📊 2026-05-11 漏洞情报日报 · 200 条 · 高危 89
每日漏洞情报汇总 · 2026-05-11
📊 2026-05-11 漏洞情报日报
📋 共 200 条
🔥 高危/严重 89 条
🐙 GitHub-Advisory 59 条 🔥29
🛡️ NVD-Latest 60 条 🔥60
⚔️ Sploitus 81 条
🤖 今日安全态势分析
🎯 今日重点关注
- Universal Robots PolyScope 命令注入 (CVE-2026-8153, CVSS 9.8):工业机器人控制系统Dashboard Server接口存在OS命令注入漏洞。未授权的攻击者可远程执行任意命令,控制机器人操作系统,对生产线安全构成严重威胁。
- free5GC NEF & SMF 多组件未授权访问 (CVE-2026-44315/44326/44327/44329/44330):5G核心网开源项目free5GC的NEF和SMF组件存在多个API端点未实施OAuth2/Bearer Token认证。网络位置可达的攻击者可伪造token或直接无认证访问API,实现对PFD管理、流量策略、OAM配置和UPI管理接口的完全控制。
- LiteLLM 认证绕过 (CVE-2026-42208, CVSS 9.8):AI代理网关LiteLLM在代理API密钥校验时存在SQL注入,攻击者可通过构造特殊密钥值绕过认证,可能导致敏感数据泄露或未授权调用后端大模型API。
- pfSense XMLRPC 代码执行 (CVE-2025-69691, CVSS 9.9):Netgate pfSense CE 2.8.0的XMLRPC API中包含可执行PHP代码的接口(pfsense.exec_php)。若管理员账户泄露或存在SSRF攻击,攻击者可获取设备完全控制权。
- Cline Kanban Server WebSocket劫持 (CVE-2026-44211, 未评分数):开发工具Cline附带的内置Kanban服务在本地开启WebSocket服务且未验证Origin头。恶意网站可静默连接至该服务,窃取本地项目数据或执行未授权操作。
📈 威胁趋势
- 远程代码执行 (RCE) / 命令注入 (9起):今日最突出的威胁类型。涵盖、、(3个)、及等多个产品。攻击面从开发者工具延伸到工控系统,利用条件多为低复杂度或无认证要求。
- 身份认证绕过 / 未授权访问 (6起):free5GC 5G核心网5个CVE及LiteLLM 1个CVE,集中暴露了现代微服务架构中API鉴权缺失的严重问题。攻击者可通过网络访问直接操作核心业务逻辑。
- WebSocket安全 / 中间人攻击 (1起):Cline Kanban的CSWSH漏洞凸显了本地服务缺乏源验证的普遍风险,可能成为攻击开发者个人环境的跳板。
🛡️ 缓解建议
- 立即隔离并加固5G核心网组件:针对free5GC系列漏洞,需在NEF、SMF等关键服务前部署API网关或反向代理,强制实施统一的OAuth2/Bearer Token认证和IP白名单策略,并停止暴露相关API至非信任网络。
- 升级工业与开发软件至安全版本:立即将Universal Robots PolyScope升级至5.21.1及以上版本。将electerm升级至3.8.15及以上版本(注意其深链接漏洞仍需关注),升级LiteLLM至1.83.7或更高版本。
- 强化WebSocket与本地服务安全:对于Cline Kanban等本地开发工具,立即启用Origin头验证。同时建议开发者在使用终端、SSH客户端时避免点击不可信链接,并考虑配置WebSocket的wss://加密及令牌鉴权机制。
- 审计并收紧管理员接口访问:针对pfSense及类似设备,立即审计所有管理员接口(特别是XMLRPC)的访问控制。确保严格管理管理员凭证,部署网络分段和日志审计,监控异常XMLRPC请求。
🐙 GitHub-Advisory(59 条)
Critical (8 条)
- GHSA-v6wj-c83f-v46x - @profullstack/mcp-server vulnerable to OS Command Injection in domain_lookup Mod Critical 3.1
<html> <body> <!--StartFragment--><html><head></head><body><h1>Security Advisory: OS Command Injection in <code>profullstack/mcp-server</code>… - CVE-2026-44211 - Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability
CVE-2026-44211Critical
## Summary The `kanban` npm package (used by the `cline` CLI) starts a WebSocket server on `127.0.0.1:3484` with no Origin header validation. Any website a… - CVE-2026-44315 - free5GC's NEF 3gpp-pfd-management API is unauthenticated; forged bearer tokens c
CVE-2026-44315Critical
Summary free5GC's NEF mounts the `3gpp-pfd-management` API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI… - CVE-2026-44326 - free5GC's NEF 3gpp-traffic-influence API is unauthenticated; missing or forged b
CVE-2026-44326Critical
Summary free5GC's NEF mounts the `3gpp-traffic-influence` API without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the… - CVE-2026-44327 - free5GC's NEF nnef-oam route group is unauthenticated; no-token requests reach t
CVE-2026-44327Critical
Summary free5GC's NEF mounts the `nnef-oam` route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on the SBI can… - CVE-2026-44329 - free5GC's SMF UPI management interface lacks auth middleware; unauthenticated to
CVE-2026-44329Critical
Summary free5GC's SMF mounts the `UPI` management route group without OAuth2/bearer-token authorization middleware. A network attacker who can reach SMF on the… - CVE-2026-44330 - free5GC's NEF nnef-pfdmanagement API is unauthenticated; forged bearer tokens ca
CVE-2026-44330Critical
Summary free5GC's NEF mounts the `nnef-pfdmanagement` route group without inbound OAuth2/bearer-token authorization. A network attacker who can reach NEF on… - CVE-2026-37709 - Snipe-IT has insecure permissions in file uploads
CVE-2026-37709Critical
Insecure Permissions vulnerability in grokability snipe-it versions through 8.4.0, fixed after 2026-03-10 commit 676a9958, allow a remote attacker to execute…
High (21 条)
- CVE-2026-44983 - smallbitvec: Integer overflow in safe API leads to heap buffer overflow
CVE-2026-44983High
Summary An integer overflow in the internal capacity calculation of `smallbitvec` can lead to an undersized heap allocation, resulting in a heap buffer… - CVE-2026-44895 - @yoda.digital/gitlab-mcp-server's SSE transport has no authentication and wildca
CVE-2026-44895High
## SSE Transport Has No Authentication and Wildcard CORS, Exposing All 86 GitLab Tools Including Destructive Operations A review of `mcp-gitlab-server` at… - CVE-2026-44966 - Velocity.js has a Prototype Pollution vulnerability through #set path assignment
CVE-2026-44966High
Summary A prototype pollution vulnerability was discovered in Velocity.js <= 2.1.5. This issue occurs during the processing of #set directives in Velocity… - CVE-2026-32689 - Phoenix: Long-poll NDJSON body splitting causes large memory allocation
CVE-2026-32689High
Summary An unauthenticated denial-of-service vulnerability in Phoenix's long-poll transport allows a remote client to allocate a large amount of memory with a… - CVE-2026-44728 - @babel/plugin-transform-modules-systemjs generates arbitrary code when compiling
CVE-2026-44728High
Impact Using Babel to compile code that was specifically crafted by an attacker can cause Babel to generate output code that executes arbitrary code. Known… - CVE-2026-44209 - banks has Critical Remote Code Execution (RCE) via Jinja2 SSTI
CVE-2026-44209High
## Summary `banks <= 2.4.1` uses `jinja2.Environment()` (unsandboxed) to render prompt templates. Applications that pass user-supplied strings as the template… - CVE-2026-44832 - Snipe-IT has Privilege Escalation via API Permissions Assignment
CVE-2026-44832High
Impact An authenticated user with only `users.edit` permission can escalate their own privileges to `admin` by sending a PATCH request to `/api/v1/users/{id}`… - CVE-2026-44549 - Open WebUI has stored XSS in Excel file preview
CVE-2026-44549High
Summary Excel file attachments are previewed in an unsafe way. A crafted XLSX file payload can be used to cause the… - CVE-2026-44567 - Open WebUI has Improper Authorization Control
CVE-2026-44567High
# **CONFIDENTIAL** # Vulnerability Disclosure Analysis Documentation --- ## Vulnerability Details | # | Field | Value | |---|-------|-------| | 1 |… - CVE-2026-44566 - Open WebUI Vulnerable to Arbitrary File Upload and Path Traversal
CVE-2026-44566High
# **CONFIDENTIAL** # KL-CAN-2024-002 ## Vulnerability Details | # | Field | Value | |---|-------|-------| | 1 | **Discoverer** | Jaggar Henry & Sean Segreti of… - CVE-2026-44316 - free5GC's PCF npcf-smpolicycontrol POST /sm-policies panics on downstream UDR/Op
CVE-2026-44316High
Summary free5GC's PCF `POST /npcf-smpolicycontrol/v1/sm-policies` handler (`HandleCreateSmPolicyRequest`) panics with a nil-pointer dereference when a… - CVE-2026-44319 - free5GC's NEF crashes via logger.Fatal on PFD notification delivery failure (att
CVE-2026-44319High
Summary free5GC's NEF terminates the entire process when a stored PFD-subscription `notifyUri` cannot be reached. In `PfdChangeNotifier.FlushNotifications()`,… - CVE-2026-44320 - free5GC's NEF nnef-callback route group is unauthenticated; forged callback requ
CVE-2026-44320High
Summary free5GC's NEF mounts the `nnef-callback` route group without inbound OAuth2/bearer-token authorization. A forged or arbitrary bearer token (e.g.… - CVE-2026-44321 - free5GC's SMF UPI POST /upi/v1/upNodesLinks exits the SMF process on overlapping
CVE-2026-44321High
Summary free5GC's SMF mounts the `UPI` management route group without inbound OAuth2 middleware (same root cause as free5gc/free5gc#887). The `POST… - CVE-2026-44322 - free5GC's NEF 3gpp-pfd-management PATCH applications/{appId} panics on UDR acces
CVE-2026-44322High
Summary free5GC's NEF `PATCH /3gpp-pfd-management/v1/{afId}/transactions/{transId}/applications/{appId}` handler panics with a nil-pointer dereference when the… - CVE-2026-44325 - free5GC NRF: type-confusion panic in POST /oauth2/token structured-form parser v
CVE-2026-44325High
Summary free5GC's NRF root SBI endpoint `POST /oauth2/token` contains a parser-level type-confusion bug family. The handler in… - CVE-2026-44328 - free5GC's SMF UPI DELETE /upi/v1/upNodesLinks/{ref} panics on AN-node deletion v
CVE-2026-44328High
Summary free5GC's SMF mounts the `UPI` management route group without inbound OAuth2 middleware (same root cause as the broader UPI auth gap reported in… - CVE-2023-49316 - Phpseclib needs guardrails on large binaryfield integers
CVE-2023-49316High
Impact Anyone loading untrusted ASN1 files (eg. X509 certificates, RSA PKCS8 private or public keys, etc) Patches… - CVE-2026-44843 - LangChain vulnerable to unsafe deserialization of attacker-controlled objects th
CVE-2026-44843High
LangChain contains older runtime code paths that deserialize run inputs, run outputs, or other application-controlled payloads using overly broad object… - GHSA-mv93-w799-cj2w - GitPython: Newline injection in config_writer() section parameter bypasses CVE-2
CVE-2026-42215High
Summary The patch for CVE-2026-42215 (GitPython 3.1.49) validates newlines only in the value parameter of set_value(). The section and option parameters are… - CVE-2026-44900 - epa4all-client has a VAU Signature bypass
CVE-2026-44900High
Impact In SignedPublicKeysTrustValidatorImpl.isTrusted(), the ECDSA signature verification at line 45 discards the boolean return value of Signature.verify().…
Medium (29 条)
- CVE-2026-44309 - gitsign verify accepts signatures over go-git-normalized bytes, enabling trust c
CVE-2026-44309Medium 3.1
## Summary `gitsign verify` and `gitsign verify-tag` re-encode commit/tag objects through go-git's `EncodeWithoutSignature` before checking the signature,… - CVE-2026-44897 - Mistune Heading ID Attribute has Injection XSS
CVE-2026-44897Medium
## Summary `HTMLRenderer.heading()` builds the opening `<hN>` tag by string-concatenating the `id` attribute value directly into the HTML — with no call to… - CVE-2026-44457 - Hono's Cache Middleware ignores Vary: Authorization / Vary: Cookie leading to cr
CVE-2026-44457Medium
Summary Cache Middleware does not skip caching for responses that declare per-user variance via `Vary: Authorization` or `Vary: Cookie`. As a result, a… - CVE-2026-6860 - Vert.x has a DoS via unbounded server-side SNI SslContext cache growth
CVE-2026-6860Medium
Potential unbounded server-side SNI `SslContext` cache growth in Vert.x TLS handling, with possible resource-exhaustion / DoS impact. On affected versions,… - CVE-2026-44458 - Hono has CSS Declaration Injection via Style Object Values in JSX SSR
CVE-2026-44458Medium
Summary The JSX renderer escapes `style` attribute object values for HTML but not for CSS. Untrusted input in a `style` object value or property name can… - GHSA-qhh4-458h-xwh2 - @cyclonedx/cdxgen: Docker registry auth substring match forwards credentials to Medium
# Docker registry auth substring match forwards credentials to a different registry ## Repository `cdxgen/cdxgen` ## Affected product/package - Ecosystem: npm… - CVE-2026-44197 - Wagtail has improper permission handling when comparing revisions
CVE-2026-44197Medium
Impact A CMS user without the ability to edit a page could access revisions of the page through the revision compare view if they knew the primary key of two… - CVE-2026-44198 - Wagtail has improper permission handling when viewing page history
CVE-2026-44198Medium
Impact A CMS user without the ability to edit a page could still access the history report for the page, potentially resulting in disclosure of sensitive…
…另有 21 条 Medium 级漏洞(已省略)
Low (1 条)
- CVE-2026-44459 - Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify
CVE-2026-44459Low
Summary Improper validation of the JWT NumericDate claims `exp`, `nbf`, and `iat` in `hono/utils/jwt` allows tokens with non-spec-compliant claim values to…
🛡️ NVD-Latest(60 条)
Critical (14 条)
- CVE-2025-69691 Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exe
CVE-2025-69691Critical 9.9
CVE-2025-69691 CVSS:9.9 Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the Supplier disputes this because the API… - CVE-2026-8153 OS command injection in Dashboard Server interface in Universal Robots PolyScope
CVE-2026-8153Critical 9.8
CVE-2026-8153 CVSS:9.8 OS command injection in Dashboard Server interface in Universal Robots PolyScope versions prior to 5.21.1 allows unauthenticated… - CVE-2023-46453 Certain GL.iNet devices with 4.x firmware allow authentication bypass (resulting
CVE-2023-46453Critical 9.8
CVE-2023-46453 CVSS:9.8 Certain GL.iNet devices with 4.x firmware allow authentication bypass (resulting in administrative control of the device) via a… - CVE-2026-42208 LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) fo
CVE-2026-42208Critical 9.8
CVE-2026-42208 CVSS:9.8 LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before version 1.83.7, a… - CVE-2026-41501 electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ft
CVE-2026-41501Critical 9.8
CVE-2026-41501 CVSS:9.8 electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection… - CVE-2026-41500 electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ft
CVE-2026-41500Critical 9.8
CVE-2026-41500 CVSS:9.8 electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.3.8, a command injection… - CVE-2026-43944 electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ft
CVE-2026-43944Critical 9.6
CVE-2026-43944 CVSS:9.6 electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From versions 3.0.6 to before 3.8.15,… - CVE-2026-43941 electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ft
CVE-2026-43941Critical 9.6
CVE-2026-43941 CVSS:9.6 electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In versions 3.8.15 and prior, Electerm's… - CVE-2026-42569 phpVMS is a PHP application to run and simulate an airline. Prior to version 7.0
CVE-2026-42569Critical 9.4
CVE-2026-42569 CVSS:9.4 phpVMS is a PHP application to run and simulate an airline. Prior to version 7.0.6, a critical vulnerability in phpVMS allowed… - CVE-2026-42560 auth provides authentication via oauth2, direct and email. From versions 1.18.0
CVE-2026-42560Critical 9.1
CVE-2026-42560 CVSS:9.1 auth provides authentication via oauth2, direct and email. From versions 1.18.0 to before 1.25.2 and 2.0.0 to before 2.1.2, the Patreon… - CVE-2026-44313 Linkwarden is a self-hosted, open-source collaborative bookmark manager to colle
CVE-2026-44313Critical 9.1
CVE-2026-44313 CVSS:9.1 Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. Prior to version… - CVE-2013-10075 Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The
CVE-2013-10075Critical 9.1
CVE-2013-10075 CVSS:9.1 Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and… - CVE-2025-69690 Netgate pfSense CE 2.7.2 allows code execution by using the module installer wit
CVE-2025-69690Critical 9.1
CVE-2025-69690 CVSS:9.1 Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing… - CVE-2024-51092 LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via O
CVE-2024-51092Critical 9.1
CVE-2024-51092 CVSS:9.1 LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's…
High (46 条)
- CVE-2026-42605 AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to vers
CVE-2026-42605High 8.8
CVE-2026-42605 CVSS:8.8 AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the currentDirectory request parameter in… - CVE-2026-5127 The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Members
CVE-2026-5127High 8.8
CVE-2026-5127 CVSS:8.8 The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is… - CVE-2026-8138 A vulnerability was found in Tenda CX12L 16.03.53.12. This issue affects the fun
CVE-2026-8138High 8.8
CVE-2026-8138 CVSS:8.8 A vulnerability was found in Tenda CX12L 16.03.53.12. This issue affects the function formSetPPTPServer of the file… - CVE-2026-8137 A vulnerability has been found in Totolink X5000R 9.1.0u.6369_B20230113. This vu
CVE-2026-8137High 8.8
CVE-2026-8137 CVSS:8.8 A vulnerability has been found in Totolink X5000R 9.1.0u.6369_B20230113. This vulnerability affects the function sub_458E40 of the file… - CVE-2026-42271 LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) fo
CVE-2026-42271High 8.8
CVE-2026-42271 CVSS:8.8 LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two… - CVE-2026-41900 OpenLearnX is an open-source, decentralized learning and assessment platform. Pr
CVE-2026-41900High 8.8
CVE-2026-41900 CVSS:8.8 OpenLearnX is an open-source, decentralized learning and assessment platform. Prior to version 2.0.3, a remote code execution (RCE)… - CVE-2026-42275 zrok is software for sharing web services, files, and network resources. Prior t
CVE-2026-42275High 8.7
CVE-2026-42275 CVSS:8.7 zrok is software for sharing web services, files, and network resources. Prior to version 2.0.2, the zrok WebDAV drive backend… - CVE-2026-41705 Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to fil
CVE-2026-41705High 8.6
CVE-2026-41705 CVSS:8.6 Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs.… - CVE-2026-4935 The OttoKit: All-in-One Automation Platform WordPress plugin before 1.1.23 does
CVE-2026-4935High 8.6
CVE-2026-4935 CVSS:8.6 The OttoKit: All-in-One Automation Platform WordPress plugin before 1.1.23 does not properly sanitize user input before using it in a… - CVE-2026-43940 electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ft
CVE-2026-43940High 8.4
CVE-2026-43940 CVSS:8.4 electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.16, the runWidget… - CVE-2026-42562 Plainpad is a self hosted note taking app. Prior to version 1.1.1, Plainpad allo
CVE-2026-42562High 8.3
CVE-2026-42562 CVSS:8.3 Plainpad is a self hosted note taking app. Prior to version 1.1.1, Plainpad allows a low-privilege authenticated user to self-escalate… - CVE-2026-42606 AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to vers
CVE-2026-42606High 8.1
CVE-2026-42606 CVSS:8.1 AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the ApplyXForwarded middleware… - CVE-2026-42296 Argo Workflows is an open source container-native workflow engine for orchestrat
CVE-2026-42296High 8.1
CVE-2026-42296 CVSS:8.1 Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions… - CVE-2026-6665 The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strl
CVE-2026-6665High 8.1
CVE-2026-6665 CVSS:8.1 The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat() correctly when building the contents of the SCRAM… - CVE-2022-50994 DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command inje
CVE-2022-50994High 8.1
CVE-2022-50994 CVSS:8.1 DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that… - CVE-2025-66467 Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows use
CVE-2025-66467High 8.0
CVE-2025-66467 CVSS:8.0 Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously… - CVE-2026-42301 pyp2spec generates working Fedora RPM spec file for Python projects. Prior to ve
CVE-2026-42301High 7.8
CVE-2026-42301 CVSS:7.8 pyp2spec generates working Fedora RPM spec file for Python projects. Prior to version 0.14.1, pyp2spec was writing PyPI package… - CVE-2026-43284 In the Linux kernel, the following vulnerability has been resolved: xfrm: esp:
CVE-2026-43284High 7.8
CVE-2026-43284 CVSS:7.8 In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags… - CVE-2026-8148 NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local attacker to es
CVE-2026-8148High 7.8
CVE-2026-8148 CVSS:7.8 NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM via registry… - CVE-2022-26522 The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti
CVE-2022-26522High 7.8
CVE-2022-26522 CVSS:7.8 The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to… - CVE-2026-43943 electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ft
CVE-2026-43943High 7.8
CVE-2026-43943 CVSS:7.8 electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. Prior to version 3.7.9, a code execution… - CVE-2026-42575 apko allows users to build and publish OCI container images built from apk packa
CVE-2026-42575High 7.5
CVE-2026-42575 CVSS:7.5 apko allows users to build and publish OCI container images built from apk packages. Prior to version 1.2.7, apko verifies the… - CVE-2026-42574 apko allows users to build and publish OCI container images built from apk packa
CVE-2026-42574High 7.5
CVE-2026-42574 CVSS:7.5 apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before version 1.2.5, a… - CVE-2026-41311 LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScri
CVE-2026-41311High 7.5
CVE-2026-41311 CVSS:7.5 LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.7, a circular block… - CVE-2026-6664 An integer overflow in network packet parsing code in PgBouncer before 1.25.2 by
CVE-2026-6664High 7.5
CVE-2026-6664 CVSS:7.5 An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An… - CVE-2024-46508 yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens i
CVE-2024-46508High 7.5
CVE-2024-46508 CVSS:7.5 yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed (by setting… - CVE-2024-27686 Mikrotik RouterOS (x86) 6.40.5 through 6.49.10 (fixed in 7) allows a remote atta
CVE-2024-27686High 7.5
CVE-2024-27686 CVSS:7.5 Mikrotik RouterOS (x86) 6.40.5 through 6.49.10 (fixed in 7) allows a remote attacker to cause a denial of service (device crash) via… - CVE-2026-42264 Axios is a promise based HTTP client for the browser and Node.js. From version 1
CVE-2026-42264High 7.4
CVE-2026-42264 CVSS:7.4 Axios is a promise based HTTP client for the browser and Node.js. From version 1.0.0 to before version 1.15.2, fFive config properties… - CVE-2026-8216 A vulnerability was identified in Industrial Application Software IAS Canias ERP
CVE-2026-8216High 7.3
CVE-2026-8216 CVSS:7.3 A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This issue affects the function… - CVE-2025-67888 An issue was discovered in Control Web Panel (CWP) before 0.9.8.1209. User input
CVE-2025-67888High 7.3
CVE-2025-67888 CVSS:7.3 An issue was discovered in Control Web Panel (CWP) before 0.9.8.1209. User input passed via the "key" GET parameter to /admin/index.php… - CVE-2025-55449 AstrBotDevs AstrBot 3.5.15 has Advanced_System_for_Text_Response_and_Bot_Operati
CVE-2025-55449High 7.3
CVE-2025-55449 CVSS:7.3 AstrBotDevs AstrBot 3.5.15 has Advanced_System_for_Text_Response_and_Bot_Operations_Tool as the hardcoded private key used to sign a… - CVE-2024-53326 LINQPad before 5.52.01 Pro edition is vulnerable to Unsafe Deserialization in LI
CVE-2024-53326High 7.3
CVE-2024-53326 CVSS:7.3 LINQPad before 5.52.01 Pro edition is vulnerable to Unsafe Deserialization in LINQPad.AutoRefManager::PopulateFromCache(), leading to… - CVE-2024-46507 A SSTI (server side template injection) vulnerability in the custom template exp
CVE-2024-46507High 7.3
CVE-2024-46507 CVSS:7.3 A SSTI (server side template injection) vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows… - CVE-2024-45257 A Command Injection issue in the payload build page in BYOB (Build Your Own Botn
CVE-2024-45257High 7.3
CVE-2024-45257 CVSS:7.3 A Command Injection issue in the payload build page in BYOB (Build Your Own Botnet) 2.0 allows attackers to execute arbitrary commands… - CVE-2024-33288 Prison Management System Using PHP v1.0 was discovered to contain a SQL injectio
CVE-2024-33288High 7.3
CVE-2024-33288 CVSS:7.3 Prison Management System Using PHP v1.0 was discovered to contain a SQL injection vulnerability via the username on the Admin login… - CVE-2023-42344 Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain
CVE-2023-42344High 7.3
CVE-2023-42344 CVSS:7.3 Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE… - CVE-2026-8133 A security vulnerability has been detected in zyx0814 FilePress up to 2.2.0. Aff
CVE-2026-8133High 7.3
CVE-2026-8133 CVSS:7.3 A security vulnerability has been detected in zyx0814 FilePress up to 2.2.0. Affected by this vulnerability is an unknown functionality… - CVE-2026-8132 A weakness has been identified in CodeAstro Leave Management System 1.0. Affecte
CVE-2026-8132High 7.3
CVE-2026-8132 CVSS:7.3 A weakness has been identified in CodeAstro Leave Management System 1.0. Affected is an unknown function of the file /login.php. This… - CVE-2026-8131 A security flaw has been discovered in SourceCodester SUP Online Shopping 1.0. T
CVE-2026-8131High 7.3
CVE-2026-8131 CVSS:7.3 A security flaw has been discovered in SourceCodester SUP Online Shopping 1.0. This impacts an unknown function of the file… - CVE-2026-8130 A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. This a
CVE-2026-8130High 7.3
CVE-2026-8130 CVSS:7.3 A vulnerability was identified in SourceCodester SUP Online Shopping 1.0. This affects an unknown function of the file… - CVE-2026-8129 A vulnerability was determined in SourceCodester SUP Online Shopping 1.0. The im
CVE-2026-8129High 7.3
CVE-2026-8129 CVSS:7.3 A vulnerability was determined in SourceCodester SUP Online Shopping 1.0. The impacted element is an unknown function of the file… - CVE-2026-8128 A vulnerability was found in SourceCodester SUP Online Shopping 1.0. The affecte
CVE-2026-8128High 7.3
CVE-2026-8128 CVSS:7.3 A vulnerability was found in SourceCodester SUP Online Shopping 1.0. The affected element is an unknown function of the file… - CVE-2026-8126 A flaw has been found in SourceCodester Comment System 1.0. This issue affects s
CVE-2026-8126High 7.3
CVE-2026-8126 CVSS:7.3 A flaw has been found in SourceCodester Comment System 1.0. This issue affects some unknown processing of the file post_comment.php.… - CVE-2026-3828 Some Hikvision switch products (discontinued since December 2023) are vulnerable
CVE-2026-3828High 7.2
CVE-2026-3828 CVSS:7.2 Some Hikvision switch products (discontinued since December 2023) are vulnerable to authenticated remote command execution due to… - CVE-2026-7330 The Auto Affiliate Links plugin for WordPress is vulnerable to Stored Cross-Site
CVE-2026-7330High 7.2
CVE-2026-7330 CVSS:7.2 The Auto Affiliate Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.8.8 This… - CVE-2026-42261 PromptHub is an all-in-one AI toolbox for prompt, skill, and agent management. F
CVE-2026-42261High 7.1
CVE-2026-42261 CVSS:7.1 PromptHub is an all-in-one AI toolbox for prompt, skill, and agent management. From version 0.4.9 to before version 0.5.4,…
⚔️ Sploitus(81 条)
Unknown (81 条)
- Exploit for CVE-2026-3844 exploit
CVE-2026-3844
Exploit for CVE-2026-3844 exploit - Exploit for CVE-2026-36980 exploit
CVE-2026-36980
Exploit for CVE-2026-36980 exploit
…另有 79 条 Unknown 级漏洞(已省略)
🤖 漏洞情报自动汇总 · 2026-05-11 · 数据来源: NVD / GitHub Advisory / Sploitus / CISA-KEV