<?xml version="1.0" encoding="UTF-8"?><urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" xmlns:news="http://www.google.com/schemas/sitemap-news/0.9"><url><loc>https://kkm-mako.com/en/blog/articles/grafana-oncall-cve/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>en</news:language></news:publication><news:publication_date>2026-07-16T17:56:02+00:00</news:publication_date><news:title>Grafana OnCall (open-source) can be fully taken over without login — and no patch is coming: CVE-2026-63087, stop using it and migrate</news:title></news:news></url><url><loc>https://kkm-mako.com/blog/articles/grafana-oncall-cve/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>ja</news:language></news:publication><news:publication_date>2026-07-16T17:55:51+00:00</news:publication_date><news:title>障害対応の呼び出しを管理する『Grafana OnCall』にログイン不要で丸ごと乗っ取りの脆弱性、修正版は出ず CVE-2026-63087 使用中止と移行を</news:title></news:news></url><url><loc>https://kkm-mako.com/en/blog/articles/ubuntu-pro-client-cve/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>en</news:language></news:publication><news:publication_date>2026-07-16T14:45:35+00:00</news:publication_date><news:title>Critical flaw in a tool bundled with Ubuntu (CVE-2026-11386): a spoofed server could sneak in malicious software — update now</news:title></news:news></url><url><loc>https://kkm-mako.com/blog/articles/ubuntu-pro-client-cve/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>ja</news:language></news:publication><news:publication_date>2026-07-16T14:45:25+00:00</news:publication_date><news:title>Ubuntuに標準で入る管理ツールに重大な脆弱性、偽のサーバー経由で不正なソフトを仕込まれる恐れ CVE-2026-11386、修正版へ更新を</news:title></news:news></url><url><loc>https://kkm-mako.com/en/blog/articles/spring-authorization-server-cve/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>en</news:language></news:publication><news:publication_date>2026-07-16T10:45:27+00:00</news:publication_date><news:title>Critical flaw in Spring Authorization Server (CVE-2026-22752): a crafted client registration can lead to impersonation and data theft — update to 7.0.5 / 1.5.7</news:title></news:news></url><url><loc>https://kkm-mako.com/blog/articles/spring-authorization-server-cve/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>ja</news:language></news:publication><news:publication_date>2026-07-16T10:45:16+00:00</news:publication_date><news:title>ログイン連携の土台『Spring Authorization Server』に緊急の脆弱性、悪用でなりすまし・情報流出の恐れ CVE-2026-22752、7.0.5などへ更新を</news:title></news:news></url><url><loc>https://kkm-mako.com/en/blog/articles/wordpress-plugins-2026-07-16-privilege-escalation-roundup/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>en</news:language></news:publication><news:publication_date>2026-07-16T09:47:36+00:00</news:publication_date><news:title>Three popular WordPress plugins hit by admin-takeover flaws, including a translation tool on 1M+ sites (CVE-2026-15005 and more) — update now (July 16, 2026)</news:title></news:news></url><url><loc>https://kkm-mako.com/blog/articles/wordpress-plugins-2026-07-16-privilege-escalation-roundup/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>ja</news:language></news:publication><news:publication_date>2026-07-16T09:47:25+00:00</news:publication_date><news:title>WordPressの人気プラグイン3種に管理者乗っ取りの脆弱性、100万サイト超の翻訳ツールも対象 CVE-2026-15005ほか最新版へ更新を（2026年7月16日）</news:title></news:news></url><url><loc>https://kkm-mako.com/en/blog/articles/credit-card-outage-2026-07-16/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>en</news:language></news:publication><news:publication_date>2026-07-16T09:00:38+00:00</news:publication_date><news:title>Credit cards went down across Japan on July 16: convenience stores and Suica top-ups hit — the cause was an international card network outage</news:title></news:news></url><url><loc>https://kkm-mako.com/blog/articles/credit-card-outage-2026-07-16/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>ja</news:language></news:publication><news:publication_date>2026-07-16T09:00:27+00:00</news:publication_date><news:title>クレジットカードが全国で一時使えない障害、コンビニやSuicaチャージに影響 原因は海外の決済ネットワーク</news:title></news:news></url><url><loc>https://kkm-mako.com/en/blog/articles/miniorange-saml-sso-cve/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>en</news:language></news:publication><news:publication_date>2026-07-16T05:47:51+00:00</news:publication_date><news:title>Critical flaw in the WordPress plugin miniOrange SAML SSO (CVE-2026-15013): admin takeover with no password — update to 5.4.4</news:title></news:news></url><url><loc>https://kkm-mako.com/blog/articles/miniorange-saml-sso-cve/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>ja</news:language></news:publication><news:publication_date>2026-07-16T05:47:40+00:00</news:publication_date><news:title>WordPressの人気SSOプラグイン『miniOrange SAML SSO』に緊急の脆弱性、パスワード不要で管理者を乗っ取られる恐れ CVE-2026-15013、5.4.4へ即更新を</news:title></news:news></url><url><loc>https://kkm-mako.com/en/blog/articles/node-forge-cve/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>en</news:language></news:publication><news:publication_date>2026-07-16T04:47:32+00:00</news:publication_date><news:title>Signature forgery flaws in node-forge, a JS crypto library with 34M weekly downloads (CVE-2026-33894, CVE-2026-33895): update to 1.4.0</news:title></news:news></url><url><loc>https://kkm-mako.com/blog/articles/node-forge-cve/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>ja</news:language></news:publication><news:publication_date>2026-07-16T04:47:21+00:00</news:publication_date><news:title>暗号ライブラリ『node-forge』に署名偽造の欠陥、偽の署名が本物と認められる恐れ CVE-2026-33894ほか v1.4.0へ更新を</news:title></news:news></url><url><loc>https://kkm-mako.com/en/blog/articles/tera-term-cve/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>en</news:language></news:publication><news:publication_date>2026-07-16T03:48:32+00:00</news:publication_date><news:title>Two flaws in Tera Term (CVE-2026-58317 and CVE-2026-60060): a malicious SSH server could leak your PC's memory — update to 5.6.2</news:title></news:news></url><url><loc>https://kkm-mako.com/blog/articles/tera-term-cve/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>ja</news:language></news:publication><news:publication_date>2026-07-16T03:48:21+00:00</news:publication_date><news:title>『Tera Term』に2件の脆弱性、悪意あるサーバーに接続すると情報が漏れる恐れ CVE-2026-58317ほか最新版5.6.2へ</news:title></news:news></url><url><loc>https://kkm-mako.com/en/blog/articles/apache-tomcat-cve/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>en</news:language></news:publication><news:publication_date>2026-07-16T02:29:56+00:00</news:publication_date><news:title>Tomcat shows a '9.1 Critical' flaw, but Apache rates it 'Low' (CVE-2026-59083/59084): why a routine update is enough</news:title></news:news></url><url><loc>https://kkm-mako.com/blog/articles/apache-tomcat-cve/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>ja</news:language></news:publication><news:publication_date>2026-07-16T02:29:44+00:00</news:publication_date><news:title>Apache Tomcatに『危険度9.1』の脆弱性と出るが、開発元評価は『低』 CVE-2026-59083/59084、慌てず定例更新でよい理由</news:title></news:news></url><url><loc>https://kkm-mako.com/en/blog/articles/directus-cve/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>en</news:language></news:publication><news:publication_date>2026-07-15T15:40:24+00:00</news:publication_date><news:title>Info-leak flaw in the Directus data platform (CVE-2026-61836): password-protected shares exposed to others, update to v12</news:title></news:news></url><url><loc>https://kkm-mako.com/blog/articles/directus-cve/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>ja</news:language></news:publication><news:publication_date>2026-07-15T15:40:12+00:00</news:publication_date><news:title>データ管理ツール『Directus』に情報漏れの脆弱性、パスワード付き共有リンクを第三者に見られる恐れ CVE-2026-61836、最新版12へ更新を</news:title></news:news></url><url><loc>https://kkm-mako.com/en/blog/articles/wazuh-cve/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>en</news:language></news:publication><news:publication_date>2026-07-15T12:45:35+00:00</news:publication_date><news:title>Max-severity flaw CVE-2026-56699 hits the Wazuh security monitor (CVSS 10.0): unauthenticated record tampering, update 5.0 beta now</news:title></news:news></url><url><loc>https://kkm-mako.com/blog/articles/wazuh-cve/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>ja</news:language></news:publication><news:publication_date>2026-07-15T12:45:18+00:00</news:publication_date><news:title>セキュリティ監視ツール『Wazuh』に危険度10.0の脆弱性、ログインなしで記録を改ざん CVE-2026-56699、5.0ベータ版は即更新を</news:title></news:news></url><url><loc>https://kkm-mako.com/en/blog/articles/mcp-grafana-cve/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>en</news:language></news:publication><news:publication_date>2026-07-15T08:40:27+00:00</news:publication_date><news:title>Flaw in Grafana's AI connector 'mcp-grafana' leaks credentials (CVE-2026-15583): update to v0.17.2 now</news:title></news:news></url><url><loc>https://kkm-mako.com/blog/articles/mcp-grafana-cve/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>ja</news:language></news:publication><news:publication_date>2026-07-15T08:40:15+00:00</news:publication_date><news:title>AIに監視ツールGrafanaを操作させる連携ツール『mcp-grafana』に脆弱性、認証情報が盗まれる恐れ CVE-2026-15583、v0.17.2へ即更新を</news:title></news:news></url><url><loc>https://kkm-mako.com/blog/articles/zed-migration-from-vscode/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>ja</news:language></news:publication><news:publication_date>2026-07-15T07:48:32+00:00</news:publication_date><news:title>VSCodeからZedへ乗り換えてみた — Claude Code・Copilot・Python/Go開発環境を移行実況</news:title></news:news></url><url><loc>https://kkm-mako.com/blog/articles/ubuntu-screenshot-session-sort/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>ja</news:language></news:publication><news:publication_date>2026-07-15T04:27:53+00:00</news:publication_date><news:title>Ubuntuのスクリーンショットを「セッション単位」で自動フォルダ分けする</news:title></news:news></url><url><loc>https://kkm-mako.com/en/blog/articles/hyper-sbi-cve/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>en</news:language></news:publication><news:publication_date>2026-07-15T03:35:10+00:00</news:publication_date><news:title>Takeover flaw in SBI's HYPER SBI 2 installer (CVE-2026-42936): update to 3.20.0</news:title></news:news></url><url><loc>https://kkm-mako.com/blog/articles/hyper-sbi-cve/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>ja</news:language></news:publication><news:publication_date>2026-07-15T03:34:59+00:00</news:publication_date><news:title>SBI証券『HYPER SBI 2』に乗っ取りの脆弱性 CVE-2026-42936、最新版3.20.0へ更新を</news:title></news:news></url><url><loc>https://kkm-mako.com/en/blog/articles/gpt-56-sol-file-deletion/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>en</news:language></news:publication><news:publication_date>2026-07-15T03:13:06+00:00</news:publication_date><news:title>OpenAI's new AI "GPT-5.6 Sol" is deleting user files without permission</news:title></news:news></url><url><loc>https://kkm-mako.com/blog/articles/gpt-56-sol-file-deletion/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>ja</news:language></news:publication><news:publication_date>2026-07-15T03:12:54+00:00</news:publication_date><news:title>新AI『GPT-5.6』が勝手にファイル削除、開発者のMacが消えた</news:title></news:news></url><url><loc>https://kkm-mako.com/en/blog/articles/sonicwall-sma-cve/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>en</news:language></news:publication><news:publication_date>2026-07-14T19:38:31+00:00</news:publication_date><news:title>SonicWall SMA1000 Under Active Attack — CVE-2026-15409 &amp; 15410 in CISA KEV, Patch Now</news:title></news:news></url><url><loc>https://kkm-mako.com/blog/articles/sonicwall-sma-cve/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>ja</news:language></news:publication><news:publication_date>2026-07-14T19:38:20+00:00</news:publication_date><news:title>SonicWall SMA1000に悪用中の脆弱性2件 CVE-2026-15409ほか即更新を</news:title></news:news></url></urlset>