安全情报专区 36+

厳選されたセキュリティアドバイザリ、脆弱性分析、エクスプロイト情報を日本語で提供。継続更新中。

フィルター

KEVのみ

検証済みPoC

フィルターをクリア

Medium

Discourse Hidden Tag Visibility Bypass Vulnerability (CVE-2026-27481)

CVE-2026-27481 · github.com · 2026-04-04

>= 0 · >= 2026.2.0-latest …

続きを読む

Low

Discourse CVE-2026-34847 Information Disclosure on Public Invite Pages

CVE-2026-34847 · github.com · 2026-04-04

>= 0 · >= 2026.2.0-latest …

続きを読む

High

Discourse Shared Topic Access Control Bypass Fix

github.com · 2026-04-02

Discourse

続きを読む

Unknown

GitLab DiscourseImporter DoS Vulnerability Fix

github.com · 2026-04-02

gitlab-rails

続きを読む

High

Discourse Category Description Update IDOR Vulnerability Fix

github.com · 2026-04-02

Discourse < 05e3da2

続きを読む

Medium

Discourse Group Visibility Bypass Fix

github.com · 2026-04-02

Discourse

続きを読む

Medium

Discourse Post-Level Authorization Bypass Leading to Metadata Disclosure Fix

github.com · 2026-04-02

Discourse

続きを読む

Medium

Discourse shared_conversations Plugin Stored XSS Fix

github.com · 2026-04-02

Discourse shared_conversations plugin

続きを読む

High

GitLab CVE-2024-38238 RCE Vulnerability Analysis and Exploitation

CVE-2024-38238 · github.com · 2026-04-02

GitLab < 16.9.0 · gitlab-ruby < 16.9.0

続きを読む

High

Prometheus Arbitrary File Read Vulnerability Fix in Report Export

github.com · 2026-04-02

根据提供的网页截图，这是一个关于Prometheus项目代码变更的Pull Request（PR）页面，主要涉及修复一个与报告导出相关的漏洞。 **1. 漏洞概述 (Vulnerability Overview):** * **漏洞类型:** 任意文件读取漏洞 (Arbitrary File Read)。 * **描述:** 在Prometheus的 `report` 功能中，存在一个漏洞，允许攻…

続きを読む

High

CVE-2024-45464 django-cors-headers CORS Misconfiguration Vulnerability Analysis

CVE-2024-45464 · github.com · 2026-04-02

django-cors-headers < 3.14.0

続きを読む

High

Discourse CVE-2024-38178 Privilege Escalation via Category Permissions Fix

CVE-2024-38178 · github.com · 2026-04-02

Discourse < 3.2.0

続きを読む

Unknown

Discourse Admin IDOR Vulnerability Fix Analysis

github.com · 2026-04-02

Discourse

続きを読む

Medium

Discourse Open Redirect via SSO Cookie 'sso_destination_url

github.com · 2026-04-02

Discourse <= 2020.2-latest · Discourse <= 2020.3-latest

続きを読む

High

Discourse discourse-subscriptions Privilege Escalation via Self-Grant (CVE-2024-30074)

CVE-2024-30074 · github.com · 2026-04-02

discourse-subscriptions >= 0 · discourse-subscriptions >= 2026.2.0-latest …

続きを読む

Medium

Discourse CVE-2026-12619: Unauthorized Poll Manipulation in Private Categories

CVE-2026-12619 · github.com · 2026-04-02

Discourse >= 0 · Discourse >= 2026.2.0-latest …

続きを読む

High

Discourse discourse-subscriptions Plugin Multisite Stripe API Key Disclosure (CVE-2024-39731)

CVE-2024-39731 · github.com · 2026-04-02

>= 0 · >= 2026.2.0-latest …

続きを読む

Medium

Discourse SSRF in Group SMTP Test Endpoint (CVE-2026-39185)

CVE-2026-39185 · github.com · 2026-04-02

>= 0 · >= 2026.2.0 latest …

続きを読む

High

Discourse CVE-2026-32143: Moderators can export admin-only reports via permission bypass

CVE-2026-32143 · github.com · 2026-04-02

Discourse >= 0 · Discourse >= 2026.2.0-latest …

続きを読む

Medium

Discourse Authorization Bypass in Oneboxer via User-Controlled Category ID

github.com · 2026-04-02

Discourse >= 0 · Discourse >= 2026.2.0-latest …

続きを読む

每篇文章经过自动 HTML→Markdown 清洗 + LLM 去噪 + 中英双语翻译。原始链接保留在文章末尾。

想看哪个安全博客 / 公告源？邮件告诉我们，每周新接 1-2 个。