https://kkm-mako.com/en/blog/articles/naxclow-cheap-wifi-camera-doorbell-takeover-cve-2026-28742/まこちゃんの技術ジャーナルen2026-06-12T20:13:38+00:00Cheap Wi-Fi Cameras and Doorbells Can Be Hijacked, No Fix Coming: CVE-2026-28742https://kkm-mako.com/blog/articles/naxclow-cheap-wifi-camera-doorbell-takeover-cve-2026-28742/まこちゃんの技術ジャーナルja2026-06-12T20:13:20+00:00激安Wi-Fiカメラやドアベルが乗っ取れる脆弱性、修正なし CVE-2026-28742https://kkm-mako.com/en/blog/articles/aqara-smart-home-cloud-takeover-cve-2026-50083-50091/まこちゃんの技術ジャーナルen2026-06-12T17:16:15+00:00Aqara Smart Locks and Cameras Could Be Hijacked: Cloud Flaws Including CVE-2026-50083https://kkm-mako.com/blog/articles/aqara-smart-home-cloud-takeover-cve-2026-50083-50091/まこちゃんの技術ジャーナルja2026-06-12T17:15:58+00:00Aqaraのスマートロックやカメラに乗っ取りの脆弱性、CVE-2026-50083ほかhttps://kkm-mako.com/en/blog/articles/netty-dns-cache-poisoning-cve-2026-45674-45673-47691/まこちゃんの技術ジャーナルen2026-06-12T16:35:40+00:00Netty Flaws Let Attackers Reroute Your Traffic via DNS Cache Poisoning — Update to 4.1.135.Final (CVE-2026-45674)https://kkm-mako.com/en/blog/articles/vm2-sandbox-escape-cve-2026-47131-47208-rce-octet/まこちゃんの技術ジャーナルen2026-06-12T16:33:16+00:00Eight Sandbox-Escape Flaws Hit vm2, Three Rated Max Severity — Patch to 3.11.4 Now (CVE-2026-47131)https://kkm-mako.com/blog/articles/netty-dns-cache-poisoning-cve-2026-45674-45673-47691/まこちゃんの技術ジャーナルja2026-06-12T16:33:15+00:00Netty に通信先を偽装される脆弱性3件、最新版へ更新を CVE-2026-45674https://kkm-mako.com/blog/articles/vm2-sandbox-escape-cve-2026-47131-47208-rce-octet/まこちゃんの技術ジャーナルja2026-06-12T16:32:53+00:00vm2に乗っ取りの脆弱性8件、v3.11.4へ更新を CVE-2026-47131https://kkm-mako.com/en/blog/articles/mariadb-galera-wsrep-rce-cve-2026-49261/まこちゃんの技術ジャーナルen2026-06-11T19:10:26+00:00MariaDB Hit by Top-Severity RCE in Galera Clustering — wsrep Users Should Update Now (CVE-2026-49261)https://kkm-mako.com/blog/articles/mariadb-galera-wsrep-rce-cve-2026-49261/まこちゃんの技術ジャーナルja2026-06-11T19:10:07+00:00MariaDBにサーバー乗っ取りの脆弱性、Galera利用者は更新を CVE-2026-49261https://kkm-mako.com/en/blog/articles/axios-proxy-ssrf-mitm-cve-2026-44492-44494/まこちゃんの技術ジャーナルen2026-06-11T18:16:27+00:00axios Flaws Let Attackers Steal Credentials via Proxy SSRF and Prototype-Pollution MITM — Update to 1.16.0 Now (CVE-2026-44492 / CVE-2026-44494)https://kkm-mako.com/blog/articles/axios-proxy-ssrf-mitm-cve-2026-44492-44494/まこちゃんの技術ジャーナルja2026-06-11T18:16:09+00:00axiosに認証情報が盗まれる脆弱性、最新版へ今すぐ更新を CVE-2026-44494https://kkm-mako.com/en/blog/articles/gitlab-security-release-cve-2026-6552-account-takeover/まこちゃんの技術ジャーナルen2026-06-11T13:10:27+00:00GitLab Account-Takeover Flaw and 11 More: Self-Managed Servers Should Update Now (CVE-2026-6552)https://kkm-mako.com/blog/articles/gitlab-security-release-cve-2026-6552-account-takeover/まこちゃんの技術ジャーナルja2026-06-11T13:10:08+00:00GitLabにアカウント乗っ取りの脆弱性、社内設置は今すぐ更新 CVE-2026-6552https://kkm-mako.com/en/blog/articles/npm-v12-install-scripts-opt-in-no-auto-run/まこちゃんの技術ジャーナルen2026-06-11T06:53:09+00:00npm v12: Dependency Install Scripts No Longer Run Automaticallyhttps://kkm-mako.com/blog/articles/npm-v12-install-scripts-opt-in-no-auto-run/まこちゃんの技術ジャーナルja2026-06-11T06:52:50+00:00npm v12でnpm installが変わる、依存スクリプトの自動実行が止まるhttps://kkm-mako.com/en/blog/articles/oracle-peoplesoft-cve-2026-35273-unauth-rce-emergency/まこちゃんの技術ジャーナルen2026-06-11T05:11:42+00:00Emergency Flaw in Oracle's PeopleSoft HR System: Servers Can Be Taken Over Without a Login, CVE-2026-35273, Apply the Out-of-Cycle Patch Nowhttps://kkm-mako.com/blog/articles/oracle-peoplesoft-cve-2026-35273-unauth-rce-emergency/まこちゃんの技術ジャーナルja2026-06-11T05:11:24+00:00Oracleの人事給与システムPeopleSoftに緊急脆弱性、ログインなしでサーバー乗っ取りの恐れ CVE-2026-35273、定例外パッチを今すぐhttps://kkm-mako.com/en/blog/articles/mitsubishi-electric-appliances-cve-2025-49604-realtek-wifi-dos/まこちゃんの技術ジャーナルen2026-06-11T04:15:36+00:00Flaw in Mitsubishi Electric Home Appliances (AC, Fridge & More): Someone on Your Wi-Fi Can Knock Out Remote Control, CVE-2025-49604, Update the Firmwarehttps://kkm-mako.com/blog/articles/mitsubishi-electric-appliances-cve-2025-49604-realtek-wifi-dos/まこちゃんの技術ジャーナルja2026-06-11T04:15:17+00:00三菱電機のエアコンや冷蔵庫など家電に脆弱性、同じWi-Fiの第三者から遠隔操作を止められる恐れ CVE-2025-49604、修正版へ更新をhttps://kkm-mako.com/en/blog/articles/pi-hole-ftl-cve-2026-44693-session-hijack-race-condition/まこちゃんの技術ジャーナルen2026-06-11T00:10:11+00:00Flaw in Pi-hole, the Popular Ad Blocker: Someone on Your Network Can Hijack the Admin Panel Without a Password, CVE-2026-44693, Update to v6.6.1https://kkm-mako.com/blog/articles/pi-hole-ftl-cve-2026-44693-session-hijack-race-condition/まこちゃんの技術ジャーナルja2026-06-11T00:09:53+00:00広告ブロッカーPi-holeに脆弱性、同じネット上の第三者にパスワードなしで管理画面を乗っ取られる恐れ CVE-2026-44693、v6.6.1へ更新をhttps://kkm-mako.com/en/blog/articles/dracut-cve-2026-6893-dhcp-command-injection-boot/まこちゃんの技術ジャーナルen2026-06-10T21:09:39+00:00Flaw in Dracut, a Core Linux Boot Tool: A Rogue Device on Your Network Can Hijack the System at Boot, CVE-2026-6893https://kkm-mako.com/blog/articles/dracut-cve-2026-6893-dhcp-command-injection-boot/まこちゃんの技術ジャーナルja2026-06-10T21:09:21+00:00Linux起動ツールDracutに脆弱性、同じ回線につながれた偽の機器から乗っ取りの恐れ CVE-2026-6893、ネットワーク起動環境は要対策