📊 2026-05-06 漏洞情报日报 · 193 条 · 高危 121
每日漏洞情报汇总 · 2026-05-06
📊 2026-05-06 漏洞情报日报
📋 共 193 条
🔥 高危/严重 121 条
💣 Exploit-DB-RSS 6 条
🐙 GitHub-Advisory 50 条 🔥26
🛡️ NVD-Latest 95 条 🔥95
⚔️ Sploitus 42 条
🤖 今日安全态势分析
🎯 今日重点关注
- CVE-2026-42300 (DevGuard, 未认证身份绕过):攻击者通过构造`X-Admin-Token`请求头即可冒充任意用户,无需任何身份凭证,利用难度极低。
- CVE-2026-42369 (GV-VMS V20, 远程代码执行):CVSS 10.0的严重漏洞,影响视频监控软件,攻击者可通过网络远程接管服务器,风险极高。
- GHSA-vj3m-2g9h-vm4p (Grav CMS, 多处RCE):包含三个关键RCE向量(反序列化、命令注入),允许拥有管理员权限的攻击者执行任意代码,严重威胁CMS平台安全。
- CVE-2026-44221 (ArcadeDB, 跨数据库越权):已认证的用户或API令牌可以绕过授权读写其他数据库,导致大规模数据泄露,影响数据库隔离机制。
- CVE-2026-42368/GEOVision (权限提升/命令注入):GeoVision安防设备(LPC)曝出多个高危漏洞,攻击者可实现权限提升与OS命令执行,严重影响安防基础设施。
📈 威胁趋势
- 远程代码执行(RCE)占比最高: 今日超过5条漏洞涉及RCE,包括Grav CMS多向量、GV-VMS、Eclipse Equinox OSGi等,是当前最紧急的威胁类型。
- 权限提升与认证绕过: 涉及DevGuard的身份伪造、Grav的用户组提升、ArcadeDB的跨库越权等,表明访问控制缺陷是常见攻击突破口。
- 缓冲区溢出依旧活跃: Assimp库(FBX解析)、ipTIME NAS设备均出现缓冲区溢出漏洞,威胁物联网与文件处理组件。
- 拒绝服务(DoS)风险持续: 针对GoBGP(BGP协议)和Twisted(DNS解析)的拒绝服务攻击威胁网络基础设施稳定。
🛡️ 缓解建议
- 立即排查并更新高风险组件: 优先对Grav CMS、GV-VMS V20、ArcadeDB、GeoVision LPC进行版本升级或应用官方补丁,阻止已知RCE与权限绕过攻击。
- 强化网络访问控制与校验: 在应用前端(如WAF)启用严格的请求头校验规则,禁用可疑的`X-Admin-Token`头,并对用户输入的注册信息进行服务器端权限校验。
- 隔离内网资产与IOT设备: 对于安防视频监控、NAS及路由器等物联网设备,建议限制其对外暴露管理界面,并部署于独立VLAN内,减少互联网攻击面。
- 禁用不必要的功能与组件: 在未修复前,建议禁用Grav CMS的“Direct Install”功能、停用Eclipse Equinox OSGi的Console接口,并限制对GeoVision DdnsSetting的访问权限。
💣 Exploit-DB-RSS(6 条)
Unknown (6 条)
- [webapps] Traccar GPS Tracking System 6.11.1 - Cross-Site WebSocket Hijacking (CSWSH)
[webapps] Traccar GPS Tracking System 6.11.1 - Cross-Site WebSocket Hijacking (CSWSH) Traccar GPS Tracking System 6.11.1 - Cross-Site WebSocket Hijacking… - [local] Windows 11 24H2 - Local Privilege Escalation
[local] Windows 11 24H2 - Local Privilege Escalation Windows 11 24H2 - Local Privilege Escalation
…另有 4 条 Unknown 级漏洞(已省略)
🐙 GitHub-Advisory(50 条)
Critical (5 条)
- CVE-2026-42300 - DevGuard has an unauthenticated identity assertion via `X-Admin-Token` header
CVE-2026-42300Critical
Impact The `SessionMiddleware` accepts a client-supplied `X-Admin-Token` HTTP request header and uses its raw string value as the authenticated `userID` when… - CVE-2026-42607 - Grav Vulnerable to Remote Code Execution (RCE) via Malicious Plugin ZIP Upload i
CVE-2026-42607Critical
Summary An authenticated user with administrative privileges can achieve Remote Code Execution (RCE) by uploading a specially crafted ZIP file through the… - CVE-2026-42613 - Grav Vulnerable to Privilege Escalation via Missing Server-Side Validation of gr
CVE-2026-42613Critical
# Bug Report: Registration Privilege Escalation via Missing Server-Side Validation of groups/access ## Summary The `Login::register()` method in the Login… - GHSA-vj3m-2g9h-vm4p - Grav has multiple RCE vectors: unsafe unserialize (x3), command injection in git Critical
Multiple RCE vectors were found in Grav CMS. Three are critical, two are high. **1. Unsafe unserialize() in JobQueue — direct RCE gadget (Critical)**… - CVE-2026-44221 - ArcadeDB vulnerable to cross-database authorization bypass and unsecured newly-c
CVE-2026-44221Critical
Impact Authenticated users and API tokens scoped to a specific database could read, write, and mutate schema on any other database on the same server. Two…
High (21 条)
- CVE-2026-43884 - AVideo has SSRF Protection Bypass via HTTP Redirect and DNS Rebinding in isSSRFS
CVE-2026-43884High 3.1
Summary Two endpoints in AVideo call `isSSRFSafeURL()` to validate user-supplied URLs, then fetch them using bare `file_get_contents()` **without disabling… - CVE-2026-42285 - GoBGP has a panic in AdjRib.Update via malformed BGP Update message (Nil Pointer
CVE-2026-42285High
Summary Remote Denial of Service (DoS) via Nil Pointer Dereference in BGP Update Processing An unauthenticated remote BGP peer can trigger a fatal panic in… - CVE-2026-42304 - Twisted has a Denial of Service (DoS) in twisted.names via Crafted DNS Compressi
CVE-2026-42304High
Details The twisted.names module is vulnerable to a Denial of Service (DoS) attack via resource exhaustion during DNS name decompression. A remote,… - GHSA-9fw6-xgg2-mq9q - Hysteria: A specially constructed quic package can crash the server OOM when the High
Summary A specially constructed quic package can crash the server OOM when the sniff is enabled. Details When the server has sniff enabled, a valid connection… - GHSA-cfcj-hqpf-hccf - @evomap/evolver: Path Traversal in `evolver fetch` default-branch `safeId` allow High
## Summary The `evolver fetch` subcommand in `index.js` writes Hub-supplied `bundled_files[]` into a directory derived from a Hub-supplied `skill_id`. When… - GHSA-jxh8-jh77-xh6g - @evomap/evolver's validator sandbox allowlist permits `npm`/`npx`, yielding RCE High
## Summary The validator-mode sandbox executor (`src/gep/validator/sandboxExecutor.js`) places `npm` and `npx` in its hard executable allowlist. Because `npm… - CVE-2026-43891 - changedetection.io has an Arbitrary Local File Read via a crafted backup restore
CVE-2026-43891High
Details The vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore… - CVE-2026-44167 - phpseclib has a CVE-2024-27355 mitigation bypass — OID amplification DoS in ASN1
CVE-2026-44167High
Impact Anyone loading untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or public keys, etc) Patches… - CVE-2026-42315 - PyLoad vulnerable to Path Traversal via Package Folder Name in set_package_data
CVE-2026-42315High
Summary No sanitization of package folder name allows writing files anywhere outside the intended download directory. #### Affected Component -… - CVE-2026-42843 - Grav API Privilege Escalation to Super Admin
CVE-2026-42843High
Summary An insecure direct object reference and logic flaw in the Grav API plugin (`UsersController::update`) allows any authenticated user with basic API… - CVE-2026-42612 - Grav Vulnerable to Publisher-Level Stored XSS via Unquoted Event Attributes
CVE-2026-42612High
Summary A stored Cross-Site Scripting (XSS) vulnerability in `getgrav/grav` allows publisher-level accounts to execute arbitrary JavaScript. The issue arises… - GHSA-gwfr-jfjf-92vv - Grav has Insecure Deserialization in File Cache High
# Insecure Deserialization in File Cache - **Severity:** High - **CWE:** CWE-502 - **Location:** `system/src/Grav/Framework/Cache/Adapter/FileCache.php` -… - CVE-2026-42609 - Grav Vulnerable to Administrative Account Disruption and Privilege De-escalation
CVE-2026-42609High
Summary A business logic vulnerability in the Grav Admin Panel allows a low-privileged user (with only user creation permissions) to overwrite existing… - CVE-2026-42608 - Grav has Unauthenticated Path Traversal & Arbitrary File Write in its FormFlash
CVE-2026-42608High
# Vulnerability Report: Grav CMS Unauthenticated Path Traversal & Arbitrary File Write **[ZERO-DAY] Unauthenticated Path Traversal leading to Arbitrary… - CVE-2026-42611 - Grav is Vulnerable to Stored XSS via Tag Injection
CVE-2026-42611High
Summary A low-privileged (with the ability to create a page) user can cause XSS with the injection of `svg` element. The XSS can further be escalated to dump… - CVE-2026-32688 - Plug.Cowboy vulnerable to unauthenticated remote DoS via HTTP/2 `:scheme` atom-t
CVE-2026-32688High
## Summary An unauthenticated remote denial-of-service vulnerability in `Plug.Cowboy.Conn` allows any attacker who can reach an HTTPS Plug.Cowboy listener via… - CVE-2026-42327 - rust-openssl has undefined behavior in X509Ref::ocsp_responders for certificates
CVE-2026-42327High
`X509Ref::ocsp_responders` returns OCSP responder URLs from a certificate's AIA extension as `OpensslString`, whose `Deref<Target = str>` wraps the raw bytes… - CVE-2026-42334 - Mongoose's Improper Sanitization of $nor in sanitizeFilter May Allow NoSQL Injec
CVE-2026-42334High
Impact This vulnerability allows bypassing Mongoose’s sanitizeFilter query sanitization mechanism via the `$nor` operator. When sanitizeFilter is enabled,… - CVE-2026-6970 - authd: Primary group ID is incorrectly set to value of UID
CVE-2026-6970High
authd 0.6.0 contains [a bug](https://github.com/canonical/authd/issues/1482) which can lead to an incorrect primary group ID. It affects users whose primary… - GHSA-mggx-p7jf-jgw4 - jdbi3-freemarker Vulnerable to Improper Neutralization of Special Elements Used High
# Summary **Description** An Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336) vulnerability in Jdbi allows arbitrary command… - CVE-2026-43885 - AVideo Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-43885High
Summary An unauthenticated user can read `APISecret` from `objects/plugins.json.php` and use it to call protected API endpoints (e.g. `users_list`) without…
Medium (21 条)
- GHSA-3446-6mgw-f79p - Grav is Vulnerable to XXE via SVG Upload Medium 7.5
Dear Grav Security Team, A security vulnerability was discovered in Grav CMS that allows authenticated attackers to read arbitrary files from the server… - CVE-2026-42841 - Grav CMS vulnerable to stored XSS via Markdown media attribute() action
CVE-2026-42841Medium 4.0
Summary An authenticated user with page editing permissions can inject an executable JavaScript event-handler attribute into rendered image HTML through Grav's… - CVE-2026-44219 - ciguard: SCA HTTP client reads response body without size cap
CVE-2026-44219Medium 3.1
## Summary Both SCA HTTP clients (`src/ciguard/analyzer/sca/osv.py` and `src/ciguard/analyzer/sca/endoflife.py`) call `payload =… - CVE-2026-42303 - Ethyca Fides has a Privacy Request Identity Verification Bypass Vulnerability vi
CVE-2026-42303Medium
Summary Fides deployments that enable both subject identity verification and duplicate privacy request detection are affected by a vulnerability in which an… - CVE-2026-42314 - PyLoad Vulnerable to Path Traversal via Package Folder Name
CVE-2026-42314Medium
Insufficient sanitization of package folder names allows writing files outside the intended download directory. ## Affected Component -… - GHSA-7xp7-m392-h92c - @evomap/evolver has an unbounded request body in proxy /asset/submit that causes Medium
## Summary The EvoMap proxy daemon's HTTP body parser accepts requests of any size, and the `POST /asset/submit` route persists the full request body —… - CVE-2026-44166 - PocketBase vulnerable to account pre-hijacking via OAuth2 unverfied->verified au
CVE-2026-44166Medium
A pre-hijacking issue was discovered with the OAuth2 autolinking by [Alardiians](https://github.com/Alardiians). In some situations, if an attacker knows the… - CVE-2026-42842 - Grav Vulnerable to XSS via Taxonomy Field Values in Admin Panel
CVE-2026-42842Medium
Summary A Stored Cross-Site Scripting (XSS) vulnerability exists in the Grav CMS Form plugin's select field template. Taxonomy tag and category values are…
…另有 13 条 Medium 级漏洞(已省略)
Low (3 条)
- CVE-2026-44218 - ciguard: Container image runs as root (no USER directive)
CVE-2026-44218Low 3.1
## Summary The published `ghcr.io/jo-jo98/ciguard` container image inherits the default root user because the `Dockerfile` lacks a `USER` directive. ciguard is… - CVE-2026-44220 - ciguard: discover_pipeline_files follows symlinks out of scan root
CVE-2026-44220Low 3.1
## Summary The `discover_pipeline_files()` function in `src/ciguard/discovery.py` (introduced in v0.8.0 and used by the MCP `scan_repo` tool shipped in v0.8.1)… - GHSA-7ww3-xvf5-cxwm - ciguard: Web UI is missing HTTP defence-in-depth headers Low 3.1
## Summary ciguard's FastAPI Web UI (`src/ciguard/web/app.py`) does not set HTTP defence-in-depth headers. OWASP ZAP baseline scan flagged 11 alerts: missing…
🛡️ NVD-Latest(95 条)
Critical (21 条)
- CVE-2026-42369 GV-VMS V20 is a Video Monitoring Software used to gather the feeds of many surve
CVE-2026-42369Critical 10.0
CVE-2026-42369 CVSS:10.0 GV-VMS V20 is a Video Monitoring Software used to gather the feeds of many surveillance cameras and manage other security devices. It… - CVE-2026-42368 A privilege escalation vulnerability exists in the Web Interface functionality o
CVE-2026-42368Critical 9.9
CVE-2026-42368 CVSS:9.9 A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted… - CVE-2026-42364 An os command injection vulnerability exists in the DdnsSetting.cgi functionalit
CVE-2026-42364Critical 9.9
CVE-2026-42364 CVSS:9.9 An os command injection vulnerability exists in the DdnsSetting.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially… - CVE-2025-70067 Buffer Overflow vulnerability exists in Assimp versions up to 6.0.2 in the FBX I
CVE-2025-70067Critical 9.8
CVE-2025-70067 CVSS:9.8 Buffer Overflow vulnerability exists in Assimp versions up to 6.0.2 in the FBX Importer. The vulnerability occurs in… - CVE-2026-7747 A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected
CVE-2026-7747Critical 9.8
CVE-2026-7747 CVSS:9.8 A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the… - CVE-2025-14320 Improper neutralization of input during web page generation ('cross-site scripti
CVE-2025-14320Critical 9.8
CVE-2025-14320 CVSS:9.8 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Tegsoft Management and… - CVE-2026-7834 A security vulnerability has been detected in EFM ipTIME NAS1dual 1.5.24. This i
CVE-2026-7834Critical 9.8
CVE-2026-7834 CVSS:9.8 A security vulnerability has been detected in EFM ipTIME NAS1dual 1.5.24. This issue affects the function get_csrf_whites of the file… - CVE-2023-54344 Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerab
CVE-2023-54344Critical 9.8
CVE-2023-54344 CVSS:9.8 Eclipse Equinox OSGi 3.7.2 and earlier contains a remote code execution vulnerability that allows unauthenticated attackers to execute… - CVE-2023-54342 Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution v
CVE-2023-54342Critical 9.8
CVE-2023-54342 CVSS:9.8 Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows… - CVE-2026-7823 A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. Aff
CVE-2026-7823Critical 9.8
CVE-2026-7823 CVSS:9.8 A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setAppFilterCfg of the file… - CVE-2025-13618 The Mentoring plugin for WordPress is vulnerable to privilege escalation in all
CVE-2025-13618Critical 9.8
CVE-2025-13618 CVSS:9.8 The Mentoring plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.2.8. This is due to… - CVE-2026-5722 The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass
CVE-2026-5722Critical 9.8
CVE-2026-5722 CVSS:9.8 The MoreConvert Pro plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 1.9.14. This is… - CVE-2026-7719 A security flaw has been discovered in Totolink WA300 5.2cu.7112_B20190227. The
CVE-2026-7719Critical 9.8
CVE-2026-7719 CVSS:9.8 A security flaw has been discovered in Totolink WA300 5.2cu.7112_B20190227. The affected element is the function loginauth of the file… - CVE-2026-40797 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
CVE-2026-40797Critical 9.3
CVE-2026-40797 CVSS:9.3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Saleswonder LLC WebinarIgnition… - CVE-2026-7161 An insufficient encryption vulnerability exists in the Device Authentication fun
CVE-2026-7161Critical 9.3
CVE-2026-7161 CVSS:9.3 An insufficient encryption vulnerability exists in the Device Authentication functionality of GeoVision GV-IP Device Utility 9.0.5.… - CVE-2026-7482 Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGU
CVE-2026-7482Critical 9.1
CVE-2026-7482 CVSS:9.1 Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an… - CVE-2026-36356 The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MDM9607.LE.1
CVE-2026-36356Critical 9.1
CVE-2026-36356 CVSS:9.1 The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MDM9607.LE.1.0-00110-STD.PROD-1) allows unauthenticated OS command… - CVE-2026-43566 OpenClaw versions 2026.4.7 before 2026.4.14 contain a privilege escalation vulne
CVE-2026-43566Critical 9.1
CVE-2026-43566 CVSS:9.1 OpenClaw versions 2026.4.7 before 2026.4.14 contain a privilege escalation vulnerability where heartbeat owner downgrade logic skips… - CVE-2026-43534 OpenClaw before 2026.4.10 contains an input validation vulnerability that allows
CVE-2026-43534Critical 9.1
CVE-2026-43534 CVSS:9.1 OpenClaw before 2026.4.10 contains an input validation vulnerability that allows external hook metadata to be enqueued as trusted… - CVE-2026-7372 A stack overflow vulnerability exists in the WebCam Server Login functionality o
CVE-2026-7372Critical 9.0
CVE-2026-7372 CVSS:9.0 A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP… - CVE-2026-42370 A stack overflow vulnerability exists in the WebCam Server Login functionality o
CVE-2026-42370Critical 9.0
CVE-2026-42370 CVSS:9.0 A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP…
High (74 条)
- CVE-2026-23918 Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2
CVE-2026-23918High 8.8
CVE-2026-23918 CVSS:8.8 Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server:… - CVE-2025-58074 A privilege escalation vulnerability exists during the installation of Norton Se
CVE-2025-58074High 8.8
CVE-2025-58074 CVSS:8.8 A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user… - CVE-2026-24072 An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earl
CVE-2026-24072High 8.8
CVE-2026-24072 CVSS:8.8 An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with… - CVE-2026-7750 A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerabil
CVE-2026-7750High 8.8
CVE-2026-7750 CVSS:8.8 A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerability affects the function setMacFilterRules of the file… - CVE-2026-7749 A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. T
CVE-2026-7749High 8.8
CVE-2026-7749 CVSS:8.8 A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the function setWanConfig of the file… - CVE-2026-7748 A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by t
CVE-2026-7748High 8.8
CVE-2026-7748 CVSS:8.8 A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by this issue is the function setUpgradeFW of the file… - CVE-2026-6261 The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versio
CVE-2026-6261High 8.8
CVE-2026-6261 CVSS:8.8 The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 28.4. This is due to the… - CVE-2026-43571 OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allo
CVE-2026-43571High 8.8
CVE-2026-43571 CVSS:8.8 OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allows channel setup catalog lookups to resolve workspace… - CVE-2026-43569 OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowin
CVE-2026-43569High 8.8
CVE-2026-43569 CVSS:8.8 OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowing untrusted workspace plugins to be auto-enabled during… - CVE-2026-43530 OpenClaw versions 2026.2.23 before 2026.4.12 contain a weakened exec approval bi
CVE-2026-43530High 8.8
CVE-2026-43530 CVSS:8.8 OpenClaw versions 2026.2.23 before 2026.4.12 contain a weakened exec approval binding vulnerability in busybox and toybox applet… - CVE-2026-42435 OpenClaw versions from 2026.2.22 before 2026.4.12 contain an insufficient shell
CVE-2026-42435High 8.8
CVE-2026-42435 CVSS:8.8 OpenClaw versions from 2026.2.22 before 2026.4.12 contain an insufficient shell-wrapper detection vulnerability allowing attackers to… - CVE-2026-42434 OpenClaw versions 2026.4.5 before 2026.4.10 contain a sandbox escape vulnerabili
CVE-2026-42434High 8.8
CVE-2026-42434 CVSS:8.8 OpenClaw versions 2026.4.5 before 2026.4.10 contain a sandbox escape vulnerability allowing sandboxed agents to override exec routing… - CVE-2023-54348 ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated
CVE-2023-54348High 8.8
CVE-2023-54348 CVSS:8.8 ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to execute arbitrary code by injecting… - CVE-2023-54345 Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in Restr
CVE-2023-54345High 8.8
CVE-2023-54345 CVSS:8.8 Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in RestrictedPython that allows authenticated users with System… - CVE-2026-7717 A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. This issu
CVE-2026-7717High 8.8
CVE-2026-7717 CVSS:8.8 A vulnerability was determined in Totolink WA300 5.2cu.7112_B20190227. This issue affects the function UploadCustomModule of the file… - CVE-2026-7685 A vulnerability was detected in Edimax BR-6208AC up to 1.02. Affected is an unkn
CVE-2026-7685High 8.8
CVE-2026-7685 CVSS:8.8 A vulnerability was detected in Edimax BR-6208AC up to 1.02. Affected is an unknown function of the file /goform/setWAN. Performing a… - CVE-2026-7684 A security vulnerability has been detected in Edimax BR-6428nC up to 1.16. This
CVE-2026-7684High 8.8
CVE-2026-7684 CVSS:8.8 A security vulnerability has been detected in Edimax BR-6428nC up to 1.16. This impacts an unknown function of the file /goform/setWAN.… - CVE-2026-7675 A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to
CVE-2026-7675High 8.8
CVE-2026-7675 CVSS:8.8 A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function start_lan of the file… - CVE-2026-7674 A flaw has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. T
CVE-2026-7674High 8.8
CVE-2026-7674 CVSS:8.8 A flaw has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. This issue affects the function start_single_service of… - CVE-2026-43533 OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot
CVE-2026-43533High 8.6
CVE-2026-43533 CVSS:8.6 OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference… - CVE-2026-42365 A guessable session cookie vulnerability exists in the Web Interface functionali
CVE-2026-42365High 8.6
CVE-2026-42365 CVSS:8.6 A guessable session cookie vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially… - CVE-2026-42439 OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass v
CVE-2026-42439High 8.5
CVE-2026-42439 CVSS:8.5 OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in the browser tabs action select and… - CVE-2026-6266 A flaw was found in the AAP gateway. The user auto-link strategy, introduced in
CVE-2026-6266High 8.3
CVE-2026-6266 CVSS:8.3 A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity… - CVE-2026-43526 OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability i
CVE-2026-43526High 8.2
CVE-2026-43526 CVSS:8.2 OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows attackers… - CVE-2026-29199 phpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to pass
CVE-2026-29199High 8.1
CVE-2026-29199 CVSS:8.1 phpBB before 3.3.16 is vulnerable to Host Header Injection that can lead to password rest link poisoning. When force_server_vars is… - CVE-2025-47407 Memory corruption while creating a process on the digital signal processor due t
CVE-2025-47407High 7.8
CVE-2025-47407 CVSS:7.8 Memory corruption while creating a process on the digital signal processor due to allocation failure at the kernel level. 产品: - CVE-2025-47405 Memory corruption when processing camera sensor input/output control codes with
CVE-2025-47405High 7.8
CVE-2025-47405 CVSS:7.8 Memory corruption when processing camera sensor input/output control codes with invalid output buffers. 产品: - CVE-2026-36365 An issue in Lymphatus caesium-image-compressor All versions up to and including
CVE-2026-36365High 7.8
CVE-2026-36365 CVSS:7.8 An issue in Lymphatus caesium-image-compressor All versions up to and including commit 02da2c6 allows a local attacker to execute… - CVE-2026-36355 The rtl8192cd Wi-Fi kernel driver in the Realtek rtl819x Jungle SDK (all known v
CVE-2026-36355High 7.7
CVE-2026-36355 CVSS:7.7 The rtl8192cd Wi-Fi kernel driver in the Realtek rtl819x Jungle SDK (all known versions through v3.4.14B) does not perform any access… - CVE-2026-43573 OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass v
CVE-2026-43573High 7.7
CVE-2026-43573 CVSS:7.7 OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in existing-session browser interaction… - CVE-2026-43532 OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord event cove
CVE-2026-43532High 7.7
CVE-2026-43532 CVSS:7.7 OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord event cover image parameters in sandbox media processing.… - CVE-2026-43527 OpenClaw before 2026.4.14 contains a server-side request forgery vulnerability i
CVE-2026-43527High 7.7
CVE-2026-43527 CVSS:7.7 OpenClaw before 2026.4.14 contains a server-side request forgery vulnerability in browser SSRF policy that allows private-network… - CVE-2026-42438 OpenClaw versions 2026.4.9 before 2026.4.10 contain a sender policy bypass vulne
CVE-2026-42438High 7.7
CVE-2026-42438 CVSS:7.7 OpenClaw versions 2026.4.9 before 2026.4.10 contain a sender policy bypass vulnerability in the outbound host-media attachment read… - CVE-2026-42436 OpenClaw before 2026.4.14 contains an improper access control vulnerability in b
CVE-2026-42436High 7.7
CVE-2026-42436 CVSS:7.7 OpenClaw before 2026.4.14 contains an improper access control vulnerability in browser snapshot, screenshot, and tab routes that fail… - CVE-2026-29169 A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earl
CVE-2026-29169High 7.5
CVE-2026-29169 CVSS:7.5 A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a… - CVE-2025-70069 An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service
CVE-2025-70069High 7.5
CVE-2025-70069 CVSS:7.5 An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp and… - CVE-2026-34059 Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache
CVE-2026-34059High 7.5
CVE-2026-34059 CVSS:7.5 Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to… - CVE-2026-33846 A heap buffer overflow vulnerability exists in the DTLS handshake fragment reass
CVE-2026-33846High 7.5
CVE-2026-33846 CVSS:7.5 A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in… - CVE-2026-4304 The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Injection via
CVE-2026-4304High 7.5
CVE-2026-4304 CVSS:7.5 The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Injection via the 'consent' parameter in all versions up to, and… - CVE-2026-6918 In Eclipse Open9J versions 0.21 to 0.58, a pre-authentication remote attacker ca
CVE-2026-6918High 7.5
CVE-2026-6918 CVSS:7.5 In Eclipse Open9J versions 0.21 to 0.58, a pre-authentication remote attacker can crash JITServer by sending a 32-byte crafted TCP… - CVE-2026-42437 OpenClaw versions 2026.4.9 before 2026.4.10 contain a denial of service vulnerab
CVE-2026-42437High 7.5
CVE-2026-42437 CVSS:7.5 OpenClaw versions 2026.4.9 before 2026.4.10 contain a denial of service vulnerability in the voice-call realtime WebSocket path that… - CVE-2023-54347 OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows a
CVE-2023-54347High 7.5
CVE-2023-54347 CVSS:7.5 OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending… - CVE-2023-54346 WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulne
CVE-2023-54346High 7.5
CVE-2023-54346 CVSS:7.5 WordPress Plugin Backup Migration 1.2.8 contains an information disclosure vulnerability that allows unauthenticated attackers to… - CVE-2026-6322 fast-uri normalize() decoded percent-encoded authority delimiters inside the hos
CVE-2026-6322High 7.5
CVE-2026-6322 CVSS:7.5 fast-uri normalize() decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters… - CVE-2026-3359 The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugi
CVE-2026-3359High 7.5
CVE-2026-3359 CVSS:7.5 The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to SQL Injection via the… - CVE-2026-5192 The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin f
CVE-2026-5192High 7.5
CVE-2026-5192 CVSS:7.5 The Forminator Forms – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Path Traversal in versions… - CVE-2026-44028 An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded re
CVE-2026-44028High 7.5
CVE-2026-44028 CVSS:7.5 An issue was discovered in Nix before 2.34.7 and Lix before 2.95.2. Unbounded recursion in the NAR (Nix Archive) parser could lead to a… - CVE-2026-7371 Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web I
CVE-2026-7371High 7.4
CVE-2026-7371 CVSS:7.4 Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision… - CVE-2026-42366 Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web I
CVE-2026-42366High 7.4
CVE-2026-42366 CVSS:7.4 Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision… - CVE-2026-29168 Allocation of Resources Without Limits or Throttling vulnerability in Apache HTT
CVE-2026-29168High 7.3
CVE-2026-29168 CVSS:7.3 Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's mod_md via OCSP response data. This issue… - CVE-2026-43531 OpenClaw before 2026.4.9 contains an environment variable injection vulnerabilit
CVE-2026-43531High 7.3
CVE-2026-43531 CVSS:7.3 OpenClaw before 2026.4.9 contains an environment variable injection vulnerability allowing malicious workspace .env files to set… - CVE-2026-7812 A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391
CVE-2026-7812High 7.3
CVE-2026-7812 CVSS:7.3 A vulnerability was found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The impacted element is the function… - CVE-2026-7811 A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d9363
CVE-2026-7811High 7.3
CVE-2026-7811 CVSS:7.3 A vulnerability has been found in 54yyyu code-mcp up to 4cfc4643541a110c906d93635b391bf7e357f4a8. The affected element is the function… - CVE-2026-7788 A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up to 404bc028
CVE-2026-7788High 7.3
CVE-2026-7788 CVSS:7.3 A security flaw has been discovered in Axle-Bucamp MCP-Docusaurus up to 404bc028e15ec304c9a045528560f4b5f27a17e0. The affected element… - CVE-2026-7785 A security flaw has been discovered in A-G-U-P-T-A wireshark-mcp edaf604416fbc94
CVE-2026-7785High 7.3
CVE-2026-7785 CVSS:7.3 A security flaw has been discovered in A-G-U-P-T-A wireshark-mcp… - CVE-2026-7784 A vulnerability has been found in RTGS2017 NagaAgent up to 5.1.0. This issue aff
CVE-2026-7784High 7.3
CVE-2026-7784 CVSS:7.3 A vulnerability has been found in RTGS2017 NagaAgent up to 5.1.0. This issue affects some unknown processing of the file… - CVE-2026-7736 A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by this vulne
CVE-2026-7736High 7.3
CVE-2026-7736 CVSS:7.3 A vulnerability was determined in osrg GoBGP up to 4.3.0. Affected by this vulnerability is the function parseRibEntry of the file… - CVE-2026-7735 A vulnerability was found in osrg GoBGP up to 4.3.0. Affected is the function Pa
CVE-2026-7735High 7.3
CVE-2026-7735 CVSS:7.3 A vulnerability was found in osrg GoBGP up to 4.3.0. Affected is the function PathAttributeAigp.DecodeFromBytes of the file… - CVE-2026-7733 A flaw has been found in funadmin up to 7.1.0-rc6. This affects the function Upl
CVE-2026-7733High 7.3
CVE-2026-7733 CVSS:7.3 A flaw has been found in funadmin up to 7.1.0-rc6. This affects the function UploadService::chunkUpload of the file… - CVE-2026-7727 A vulnerability was determined in Shandong Hoteam Software PDM Product Data Mana
CVE-2026-7727High 7.3
CVE-2026-7727 CVSS:7.3 A vulnerability was determined in Shandong Hoteam Software PDM Product Data Management System up to 8.3.9. This affects the function… - CVE-2026-7723 A flaw has been found in PrefectHQ prefect up to 3.6.13. Affected is an unknown
CVE-2026-7723High 7.3
CVE-2026-7723 CVSS:7.3 A flaw has been found in PrefectHQ prefect up to 3.6.13. Affected is an unknown function of the file /api/events/in of the component… - CVE-2026-7711 A weakness has been identified in MindsDB up to 26.01. This impacts the function
CVE-2026-7711High 7.3
CVE-2026-7711 CVSS:7.3 A weakness has been identified in MindsDB up to 26.01. This impacts the function exec of the file… - CVE-2026-7710 A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affe
CVE-2026-7710High 7.3
CVE-2026-7710 CVSS:7.3 A security flaw has been discovered in YunaiV yudao-cloud up to 3.8.0. This affects the function doFilterInternal of the file… - CVE-2026-7703 A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impac
CVE-2026-7703High 7.3
CVE-2026-7703 CVSS:7.3 A flaw has been found in AV Stumpfl Pixera Two Media Server up to 25.2 R2. Impacted is an unknown function of the component Websocket… - CVE-2026-7698 A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.
CVE-2026-7698High 7.3
CVE-2026-7698 CVSS:7.3 A vulnerability was identified in Tiandy Easy7 Integrated Management Platform 7.17.0. Affected by this vulnerability is an unknown… - CVE-2026-7695 A vulnerability has been found in Acrel Electrical EEMS Enterprise Power Operati
CVE-2026-7695High 7.3
CVE-2026-7695 CVSS:7.3 A vulnerability has been found in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. This affects an… - CVE-2026-7694 A flaw has been found in Acrel Electrical ECEMS Enterprise Microgrid Energy Effi
CVE-2026-7694High 7.3
CVE-2026-7694 CVSS:7.3 A flaw has been found in Acrel Electrical ECEMS Enterprise Microgrid Energy Efficiency Management System 1.3.0. The impacted element is… - CVE-2026-7679 A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This im
CVE-2026-7679High 7.3
CVE-2026-7679 CVSS:7.3 A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file… - CVE-2026-7670 A flaw has been found in Jinher OA 1.0. The affected element is an unknown funct
CVE-2026-7670High 7.3
CVE-2026-7670 CVSS:7.3 A flaw has been found in Jinher OA 1.0. The affected element is an unknown function of the file… - CVE-2026-3120 Improper Control of Generation of Code ('Code Injection') vulnerability in Profe
CVE-2026-3120High 7.2
CVE-2026-3120 CVSS:7.2 Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Information and Consulting Trade and Industry… - CVE-2026-7833 A weakness has been identified in EFM ipTIME C200 up to 1.092. This vulnerabilit
CVE-2026-7833High 7.2
CVE-2026-7833 CVSS:7.2 A weakness has been identified in EFM ipTIME C200 up to 1.092. This vulnerability affects the function sub_408F90 of the file… - CVE-2026-5063 The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vuln
CVE-2026-5063High 7.2
CVE-2026-5063 CVSS:7.2 The NEX-Forms – Ultimate Forms Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via POST parameter… - CVE-2026-40563 Description: Improper Control of Generation of Code ('Code Injection') vulnerabi
CVE-2026-40563High 7.1
CVE-2026-40563 CVSS:7.1 Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Atlas Apache Atlas exposes a DSL search… - CVE-2026-7832 A security flaw has been discovered in IObit Advanced SystemCare 19. This affect
CVE-2026-7832High 7.0
CVE-2026-7832 CVSS:7.0 A security flaw has been discovered in IObit Advanced SystemCare 19. This affects an unknown part of the file ASC.exe of the component…
⚔️ Sploitus(42 条)
Unknown (42 条)
- Exploit for Missing Authentication for Critical Function in Cpanel exploit
Exploit for Missing Authentication for Critical Function in Cpanel exploit - xss-lab exploit
xss-lab exploit
…另有 40 条 Unknown 级漏洞(已省略)
🤖 漏洞情报自动汇总 · 2026-05-06 · 数据来源: NVD / GitHub Advisory / Sploitus / CISA-KEV