<?xml version="1.0" encoding="UTF-8"?><urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9" xmlns:news="http://www.google.com/schemas/sitemap-news/0.9"><url><loc>https://kkm-mako.com/en/blog/articles/praisonai-cve/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>en</news:language></news:publication><news:publication_date>2026-07-11T14:41:35+00:00</news:publication_date><news:title>AI agent framework PraisonAI hit by 5 flaws, one a max-severity 10.0 RCE (CVE-2026-61447): update now</news:title></news:news></url><url><loc>https://kkm-mako.com/blog/articles/praisonai-cve/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>ja</news:language></news:publication><news:publication_date>2026-07-11T14:41:24+00:00</news:publication_date><news:title>AI業務自動化ツール『PraisonAI』に危険度10.0の脆弱性、AIへの指示だけでサーバー乗っ取り CVE-2026-61447ほか計5件、最新版へ即更新を</news:title></news:news></url><url><loc>https://kkm-mako.com/en/blog/articles/cve-digest-2026-07-11/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>en</news:language></news:publication><news:publication_date>2026-07-11T10:18:58+00:00</news:publication_date><news:title>July 11, 2026 Security Vulnerability Roundup: Seven WordPress Plugins Enable Admin Takeover — Does It Affect You?</news:title></news:news></url><url><loc>https://kkm-mako.com/blog/articles/cve-digest-2026-07-11/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>ja</news:language></news:publication><news:publication_date>2026-07-11T10:18:46+00:00</news:publication_date><news:title>【2026年7月11日】セキュリティ脆弱性まとめ ― WordPressプラグイン7件で管理者乗っ取りが連鎖、一般利用者への影響は</news:title></news:news></url><url><loc>https://kkm-mako.com/en/blog/articles/miniorange-login-cve/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>en</news:language></news:publication><news:publication_date>2026-07-10T21:35:57+00:00</news:publication_date><news:title>Two miniOrange WordPress login plugins allow admin takeover (CVE-2026-12761 &amp; 57807)</news:title></news:news></url><url><loc>https://kkm-mako.com/blog/articles/miniorange-login-cve/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>ja</news:language></news:publication><news:publication_date>2026-07-10T21:35:47+00:00</news:publication_date><news:title>WordPressのログイン連携プラグイン『miniOrange』2種に乗っ取りの脆弱性、ログイン不要で管理者を奪われる恐れ CVE-2026-12761ほか、今すぐ更新を</news:title></news:news></url><url><loc>https://kkm-mako.com/en/blog/articles/mcp-server-kubernetes-cve/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>en</news:language></news:publication><news:publication_date>2026-07-10T19:37:34+00:00</news:publication_date><news:title>AI-to-Kubernetes tool mcp-server-kubernetes flaw leaks admin credentials (CVE-2026-61459)</news:title></news:news></url><url><loc>https://kkm-mako.com/blog/articles/mcp-server-kubernetes-cve/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>ja</news:language></news:publication><news:publication_date>2026-07-10T19:37:22+00:00</news:publication_date><news:title>AIにサーバー群を操作させる連携ツール『mcp-server-kubernetes』に脆弱性、クラスタ管理者の認証情報が盗まれる恐れ CVE-2026-61459、最新版へ即更新を</news:title></news:news></url><url><loc>https://kkm-mako.com/en/blog/articles/joomla-extensions-cve/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>en</news:language></news:publication><news:publication_date>2026-07-10T17:36:50+00:00</news:publication_date><news:title>Two Joomla extensions under active attack: Balbooa Forms &amp; iCagenda RCE</news:title></news:news></url><url><loc>https://kkm-mako.com/blog/articles/joomla-extensions-cve/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>ja</news:language></news:publication><news:publication_date>2026-07-10T17:36:38+00:00</news:publication_date><news:title>Joomlaの人気拡張『Balbooa Forms』『iCagenda』が実際に攻撃されている、ログイン不要でサイト乗っ取り、今すぐ更新を</news:title></news:news></url><url><loc>https://kkm-mako.com/en/blog/articles/9router-cve/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>en</news:language></news:publication><news:publication_date>2026-07-10T16:38:29+00:00</news:publication_date><news:title>9Router flaws leak stored API keys and tokens (CVE-2026-55500 and more)</news:title></news:news></url><url><loc>https://kkm-mako.com/blog/articles/9router-cve/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>ja</news:language></news:publication><news:publication_date>2026-07-10T16:38:16+00:00</news:publication_date><news:title>人気AIコーディングルーター『9Router』に脆弱性が相次ぐ、保存したAPIキーやトークンが丸ごと盗まれる恐れ CVE-2026-55500ほか、最新版へ即更新を</news:title></news:news></url><url><loc>https://kkm-mako.com/en/blog/articles/intellij-idea-cve/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>en</news:language></news:publication><news:publication_date>2026-07-10T15:37:13+00:00</news:publication_date><news:title>IntelliJ IDEA RCE flaw CVE-2026-59792: opening a crafted project runs code</news:title></news:news></url><url><loc>https://kkm-mako.com/blog/articles/intellij-idea-cve/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>ja</news:language></news:publication><news:publication_date>2026-07-10T15:37:00+00:00</news:publication_date><news:title>人気の開発ソフト『IntelliJ IDEA』に乗っ取りの脆弱性 CVE-2026-59792、不正なプロジェクトを開くと危険、最新版へ即更新を</news:title></news:news></url><url><loc>https://kkm-mako.com/blog/articles/cve-digest-2026-07-10/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>ja</news:language></news:publication><news:publication_date>2026-07-10T10:39:11+00:00</news:publication_date><news:title>【2026年7月10日】セキュリティ脆弱性まとめ ― WordPress拡張で乗っ取り相次ぐ、一般利用者への影響は</news:title></news:news></url><url><loc>https://kkm-mako.com/en/blog/articles/superforms-cve/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>en</news:language></news:publication><news:publication_date>2026-07-10T04:36:11+00:00</news:publication_date><news:title>WordPress Form Plugin 'Super Forms' Site-Takeover Flaw CVE-2026-14894 — Exploitable With No Login, Update Now</news:title></news:news></url><url><loc>https://kkm-mako.com/blog/articles/superforms-cve/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>ja</news:language></news:publication><news:publication_date>2026-07-10T04:35:54+00:00</news:publication_date><news:title>WordPressフォーム作成プラグイン『Super Forms』にサイト乗っ取りの脆弱性 CVE-2026-14894、ログイン不要で悪用可・最新版へ即更新を</news:title></news:news></url><url><loc>https://kkm-mako.com/en/blog/articles/hermes-webui-cve/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>en</news:language></news:publication><news:publication_date>2026-07-09T22:39:48+00:00</news:publication_date><news:title>Popular AI Agent UI 'Hermes WebUI' Server-Takeover Flaw CVE-2026-58123 — No Password Needed, Plus API-Key Theft; Update Now</news:title></news:news></url><url><loc>https://kkm-mako.com/blog/articles/hermes-webui-cve/</loc><news:news><news:publication><news:name>Canarii</news:name><news:language>ja</news:language></news:publication><news:publication_date>2026-07-09T22:39:31+00:00</news:publication_date><news:title>人気AIエージェントUI『Hermes WebUI』にサーバー乗っ取りの脆弱性 CVE-2026-58123、パスワードなしで制圧・API鍵窃取の2件、最新版へ即更新を</news:title></news:news></url></urlset>