📊 2026-05-10 漏洞情报日报 · 200 条 · 高危 117
每日漏洞情报汇总 · 2026-05-10
📊 2026-05-10 漏洞情报日报
📋 共 200 条
🔥 高危/严重 117 条
🐙 GitHub-Advisory 59 条 🔥29
🛡️ NVD-Latest 88 条 🔥88
⚔️ Sploitus 53 条
🤖 今日安全态势分析
🎯 今日重点关注
- CVE-2026-33587 (CVSS 10.0) - Open Notebook v1.8.3:服务器端模板注入(SSTI)漏洞,导致远程代码执行。攻击者可利用未经验证的用户输入直接执行Python代码及系统命令,需立即修补。
- CVE-2026-8153 (CVSS 9.8) - Universal Robots PolyScope:Dashboard Server接口存在操作系统命令注入漏洞,未认证攻击者可通过精心构造的命令在机器人操作系统上执行任意代码,严重影响工业控制安全。
- 多个free5GC组件漏洞 (CVE-2026-44315/326/327/329/330):NEF与SMF服务多组API缺乏OAuth2认证中间件,网络攻击者可利用伪造令牌或空令牌访问关键管理接口,实现状态增删改查,威胁5G核心网数据安全。
- CVE-2026-44211 - Cline Kanban Server:WebSocket服务器未验证Origin头,导致跨源WebSocket劫持。任何恶意网站均可静默连接开发者的Kanban服务器,泄漏敏感任务数据。
- CVE-2026-42208 (CVSS 9.8) - LiteLLM:代理API密钥校验流程中存在数据库查询注入,攻击者可绕过认证控制,滥用LLM调用权限,引发滥用和成本损失。
📈 威胁趋势
- 远程代码执行/命令注入:今日最高频高危类型。涵盖Open Notebook SSTI、Universal Robots OS命令注入、electerm安装脚本注入及profullstack/mcp-server模块命令注入,严重性极高。
- 认证缺失/绕过:free5GC系列(5项漏洞)、GL.iNet设备皆涉及。认证机制缺失或可被SQL/正则绕过,攻击者可直接获取管理权限,风险集中。
- 跨站点/跨协议劫持:Cline Kanban WebSocket因缺少Origin校验遭受劫持,反映出新型轻量协议(WebSocket)的安全配置未被充分重视。
- 文件上传权限缺陷:Snipe-IT存在不安全的文件上传权限设置,可被远程利用执行任意代码。
🛡️ 缓解建议
- 立即升级关键组件:对Open Notebook、Universal Robots PolyScope、electerm及LiteLLM进行版本升级,关闭已知RCE入口。
- 强制实施API认证与验证:对free5GC的NEF/SMF接口及Kanban WebSocket启用OAuth2或Origin头校验,防止未授权访问与劫持。
- 加强输入与权限控制:对所有用户输入(特别是模版引擎、Shell命令构建处)进行严格过滤与转义;检查文件上传接口权限配置,杜绝任意代码执行风险。
🐙 GitHub-Advisory(59 条)
Critical (8 条)
- GHSA-v6wj-c83f-v46x - @profullstack/mcp-server vulnerable to OS Command Injection in domain_lookup Mod Critical 3.1
<html> <body> <!--StartFragment--><html><head></head><body><h1>Security Advisory: OS Command Injection in <code>profullstack/mcp-server</code>… - CVE-2026-44211 - Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability
CVE-2026-44211Critical
## Summary The `kanban` npm package (used by the `cline` CLI) starts a WebSocket server on `127.0.0.1:3484` with no Origin header validation. Any website a… - CVE-2026-44315 - free5GC's NEF 3gpp-pfd-management API is unauthenticated; forged bearer tokens c
CVE-2026-44315Critical
Summary free5GC's NEF mounts the `3gpp-pfd-management` API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI… - CVE-2026-44326 - free5GC's NEF 3gpp-traffic-influence API is unauthenticated; missing or forged b
CVE-2026-44326Critical
Summary free5GC's NEF mounts the `3gpp-traffic-influence` API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the… - CVE-2026-44327 - free5GC's NEF nnef-oam route group is unauthenticated; no-token requests reach t
CVE-2026-44327Critical
Summary free5GC's NEF mounts the `nnef-oam` route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can… - CVE-2026-44329 - free5GC's SMF UPI management interface lacks auth middleware; unauthenticated to
CVE-2026-44329Critical
Summary free5GC's SMF mounts the `UPI` management route group without OAuth2/bearer-token authorization middleware. A network attacker who can reach SMF on the… - CVE-2026-44330 - free5GC's NEF nnef-pfdmanagement API is unauthenticated; forged bearer tokens ca
CVE-2026-44330Critical
Summary free5GC's NEF mounts the `nnef-pfdmanagement` route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on… - CVE-2026-37709 - Snipe-IT has insecure permissions in file uploads
CVE-2026-37709Critical
Insecure Permissions vulnerability in grokability snipe-it versions through 8.4.0, fixed after 2026-03-10 commit 676a9958, allow a remote attacker to execute…
High (21 条)
- CVE-2026-44983 - smallbitvec: Integer overflow in safe API leads to heap buffer overflow
CVE-2026-44983High
Summary An integer overflow in the internal capacity calculation of `smallbitvec` can lead to an undersized heap allocation, resulting in a heap buffer… - CVE-2026-44895 - @yoda.digital/gitlab-mcp-server's SSE transport has no authentication and wildca
CVE-2026-44895High
## SSE Transport Has No Authentication and Wildcard CORS, Exposing All 86 GitLab Tools Including Destructive Operations A review of `mcp-gitlab-server` at… - CVE-2026-44966 - Velocity.js has a Prototype Pollution vulnerability through #set path assignment
CVE-2026-44966High
Summary A prototype pollution vulnerability was discovered in Velocity.js <= 2.1.5. This issue occurs during the processing of #set directives in Velocity… - CVE-2026-32689 - Phoenix: Long-poll NDJSON body splitting causes large memory allocation
CVE-2026-32689High
Summary An unauthenticated denial-of-service vulnerability in Phoenix's long-poll transport allows a remote client to allocate a large amount of memory with a… - CVE-2026-44728 - @babel/plugin-transform-modules-systemjs generates arbitrary code when compiling
CVE-2026-44728High
Impact Using Babel to compile code that was specifically crafted by an attacker can cause Babel to generate output code that executes arbitrary code. Known… - CVE-2026-44209 - banks has Critical Remote Code Execution (RCE) via Jinja2 SSTI
CVE-2026-44209High
## Summary `banks <= 2.4.1` uses `jinja2.Environment()` (unsandboxed) to render prompt templates. Applications that pass user-supplied strings as the template… - CVE-2026-44832 - Snipe-IT has Privilege Escalation via API Permissions Assignment
CVE-2026-44832High
Impact An authenticated user with only `users.edit` permission can escalate their own privileges to `admin` by sending a PATCH request to `/api/v1/users/{id}`… - CVE-2026-44549 - Open WebUI has stored XSS in Excel file preview
CVE-2026-44549High
Summary Excel file attachments are previewed in an unsafe way. A crafted XLSX file payload can be used to cause the… - CVE-2026-44567 - Open WebUI has Improper Authorization Control
CVE-2026-44567High
# **CONFIDENTIAL** # Vulnerability Disclosure Analysis Documentation --- ## Vulnerability Details | # | Field | Value | |---|-------|-------| | 1 |… - CVE-2026-44566 - Open WebUI Vulnerable to Arbitrary File Upload and Path Traversal
CVE-2026-44566High
# **CONFIDENTIAL** # KL-CAN-2024-002 ## Vulnerability Details | # | Field | Value | |---|-------|-------| | 1 | **Discoverer** | Jaggar Henry & Sean Segreti of… - CVE-2026-44316 - free5GC's PCF npcf-smpolicycontrol POST /sm-policies panics on downstream UDR/Op
CVE-2026-44316High
Summary free5GC's PCF `POST /npcf-smpolicycontrol/v1/sm-policies` handler (`HandleCreateSmPolicyRequest`) panics with a nil-pointer dereference when a… - CVE-2026-44319 - free5GC's NEF crashes via logger.Fatal on PFD notification delivery failure (att
CVE-2026-44319High
Summary free5GC's NEF terminates the entire process when a stored PFD-subscription `notifyUri` cannot be reached. In `PfdChangeNotifier.FlushNotifications()`,… - CVE-2026-44320 - free5GC's NEF nnef-callback route group is unauthenticated; forged callback requ
CVE-2026-44320High
Summary free5GC's NEF mounts the `nnef-callback` route group without inbound OAuth2/bearer-token authorization. A forged or arbitrary bearer token (e.g.… - CVE-2026-44321 - free5GC's SMF UPI POST /upi/v1/upNodesLinks exits the SMF process on overlapping
CVE-2026-44321High
Summary free5GC's SMF mounts the `UPI` management route group without inbound OAuth2 middleware (same root cause as free5gc/free5gc#887). The `POST… - CVE-2026-44322 - free5GC's NEF 3gpp-pfd-management PATCH applications/{appId} panics on UDR acces
CVE-2026-44322High
Summary free5GC's NEF `PATCH /3gpp-pfd-management/v1/{afId}/transactions/{transId}/applications/{appId}` handler panics with a nil-pointer dereference when the… - CVE-2026-44325 - free5GC NRF: type-confusion panic in POST /oauth2/token structured-form parser v
CVE-2026-44325High
Summary free5GC's NRF root SBI endpoint `POST /oauth2/token` contains a parser-level type-confusion bug family. The handler in… - CVE-2026-44328 - free5GC's SMF UPI DELETE /upi/v1/upNodesLinks/{ref} panics on AN-node deletion v
CVE-2026-44328High
Summary free5GC's SMF mounts the `UPI` management route group without inbound OAuth2 middleware (same root cause as the broader UPI auth gap reported in… - CVE-2023-49316 - Phpseclib needs guardrails on large binaryfield integers
CVE-2023-49316High
Impact Anyone loading untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or public keys, etc) Patches… - CVE-2026-44843 - LangChain vulnerable to unsafe deserialization of attacker-controlled objects th
CVE-2026-44843High
LangChain contains older runtime code paths that deserialize run inputs, run outputs, or other application-controlled payloads using overly broad object… - GHSA-mv93-w799-cj2w - GitPython: Newline injection in config_writer() section parameter bypasses CVE-2
CVE-2026-42215High
Summary The patch for CVE-2026-42215 (GitPython 3.1.49) validates newlines only in the value parameter of set_value(). The section and option parameters are… - CVE-2026-44900 - epa4all-client has a VAU Signature bypass
CVE-2026-44900High
Impact In SignedPublicKeysTrustValidatorImpl.isTrusted(), the ECDSA signature verification at line 45 discards the boolean return value of Signature.verify().…
Medium (29 条)
- CVE-2026-44309 - gitsign verify accepts signatures over go-git-normalized bytes, enabling trust c
CVE-2026-44309Medium 3.1
## Summary `gitsign verify` and `gitsign verify-tag` re-encode commit/tag objects through go-git's `EncodeWithoutSignature` before checking the signature,… - CVE-2026-44897 - Mistune Heading ID Attribute has Injection XSS
CVE-2026-44897Medium
## Summary `HTMLRenderer.heading()` builds the opening `<hN>` tag by string-concatenating the `id` attribute value directly into the HTML — with no call to… - CVE-2026-44457 - Hono's Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cr
CVE-2026-44457Medium
Summary Cache Middleware does not skip caching for responses that declare per-user variance via `Vary: Authorization` or `Vary: Cookie`. As a result, a… - CVE-2026-6860 - Vert.x has a DoS via unbounded server-side SNI SslContext cache growth
CVE-2026-6860Medium
Potential unbounded server-side SNI `SslContext` cache growth in Vert.x TLS handling, with possible resource-exhaustion / DoS impact. On affected versions,… - CVE-2026-44458 - Hono has CSS Declaration Injection via Style Object Values in JSX SSR
CVE-2026-44458Medium
Summary The JSX renderer escapes `style` attribute object values for HTML but not for CSS. Untrusted input in a `style` object value or property name can… - GHSA-qhh4-458h-xwh2 - @cyclonedx/cdxgen: Docker registry auth substring match forwards credentials to Medium
# Docker registry auth substring match forwards credentials to a different registry ## Repository `cdxgen/cdxgen` ## Affected product/package - Ecosystem: npm… - CVE-2026-44197 - Wagtail has improper permission handling when comparing revisions
CVE-2026-44197Medium
Impact A CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two… - CVE-2026-44198 - Wagtail has improper permission handling when viewing page history
CVE-2026-44198Medium
Impact A CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive…
…另有 21 条 Medium 级漏洞(已省略)
Low (1 条)
- CVE-2026-44459 - Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify
CVE-2026-44459Low
Summary Improper validation of the JWT NumericDate claims `exp`, `nbf`, and `iat` in `hono/utils/jwt` allows tokens with non-spec-compliant claim values to…
🛡️ NVD-Latest(88 条)
Critical (22 条)
- CVE-2026-33587 Lack of user input sanitisation in Open Notebook v1.8.3 allows the application u
CVE-2026-33587Critical 10.0
CVE-2026-33587 CVSS:10.0 Lack of user input sanitisation in Open Notebook v1.8.3 allows the application user to execute Python code (and subsequently OS… - CVE-2025-69691 Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exe
CVE-2025-69691Critical 9.9
CVE-2025-69691 CVSS:9.9 Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the Supplier disputes this because the API… - CVE-2026-8153 OS command injection in Dashboard Server interface in Universal Robots PolyScope
CVE-2026-8153Critical 9.8
CVE-2026-8153 CVSS:9.8 OS command injection in Dashboard Server interface in Universal Robots PolyScope versions prior to 5.21.1 allows unauthenticated… - CVE-2023-46453 Certain GL.iNet devices with 4.x firmware allow authentication bypass (resulting
CVE-2023-46453Critical 9.8
CVE-2023-46453 CVSS:9.8 Certain GL.iNet devices with 4.x firmware allow authentication bypass (resulting in administrative control of the device) via a… - CVE-2026-42208 LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) fo
CVE-2026-42208Critical 9.8
CVE-2026-42208 CVSS:9.8 LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before version 1.83.7, a… - CVE-2026-41501 electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ft
CVE-2026-41501Critical 9.8
CVE-2026-41501 CVSS:9.8 electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection… - CVE-2026-41500 electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ft
CVE-2026-41500Critical 9.8
CVE-2026-41500 CVSS:9.8 electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection… - CVE-2026-30496 The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) e
CVE-2026-30496Critical 9.8
CVE-2026-30496 CVSS:9.8 The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes an HTTP API on TCP port 2345 that allows full… - CVE-2026-8094 Other issue in the WebRTC component. This vulnerability was fixed in Firefox ESR
CVE-2026-8094Critical 9.8
CVE-2026-8094 CVSS:9.8 Other issue in the WebRTC component. This vulnerability was fixed in Firefox ESR 140.10.2 and Thunderbird 140.10.2. 产品: - CVE-2026-8091 Incorrect boundary conditions in the Audio/Video: Playback component. This vulne
CVE-2026-8091Critical 9.8
CVE-2026-8091 CVSS:9.8 Incorrect boundary conditions in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150, Thunderbird 150,… - CVE-2026-6508 Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Re
CVE-2026-6508Critical 9.8
CVE-2026-6508 CVSS:9.8 Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing… - CVE-2026-42217 OpenEXR provides the specification and reference implementation of the EXR file
CVE-2026-42217Critical 9.8
CVE-2026-42217 CVSS:9.8 OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture… - CVE-2026-43944 electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ft
CVE-2026-43944Critical 9.6
CVE-2026-43944 CVSS:9.6 electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From versions 3.0.6 to before 3.8.15,… - CVE-2026-43941 electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ft
CVE-2026-43941Critical 9.6
CVE-2026-43941 CVSS:9.6 electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, Electerm's… - CVE-2026-6795 URL redirection to untrusted site ('open redirect') vulnerability in DivvyDrive
CVE-2026-6795Critical 9.6
CVE-2026-6795 CVSS:9.6 URL redirection to untrusted site ('open redirect') vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows… - CVE-2026-41589 Wish is an SSH server with defaults and a collection of middlewares. From versio
CVE-2026-41589Critical 9.6
CVE-2026-41589 CVSS:9.6 Wish is an SSH server with defaults and a collection of middlewares. From version 2.0.0 to before version 2.0.1, the SCP middleware in… - CVE-2026-5791 Cross-Site request forgery (CSRF) vulnerability in DivvyDrive Information Techno
CVE-2026-5791Critical 9.6
CVE-2026-5791 CVSS:9.6 Cross-Site request forgery (CSRF) vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Cross Site Request… - CVE-2013-10075 Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The
CVE-2013-10075Critical 9.1
CVE-2013-10075 CVSS:9.1 Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and… - CVE-2025-69690 Netgate pfSense CE 2.7.2 allows code execution by using the module installer wit
CVE-2025-69690Critical 9.1
CVE-2025-69690 CVSS:9.1 Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing… - CVE-2024-51092 LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via O
CVE-2024-51092Critical 9.1
CVE-2024-51092 CVSS:9.1 LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's… - CVE-2026-42216 OpenEXR provides the specification and reference implementation of the EXR file
CVE-2026-42216Critical 9.1
CVE-2026-42216 CVSS:9.1 OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture… - CVE-2026-41201 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, mo
CVE-2026-41201Critical 9.1
CVE-2026-41201 CVSS:9.1 CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme…
High (66 条)
- CVE-2026-5127 The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Members
CVE-2026-5127High 8.8
CVE-2026-5127 CVSS:8.8 The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is… - CVE-2026-8138 A vulnerability was found in Tenda CX12L 16.03.53.12. This issue affects the fun
CVE-2026-8138High 8.8
CVE-2026-8138 CVSS:8.8 A vulnerability was found in Tenda CX12L 16.03.53.12. This issue affects the function formSetPPTPServer of the file… - CVE-2026-8137 A vulnerability has been found in Totolink X5000R 9.1.0u.6369_B20230113. This vu
CVE-2026-8137High 8.8
CVE-2026-8137 CVSS:8.8 A vulnerability has been found in Totolink X5000R 9.1.0u.6369_B20230113. This vulnerability affects the function sub_458E40 of the file… - CVE-2026-42271 LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) fo
CVE-2026-42271High 8.8
CVE-2026-42271 CVSS:8.8 LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two… - CVE-2026-41900 OpenLearnX is an open-source, decentralized learning and assessment platform. Pr
CVE-2026-41900High 8.8
CVE-2026-41900 CVSS:8.8 OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to version 2.0.3, a remote code execution (RCE)… - CVE-2026-30495 The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) e
CVE-2026-30495High 8.8
CVE-2026-30495 CVSS:8.8 The Optoma CinemaX P2 projector (firmware TVOS-04.24.010.04.01, Android 8.0.0) exposes Android Debug Bridge (ADB) on TCP port 5555 over… - CVE-2026-6002 Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vu
CVE-2026-6002High 8.8
CVE-2026-6002 CVSS:8.8 Improper neutralization of Script-Related HTML tags in a web page (basic XSS) vulnerability in DivvyDrive Information Technologies Inc.… - CVE-2026-5784 Improper neutralization of input during web page generation ('cross-site scripti
CVE-2026-5784High 8.8
CVE-2026-5784 CVSS:8.8 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in DivvyDrive Information… - CVE-2026-3953 Improper neutralization of input during web page generation ('cross-site scripti
CVE-2026-3953High 8.8
CVE-2026-3953 CVSS:8.8 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Gosoft Software Industry and Trade… - CVE-2026-6692 The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Uploa
CVE-2026-6692High 8.8
CVE-2026-6692 CVSS:8.8 The Slider Revolution plugin for WordPress is vulnerable to Arbitrary File Upload in versions 7.0.0 to 7.0.10 via the '_get_media_url'… - CVE-2026-41143 YesWiki is a wiki system written in PHP. Prior to version 4.6.1, YesWiki bazar m
CVE-2026-41143High 8.8
CVE-2026-41143 CVSS:8.8 YesWiki is a wiki system written in PHP. Prior to version 4.6.1, YesWiki bazar module contains a SQL injection vulnerability in… - CVE-2026-41139 Math.js is an extensive math library for JavaScript and Node.js. From version 13
CVE-2026-41139High 8.8
CVE-2026-41139 CVSS:8.8 Math.js is an extensive math library for JavaScript and Node.js. From version 13.1.0 to before version 15.2.0, arbitrary JavaScript can… - CVE-2026-41142 OpenEXR provides the specification and reference implementation of the EXR file
CVE-2026-41142High 8.8
CVE-2026-41142 CVSS:8.8 OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture… - CVE-2026-42275 zrok is software for sharing web services, files, and network resources. Prior t
CVE-2026-42275High 8.7
CVE-2026-42275 CVSS:8.7 zrok is software for sharing web services, files, and network resources. Prior to version 2.0.2, the zrok WebDAV drive backend… - CVE-2026-4935 The OttoKit: All-in-One Automation Platform WordPress plugin before 1.1.23 does
CVE-2026-4935High 8.6
CVE-2026-4935 CVSS:8.6 The OttoKit: All-in-One Automation Platform WordPress plugin before 1.1.23 does not properly sanitize user input before using it in a… - CVE-2026-43940 electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ft
CVE-2026-43940High 8.4
CVE-2026-43940 CVSS:8.4 electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.16, the runWidget… - CVE-2026-41490 Dagster is an orchestration platform for the development, production, and observ
CVE-2026-41490High 8.3
CVE-2026-41490 CVSS:8.3 Dagster is an orchestration platform for the development, production, and observation of data assets. Prior to Dagster Core version… - CVE-2025-14341 Improperly controlled modification of Dynamically-Determined object attributes,
CVE-2025-14341High 8.3
CVE-2025-14341 CVSS:8.3 Improperly controlled modification of Dynamically-Determined object attributes, Allocation of resources without limits or throttling… - CVE-2025-1978 Remote Code Execution Vulnerability in Hitachi Storage Navigator and the mainten
CVE-2025-1978High 8.3
CVE-2025-1978 CVSS:8.3 Remote Code Execution Vulnerability in Hitachi Storage Navigator and the maintenance console in Hitachi Virtual Storage Platform G130,… - CVE-2026-41670 Admidio is an open-source user management solution. Prior to version 5.0.9, the
CVE-2026-41670High 8.2
CVE-2026-41670 CVSS:8.2 Admidio is an open-source user management solution. Prior to version 5.0.9, the SAML IdP implementation in Admidio's SSO module uses… - CVE-2026-41669 Admidio is an open-source user management solution. Prior to version 5.0.9, the
CVE-2026-41669High 8.2
CVE-2026-41669 CVSS:8.2 Admidio is an open-source user management solution. Prior to version 5.0.9, the Admidio SAML Identity Provider implementation discards… - CVE-2022-50994 DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command inje
CVE-2022-50994High 8.1
CVE-2022-50994 CVSS:8.1 DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that… - CVE-2026-8093 Memory safety bugs present in Thunderbird 150.0.1. Some of these bugs showed evi
CVE-2026-8093High 8.1
CVE-2026-8093 CVSS:8.1 Memory safety bugs present in Thunderbird 150.0.1. Some of these bugs showed evidence of memory corruption and we presume that with… - CVE-2026-8092 Memory safety bugs present in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1.
CVE-2026-8092High 8.1
CVE-2026-8092 CVSS:8.1 Memory safety bugs present in Thunderbird ESR 140.10.1 and Thunderbird 150.0.1. Some of these bugs showed evidence of memory corruption… - CVE-2026-33588 Lack of user input validation in the file upload functionality of Open Notebook
CVE-2026-33588High 8.1
CVE-2026-33588 CVSS:8.1 Lack of user input validation in the file upload functionality of Open Notebook v1.8.3 allows the application user to create or modify… - CVE-2025-9661 OS command injection vulneravility in the management gui (maintenance utility) o
CVE-2025-9661High 8.1
CVE-2025-9661 CVSS:8.1 OS command injection vulneravility in the management gui (maintenance utility) of Hitachi Virtual Storage Platform One Block 23, 24, 26… - CVE-2026-7252 The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page
CVE-2026-7252High 8.1
CVE-2026-7252 CVSS:8.1 The WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance plugin for WordPress is vulnerable… - CVE-2025-66467 Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows use
CVE-2025-66467High 8.0
CVE-2025-66467 CVSS:8.0 Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously… - CVE-2024-43384 A low privileged remote attacker can gain the root password due to improper remo
CVE-2024-43384High 8.0
CVE-2024-43384 CVSS:8.0 A low privileged remote attacker can gain the root password due to improper removal of sensitive information before storage or… - CVE-2026-43284 In the Linux kernel, the following vulnerability has been resolved: xfrm: esp:
CVE-2026-43284High 7.8
CVE-2026-43284 CVSS:7.8 In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags… - CVE-2026-8148 NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local attacker to es
CVE-2026-8148High 7.8
CVE-2026-8148 CVSS:7.8 NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM via registry… - CVE-2022-26522 The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti
CVE-2022-26522High 7.8
CVE-2022-26522 CVSS:7.8 The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to… - CVE-2026-43943 electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ft
CVE-2026-43943High 7.8
CVE-2026-43943 CVSS:7.8 electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.9, a code execution… - CVE-2026-28201 An improper input validation, together with an overly permissive default CORS co
CVE-2026-28201High 7.8
CVE-2026-28201 CVSS:7.8 An improper input validation, together with an overly permissive default CORS configuration in Open Notebook v1.8.1 allows remote… - CVE-2026-4430 Out-of-bounds write vulnerability in The Document Foundation LibreOffice via cra
CVE-2026-4430High 7.8
CVE-2026-4430 CVSS:7.8 Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt… - CVE-2025-68060 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
CVE-2025-68060High 7.6
CVE-2025-68060 CVSS:7.6 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPMart Team Member allows Blind… - CVE-2024-46508 yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens i
CVE-2024-46508High 7.5
CVE-2024-46508 CVSS:7.5 yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed (by setting… - CVE-2024-27686 Mikrotik RouterOS (x86) 6.40.5 through 6.49.10 (fixed in 7) allows a remote atta
CVE-2024-27686High 7.5
CVE-2024-27686 CVSS:7.5 Mikrotik RouterOS (x86) 6.40.5 through 6.49.10 (fixed in 7) allows a remote attacker to cause a denial of service (device crash) via… - CVE-2026-42285 GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go P
CVE-2026-42285High 7.5
CVE-2026-42285 CVSS:7.5 GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. In version 4.4.0, an… - CVE-2026-41643 GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go P
CVE-2026-41643High 7.5
CVE-2026-41643 CVSS:7.5 GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. Prior to version 4.3.0, a remote… - CVE-2026-41642 GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go P
CVE-2026-41642High 7.5
CVE-2026-41642 CVSS:7.5 GoBGP is an open source Border Gateway Protocol (BGP) implementation in the Go Programming Language. In version 4.3.0, a remote Denial… - CVE-2026-4348 The BetterDocs Pro plugin for WordPress is vulnerable to SQL Injection via the `
CVE-2026-4348High 7.5
CVE-2026-4348 CVSS:7.5 The BetterDocs Pro plugin for WordPress is vulnerable to SQL Injection via the `get_current_letter_docs` and `docs_sort_by_letter` AJAX… - CVE-2026-41640 NocoBase is an AI-powered no-code/low-code platform for building business applic
CVE-2026-41640High 7.5
CVE-2026-41640 CVSS:7.5 NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version… - CVE-2026-42264 Axios is a promise based HTTP client for the browser and Node.js. From version 1
CVE-2026-42264High 7.4
CVE-2026-42264 CVSS:7.4 Axios is a promise based HTTP client for the browser and Node.js. From version 1.0.0 to before version 1.15.2, fFive config properties… - CVE-2025-67888 An issue was discovered in Control Web Panel (CWP) before 0.9.8.1209. User input
CVE-2025-67888High 7.3
CVE-2025-67888 CVSS:7.3 An issue was discovered in Control Web Panel (CWP) before 0.9.8.1209. User input passed via the "key" GET parameter to /admin/index.php… - CVE-2025-55449 AstrBotDevs AstrBot 3.5.15 has Advanced_System_for_Text_Response_and_Bot_Operati
CVE-2025-55449High 7.3
CVE-2025-55449 CVSS:7.3 AstrBotDevs AstrBot 3.5.15 has Advanced_System_for_Text_Response_and_Bot_Operations_Tool as the hardcoded private key used to sign a… - CVE-2024-53326 LINQPad before 5.52.01 Pro edition is vulnerable to Unsafe Deserialization in LI
CVE-2024-53326High 7.3
CVE-2024-53326 CVSS:7.3 LINQPad before 5.52.01 Pro edition is vulnerable to Unsafe Deserialization in LINQPad.AutoRefManager::PopulateFromCache(), leading to… - CVE-2024-46507 A SSTI (server side template injection) vulnerability in the custom template exp
CVE-2024-46507High 7.3
CVE-2024-46507 CVSS:7.3 A SSTI (server side template injection) vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows… - CVE-2024-45257 A Command Injection issue in the payload build page in BYOB (Build Your Own Botn
CVE-2024-45257High 7.3
CVE-2024-45257 CVSS:7.3 A Command Injection issue in the payload build page in BYOB (Build Your Own Botnet) 2.0 allows attackers to execute arbitrary commands… - CVE-2024-33288 Prison Management System Using PHP v1.0 was discovered to contain a SQL injectio
CVE-2024-33288High 7.3
CVE-2024-33288 CVSS:7.3 Prison Management System Using PHP v1.0 was discovered to contain a SQL injection vulnerability via the username on the Admin login… - CVE-2023-42344 Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain
CVE-2023-42344High 7.3
CVE-2023-42344 CVSS:7.3 Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE… - CVE-2026-8133 A security vulnerability has been detected in zyx0814 FilePress up to 2.2.0. Aff
CVE-2026-8133High 7.3
CVE-2026-8133 CVSS:7.3 A security vulnerability has been detected in zyx0814 FilePress up to 2.2.0. Affected by this vulnerability is an unknown functionality… - CVE-2026-8132 A weakness has been identified in CodeAstro Leave Management System 1.0. Affecte
CVE-2026-8132High 7.3
CVE-2026-8132 CVSS:7.3 A weakness has been identified in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /login.php. This… - CVE-2026-8131 A security flaw has been discovered in SourceCodester SUP Online Shopping 1.0. T
CVE-2026-8131High 7.3
CVE-2026-8131 CVSS:7.3 A security flaw has been discovered in SourceCodester SUP Online Shopping 1.0. This impacts an unknown function of the file… - CVE-2026-8130 A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. This a
CVE-2026-8130High 7.3
CVE-2026-8130 CVSS:7.3 A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. This affects an unknown function of the file… - CVE-2026-8129 A vulnerability was determined in SourceCodester SUP Online Shopping 1.0. The im
CVE-2026-8129High 7.3
CVE-2026-8129 CVSS:7.3 A vulnerability was determined in SourceCodester SUP Online Shopping 1.0. The impacted element is an unknown function of the file… - CVE-2026-8128 A vulnerability was found in SourceCodester SUP Online Shopping 1.0. The affecte
CVE-2026-8128High 7.3
CVE-2026-8128 CVSS:7.3 A vulnerability was found in SourceCodester SUP Online Shopping 1.0. The affected element is an unknown function of the file… - CVE-2026-8126 A flaw has been found in SourceCodester Comment System 1.0. This issue affects s
CVE-2026-8126High 7.3
CVE-2026-8126 CVSS:7.3 A flaw has been found in SourceCodester Comment System 1.0. This issue affects some unknown processing of the file post_comment.php.… - CVE-2026-8090 Use-after-free in the DOM: Networking component. This vulnerability was fixed in
CVE-2026-8090High 7.3
CVE-2026-8090 CVSS:7.3 Use-after-free in the DOM: Networking component. This vulnerability was fixed in Firefox 150.0.2, Firefox ESR 140.10.2, Firefox ESR… - CVE-2026-7330 The Auto Affiliate Links plugin for WordPress is vulnerable to Stored Cross-Site
CVE-2026-7330High 7.2
CVE-2026-7330 CVSS:7.2 The Auto Affiliate Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.8.8 This… - CVE-2026-41641 NocoBase is an AI-powered no-code/low-code platform for building business applic
CVE-2026-41641High 7.2
CVE-2026-41641 CVSS:7.2 NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version… - CVE-2026-41002 The base directory (`spring.cloud.config.server.git.basedir`) used by the Spring
CVE-2026-41002High 7.2
CVE-2026-41002 CVSS:7.2 The base directory (`spring.cloud.config.server.git.basedir`) used by the Spring Cloud Config Server to clone Git repositories to is… - CVE-2026-42261 PromptHub is an all-in-one AI toolbox for prompt, skill, and agent management. F
CVE-2026-42261High 7.1
CVE-2026-42261 CVSS:7.1 PromptHub is an all-in-one AI toolbox for prompt, skill, and agent management. From version 0.4.9 to before version 0.5.4,… - CVE-2026-41554 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
CVE-2026-41554High 7.1
CVE-2026-41554 CVSS:7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bricks Builder allows Reflected… - CVE-2026-42010 A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adlem
CVE-2026-42010High 7.1
CVE-2026-42010 CVSS:7.1 A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames… - CVE-2026-41660 Admidio is an open-source user management solution. Prior to version 5.0.9, a lo
CVE-2026-41660High 7.1
CVE-2026-41660 CVSS:7.1 Admidio is an open-source user management solution. Prior to version 5.0.9, a logic error in Admidio's two-factor authentication reset…
⚔️ Sploitus(53 条)
Unknown (53 条)
- erebus exploit
erebus exploit - Exploit for Write-what-where Condition in Linux Linux_Kernel exploit
Exploit for Write-what-where Condition in Linux Linux_Kernel exploit
…另有 51 条 Unknown 级漏洞(已省略)
🤖 漏洞情报自动汇总 · 2026-05-10 · 数据来源: NVD / GitHub Advisory / Sploitus / CISA-KEV