/	Ransomware negotiator admits role in attacks he was hired to resolve,April 21, 2026,Scattered Spider hacker pleads guilty to stealing $8 million in cryptocurrency,April 21, 2026,CISA flags another Cis ...	English News Foreign Country Information Provision
9	Krebs on Security	https://krebsonsecurity.com/	‘Scattered Spider’ Member ‘Tylerb’ Pleads Guilty,April 21, 2026,3 Comments,A 24-year-old British national and senior member of the cybercrime group “,Scattered Spider,” has pleaded guilty to wire frau ...	English News Foreign Country Blog
10	Mashable	https://mashable.com/	Mashable Selects,AI audiobooks are invading Libby. Here’s how I avoid them.,End of an era,Tim Cook to step back, John Ternus named Apple CEO,test that 8x zoom,Marvel at Earthset video from Artemis II, ...	English News Foreign Country Blog
11	Schneier on Security	https://www.schneier.com/	Mexican Surveillance Company,Grupo Seguritech,is a Mexican surveillance company that is expanding into the US.,Tags:,Mexico,,,privacy,,,surveillance,Posted on April 21, 2026 at 7:04 AM,•,5 Comments,20 ...	English News Foreign Country Blog
12	scmagazine	https://www.scmagazine.com/	Another Cisco Catalyst SD-WAN Manager bug added to CISA list,Steve,Zurier,April 21, 2026,CISA flags new Cisco SD-WAN flaw amid active exploit chains, urging rapid patching.,SOC,From OODA to SUDA: Why ...	English News Foreign Country Information Provision
13	securityledger.com	https://securityledger.com/	Tuesday, April 21, 2026,BreachLock Named Representative Vendor in the 2026 Gartner Market Guide for Adversarial Exposure Validation,April 21, 2026,\|,cybernewswire,New York, United States, 21st April 2 ...	English News Foreign Country Information Provision
14	securityweek	https://www.securityweek.com/	Third US Security Expert Admits Helping Ransomware Gang,Angelo Martino of Florida has pleaded guilty to collaborating with the BlackCat cybercrime group while working as a ransomware negotiator.,Dozen ...	English News Foreign Country Information Provision
15	TechCrunch	https://techcrunch.com/	AI,SpaceX is working with Cursor and has an option to buy the startup for $60 billion,Tim Fernholz,11 minutes ago,Hardware,Apple’s John Ternus will run one of the world’s most powerful companies; the ...	English News Foreign Country Blog Site Information Gathering
16	TechNadu.com	https://www.technadu.com/	Poste Italiane and Postepay Fined €12.5 Million for Illegally Processing Personal Data of Millions ⁠of Users,By,Lore Apostol,\|,Published,KelpDAO Crypto Theft: Lazarus Hackers Linked to $290 Million He ...	English News Foreign Country Information Provision
17	TechRadar	https://www.techradar.com/	Apple after Tim Cook — John Ternus will take the helm at a pivotal moment,What challenges does Apple's incoming CEO face? And what will Apple do — and be — under John Ternus?,I asked ChatGPT and Gemin ...	English News Foreign Country Blog
18	The Verge	https://www.theverge.com/	Latest,Tim Cook was an innovator — just not the Jobs kind,Cook’s relentless optimization propelled Apple’s fortunes to new heights and an era of predictable profitability.,Allison Johnson,7:15 PM UTC, ...	English News Foreign Country Blog
19	wired	https://www.wired.com/	Hardened Hearts,They Built a Legendary Privacy Tool. Now They’re Sworn Enemies,There’s a lot of love all over the world for GrapheneOS, the gold standard of mobile security. There’s very little love b ...	English News Blog

security_company

No	Image	Name	URL	Excerpt Of Changes	Tag
1		Offensive Security	https://www.offsec.com/	for hands-on offensive operations in artificial intelligence environments,Train in live labs. Hack purpose-built environments. Level up where it matters. From individual contributors to global teams, ...	English Tools Company Consulting Qualifications Education Pentest E-Learning

blog

No	Name	URL	Excerpt Of Changes	Tag
1	Hacking Articles	https://www.hackingarticles.in/	DACL Attacks,GPO Abuse: Exploiting Vulnerable Group Policy Objects,April 21, 2026,April 21, 2026,by,raj,15 Min Reading,This article walks through a complete GPO-abuse attack chain in a lab domain name ...	English Web Audit Foreign Country Hacking Education Blog Pentest Information Provision
2	Rapid7 Blog	https://www.rapid7.com/blog/	3685,Artificial Intelligence,Project Glasswing and the Next Challenge for Defenders: Turning Faster Discovery into Faster Action,Craig Adams	English Major Foreign Country Company Blog Information Provision
3	Redhat's Official Blog	https://www.redhat.com/ja/blog	AI から量子コンピューティングまで、RHEL 10 の新機能をご紹介します。,Red Hat は、当社のお客様が直面する多様なインフラストラクチャ・ランドスケープを認識しており、すべての主要なパブリッククラウド・プロバイダーに Red Hat OpenShift Virtualization を提供できるよう取り組んでいます。	English Major Company Blog Information Provision

organization

No	Name	URL	Excerpt Of Changes	Tag
1	Center for Internet Security	https://www.cisecurity.org/	04.21.2026,Unmanned Aircraft Systems (UAS): Evolving Risks to Large-Scale Public Gatherings,Read More,White Paper,04.20.2026,CIS, Astrix, and Cequence Release New AI Security Companion Guides,White Pa ...	English Foreign Country Organization Information Provision
2	National Vulnerability Database	https://nvd.nist.gov/	CVE-2013-3346,- Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via un ...	English Organization Government
3	OWASP	https://www.owasp.org/	Bridging the Gap in Product Lifecycle Management: How OpenEoX and CLE Work Together,Jordan Harband and Przemyslaw (Rogue) Roguski,, April 15, 2026,OpenEoX and CLE are two emerging standards that work ...	English Organization

ctf_bug_bounty

No	Image	Name	URL	Excerpt Of Changes	Tag
1		Hacker One	https://www.hackerone.com/	h1 Validation: built to turn AI findings into verified fixes \|,Not every vulnerability matters.,Fix the ones that do.,Focus on what’s,real,. The HackerOne Platform reduces risk by uncovering,,validati ...	English Hacking Bug Bounty

vulnerability_notification_site

No	Image	Name	URL	Excerpt Of Changes	Tag
1		Packet Storm	https://packetstormsecurity.com/	2026/04/21 - Had a couple real egg on face moments. The bookmarking flow for researchers had some remnant code that still disclosed email addresses without inheritance from the user profiles if mappe ...	English News Tools Foreign Country Hacking Exploit

Security Advisary

No	Image	Name	URL	Excerpt Of Changes	Tag
1		Drupal Security Information	https://www.drupal.org/security	JavaScript is disabled in your browser.,Please enable JavaScript to proceed.,A required part of this site couldn’t load. This may be due to a browser extension, network issues, or browser settin ...	English Foreign Country Security Advisories

2026-4-21 JST

security_company

No	Image	Name	URL	Excerpt Of Changes	Tag
1		crowdstrike	https://www.crowdstrike.jp/	年次イベント”CrowdTour”ご登録受付中！TOKYO（5/22開催）ご登録は,こちら,\| OSAKA（ 5/21開催）ご登録は,こちら	English Foreign Country Company Endpoint Detection and Response(EDR) Incident Response
2		SentinelOne	https://www.sentinelone.com/	Join the Cyber Forum: Threat Intel on May 12, 2026 to learn how AI is reshaping threat defense.,Join the Virtual Cyber Forum: Threat Intel,Register Now,Join the Virtual Cyber Forum: Threat Intel,Virtu ...	English Foreign Country Company Endpoint Detection and Response(EDR)

blog

No	Image	Name	URL	Excerpt Of Changes	Tag
1		Qualys Security Blog	https://blog.qualys.com/	Lavish Jhamb,April 20, 2026,- 7 min read,Enterprise Remediation Benchmark: How Does Your Organization Compare?,Posted in,Qualys Insights,29,4	English Major Foreign Country Blog Information Provision
2		Ubuntu Official Blog	https://ubuntu.com/blog	AI,Hybrid search and reranking: a deeper look at RAG,by,robgibbon,on 20 April 2026,Many of us are familiar with the retrieval augmented generative AI (RAG) pattern for building agentic AI applications ...	English Major Foreign Country Blog Information Provision

proxy

No	Image	Name	URL	Excerpt Of Changes	Tag
1		charlesproxy	https://www.charlesproxy.com/	21 4月 2026,Charles 5.1 released with performance and UI/UX improvements.,Read more.,Show more news...,Version 5.1,. All content is copyright 2026. Site design by	English Tools