📊 2026-05-07 漏洞情报日报 · 200 条 · 高危 102
每日漏洞情报汇总 · 2026-05-07
📊 2026-05-07 漏洞情报日报
📋 共 200 条
🔥 高危/严重 102 条
🚨 CISA-KEV 1 条
🐙 GitHub-Advisory 100 条 🔥45
🛡️ NVD-Latest 57 条 🔥57
⚔️ Sploitus 42 条
🤖 今日安全态势分析
🎯 今日重点关注
- CVE-2026-44351 - fast-jwt (CVSS 9.8): 异步密钥解析器接受空HMAC密钥,导致任何未认证攻击者均可伪造任意JWT,实现完全身份绕过。影响所有使用fast-jwt的认证系统。
- CVE-2026-42607 / GHSA-vj3m-2g9h-vm4p - Grav CMS (多个RCE): 存在至少4个远程代码执行向量,包括恶意插件ZIP上传绕过、反序列化漏洞等。仅需低权限管理员账户,即可获取服务器控制权。
- CVE-2026-42300 - DevGuard (CVSS 9.8+): 中间件无认证接受客户端提供的
X-Admin-Token头,攻击者只需知晓或猜测有效用户ID即可冒充任意管理员。 - CVE-2026-36356 - Meig Smart FORGE_SLT711 (CVSS 9.1): GoAhead Web服务器存在未经身份验证的命令注入,攻击者可通过网络直接执行系统命令,影响物联网设备。
- CVE-2025-70067 - Assimp (CVSS 9.8): FBX导入器中存在栈缓冲区溢出,通过诱导用户打开恶意FBX文件即可触发远程代码执行,影响游戏开发与3D建模软件。
📈 威胁趋势
- 远程代码执行 (RCE) 与命令注入 (6起): 主要集中于CMS系统(Grav)、3D库(Assimp)及物联网设备(MeiG Smart)。攻击向量多样化,包括ZIP上传、反序列化与文件解析溢出。
- 身份认证与授权绕过 (5起): 涉及JWT库(fast-jwt)、中间件(DevGuard)及CMS注册机制(Grav)。漏洞多由不安全配置或缺失服务器端验证导致,极易被利用。
- 跨站请求伪造 (CSRF) (1起): MISP Modules缺少CSRF保护,可诱使认证用户执行非预期操作。
- 堆/栈缓冲区溢出 (3起): 集中于网络设备(EFM ipTIME、Totolink)与文件解析库(Assimp)。此类漏洞普遍存在且危害严重。
- 多租户隔离缺陷 (1起): AxonFlow修复了一批影响访问控制与策略强制执行的漏洞,威胁内部数据隔离。
🛡️ 缓解建议
- 紧急更新与打补丁: 立即升级 fast-jwt 至最新版本;更新 Grav CMS 至官方修复版;为 Assimp、Ollama 及所有物联网设备固件安装补丁。
- 加强配置审查: 检查所有中间件与JWT库配置,禁用不安全的
X-Admin-Token头接受;确保密钥解析器返回非空密钥,并启用签名验证。 - 实施纵深防御: 对用户输入(特别是文件上传、XML/JSON解析)进行严格的类型、长度与白名单校验;关闭非必要的管理接口与AJAX路由。
- 启用网络分段与监控: 将物联网设备与核心网络隔离;使用WAF规则拦截针对
/action/SetRemoteAccessCfg等敏感路径的命令注入攻击。监控异常的JWT使用与管理员账户创建行为。
🚨 CISA-KEV(1 条)
Unknown (1 条)
- CVE-2026-0300 - Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability
CVE-2026-0300
CVE-2026-0300 Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability 产品: Palo Alto Networks PAN-OS 描述: Palo Alto Networks PAN-OS contains an out-of-bounds…
🐙 GitHub-Advisory(100 条)
Critical (9 条)
- CVE-2026-42555 - Valtimo has SpEL injection via StandardEvaluationContext that allows Remote Code
CVE-2026-42555Critical
Summary Multiple classes evaluate Spring Expression Language (SpEL) expressions from user-supplied input using `StandardEvaluationContext`, which provides… - CVE-2026-44351 - fast-jwt: JWT auth bypass due to empty HMAC secret accepted by async key resolve
CVE-2026-44351Critical
Summary A critical authentication-bypass vulnerability in `fast-jwt`'s async key-resolver flow allows any unauthenticated attacker to forge arbitrary JWTs that… - CVE-2026-44364 - misp-modules website - Missing CSRF protection in the website home blueprint
CVE-2026-44364Critical
A Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the… - GHSA-9h64-2846-7x7f - Axonflow fixed bugs by implementing multi-tenant isolation and access-control ha Critical
## Summary Eight independently-filed bug fixes in the v7.1.3 → v7.5.0 release window collectively close a set of multi-tenant isolation, access-control, and… - CVE-2026-42300 - DevGuard has an unauthenticated identity assertion via `X-Admin-Token` header
CVE-2026-42300Critical
Impact The `SessionMiddleware` accepts a client-supplied `X-Admin-Token` HTTP request header and uses its raw string value as the authenticated `userID` when… - CVE-2026-42607 - Grav Vulnerable to Remote Code Execution (RCE) via Malicious Plugin ZIP Upload i
CVE-2026-42607Critical
Summary An authenticated user with administrative privileges can achieve Remote Code Execution (RCE) by uploading a specially crafted ZIP file through the… - CVE-2026-42613 - Grav Vulnerable to Privilege Escalation via Missing Server-Side Validation of gr
CVE-2026-42613Critical
# Bug Report: Registration Privilege Escalation via Missing Server-Side Validation of groups/access ## Summary The `Login::register()` method in the Login… - GHSA-vj3m-2g9h-vm4p - Grav has multiple RCE vectors: unsafe unserialize (x3), command injection in git Critical
Multiple RCE vectors were found in Grav CMS. Three are critical, two are high. **1. Unsafe unserialize() in JobQueue — direct RCE gadget (Critical)**… - CVE-2026-44221 - ArcadeDB vulnerable to cross-database authorization bypass and unsecured newly-c
CVE-2026-44221Critical
Impact Authenticated users and API tokens scoped to a specific database could read, write, and mutate schema on any other database on the same server. Two…
High (36 条)
- CVE-2026-42602 - opentelemetry-collector-contrib's azureauthextension Authenticate method does no
CVE-2026-42602High 8.1
Summary A server-side authentication bypass in `azureauthextension` allows any party who holds a single valid Azure access token for *any scope the collector's… - CVE-2026-43884 - AVideo has SSRF Protection Bypass via HTTP Redirect and DNS Rebinding in isSSRFS
CVE-2026-43884High 3.1
Summary Two endpoints in AVideo call `isSSRFSafeURL()` to validate user-supplied URLs, then fetch them using bare `file_get_contents()` **without disabling… - CVE-2026-42557 - JupyterLab's command linker attributes in HTML enable one-click command executio
CVE-2026-42557High
JupyterLab's HTML sanitizer allowlists `data-commandlinker-command` and `data-commandlinker-args` on `button` elements, while `CommandLinker` listens for all… - CVE-2026-44307 - Mako vulnerable to path traversal via backslash URI on Windows in TemplateLookup
CVE-2026-44307High
## Summary On Windows, a URI using backslash traversal (e.g. `\..\..\ secret.txt`) bypasses the directory traversal check in `Template.__init__` and the… - CVE-2026-42559 - rmcp Streamable HTTP server transport has a DNS rebinding vulnerability
CVE-2026-42559High
## Summary Prior to version 1.4.0, the `rmcp` crate's Streamable HTTP server transport (`crates/rmcp/src/transport/streamable_http_server/`) did not validate… - CVE-2026-42561 - python-multipart has Denial of Service via unbounded multipart part headers
CVE-2026-42561High
Summary `python-multipart` has a denial of service vulnerability in multipart part header parsing. When parsing `multipart/form-data`, `MultipartParser`… - CVE-2026-44244 - GitPython: Newline injection in config_writer().set_value() enables RCE via core
CVE-2026-44244High
`GitConfigParser.set_value()` passes values to Python's `configparser` without validating for newlines. GitPython's own `_write()` converts embedded newlines… - CVE-2026-44335 - PraisonAI has an SSRF bypass
CVE-2026-44335High
Summary The URL checking logic in PraisonAI has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. Details The current PraisonAI… - CVE-2026-44334 - PraisonAI has unauthenticated RCE via `tool_override.py` (CVE-2026-40287 patch b
CVE-2026-44334High
## TL;DR CVE-2026-40287's fix gated `tools.py` auto-import behind `PRAISONAI_ALLOW_LOCAL_TOOLS=true` in **two** files (`tool_resolver.py`, `api/call.py`). A… - CVE-2026-44349 - Daptin fuzzy search injects unvalidated column name into raw SQL
CVE-2026-44349High
## Summary `processFuzzySearch` in `server/resource/resource_findallpaginated.go:1484` splits the user-supplied `column` parameter by comma and interpolates… - CVE-2026-42845 - Grav Form Plugin has an Anonymous Page Content Overwrite via Form File Upload fi
CVE-2026-42845High
Summary (Tested on Form 9.0.3 released on April, 28th) The Form plugin's file upload handler at `user/plugins/form/classes/Form.php:583` accepts a… - CVE-2026-44375 - Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes
CVE-2026-44375High
Summary Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an… - CVE-2026-0897 - Keras vulnerable to DoS via Malicious .keras Model (HDF5 Shape Bomb Causes Petab
CVE-2026-0897High
Summary Keras’s model loader (KerasFileEditor) unsafely loads user-supplied .keras model files containing HDF5-based weight files without performing any… - CVE-2026-42577 - Netty epoll transport denial of service via RST on half-closed TCP connection
CVE-2026-42577High
## Summary Netty's epoll transport fails to detect and close TCP connections that receive a RST after being half-closed, leading to stale channels that are… - GHSA-r5fr-9gmv-jggh - scim_proton and kanidm_proto have an authenticated process abort via SCIM filter High
Summary A single unauthenticated `GET` to any `/scim/v1/...` endpoint with a `?filter=` query string of a few thousand nested parentheses (≈ 4–12 KB) drives… - GHSA-qcxq-75wr-5cm8 - ldap3_proto has LDAP Filter stack exhaustion High
Impact LDAP queries are not validated for depth, which can cause the parser (both PEG and ASN) to exhaust the stack. This *may* cause a denial of service in… - CVE-2026-42285 - GoBGP has a panic in AdjRib.Update via malformed BGP Update message (Nil Pointer
CVE-2026-42285High
Summary Remote Denial of Service (DoS) via Nil Pointer Dereference in BGP Update Processing An unauthenticated remote BGP peer can trigger a fatal panic in… - CVE-2026-42304 - Twisted has a Denial of Service (DoS) in twisted.names via Crafted DNS Compressi
CVE-2026-42304High
Details The twisted.names module is vulnerable to a Denial of Service (DoS) attack via resource exhaustion during DNS name decompression. A remote,… - GHSA-9fw6-xgg2-mq9q - Hysteria: A specially constructed quic package can crash the server OOM when the High
Summary A specially constructed quic package can crash the server OOM when the sniff is enabled. Details When the server has sniff enabled, a valid connection… - GHSA-cfcj-hqpf-hccf - @evomap/evolver: Path Traversal in `evolver fetch` default-branch `safeId` allow High
## Summary The `evolver fetch` subcommand in `index.js` writes Hub-supplied `bundled_files[]` into a directory derived from a Hub-supplied `skill_id`. When… - GHSA-jxh8-jh77-xh6g - @evomap/evolver's validator sandbox allowlist permits `npm`/`npx`, yielding RCE High
## Summary The validator-mode sandbox executor (`src/gep/validator/sandboxExecutor.js`) places `npm` and `npx` in its hard executable allowlist. Because `npm… - CVE-2026-43891 - changedetection.io has an Arbitrary Local File Read via a crafted backup restore
CVE-2026-43891High
Details The vulnerability is caused by trusting attacker-controlled snapshot paths restored from backup files. The vulnerable flow starts in the backup restore… - CVE-2026-44167 - phpseclib has a CVE-2024-27355 mitigation bypass — OID amplification DoS in ASN1
CVE-2026-44167High
Impact Anyone loading untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or public keys, etc) Patches… - CVE-2026-42315 - PyLoad vulnerable to Path Traversal via Package Folder Name in set_package_data
CVE-2026-42315High
Summary No sanitization of package folder name allows writing files anywhere outside the intended download directory. #### Affected Component -… - CVE-2026-42843 - Grav API Privilege Escalation to Super Admin
CVE-2026-42843High
Summary An insecure direct object reference and logic flaw in the Grav API plugin (`UsersController::update`) allows any authenticated user with basic API… - CVE-2026-42612 - Grav Vulnerable to Publisher-Level Stored XSS via Unquoted Event Attributes
CVE-2026-42612High
Summary A stored Cross-Site Scripting (XSS) vulnerability in `getgrav/grav` allows publisher-level accounts to execute arbitrary JavaScript. The issue arises… - GHSA-gwfr-jfjf-92vv - Grav has Insecure Deserialization in File Cache High
# Insecure Deserialization in File Cache - **Severity:** High - **CWE:** CWE-502 - **Location:** `system/src/Grav/Framework/Cache/Adapter/FileCache.php` -… - CVE-2026-42609 - Grav Vulnerable to Administrative Account Disruption and Privilege De-escalation
CVE-2026-42609High
Summary A business logic vulnerability in the Grav Admin Panel allows a low-privileged user (with only user creation permissions) to overwrite existing… - CVE-2026-42608 - Grav has Unauthenticated Path Traversal & Arbitrary File Write in its FormFlash
CVE-2026-42608High
# Vulnerability Report: Grav CMS Unauthenticated Path Traversal & Arbitrary File Write **[ZERO-DAY] Unauthenticated Path Traversal leading to Arbitrary… - CVE-2026-42611 - Grav is Vulnerable to Stored XSS via Tag Injection
CVE-2026-42611High
Summary A low-privileged (with the ability to create a page) user can cause XSS with the injection of `svg` element. The XSS can further be escalated to dump… - CVE-2026-32688 - Plug.Cowboy vulnerable to unauthenticated remote DoS via HTTP/2 `:scheme` atom-t
CVE-2026-32688High
## Summary An unauthenticated remote denial-of-service vulnerability in `Plug.Cowboy.Conn` allows any attacker who can reach an HTTPS Plug.Cowboy listener via… - CVE-2026-42327 - rust-openssl has undefined behavior in X509Ref::ocsp_responders for certificates
CVE-2026-42327High
`X509Ref::ocsp_responders` returns OCSP responder URLs from a certificate's AIA extension as `OpensslString`, whose `Deref<Target = str>` wraps the raw bytes… - CVE-2026-42334 - Mongoose's Improper Sanitization of $nor in sanitizeFilter May Allow NoSQL Injec
CVE-2026-42334High
Impact This vulnerability allows bypassing Mongoose’s sanitizeFilter query sanitization mechanism via the `$nor` operator. When sanitizeFilter is enabled,… - CVE-2026-6970 - authd: Primary group ID is incorrectly set to value of UID
CVE-2026-6970High
authd 0.6.0 contains [a bug](https://github.com/canonical/authd/issues/1482) which can lead to an incorrect primary group ID. It affects users whose primary… - GHSA-mggx-p7jf-jgw4 - jdbi3-freemarker Vulnerable to Improper Neutralization of Special Elements Used High
# Summary **Description** An Improper Neutralization of Special Elements Used in a Template Engine (CWE-1336) vulnerability in Jdbi allows arbitrary command… - CVE-2026-43885 - AVideo Vulnerable to Exposure of Sensitive Information to an Unauthorized Actor
CVE-2026-43885High
Summary An unauthenticated user can read `APISecret` from `objects/plugins.json.php` and use it to call protected API endpoints (e.g. `users_list`) without…
Medium (47 条)
- GHSA-3446-6mgw-f79p - Grav is Vulnerable to XXE via SVG Upload Medium 7.5
Dear Grav Security Team, A security vulnerability was discovered in Grav CMS that allows authenticated attackers to read arbitrary files from the server… - CVE-2026-42841 - Grav CMS vulnerable to stored XSS via Markdown media attribute() action
CVE-2026-42841Medium 4.0
Summary An authenticated user with page editing permissions can inject an executable JavaScript event-handler attribute into rendered image HTML through Grav's… - CVE-2026-44424 - ShellHub has cross-tenant IDOR in `GET /api/devices/:uid` that discloses device
CVE-2026-44424Medium 3.1
## Summary `GET /api/devices/:uid` returns the full device object whenever the caller is authenticated, without verifying that the device belongs to the… - CVE-2026-44423 - ShellHub has cross-tenant IDOR in `GET /api/sessions/:uid` that discloses SSH se
CVE-2026-44423Medium 3.1
## Summary `GET /api/sessions/:uid` returns the full session object for any authenticated caller, without scoping by the caller's tenant. An authenticated user… - CVE-2026-44425 - ShellHub has crash-DoS via field injection in filter and sort-by parameters
CVE-2026-44425Medium 3.1
## Summary The device list endpoint accepts user-controlled identifiers in two places that are passed directly as BSON/SQL keys in the database layer without… - CVE-2026-44219 - ciguard: SCA HTTP client reads response body without size cap
CVE-2026-44219Medium 3.1
## Summary Both SCA HTTP clients (`src/ciguard/analyzer/sca/osv.py` and `src/ciguard/analyzer/sca/endoflife.py`) call `payload =… - CVE-2026-44223 - vLLM: extract_hidden_states speculative decoding crashes server on any request w
CVE-2026-44223Medium
Summary The `extract_hidden_states` speculative decoding proposer in vLLM returns a tensor with an incorrect shape after the first decode step, causing a… - GHSA-v5mh-h5hx-7v92 - kube-router: GoBGP gRPC Admin Port Exposed on Node Primary IP Without Authentica Medium
## Summary When the kube-router routing controller starts (`--run-router`), it binds the GoBGP gRPC management server to the node's primary IP (e.g.,…
…另有 39 条 Medium 级漏洞(已省略)
Low (8 条)
- CVE-2026-44218 - ciguard: Container image runs as root (no USER directive)
CVE-2026-44218Low 3.1
## Summary The published `ghcr.io/jo-jo98/ciguard` container image inherits the default root user because the `Dockerfile` lacks a `USER` directive. ciguard is… - CVE-2026-44220 - ciguard: discover_pipeline_files follows symlinks out of scan root
CVE-2026-44220Low 3.1
## Summary The `discover_pipeline_files()` function in `src/ciguard/discovery.py` (introduced in v0.8.0 and used by the MCP `scan_repo` tool shipped in v0.8.1)… - GHSA-7ww3-xvf5-cxwm - ciguard: Web UI is missing HTTP defence-in-depth headers Low 3.1
## Summary ciguard's FastAPI Web UI (`src/ciguard/web/app.py`) does not set HTTP defence-in-depth headers. OWASP ZAP baseline scan flagged 11 alerts: missing…
…另有 5 条 Low 级漏洞(已省略)
🛡️ NVD-Latest(57 条)
Critical (10 条)
- CVE-2026-5294 The Geeky Bot plugin for WordPress is vulnerable to Missing Authorization in ver
CVE-2026-5294Critical 9.8
CVE-2026-5294 CVSS:9.8 The Geeky Bot plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 1.2.2. This is due to a… - CVE-2025-70067 Buffer Overflow vulnerability exists in Assimp versions up to 6.0.2 in the FBX I
CVE-2025-70067Critical 9.8
CVE-2025-70067 CVSS:9.8 Buffer Overflow vulnerability exists in Assimp versions up to 6.0.2 in the FBX Importer. The vulnerability occurs in… - CVE-2026-7747 A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected
CVE-2026-7747Critical 9.8
CVE-2026-7747 CVSS:9.8 A security flaw has been discovered in Totolink N300RH 3.2.4-B20220812. Affected by this vulnerability is the function loginauth of the… - CVE-2025-14320 Improper neutralization of input during web page generation ('cross-site scripti
CVE-2025-14320Critical 9.8
CVE-2025-14320 CVSS:9.8 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Tegsoft Management and… - CVE-2026-7834 A security vulnerability has been detected in EFM ipTIME NAS1dual 1.5.24. This i
CVE-2026-7834Critical 9.8
CVE-2026-7834 CVSS:9.8 A security vulnerability has been detected in EFM ipTIME NAS1dual 1.5.24. This issue affects the function get_csrf_whites of the file… - CVE-2026-34408 An issue was discovered in Gambio 4.9.2.0 (patched in 2024-02 v1.0.0 for GX4 v4.
CVE-2026-34408Critical 9.1
CVE-2026-34408 CVSS:9.1 An issue was discovered in Gambio 4.9.2.0 (patched in 2024-02 v1.0.0 for GX4 v4.0.0.0 to v4.9.2.0). The password reset function can be… - CVE-2026-7482 Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGU
CVE-2026-7482Critical 9.1
CVE-2026-7482 CVSS:9.1 Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an… - CVE-2026-36356 The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MDM9607.LE.1
CVE-2026-36356Critical 9.1
CVE-2026-36356 CVSS:9.1 The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MDM9607.LE.1.0-00110-STD.PROD-1) allows unauthenticated OS command… - CVE-2026-43566 OpenClaw versions 2026.4.7 before 2026.4.14 contain a privilege escalation vulne
CVE-2026-43566Critical 9.1
CVE-2026-43566 CVSS:9.1 OpenClaw versions 2026.4.7 before 2026.4.14 contain a privilege escalation vulnerability where heartbeat owner downgrade logic skips… - CVE-2026-43534 OpenClaw before 2026.4.10 contains an input validation vulnerability that allows
CVE-2026-43534Critical 9.1
CVE-2026-43534 CVSS:9.1 OpenClaw before 2026.4.10 contains an input validation vulnerability that allows external hook metadata to be enqueued as trusted…
High (47 条)
- CVE-2026-23918 Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2
CVE-2026-23918High 8.8
CVE-2026-23918 CVSS:8.8 Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server:… - CVE-2025-58074 A privilege escalation vulnerability exists during the installation of Norton Se
CVE-2025-58074High 8.8
CVE-2025-58074 CVSS:8.8 A privilege escalation vulnerability exists during the installation of Norton Secure VPN via the Microsoft Store. A low-privilege user… - CVE-2026-24072 An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earl
CVE-2026-24072High 8.8
CVE-2026-24072 CVSS:8.8 An escalation of privilege bug in various modules in Apache HTTP 2.4.66 and earlier allows local .htaccess authors to read files with… - CVE-2026-7750 A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerabil
CVE-2026-7750High 8.8
CVE-2026-7750 CVSS:8.8 A vulnerability was detected in Totolink N300RH 3.2.4-B20220812. This vulnerability affects the function setMacFilterRules of the file… - CVE-2026-7749 A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. T
CVE-2026-7749High 8.8
CVE-2026-7749 CVSS:8.8 A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the function setWanConfig of the file… - CVE-2026-7748 A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by t
CVE-2026-7748High 8.8
CVE-2026-7748 CVSS:8.8 A weakness has been identified in Totolink N300RH 3.2.4-B20220812. Affected by this issue is the function setUpgradeFW of the file… - CVE-2026-6261 The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versio
CVE-2026-6261High 8.8
CVE-2026-6261 CVSS:8.8 The Betheme theme for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 28.4. This is due to the… - CVE-2026-43571 OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allo
CVE-2026-43571High 8.8
CVE-2026-43571 CVSS:8.8 OpenClaw before 2026.4.10 contains a plugin trust bypass vulnerability that allows channel setup catalog lookups to resolve workspace… - CVE-2026-43569 OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowin
CVE-2026-43569High 8.8
CVE-2026-43569 CVSS:8.8 OpenClaw before 2026.4.9 contains an authentication bypass vulnerability allowing untrusted workspace plugins to be auto-enabled during… - CVE-2026-43530 OpenClaw versions 2026.2.23 before 2026.4.12 contain a weakened exec approval bi
CVE-2026-43530High 8.8
CVE-2026-43530 CVSS:8.8 OpenClaw versions 2026.2.23 before 2026.4.12 contain a weakened exec approval binding vulnerability in busybox and toybox applet… - CVE-2026-42435 OpenClaw versions from 2026.2.22 before 2026.4.12 contain an insufficient shell
CVE-2026-42435High 8.8
CVE-2026-42435 CVSS:8.8 OpenClaw versions from 2026.2.22 before 2026.4.12 contain an insufficient shell-wrapper detection vulnerability allowing attackers to… - CVE-2026-42434 OpenClaw versions 2026.4.5 before 2026.4.10 contain a sandbox escape vulnerabili
CVE-2026-42434High 8.8
CVE-2026-42434 CVSS:8.8 OpenClaw versions 2026.4.5 before 2026.4.10 contain a sandbox escape vulnerability allowing sandboxed agents to override exec routing… - CVE-2023-54348 ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated
CVE-2023-54348High 8.8
CVE-2023-54348 CVSS:8.8 ERPGo SaaS 3.9 contains a CSV injection vulnerability that allows authenticated attackers to execute arbitrary code by injecting… - CVE-2026-35228 Vulnerability in the Oracle MCP Server Helper Tool product of Oracle Open Source
CVE-2026-35228High 8.7
CVE-2026-35228 CVSS:8.7 Vulnerability in the Oracle MCP Server Helper Tool product of Oracle Open Source Projects (component: helper tool). The supported… - CVE-2026-43533 OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot
CVE-2026-43533High 8.6
CVE-2026-43533 CVSS:8.6 OpenClaw before 2026.4.10 contains an arbitrary file read vulnerability in QQBot media tags that allows attackers to reference… - CVE-2026-42439 OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass v
CVE-2026-42439High 8.5
CVE-2026-42439 CVSS:8.5 OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in the browser tabs action select and… - CVE-2026-6266 A flaw was found in the AAP gateway. The user auto-link strategy, introduced in
CVE-2026-6266High 8.3
CVE-2026-6266 CVSS:8.3 A flaw was found in the AAP gateway. The user auto-link strategy, introduced in AAP 2.6, automatically links an external Identity… - CVE-2026-43526 OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability i
CVE-2026-43526High 8.2
CVE-2026-43526 CVSS:8.2 OpenClaw before 2026.4.12 contains a server-side request forgery vulnerability in QQBot reply media URL handling that allows attackers… - CVE-2025-47407 Memory corruption while creating a process on the digital signal processor due t
CVE-2025-47407High 7.8
CVE-2025-47407 CVSS:7.8 Memory corruption while creating a process on the digital signal processor due to allocation failure at the kernel level. 产品: - CVE-2025-47405 Memory corruption when processing camera sensor input/output control codes with
CVE-2025-47405High 7.8
CVE-2025-47405 CVSS:7.8 Memory corruption when processing camera sensor input/output control codes with invalid output buffers. 产品: - CVE-2026-36365 An issue in Lymphatus caesium-image-compressor All versions up to and including
CVE-2026-36365High 7.8
CVE-2026-36365 CVSS:7.8 An issue in Lymphatus caesium-image-compressor All versions up to and including commit 02da2c6 allows a local attacker to execute… - CVE-2026-36355 The rtl8192cd Wi-Fi kernel driver in the Realtek rtl819x Jungle SDK (all known v
CVE-2026-36355High 7.7
CVE-2026-36355 CVSS:7.7 The rtl8192cd Wi-Fi kernel driver in the Realtek rtl819x Jungle SDK (all known versions through v3.4.14B) does not perform any access… - CVE-2026-43573 OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass v
CVE-2026-43573High 7.7
CVE-2026-43573 CVSS:7.7 OpenClaw before 2026.4.10 contains a server-side request forgery policy bypass vulnerability in existing-session browser interaction… - CVE-2026-43532 OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord event cove
CVE-2026-43532High 7.7
CVE-2026-43532 CVSS:7.7 OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord event cover image parameters in sandbox media processing.… - CVE-2026-43527 OpenClaw before 2026.4.14 contains a server-side request forgery vulnerability i
CVE-2026-43527High 7.7
CVE-2026-43527 CVSS:7.7 OpenClaw before 2026.4.14 contains a server-side request forgery vulnerability in browser SSRF policy that allows private-network… - CVE-2026-42438 OpenClaw versions 2026.4.9 before 2026.4.10 contain a sender policy bypass vulne
CVE-2026-42438High 7.7
CVE-2026-42438 CVSS:7.7 OpenClaw versions 2026.4.9 before 2026.4.10 contain a sender policy bypass vulnerability in the outbound host-media attachment read… - CVE-2026-42436 OpenClaw before 2026.4.14 contains an improper access control vulnerability in b
CVE-2026-42436High 7.7
CVE-2026-42436 CVSS:7.7 OpenClaw before 2026.4.14 contains an improper access control vulnerability in browser snapshot, screenshot, and tab routes that fail… - CVE-2026-3456 The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation p
CVE-2026-3456High 7.5
CVE-2026-3456 CVSS:7.5 The GeekyBot — Generate AI Content Without Prompt, Chatbot and Lead Generation plugin for WordPress is vulnerable to SQL Injection via… - CVE-2026-5100 The AWP Classifieds plugin for WordPress is vulnerable to SQL Injection via the
CVE-2026-5100High 7.5
CVE-2026-5100 CVSS:7.5 The AWP Classifieds plugin for WordPress is vulnerable to SQL Injection via the 'regions' parameter array keys in versions up to, and… - CVE-2026-29169 A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earl
CVE-2026-29169High 7.5
CVE-2026-29169 CVSS:7.5 A NULL pointer dereference in mod_dav_lock in Apache HTTP Server 2.4.66 and earlier may allow an attacker to crash the server with a… - CVE-2025-70069 An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service
CVE-2025-70069High 7.5
CVE-2025-70069 CVSS:7.5 An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp and… - CVE-2026-34059 Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache
CVE-2026-34059High 7.5
CVE-2026-34059 CVSS:7.5 Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to… - CVE-2026-33846 A heap buffer overflow vulnerability exists in the DTLS handshake fragment reass
CVE-2026-33846High 7.5
CVE-2026-33846 CVSS:7.5 A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in… - CVE-2026-4304 The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Injection via
CVE-2026-4304High 7.5
CVE-2026-4304 CVSS:7.5 The WeePie Cookie Allow plugin for WordPress is vulnerable to SQL Injection via the 'consent' parameter in all versions up to, and… - CVE-2026-6918 In Eclipse Open9J versions 0.21 to 0.58, a pre-authentication remote attacker ca
CVE-2026-6918High 7.5
CVE-2026-6918 CVSS:7.5 In Eclipse Open9J versions 0.21 to 0.58, a pre-authentication remote attacker can crash JITServer by sending a 32-byte crafted TCP… - CVE-2026-42437 OpenClaw versions 2026.4.9 before 2026.4.10 contain a denial of service vulnerab
CVE-2026-42437High 7.5
CVE-2026-42437 CVSS:7.5 OpenClaw versions 2026.4.9 before 2026.4.10 contain a denial of service vulnerability in the voice-call realtime WebSocket path that… - CVE-2023-54347 OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows a
CVE-2023-54347High 7.5
CVE-2023-54347 CVSS:7.5 OpenEMR 7.0.1 contains an authentication brute force vulnerability that allows attackers to bypass rate limiting protections by sending… - CVE-2026-43870 Origin Validation Error, Improper Limitation of a Pathname to a Restricted Direc
CVE-2026-43870High 7.3
CVE-2026-43870 CVSS:7.3 Origin Validation Error, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Improper Neutralization of… - CVE-2026-43869 Improper Validation of Certificate with Host Mismatch vulnerability in Apache Th
CVE-2026-43869High 7.3
CVE-2026-43869 CVSS:7.3 Improper Validation of Certificate with Host Mismatch vulnerability in Apache Thrift. This issue affects Apache Thrift: before 0.23.0.… - CVE-2026-7810 A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b
CVE-2026-7810High 7.3
CVE-2026-7810 CVSS:7.3 A flaw has been found in UsamaK98 python-notebook-mcp up to a05a232815809a7e425b5fa7be26e0d4369894c2. Impacted is the function… - CVE-2026-29168 Allocation of Resources Without Limits or Throttling vulnerability in Apache HTT
CVE-2026-29168High 7.3
CVE-2026-29168 CVSS:7.3 Allocation of Resources Without Limits or Throttling vulnerability in Apache HTTP Server's mod_md via OCSP response data. This issue… - CVE-2026-43531 OpenClaw before 2026.4.9 contains an environment variable injection vulnerabilit
CVE-2026-43531High 7.3
CVE-2026-43531 CVSS:7.3 OpenClaw before 2026.4.9 contains an environment variable injection vulnerability allowing malicious workspace .env files to set… - CVE-2026-4803 The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Si
CVE-2026-4803High 7.2
CVE-2026-4803 CVSS:7.2 The Royal Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'status' parameter in the… - CVE-2026-3120 Improper Control of Generation of Code ('Code Injection') vulnerability in Profe
CVE-2026-3120High 7.2
CVE-2026-3120 CVSS:7.2 Improper Control of Generation of Code ('Code Injection') vulnerability in Profelis Information and Consulting Trade and Industry… - CVE-2026-7833 A weakness has been identified in EFM ipTIME C200 up to 1.092. This vulnerabilit
CVE-2026-7833High 7.2
CVE-2026-7833 CVSS:7.2 A weakness has been identified in EFM ipTIME C200 up to 1.092. This vulnerability affects the function sub_408F90 of the file… - CVE-2026-40563 Description: Improper Control of Generation of Code ('Code Injection') vulnerabi
CVE-2026-40563High 7.1
CVE-2026-40563 CVSS:7.1 Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Atlas Apache Atlas exposes a DSL search… - CVE-2026-7832 A security flaw has been discovered in IObit Advanced SystemCare 19. This affect
CVE-2026-7832High 7.0
CVE-2026-7832 CVSS:7.0 A security flaw has been discovered in IObit Advanced SystemCare 19. This affects an unknown part of the file ASC.exe of the component…
⚔️ Sploitus(42 条)
Unknown (42 条)
- Exploit for Incorrect Implementation of Authentication Algorithm in Google Android exploit
Exploit for Incorrect Implementation of Authentication Algorithm in Google Android exploit - Exploit for Missing Authentication for Critical Function in Cpanel exploit
Exploit for Missing Authentication for Critical Function in Cpanel exploit
…另有 40 条 Unknown 级漏洞(已省略)
🤖 漏洞情报自动汇总 · 2026-05-07 · 数据来源: NVD / GitHub Advisory / Sploitus / CISA-KEV