Trusted Design

最近のKEV情報

KEVとは

KEV(Known Exploited Vulnerabilities)とは、CISA(Cybersecurity and Infrastructure Security Agency)が公開している、既に悪用が確認されている脆弱性のリストです。組織はこのリストを参考にして、重要なセキュリティ対策を優先的に実施することが推奨されています。

本サイトは最新のKEV情報を提供し、過去のKEVファイルとの比較やCVEの詳細情報も確認できるようにすることを目標に作成しています。

30日以内にKEVに登録されたCVE

  • CVE-2026-58644:
    Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
  • CVE-2026-25089:
    Fortinet FortiSandbox OS Command Injection Vulnerability
  • CVE-2026-39808:
    Fortinet FortiSandbox OS Command Injection Vulnerability
  • CVE-2026-46817:
    Oracle E-Business Suite Improper Privilege Management Vulnerability
  • CVE-2023-4346:
    KNX Association KNX Protocol Connection Authorization Option 1 Overly Restrictive Account Lockout Mechanism Vulnerability
  • CVE-2026-56155:
    Microsoft Active Directory Federation Services Insufficient Granularity of Access Control Vulnerability
  • CVE-2026-56164:
    Microsoft SharePoint Server Missing Authentication for Critical Function Vulnerability
  • CVE-2026-15409:
    SonicWall SMA1000 Appliances Server-Side Request Forgery Vulnerability
  • CVE-2026-15410:
    SonicWall SMA1000 Appliances Code Injection Vulnerability
  • CVE-2008-4128:
    Cisco IOS Cross-Site Request Forgery Vulnerability
  • CVE-2026-56291:
    Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability
  • CVE-2026-48939:
    iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability
  • CVE-2026-48908:
    JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability
  • CVE-2026-55255:
    Langflow Authorization Bypass Through User-Controlled Key Vulnerability
  • CVE-2026-56290:
    Joomlack Page Builder Improper Access Control Vulnerability
  • CVE-2026-48282:
    Adobe ColdFusion Path Traversal Vulnerability
  • CVE-2026-45659:
    Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability
  • CVE-2026-48558:
    SimpleHelp Authentication Bypass Vulnerability
  • CVE-2026-12569:
    PTC Windchill and FlexPLM Improper Input Validation Vulnerability
  • CVE-2026-20230:
    Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability
  • CVE-2025-67038:
    Lantronix EDS5000 Code Injection Vulnerability
  • CVE-2026-34910:
    Ubiquiti UniFi OS Improper Input Validation Vulnerability
  • CVE-2026-34909:
    Ubiquiti UniFi OS Path Traversal Vulnerability
  • CVE-2026-34908:
    Ubiquiti UniFi OS Improper Access Control Vulnerability
  • CVE-2026-20253:
    Splunk Enterprise Missing Authentication for Critical Function Vulnerability

リンク

KEV一覧へ
KEV履歴へ