📊 2026-05-09 漏洞情报日报 · 200 条 · 高危 90
每日漏洞情报汇总 · 2026-05-09
📊 2026-05-09 漏洞情报日报
📋 共 200 条
🔥 高危/严重 90 条
🚨 CISA-KEV 1 条
🐙 GitHub-Advisory 80 条 🔥42
🛡️ NVD-Latest 48 条 🔥48
⚔️ Sploitus 71 条
🤖 今日安全态势分析
🎯 今日重点关注
- CVE-2026-33587 (CVSS 10.0) - Open Notebook v1.8.3 由于未对用户输入进行清理,导致存在服务器端模板注入(SSTI)。攻击者可通过创建笔记触发任意Python代码执行,进而控制Docker容器,构成完全接管风险。
- CVE-2026-43999 (CVSS 9.x Critical) - vm2沙箱逃逸漏洞。当允许使用`module`内置模块(包括通配符`*`)时,攻击者可利用`Module._load()`在宿主上下文中加载任意模块,完全绕过NodeVM的allowlist限制。
- CVE-2026-44211 (Critical) - Cline Kanban Server的WebSocket服务未验证Origin头部。任何恶意网站均可直接连接本地运行的Kanban服务,窃取开发环境中的敏感任务数据。
- free5GC 系列漏洞 (CVE-2026-44315等,Critical) - 5G核心网组件NEF和SMF多个API(如3gpp-pfd-management、UPI管理接口)缺失OAuth2认证。网络攻击者无需令牌即可直接增删改查订阅数据与配置,严重威胁核心网安全。
- CVE-2026-37709 (Critical) - Snipe-IT资产管理系统文件上传权限控制不当,远程攻击者可利用`UploadedFilesController.php`上传恶意文件,执行任意代码,影响范围广。
📈 威胁趋势
- 远程代码执行/沙箱逃逸 (RCE/Sandbox Escape): 漏洞数量最多、危害最高。典型包括Open Notebook的SSTI (CVE-2026-33587) 与vm2沙箱绕过 (CVE-2026-43999),攻击者无需特殊权限即可取得系统控制权。
- 身份认证/授权缺失: 主要集中于5G核心网及物联网设备。free5GC多接口无认证 (CVE-2026-44315系列)、Optoma投影仪开放未授权API (CVE-2026-30496) 导致配置泄露与完全接管。
- 跨域/信息泄露: 前端开发工具与Web组件是重灾区。Cline Kanban WebSocket劫持(CVE-2026-44211)与Firefox/TB的WebRTC绑定检查缺陷(CVE-2026-8094)可导致敏感数据泄露。
- 路径遍历/参数注入: Wish SSH服务器的SCP中间件存在路径遍历 (CVE-2026-41589),可越权读写文件;DivvyDrive存在开放重定向与参数注入 (CVE-2026-6795)。
- 内存损坏/解析错误: OpenEXR图片库 (CVE-2026-42217) 与Firefox媒体播放 (CVE-2026-8091) 存在边界条件错误,可被利用导致崩溃或代码执行。
🛡️ 缓解建议
- 优先修补高危代码执行漏洞: 立即升级Open Notebook至修复版,移除vm2中的`module`通配符权限或升级至已修补版本,更新Snipe-IT至2026-03-10之后的commit。
- 强化5G与物联网设备认证: 为free5GC的NEF/SMF接口配置并启用OAuth2中间件,隔离SBI网段。对于Optoma等消费级IOT设备,若无必要应关闭公网暴露端口(如2345),并更新固件。
- 更新浏览器与开发工具: 立即将Firefox、Thunderbird升级至修复版本(Firefox 150或ESR 140.10.2),停止使用存在WebSocket劫持漏洞的cline Kanban旧版本,或修改其监听地址为非本地回环。
- 加强文件上传与输入验证: 检查所有涉及用户上传或模板渲染的应用(如Snipe-IT),强制执行文件类型白名单与内容扫描,并全面实施输出编码以防止SSTI与注入攻击。
🚨 CISA-KEV(1 条)
Unknown (1 条)
- CVE-2026-42208 - BerriAI LiteLLM SQL Injection Vulnerability
CVE-2026-42208
CVE-2026-42208 BerriAI LiteLLM SQL Injection Vulnerability 产品: BerriAI LiteLLM 描述: BerriAI LiteLLM contains a SQL injection vulnerability that allows an…
🐙 GitHub-Advisory(80 条)
Critical (15 条)
- CVE-2026-43999 - vm2 has a NodeVM builtin allowlist bypass via `module` builtin's `Module._load`
CVE-2026-43999Critical 3.1
## Summary NodeVM's `builtin` allowlist can be bypassed when the `module` builtin is allowed (including via the `'*'` wildcard). The `module` builtin exposes… - CVE-2026-44211 - Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability
CVE-2026-44211Critical
## Summary The `kanban` npm package (used by the `cline` CLI) starts a WebSocket server on `127.0.0.1:3484` with no Origin header validation. Any website a… - CVE-2026-44315 - free5GC's NEF 3gpp-pfd-management API is unauthenticated; forged bearer tokens c
CVE-2026-44315Critical
Summary free5GC's NEF mounts the `3gpp-pfd-management` API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI… - CVE-2026-44326 - free5GC's NEF 3gpp-traffic-influence API is unauthenticated; missing or forged b
CVE-2026-44326Critical
Summary free5GC's NEF mounts the `3gpp-traffic-influence` API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the… - CVE-2026-44327 - free5GC's NEF nnef-oam route group is unauthenticated; no-token requests reach t
CVE-2026-44327Critical
Summary free5GC's NEF mounts the `nnef-oam` route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can… - CVE-2026-44329 - free5GC's SMF UPI management interface lacks auth middleware; unauthenticated to
CVE-2026-44329Critical
Summary free5GC's SMF mounts the `UPI` management route group without OAuth2/bearer-token authorization middleware. A network attacker who can reach SMF on the… - CVE-2026-44330 - free5GC's NEF nnef-pfdmanagement API is unauthenticated; forged bearer tokens ca
CVE-2026-44330Critical
Summary free5GC's NEF mounts the `nnef-pfdmanagement` route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on… - CVE-2026-37709 - Snipe-IT has insecure permissions in file uploads
CVE-2026-37709Critical
Insecure Permissions vulnerability in grokability snipe-it versions through 8.4.0, fixed after 2026-03-10 commit 676a9958, allow a remote attacker to execute… - CVE-2026-44498 - Zebra's Block Validator Undercounts Coinbase and P2SH Sigops
CVE-2026-44498Critical
Zebra's block validator undercounts transparent signature operations against the 20000-sigop block limit (`MAX_BLOCK_SIGOPS`), allowing it to accept blocks… - CVE-2026-44497 - Zebra has Consensus Divergence in Transparent Sighash Hash-Type Handling due to
CVE-2026-44497Critical
# CVE-2026-44497: Consensus Divergence in Transparent Sighash Hash-Type Handling due to Stale Buffer ## Summary The fix for… - GHSA-cwfq-rfcr-8hmp - Zebra's Transparent SIGHASH_SINGLE Handling Diverges from zcashd for Correspondi Critical
# `Zebra` Transparent `SIGHASH_SINGLE` Corresponding-Output Handling Diverges From `zcashd` Summary For V5+ transparent spends, `Zebra` and `zcashd` disagree… - CVE-2026-44523 - Note Mark has a JWT Secret Weakness that allows Full Account Takeover via Token
CVE-2026-44523Critical
#### Summary No minimum length or entropy is enforced on the `JWT_SECRET` configuration value. The application accepts any base64-decodable secret regardless… - CVE-2026-44006 - vm2 has a Sandbox Escape Vulnerability
CVE-2026-44006Critical
Summary It is possible to reach `BaseHandler.getPrototypeOf`, which can be used to get arbitrary prototypes Details… - CVE-2026-43997 - vm2 Access to Host Object Enables Sandbox Escape
CVE-2026-43997Critical
Summary It is possible to obtain the host `Object`, https://github.com/patriksimek/vm2/commit/ebcfe94ad2f864f0bc35e78cff1d921107cfd160 added some protections,… - CVE-2026-44005 - vm2: Mutable Proxies for Host Intrinsic Prototypes Allows Sandbox Escape
CVE-2026-44005Critical
Summary vm2's bridge exposes mutable proxies for real host-realm intrinsic prototypes and then forwards sandbox writes into the underlying host objects with…
High (27 条)
- CVE-2026-32689 - Phoenix: Long-poll NDJSON body splitting causes large memory allocation
CVE-2026-32689High
Summary An unauthenticated denial-of-service vulnerability in Phoenix's long-poll transport allows a remote client to allocate a large amount of memory with a… - CVE-2026-44728 - @babel/plugin-transform-modules-systemjs generates arbitrary code when compiling
CVE-2026-44728High
Impact Using Babel to compile code that was specifically crafted by an attacker can cause Babel to generate output code that executes arbitrary code. Known… - CVE-2026-44209 - banks has Critical Remote Code Execution (RCE) via Jinja2 SSTI
CVE-2026-44209High
## Summary `banks <= 2.4.1` uses `jinja2.Environment()` (unsandboxed) to render prompt templates. Applications that pass user-supplied strings as the template… - CVE-2026-44832 - Snipe-IT has Privilege Escalation via API Permissions Assignment
CVE-2026-44832High
Impact An authenticated user with only `users.edit` permission can escalate their own privileges to `admin` by sending a PATCH request to `/api/v1/users/{id}`… - CVE-2026-44549 - Open WebUI has stored XSS in Excel file preview
CVE-2026-44549High
Summary Excel file attachments are previewed in an unsafe way. A crafted XLSX file payload can be used to cause the… - CVE-2026-44567 - Open WebUI has Improper Authorization Control
CVE-2026-44567High
# **CONFIDENTIAL** # Vulnerability Disclosure Analysis Documentation --- ## Vulnerability Details | # | Field | Value | |---|-------|-------| | 1 |… - CVE-2026-44566 - Open WebUI Vulnerable to Arbitrary File Upload and Path Traversal
CVE-2026-44566High
# **CONFIDENTIAL** # KL-CAN-2024-002 ## Vulnerability Details | # | Field | Value | |---|-------|-------| | 1 | **Discoverer** | Jaggar Henry & Sean Segreti of… - CVE-2026-44316 - free5GC's PCF npcf-smpolicycontrol POST /sm-policies panics on downstream UDR/Op
CVE-2026-44316High
Summary free5GC's PCF `POST /npcf-smpolicycontrol/v1/sm-policies` handler (`HandleCreateSmPolicyRequest`) panics with a nil-pointer dereference when a… - CVE-2026-44319 - free5GC's NEF crashes via logger.Fatal on PFD notification delivery failure (att
CVE-2026-44319High
Summary free5GC's NEF terminates the entire process when a stored PFD-subscription `notifyUri` cannot be reached. In `PfdChangeNotifier.FlushNotifications()`,… - CVE-2026-44320 - free5GC's NEF nnef-callback route group is unauthenticated; forged callback requ
CVE-2026-44320High
Summary free5GC's NEF mounts the `nnef-callback` route group without inbound OAuth2/bearer-token authorization. A forged or arbitrary bearer token (e.g.… - CVE-2026-44321 - free5GC's SMF UPI POST /upi/v1/upNodesLinks exits the SMF process on overlapping
CVE-2026-44321High
Summary free5GC's SMF mounts the `UPI` management route group without inbound OAuth2 middleware (same root cause as free5gc/free5gc#887). The `POST… - CVE-2026-44322 - free5GC's NEF 3gpp-pfd-management PATCH applications/{appId} panics on UDR acces
CVE-2026-44322High
Summary free5GC's NEF `PATCH /3gpp-pfd-management/v1/{afId}/transactions/{transId}/applications/{appId}` handler panics with a nil-pointer dereference when the… - CVE-2026-44325 - free5GC NRF: type-confusion panic in POST /oauth2/token structured-form parser v
CVE-2026-44325High
Summary free5GC's NRF root SBI endpoint `POST /oauth2/token` contains a parser-level type-confusion bug family. The handler in… - CVE-2026-44328 - free5GC's SMF UPI DELETE /upi/v1/upNodesLinks/{ref} panics on AN-node deletion v
CVE-2026-44328High
Summary free5GC's SMF mounts the `UPI` management route group without inbound OAuth2 middleware (same root cause as the broader UPI auth gap reported in… - CVE-2023-49316 - Phpseclib needs guardrails on large binaryfield integers
CVE-2023-49316High
Impact Anyone loading untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or public keys, etc) Patches… - CVE-2026-44843 - LangChain vulnerable to unsafe deserialization of attacker-controlled objects th
CVE-2026-44843High
LangChain contains older runtime code paths that deserialize run inputs, run outputs, or other application-controlled payloads using overly broad object… - GHSA-mv93-w799-cj2w - GitPython: Newline injection in config_writer() section parameter bypasses CVE-2
CVE-2026-42215High
Summary The patch for CVE-2026-42215 (GitPython 3.1.49) validates newlines only in the value parameter of set_value(). The section and option parameters are… - CVE-2026-44900 - epa4all-client has a VAU Signature bypass
CVE-2026-44900High
Impact In SignedPublicKeysTrustValidatorImpl.isTrusted(), the ECDSA signature verification at line 45 discards the boolean return value of Signature.verify().… - CVE-2026-44522 - Note Mark: Arbitrary File Write via Path Traversal in Asset Names Leads to Remot
CVE-2026-44522High
Description The Note Mark application allows authenticated users to upload assets to notes via `POST /api/notes/{noteID}/assets`, where the asset filename is… - GHSA-8mc6-xjpr-h98x - Ech0 has Server-Side Request Forgery (SSRF) via Connect Handler fetchPeerConnect High
## Summary The `fetchPeerConnectInfo` function in `internal/service/connect/connect.go:214-239` uses `httpUtil.SendRequest` (no SSRF protection) instead of… - GHSA-p64j-f4x9-wq66 - Ech0's OAuth redirect URI validation ignores path component, enables exchange-co High
## Summary `parseAndValidateClientRedirect` at `internal/service/auth/auth.go:448` validates OAuth client-redirect URIs by comparing only scheme and host… - GHSA-fpw6-hrg5-q5x5 - ech0's acess tokens with expiry=never cannot be revoked: logout panics, delete d High
## Summary Access tokens created with the "never expire" option have no `exp` JWT claim. Three independent revocation mechanisms fail for this token type.… - CVE-2026-44641 - Microsoft APM CLI's plugin.json component paths escape plugin root and copy arbi
CVE-2026-44641High
Summary Microsoft APM normalizes marketplace plugins by copying plugin components referenced in `plugin.json` into `.apm/`. The manifest fields `agents`,… - GHSA-j7h9-2jh7-g967 - mcp-ssh-tool has file transfer path policy bypass and bearer token comparison ha High
## Summary `mcp-ssh-tool` has released version `2.1.1` with security hardening for transfer path authorization and HTTP bearer authentication. The release… - GHSA-v7qw-hx66-4w9x - netbox-data-flows has stored XSS in ObjectAlias names rendered inside DataFlow t High
Summary An authenticated user who can create or edit `ObjectAlias` objects can store arbitrary HTML/JavaScript in an alias name. That payload is later rendered… - CVE-2026-44001 - vm2 has a Sandbox Escape via Promise Constructor Unhandled Rejection (Process Cr
CVE-2026-44001High
Summary A sandbox escape vulnerability in vm2 v3.10.5 allows any sandboxed code to crash the host Node.js process via a single Promise constructor that… - CVE-2026-44004 - vm2 Sandbox Access to Host Buffer.alloc Allows timeout Bypass Resulting in Memor
CVE-2026-44004High
Summary Sandboxed code can call `Buffer.alloc()` with an arbitrary size to allocate memory directly on the host heap. Because `Buffer.alloc` is a synchronous…
Medium (36 条)
- CVE-2026-44309 - gitsign verify accepts signatures over go-git-normalized bytes, enabling trust c
CVE-2026-44309Medium 3.1
## Summary `gitsign verify` and `gitsign verify-tag` re-encode commit/tag objects through go-git's `EncodeWithoutSignature` before checking the signature,… - GHSA-qhh4-458h-xwh2 - @cyclonedx/cdxgen: Docker registry auth substring match forwards credentials to Medium
# Docker registry auth substring match forwards credentials to a different registry ## Repository `cdxgen/cdxgen` ## Affected product/package - Ecosystem: npm… - CVE-2026-44197 - Wagtail has improper permission handling when comparing revisions
CVE-2026-44197Medium
Impact A CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two… - CVE-2026-44198 - Wagtail has improper permission handling when viewing page history
CVE-2026-44198Medium
Impact A CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive… - CVE-2026-44199 - Wagtail has improper permission handling when deleting form submissions
CVE-2026-44199Medium
Impact A CMS user with limited access to form pages could delete submissions to form pages they don't have access to by crafting a form submission to delete… - CVE-2026-44201 - Wagtail has improper restriction handling on Documents and Images API
CVE-2026-44201Medium
Impact The Documents and Images [API](https://docs.wagtail.org/en/stable/advanced_topics/api/index.html) incorrectly listed items in private collections. A… - CVE-2026-44200 - Wagtail has improper permission handling when copying pages
CVE-2026-44200Medium
Impact A CMS user with limited access to pages could copy a page they don't have access to to an area of the site they do. Once copied, they'd be able to view… - CVE-2026-44247 - Volcano's webhook server vulnerable to OOM due to unbounded HTTP request body si
CVE-2026-44247Medium
Impact The Volcano webhook server does not enforce a size limit on incoming HTTP request bodies. Any in-cluster pod that can reach the webhook endpoint may…
…另有 28 条 Medium 级漏洞(已省略)
Low (2 条)
- CVE-2026-44589 - nuxt-og-image SSRF — bypass of GHSA-pqhr-mp3f-hrpp / v6.2.5 fix (IPv6 + redirect
CVE-2026-44589Low
## Summary The `isBlockedUrl()` denylist introduced in `nuxt-og-image@6.2.5` to remediate **GHSA-pqhr-mp3f-hrpp** (Dmitry Prokhorov / Positive Technologies,… - GHSA-h4fw-6r7f-w494 - Webauthn has a User Verification Downgrade via Default-Open ClientOverridePolicy Low
## Summary In version 5.3.0 of the Symfony bundle, `Webauthn\Bundle\Policy\ClientOverridePolicy` defaulted to allowing all client overrides, including…
🛡️ NVD-Latest(48 条)
Critical (12 条)
- CVE-2026-33587 Lack of user input sanitisation in Open Notebook v1.8.3 allows the application u
CVE-2026-33587Critical 10.0
CVE-2026-33587 CVSS:10.0 Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS… - CVE-2026-30496 The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) e
CVE-2026-30496Critical 9.8
CVE-2026-30496 CVSS:9.8 The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes an HTTP API on TCP port 2345 that allows full… - CVE-2026-8094 Other issue in the WebRTC component. This vulnerability was fixed in Firefox ESR
CVE-2026-8094Critical 9.8
CVE-2026-8094 CVSS:9.8 Other issue in the WebRTC component. This vulnerability was fixed in Firefox ESR 140.10.2 and Thunderbird 140.10.2. 产品: - CVE-2026-8091 Incorrect boundary conditions in the Audio/Video: Playback component. This vulne
CVE-2026-8091Critical 9.8
CVE-2026-8091 CVSS:9.8 Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150,… - CVE-2026-6508 Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Re
CVE-2026-6508Critical 9.8
CVE-2026-6508 CVSS:9.8 Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing… - CVE-2026-42217 OpenEXR provides the specification and reference implementation of the EXR file
CVE-2026-42217Critical 9.8
CVE-2026-42217 CVSS:9.8 OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture… - CVE-2026-6795 URL redirection to untrusted site ('open redirect') vulnerability in DivvyDrive
CVE-2026-6795Critical 9.6
CVE-2026-6795 CVSS:9.6 URL redirection to untrusted site ('open redirect') vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows… - CVE-2026-41589 Wish is an SSH server with defaults and a collection of middlewares. From versio
CVE-2026-41589Critical 9.6
CVE-2026-41589 CVSS:9.6 Wish is an SSH server with defaults and a collection of middlewares. From version 2.0.0 to before version 2.0.1, the SCP middleware in… - CVE-2026-5791 Cross-Site request forgery (CSRF) vulnerability in DivvyDrive Information Techno
CVE-2026-5791Critical 9.6
CVE-2026-5791 CVSS:9.6 Cross-Site request forgery (CSRF) vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross Site Request… - CVE-2026-42216 OpenEXR provides the specification and reference implementation of the EXR file
CVE-2026-42216Critical 9.1
CVE-2026-42216 CVSS:9.1 OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture… - CVE-2026-41201 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo
CVE-2026-41201Critical 9.1
CVE-2026-41201 CVSS:9.1 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme… - CVE-2026-40982 Spring Cloud Config allows applications to serve arbitrary text and binary files
CVE-2026-40982Critical 9.1
CVE-2026-40982 CVSS:9.1 Spring Cloud Config allows applications to serve arbitrary text and binary files through the spring-cloud-config-server module. A…
High (36 条)
- CVE-2026-30495 The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) e
CVE-2026-30495High 8.8
CVE-2026-30495 CVSS:8.8 The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes Android Debug Bridge (ADB) on TCP port 5555 over… - CVE-2026-6002 Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vu
CVE-2026-6002High 8.8
CVE-2026-6002 CVSS:8.8 Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in DivvyDrive Information Technologies Inc.… - CVE-2026-5784 Improper neutralization of input during web page generation ('cross-site scripti
CVE-2026-5784High 8.8
CVE-2026-5784 CVSS:8.8 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in DivvyDrive Information… - CVE-2026-3953 Improper neutralization of input during web page generation ('cross-site scripti
CVE-2026-3953High 8.8
CVE-2026-3953 CVSS:8.8 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Gosoft Software Industry and Trade… - CVE-2026-6692 The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Uploa
CVE-2026-6692High 8.8
CVE-2026-6692 CVSS:8.8 The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0.0 to 7.0.10 via the '_get_media_url'… - CVE-2026-41143 YesWiki is a wiki system written in PHP. Prior to version 4.6.1, YesWiki bazar m
CVE-2026-41143High 8.8
CVE-2026-41143 CVSS:8.8 YesWiki is a wiki system written in PHP. Prior to version 4.6.1, YesWiki bazar module contains a SQL injection vulnerability in… - CVE-2026-41139 Math.js is an extensive math library for JavaScript and Node.js. From version 13
CVE-2026-41139High 8.8
CVE-2026-41139 CVSS:8.8 Math.js is an extensive math library for JavaScript and Node.js. From version 13.1.0 to before version 15.2.0, arbitrary JavaScript can… - CVE-2026-41142 OpenEXR provides the specification and reference implementation of the EXR file
CVE-2026-41142High 8.8
CVE-2026-41142 CVSS:8.8 OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture… - CVE-2025-31951 HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Comm
CVE-2025-31951High 8.8
CVE-2025-31951 CVSS:8.8 HCL BigFix RunBookAI is affected by a Unvalidated Command Input / Potential Command Smuggling vulnerability. A flaw in a component's… - CVE-2026-41490 Dagster is an orchestration platform for the development, production, and observ
CVE-2026-41490High 8.3
CVE-2026-41490 CVSS:8.3 Dagster is an orchestration platform for the development, production, and observation of data assets. Prior to Dagster Core version… - CVE-2025-14341 Improperly controlled modification of Dynamically-Determined object attributes,
CVE-2025-14341High 8.3
CVE-2025-14341 CVSS:8.3 Improperly controlled modification of Dynamically-Determined object attributes, Allocation of resources without limits or throttling… - CVE-2025-1978 Remote Code Execution Vulnerability in Hitachi Storage Navigator and the mainten
CVE-2025-1978High 8.3
CVE-2025-1978 CVSS:8.3 Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130,… - CVE-2026-41670 Admidio is an open-source user management solution. Prior to version 5.0.9, the
CVE-2026-41670High 8.2
CVE-2026-41670 CVSS:8.2 Admidio is an open-source user management solution. Prior to version 5.0.9, the SAML IdP implementation in Admidio's SSO module uses… - CVE-2026-41669 Admidio is an open-source user management solution. Prior to version 5.0.9, the
CVE-2026-41669High 8.2
CVE-2026-41669 CVSS:8.2 Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio SAML Identity Provider implementation discards… - CVE-2026-8093 Memory safety bugs present in Thunderbird 150.0.1. Some of these bugs showed evi
CVE-2026-8093High 8.1
CVE-2026-8093 CVSS:8.1 Memory safety bugs present in Thunderbird 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with… - CVE-2026-8092 Memory safety bugs present in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1.
CVE-2026-8092High 8.1
CVE-2026-8092 CVSS:8.1 Memory safety bugs present in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1. Some of these bugs showed evidence of memory corruption… - CVE-2026-33588 Lack of user input validation in the file upload functionality of Open Notebook
CVE-2026-33588High 8.1
CVE-2026-33588 CVSS:8.1 Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to create or modify… - CVE-2025-9661 OS command injection vulneravility in the management gui (maintenance utility) o
CVE-2025-9661High 8.1
CVE-2025-9661 CVSS:8.1 OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26… - CVE-2026-7252 The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page
CVE-2026-7252High 8.1
CVE-2026-7252 CVSS:8.1 The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable… - CVE-2024-43384 A low privileged remote attacker can gain the root password due to improper remo
CVE-2024-43384High 8.0
CVE-2024-43384 CVSS:8.0 A low privileged remote attacker can gain the root password due to improper removal of sensitive information before storage or… - CVE-2026-28201 An improper input validation, together with an overly permissive default CORS co
CVE-2026-28201High 7.8
CVE-2026-28201 CVSS:7.8 An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote… - CVE-2026-4430 Out-of-bounds write vulnerability in The Document Foundation LibreOffice via cra
CVE-2026-4430High 7.8
CVE-2026-4430 CVSS:7.8 Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt… - CVE-2025-68060 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
CVE-2025-68060High 7.6
CVE-2025-68060 CVSS:7.6 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPMart Team Member allows Blind… - CVE-2026-42285 GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go P
CVE-2026-42285High 7.5
CVE-2026-42285 CVSS:7.5 GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. In version 4.4.0, an… - CVE-2026-41643 GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go P
CVE-2026-41643High 7.5
CVE-2026-41643 CVSS:7.5 GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. Prior to version 4.3.0, a remote… - CVE-2026-41642 GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go P
CVE-2026-41642High 7.5
CVE-2026-41642 CVSS:7.5 GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. In version 4.3.0, a remote Denial… - CVE-2026-4348 The BetterDocs Pro plugin for WordPress is vulnerable to SQL Injection via the `
CVE-2026-4348High 7.5
CVE-2026-4348 CVSS:7.5 The BetterDocs Pro plugin for WordPress is vulnerable to SQL Injection via the `get_current_letter_docs` and `docs_sort_by_letter` AJAX… - CVE-2026-41640 NocoBase is an AI-powered no-code/low-code platform for building business applic
CVE-2026-41640High 7.5
CVE-2026-41640 CVSS:7.5 NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version… - CVE-2026-40981 When using Google Secrets Manager as a backend for the Spring Cloud Config serve
CVE-2026-40981High 7.5
CVE-2026-40981 CVSS:7.5 When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server… - CVE-2026-43646 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apac
CVE-2026-43646High 7.5
CVE-2026-43646 CVSS:7.5 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Wicket. This issue affects Apache Wicket: from 8.0.0… - CVE-2026-8090 Use-after-free in the DOM: Networking component. This vulnerability was fixed in
CVE-2026-8090High 7.3
CVE-2026-8090 CVSS:7.3 Use-after-free in the DOM: Networking component. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, Firefox ESR… - CVE-2026-41641 NocoBase is an AI-powered no-code/low-code platform for building business applic
CVE-2026-41641High 7.2
CVE-2026-41641 CVSS:7.2 NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version… - CVE-2026-41002 The base directory (`spring.cloud.config.server.git.basedir`) used by the Spring
CVE-2026-41002High 7.2
CVE-2026-41002 CVSS:7.2 The base directory (`spring.cloud.config.server.git.basedir`) used by the Spring Cloud Config Server to clone Git repositories to is… - CVE-2026-41554 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
CVE-2026-41554High 7.1
CVE-2026-41554 CVSS:7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bricks Builder allows Reflected… - CVE-2026-42010 A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adlem
CVE-2026-42010High 7.1
CVE-2026-42010 CVSS:7.1 A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames… - CVE-2026-41660 Admidio is an open-source user management solution. Prior to version 5.0.9, a lo
CVE-2026-41660High 7.1
CVE-2026-41660 CVSS:7.1 Admidio is an open-source user management solution. Prior to version 5.0.9, a logic error in Admidio's two-factor authentication reset…
⚔️ Sploitus(71 条)
Unknown (71 条)
- claude-skills-exploit exploit
claude-skills-exploit exploit - Exploit for CVE-2026-37637 exploit
CVE-2026-37637
Exploit for CVE-2026-37637 exploit
…另有 69 条 Unknown 级漏洞(已省略)
🤖 漏洞情报自动汇总 · 2026-05-09 · 数据来源: NVD / GitHub Advisory / Sploitus / CISA-KEV