📊 2026-05-08 漏洞情报日报 · 200 条 · 高危 75
每日漏洞情报汇总 · 2026-05-08
📊 2026-05-08 漏洞情报日报
📋 共 200 条
🔥 高危/严重 75 条
🚨 CISA-KEV 1 条
💣 Exploit-DB-RSS 6 条
🐙 GitHub-Advisory 107 条 🔥56
🛡️ NVD-Latest 19 条 🔥19
⚔️ Sploitus 67 条
🤖 今日安全态势分析
🎯 今日重点关注
- vm2 系列沙箱逃逸漏洞 (CVE-2026-43999, CVE-2026-44006, CVE-2026-44007 等): 多个CRITICAL级别漏洞集中爆发。攻击者可通过绕过内置白名单、利用代理对象或启用嵌套模式等方式,从受保护的沙箱中逃逸,在宿主主机上执行任意代码。影响所有使用vm2库的Node.js应用,利用条件低。
- 供应链投毒攻击 (PyTorch Lightning, Intercom): PyTorch Lightning和Intercom的官方软件包/仓库被植入恶意代码。攻击者窃取了开发者凭证或服务账号,发布了包含后门的版本,影响范围覆盖所有依赖这些包的开发者和企业。
- Apache HTTP Server 堆缓冲区溢出 (CVE-2026-28780, CVSS 9.8): 存在于mod_proxy_ajp模块中的严重漏洞。若Apache服务器作为反向代理连接到恶意AJP后端,攻击者可通过发送特制的AJP消息触发堆缓冲区溢出,可能导致远程代码执行或服务崩溃。
📈 威胁趋势
- 远程代码执行 (RCE): 今日漏洞的主要威胁,占比最高。典型代表包括vm2沙箱逃逸系列漏洞、Apache HTTP Server的堆溢出漏洞 (CVE-2026-28780) 和GeoVision GV-ASWeb的命令注入漏洞 (CVE-2026-7841)。
- 供应链攻击: 今日出现多起针对知名开源项目的投毒事件,如PyTorch Lightning和Intercom。攻击手法趋于成熟,利用凭证窃取或服务账号接管进行版本篡改,具有高隐蔽性和大规模影响的特点。
- SQL注入: 传统但持续有效的威胁。ProFTPD (CVE-2026-44331) 和WordPress插件 (CVE-2026-1719) 均被发现存在SQL注入漏洞,可导致数据泄露或服务器被控制。
- 会话固定/认证绕过: Apache Wicket框架 (CVE-2026-40010) 因未正确处理会话绑定后的方法调用,存在会话固定风险,攻击者可劫持用户会话。
🛡️ 缓解建议
- 立即隔离并升级vm2库: 所有使用vm2库的项目应暂停使用或立即升级到官方发布的最新修复版本。在无法立即升级的情况下,建议禁用对`module`内置对象的通配符授权,并检查`nesting: true`配置项。
- 排查并替换被投毒的软件包: 检查PyPI和npm依赖,确认是否使用了被污染的PyTorch Lightning版本或intercom-client版本。立即替换为官方确认的安全版本,并轮换所有可能泄露的访问令牌、API密钥及开发者凭证。
- 对Apache服务器进行配置加固和补丁更新: 将Apache HTTP Server升级至修复版本。如无法更新,建议关闭mod_proxy_ajp模块,或在代理配置中添加严格验证规则,仅允许连接可信的AJP后端。
- 加强系统输入验证与最小权限原则: 针对GeoVision GV-ASWeb和SFR路由器等嵌入式设备,立即部署其官方补丁。同时,在所有Web应用中实施严格的输入验证和命令参数化,避免将用户输入直接传入系统命令。缩减服务运行权限,限制攻击后的横向移动。
🚨 CISA-KEV(1 条)
Unknown (1 条)
- CVE-2026-6973 - Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability
CVE-2026-6973
CVE-2026-6973 Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability 产品: Ivanti Endpoint Manager Mobile (EPMM) 描述: Ivanti Endpoint…
💣 Exploit-DB-RSS(6 条)
Unknown (6 条)
- [webapps] ThingsBoard IoT Platform 4.2.0 - Server-Side Request Forgery (SSRF)
[webapps] ThingsBoard IoT Platform 4.2.0 - Server-Side Request Forgery (SSRF) ThingsBoard IoT Platform 4.2.0 - Server-Side Request Forgery (SSRF) - [local] NocoBase 2.0.27 - VM Sandbox Escape
[local] NocoBase 2.0.27 - VM Sandbox Escape NocoBase 2.0.27 - VM Sandbox Escape
…另有 4 条 Unknown 级漏洞(已省略)
🐙 GitHub-Advisory(107 条)
Critical (17 条)
- CVE-2026-43999 - vm2 has a NodeVM builtin allowlist bypass via `module` builtin's `Module._load`
CVE-2026-43999Critical 3.1
## Summary NodeVM's `builtin` allowlist can be bypassed when the `module` builtin is allowed (including via the `'*'` wildcard). The `module` builtin exposes… - CVE-2026-44006 - vm2 has a Sandbox Escape Vulnerability
CVE-2026-44006Critical
Summary It is possible to reach `BaseHandler.getPrototypeOf`, which can be used to get arbitrary prototypes Details… - CVE-2026-43997 - vm2 Access to Host Object Enables Sandbox Escape
CVE-2026-43997Critical
Summary It is possible to obtain the host `Object`, https://github.com/patriksimek/vm2/commit/ebcfe94ad2f864f0bc35e78cff1d921107cfd160 added some protections,… - CVE-2026-44005 - vm2: Mutable Proxies for Host Intrinsic Prototypes Allows Sandbox Escape
CVE-2026-44005Critical
Summary vm2's bridge exposes mutable proxies for real host-realm intrinsic prototypes and then forwards sandbox writes into the underlying host objects with… - CVE-2026-44007 - vm2 NodeVM `nesting: true` bypasses `require: false` allowing sandbox escape and
CVE-2026-44007Critical
Summary When a `NodeVM` is created with `nesting: true`, sandbox code can unconditionally `require('vm2')` regardless of the outer VM's `require` configuration… - GHSA-gr3r-crp5-qrrm - Compromised tag of intercom-php published via GitHub Critical
Impact On April 30, 2026, a malicious commit was pushed to the intercom/intercom-php repository and tagged as version 5.0.2, using a compromised service… - GHSA-54pg-9963-v8vg - Compromised version of intercom-client published to npm Critical
Impact On April 30, 2026, version 7.0.4 of intercom-client was published to npm using credentials obtained from a compromised developer account. This version… - CVE-2026-44484 - Compromise of PyTorch Lightning PyPi Package Versions
CVE-2026-44484Critical
# Security Advisory: Compromise of PyTorch Lightning PyPI Package Versions **Published:** 2026-04-30 **Last Updated:** 2026-04-30 Lightning AI has identified a… - CVE-2026-42589 - Gotenberg has Unauthenticated RCE via ExifTool Metadata Key Injection
CVE-2026-42589Critical
# Unauthenticated RCE in Gotenberg via Metadata Key Newline Injection ## Summary Gotenberg's `/forms/pdfengines/metadata/write` HTTP endpoint accepts a JSON… - CVE-2026-42596 - Gotenberg vulnerable to unauthenticated SSRF via default deny-list bypass in dow
CVE-2026-42596Critical
Summary The default deny-lists used by Gotenberg's `downloadFrom` feature and `webhook` feature are bypassable. Because the filter is regex-based and… - CVE-2026-41050 - Fleet: Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` d
CVE-2026-41050Critical
Impact Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a Fleet-monitored… - CVE-2026-42880 - ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction
CVE-2026-42880Critical
Summary There is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows an attacker with read-only access to extract… - CVE-2026-44542 - FileBrowser Public Share DELETE API Path Traversal Allows Unauthenticated Arbitr
CVE-2026-44542Critical
**Summary** Attacker-controlled path input is joined with a trusted base path prior to sanitization, allowing traversal sequences (e.g., ../) to escape the… - CVE-2026-42555 - Valtimo has SpEL injection via StandardEvaluationContext that allows Remote Code
CVE-2026-42555Critical
Summary Multiple classes evaluate Spring Expression Language (SpEL) expressions from user-supplied input using `StandardEvaluationContext`, which provides… - CVE-2026-44351 - fast-jwt: JWT auth bypass due to empty HMAC secret accepted by async key resolve
CVE-2026-44351Critical
Summary A critical authentication-bypass vulnerability in `fast-jwt`'s async key-resolver flow allows any unauthenticated attacker to forge arbitrary JWTs that… - CVE-2026-44364 - misp-modules website - Missing CSRF protection in the website home blueprint
CVE-2026-44364Critical
A Cross-Site Request Forgery vulnerability in the MISP Modules website allowed an attacker to cause an authenticated user to submit unintended requests to the… - GHSA-9h64-2846-7x7f - Axonflow fixed bugs by implementing multi-tenant isolation and access-control ha Critical
## Summary Eight independently-filed bug fixes in the v7.1.3 → v7.5.0 release window collectively close a set of multi-tenant isolation, access-control, and…
High (39 条)
- CVE-2026-42602 - opentelemetry-collector-contrib's azureauthextension Authenticate method does no
CVE-2026-42602High 8.1
Summary A server-side authentication bypass in `azureauthextension` allows any party who holds a single valid Azure access token for *any scope the collector's… - CVE-2026-43998 - vm2 has a NodeVM require.root bypass via symlink traversal that allows sandbox e
CVE-2026-43998High 3.1
## Summary NodeVM's `require.root` path restriction can be bypassed using filesystem symlinks, allowing sandboxed code to load modules from outside the allowed… - CVE-2026-44001 - vm2 has a Sandbox Escape via Promise Constructor Unhandled Rejection (Process Cr
CVE-2026-44001High
Summary A sandbox escape vulnerability in vm2 v3.10.5 allows any sandboxed code to crash the host Node.js process via a single Promise constructor that… - CVE-2026-44004 - vm2 Sandbox Access to Host Buffer.alloc Allows timeout Bypass Resulting in Memor
CVE-2026-44004High
Summary Sandboxed code can call `Buffer.alloc()` with an arbitrary size to allocate memory directly on the host heap. Because `Buffer.alloc` is a synchronous… - CVE-2026-44513 - Diffusers has a `trust_remote_code` bypass via `custom_pipeline` and local custo
CVE-2026-44513High
Impact A `trust_remote_code` bypass in `DiffusionPipeline.from_pretrained` allows arbitrary remote code execution despite the user passing… - CVE-2026-42553 - Cinny vulnerable to access token disclosure via invalidated emoji pack avatar UR
CVE-2026-42553High
Impact A remote authenticated attacker who shares a room with a victim and has permissions to create room emotes (for example in a DM) can cause the victim's… - CVE-2026-27891 - FacturaScripts Vulnerable to Remote Code Execution (RCE) via Zip Slip in Plugin
CVE-2026-27891High
Summary A Critical vulnerability exists in the `Plugins::add()` function. The system fails to properly validate the file paths within uploaded ZIP archives.… - CVE-2026-42582 - Netty HTTP/3 QPACK literal unbounded allocation
CVE-2026-42582High
Summary When Netty decodes HTTP/3 headers, it sometimes runs `new byte[length]` using a length from the wire before checking that many bytes are really there.… - CVE-2026-42583 - Netty Lz4FrameDecoder is vulnerable to resource exhaustion
CVE-2026-42583High
Summary Lz4FrameDecoder allocates a ByteBuf of size `decompressedLength` (up to 32 MB per block) before LZ4 runs. A peer only needs a 21-byte header plus… - CVE-2026-42584 - Netty has HttpClientCodec response desynchronization
CVE-2026-42584High
Summary If HttpClientCodec is configured, there are use cases when a response body from one request, can be parsed as another's. Details HttpClientCodec pairs… - CVE-2026-42587 - Netty: HttpContentDecompressor maxAllocation bypass when Content-Encoding set to
CVE-2026-42587High
## Summary `HttpContentDecompressor` accepts a `maxAllocation` parameter to limit decompression buffer size and prevent decompression bomb attacks. This limit… - CVE-2026-42590 - Gotenberg's ExifTool group-prefix syntax bypasses dangerous-tag blocklist
CVE-2026-42590High
**Summary** The ExifTool metadata write blocklist in Gotenberg v8 can be bypassed using ExifTool's group-prefix syntax, enabling arbitrary file rename, move,… - CVE-2026-42591 - Gotenberg has a Server-Side Request Forgery (SSRF) Issue
CVE-2026-42591High
Summary The SSRF hardening shipped in v8.31.0 only covers outbound URLs that Gotenberg's Go code handles — Chromium asset fetches, webhook delivery, and… - CVE-2026-42594 - Gotenberg has an unauthenticated denial of service via echo.Context pool reuse i
CVE-2026-42594High
## Summary The webhook middleware spawns a goroutine that holds a reference to the request's `echo.Context` after the synchronous handler returns… - GHSA-fc67-c4hg-q653 - Amazon ECS Container Agent (Windows) is vulnerable to Information Disclosure High
Summary [Amazon Elastic Container Service (Amazon ECS)](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/Welcome.html) is a fully managed container… - CVE-2026-25705 - Rancher Extensions have arbitrary file access via path traversal
CVE-2026-25705High
Impact A vulnerability has been identified in [Rancher's Extensions](https://ranchermanager.docs.rancher.com/integrations-in-rancher/rancher-extensions) where… - CVE-2026-44503 - Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on c
CVE-2026-44503High
Summary The RedirectHandler middleware in microsoft/kiota-java (com.microsoft.kiota:microsoft-kiota-http-okHttp v1.9.0) and other Kiota libraries fails to… - CVE-2026-44504 - Aegra has cross-user run injection in /threads/{thread_id}/runs (IDOR)
CVE-2026-44504High
## Impact Aegra deployments running 0.9.0 through 0.9.6 with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any… - GHSA-fpf5-4jw8-67x8 - rust-zserio has Unbounded Memory Allocation High
Impact When deserializing arrays, strings or bytes (blob) types zserio first reads the size of the variable, and then allocates sufficient memory to load data.… - CVE-2026-42083 - Free5GC PCF: Missing authentication middleware in Npcf_SMPolicyControl allows ac
CVE-2026-42083High
Summary PCF Npcf_SMPolicyControl missing authentication middleware allows unauthenticated access to SM policy handlers and disclosure of subscriber SUPI… - CVE-2026-42459 - Free5GC UDM has Improper Input Validation and Generation of Error Messages Conta
CVE-2026-42459High
## Summary The free5GC UDM component fails to validate the `supi` path parameter in six GET handlers of the `nudm-sdm` (Subscriber Data Management) service. An… - CVE-2026-44511 - katalyst-koi: Session cookies can be replayed after user logout
CVE-2026-44511High
Impact Admin session cookies were not invalidated when an admin user logged out. An attacker with access to a valid admin session cookie could continue to… - GHSA-j7w6-vpvq-j3gm - Diffusers: None.py has Trust Remote Code Bypass High
## Background This vulnerability is found in the `DiffusionPipeline.from_pretrained` flow, which is used to load a pipeline from the HuggingFace Hub. This… - GHSA-m38g-vww2-mvgx - Talos Linux has a local privilege escalation from untrusted workloads
CVE-2026-31431High
Summary A vulnerability in the Linux kernel's algif_aead subsystem (CVE-2026-31431, "copy.fail") allows an unprivileged container workload to corrupt arbitrary… - GHSA-3v94-mw7p-v465 - hickory-proto: NSEC3 closest-encloser proof validation enters unbounded loop on High
The NSEC3 closest-encloser proof validation in `hickory-proto`'s (0.25.0-alpha.3 ... 0.25.2) and `hickory-net`'s (0.26.0-alpha.1 .. 0.26.0) `DnssecDnsHandle`… - CVE-2026-39804 - Bandit's unbounded WebSocket inflate causes BEAM OOM with a single frame
CVE-2026-39804High
Summary When a Bandit-fronted server has explicitly enabled WebSocket permessage-deflate (`compress: true`), an unauthenticated client can OOM the BEAM with a… - CVE-2026-42786 - Bandit Buffers Unbounded WebSocket Continuation Frames, Allowing Unauthenticated
CVE-2026-42786High
Summary A single unauthenticated WebSocket client can exhaust server memory in any Bandit-fronted application that accepts WebSocket connections. The… - CVE-2026-42557 - JupyterLab's command linker attributes in HTML enable one-click command executio
CVE-2026-42557High
JupyterLab's HTML sanitizer allowlists `data-commandlinker-command` and `data-commandlinker-args` on `button` elements, while `CommandLinker` listens for all… - CVE-2026-44307 - Mako vulnerable to path traversal via backslash URI on Windows in TemplateLookup
CVE-2026-44307High
## Summary On Windows, a URI using backslash traversal (e.g. `\..\..\ secret.txt`) bypasses the directory traversal check in `Template.__init__` and the… - CVE-2026-42559 - rmcp Streamable HTTP server transport has a DNS rebinding vulnerability
CVE-2026-42559High
## Summary Prior to version 1.4.0, the `rmcp` crate's Streamable HTTP server transport (`crates/rmcp/src/transport/streamable_http_server/`) did not validate… - CVE-2026-42561 - python-multipart has Denial of Service via unbounded multipart part headers
CVE-2026-42561High
Summary `python-multipart` has a denial of service vulnerability in multipart part header parsing. When parsing `multipart/form-data`, `MultipartParser`… - CVE-2026-44244 - GitPython: Newline injection in config_writer().set_value() enables RCE via core
CVE-2026-44244High
`GitConfigParser.set_value()` passes values to Python's `configparser` without validating for newlines. GitPython's own `_write()` converts embedded newlines… - CVE-2026-44335 - PraisonAI has an SSRF bypass
CVE-2026-44335High
Summary The URL checking logic in PraisonAI has a logical flaw that could be bypassed by attackers, leading to SSRF attacks. Details The current PraisonAI… - CVE-2026-44334 - PraisonAI has unauthenticated RCE via `tool_override.py` (CVE-2026-40287 patch b
CVE-2026-44334High
## TL;DR CVE-2026-40287's fix gated `tools.py` auto-import behind `PRAISONAI_ALLOW_LOCAL_TOOLS=true` in **two** files (`tool_resolver.py`, `api/call.py`). A… - CVE-2026-44349 - Daptin fuzzy search injects unvalidated column name into raw SQL
CVE-2026-44349High
## Summary `processFuzzySearch` in `server/resource/resource_findallpaginated.go:1484` splits the user-supplied `column` parameter by comma and interpolates… - CVE-2026-42845 - Grav Form Plugin has an Anonymous Page Content Overwrite via Form File Upload fi
CVE-2026-42845High
Summary (Tested on Form 9.0.3 released on April, 28th) The Form plugin's file upload handler at `user/plugins/form/classes/Form.php:583` accepts a… - CVE-2026-44375 - Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes
CVE-2026-44375High
Summary Nerdbank.MessagePack contains an uncontrolled stack allocation vulnerability in DateTime decoding. A malicious MessagePack payload can declare an… - CVE-2026-0897 - Keras vulnerable to DoS via Malicious .keras Model (HDF5 Shape Bomb Causes Petab
CVE-2026-0897High
Summary Keras’s model loader (KerasFileEditor) unsafely loads user-supplied .keras model files containing HDF5-based weight files without performing any… - CVE-2026-42577 - Netty epoll transport denial of service via RST on half-closed TCP connection
CVE-2026-42577High
## Summary Netty's epoll transport fails to detect and close TCP connections that receive a RST after being half-closed, leading to stale channels that are…
Medium (44 条)
- CVE-2026-44424 - ShellHub has cross-tenant IDOR in `GET /api/devices/:uid` that discloses device
CVE-2026-44424Medium 3.1
## Summary `GET /api/devices/:uid` returns the full device object whenever the caller is authenticated, without verifying that the device belongs to the… - CVE-2026-44000 - vm2 Host Promise Resolution Preserves Object Identity Across Sandbox Boundary
CVE-2026-44000Medium
Summary A sandbox boundary violation in **vm2** allows host object identity to cross into the sandbox through host Promise resolution. When a host-side Promise… - CVE-2026-44002 - vm2 is Vulnerable to Host File Path Disclosure via Stack Trace Information Leak
CVE-2026-44002Medium
Summary vm2's `CallSite` wrapper class (intended as a safe wrapper for V8's native CallSite) blocks `getThis()` and `getFunction()` to prevent host object… - CVE-2026-44003 - vm2's Transformer Fast-Path Bypass Exposes Internal State Variable
CVE-2026-44003Medium
Summary vm2's code transformer has a performance optimization that skips AST analysis when the code does not contain `catch`, `import`, or `async` keywords.… - CVE-2026-44248 - Netty MQTT: Resource exhaustion in MqttDecoder
CVE-2026-44248Medium
Impact The MQTT 5 header Properties section is parsed and buffered _before_ any message size limit is applied. Specifically, in `MqttDecoder`, the… - CVE-2026-40610 - BentoML has Information Disclosure in `bentoml build` via symlink traversal in t
CVE-2026-40610Medium
Summary BentoML's `bentoml build` packaging workflow follows attacker-controlled symlinks inside the build context and copies the referenced file contents into… - CVE-2026-27892 - FacturaScripts Vulnerable to Unstripped Image Metadata (EXIF) Leakage via Librar
CVE-2026-27892Medium
## Summary **Fectura Scripts** is an open-source ERP application, a **sensitive information disclosure vulnerability** was identified in the **Library**… - CVE-2026-42877 - FacturaScripts vulnerable to stored XSS via product reference in sales/purchases
CVE-2026-42877Medium
## Summary A stored Cross-Site Scripting (XSS) vulnerability exists in the product search modal of sales and purchases documents. An authenticated user with…
…另有 36 条 Medium 级漏洞(已省略)
Low (7 条)
- CVE-2026-27964 - FacturaScripts vulnerable to Reflected Cross-Site Scripting (XSS) via Cookie Man
CVE-2026-27964Low
Summary A Reflected Cross-Site Scripting (XSS) vulnerability exists in the fsNick cookie parameter. The application reflects the cookie's value directly into… - GHSA-39g5-644c-qwcg - container: pf Rule Injection via Domain Name Argument in `container system dns c Low
#### Product Name: container Github Link: https://github.com/apple/container Version: <= 0.12.2 #### Summary The `container system dns create --localhost`… - CVE-2026-42082 - Free5GC AMF has Missing Concurrent NAS SMC Validation During NGAP Handover
CVE-2026-42082Low
Summary The AMF in Free5GC v4.2.1 does not enforce the concurrent security procedure rules defined in 3GPP TS 33.501 §6.9.5.1. The AMF does not check for…
…另有 4 条 Low 级漏洞(已省略)
🛡️ NVD-Latest(19 条)
Critical (2 条)
- CVE-2026-28780 Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server.
CVE-2026-28780Critical 9.8
CVE-2026-28780 CVSS:9.8 Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP server… - CVE-2026-40010 Missing invocation of Servlet http web request method changeSessionId after sess
CVE-2026-40010Critical 9.1
CVE-2026-40010 CVSS:9.1 Missing invocation of Servlet http web request method changeSessionId after session binding can be exploited for a session fixation…
High (17 条)
- CVE-2026-7841 A remote code execution vulnerability exists in Notification Settings on GeoVisi
CVE-2026-7841High 8.8
CVE-2026-7841 CVSS:8.8 A remote code execution vulnerability exists in Notification Settings on GeoVision GV-ASWeb 6.2.0. An authenticated user with System… - CVE-2026-31196 The traceroute diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR
CVE-2026-31196High 8.8
CVE-2026-31196 CVSS:8.8 The traceroute diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway,… - CVE-2026-31195 The ping diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR Franc
CVE-2026-31195High 8.8
CVE-2026-31195 CVSS:8.8 The ping diagnostic handler in /bin/httpd_clientside for ALTICE LABS / SFR France GR140DG and GR140IG fibre CPE/Router/Gateway, inserts… - CVE-2026-44331 In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqlta
CVE-2026-44331High 8.1
CVE-2026-44331 CVSS:8.1 In ProFTPD through 1.3.9a before 7666224, a SQL injection vulnerability in sqltab_fetch_clients_cb() in contrib/mod_wrap2_sql.c allows… - CVE-2026-1719 The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection
CVE-2026-1719High 7.5
CVE-2026-1719 CVSS:7.5 The Gravity Bookings Premium plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.5.9 due to… - CVE-2025-71256 In nr modem, there is a possible improper input validation. This could lead to r
CVE-2025-71256High 7.5
CVE-2025-71256 CVSS:7.5 In nr modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution… - CVE-2025-71255 In Modem IMS, there is a possible improper input validation. This could lead to
CVE-2025-71255High 7.5
CVE-2025-71255 CVSS:7.5 In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution… - CVE-2025-71254 In Modem IMS, there is a possible improper input validation. This could lead to
CVE-2025-71254High 7.5
CVE-2025-71254 CVSS:7.5 In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution… - CVE-2025-71253 In Modem IMS, there is a possible improper input validation. This could lead to
CVE-2025-71253High 7.5
CVE-2025-71253 CVSS:7.5 In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution… - CVE-2025-71252 In Modem IMS, there is a possible improper input validation. This could lead to
CVE-2025-71252High 7.5
CVE-2025-71252 CVSS:7.5 In Modem IMS, there is a possible improper input validation. This could lead to remote denial of service with no additional execution… - CVE-2025-71251 In IMS, there is a possible system crash due to improper input validation. This
CVE-2025-71251High 7.5
CVE-2025-71251 CVSS:7.5 In IMS, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no… - CVE-2024-52911 Bitcoin Core through 28.x has a security issue, the details of which are not dis
CVE-2024-52911High 7.5
CVE-2024-52911 CVSS:7.5 Bitcoin Core through 28.x has a security issue, the details of which are not disclosed. The earliest affected version is 0.14. 产品: - CVE-2025-66369 An issue was discovered in MM in Samsung Mobile Processor, Wearable Processor, a
CVE-2025-66369High 7.5
CVE-2025-66369 CVSS:7.5 An issue was discovered in MM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330,… - CVE-2026-7448 The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for W
CVE-2026-7448High 7.2
CVE-2026-7448 CVSS:7.2 The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting… - CVE-2026-7332 The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for W
CVE-2026-7332High 7.2
CVE-2026-7332 CVSS:7.2 The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting… - CVE-2026-7857 A vulnerability has been found in D-Link DI-8100 16.07.26A1. This vulnerability
CVE-2026-7857High 7.2
CVE-2026-7857 CVSS:7.2 A vulnerability has been found in D-Link DI-8100 16.07.26A1. This vulnerability affects the function sprintf of the file /user_group.asp… - CVE-2026-7856 A flaw has been found in D-Link DI-8100 16.07.26A1. This affects an unknown part
CVE-2026-7856High 7.2
CVE-2026-7856 CVSS:7.2 A flaw has been found in D-Link DI-8100 16.07.26A1. This affects an unknown part of the file /url_member.asp of the component Web…
⚔️ Sploitus(67 条)
Unknown (67 条)
- cybersec-lab-trainer exploit
cybersec-lab-trainer exploit - Exploit for CVE-2026-7482 exploit
CVE-2026-7482
Exploit for CVE-2026-7482 exploit
…另有 65 条 Unknown 级漏洞(已省略)
🤖 漏洞情报自动汇总 · 2026-05-08 · 数据来源: NVD / GitHub Advisory / Sploitus / CISA-KEV