📊 2026-05-12 漏洞情报日报 · 200 条 · 高危 92
每日漏洞情报汇总 · 2026-05-12
📊 2026-05-12 漏洞情报日报
📋 共 200 条
🔥 高危/严重 92 条
🐙 GitHub-Advisory 59 条 🔥32
🛡️ NVD-Latest 60 条 🔥60
⚔️ Sploitus 81 条
🤖 今日安全态势分析
🎯 今日重点关注
- CloudNativePG 特权提升 (CVE-2026-44477): 指标收集器以超级用户连接 PostgreSQL,仅通过
SET ROLE降权,但未重置 session_user,攻击者可通过会话用户身份提升至数据库管理员权限。利用条件:需拥有对 metrics 端点的网络访问或本地访问权限。 - Angular Expressions RCE (CVE-2026-44643): Angular 表达式模块沙箱失效,攻击者可构造恶意表达式绕过沙箱,在服务端执行任意代码。利用条件:任何能向应用注入表达式输入的攻击场景(如用户评论、配置字段)。
- Unity Catalog JWT 验证绕过 (CVE-2026-27478): 令牌交换端点动态从 JWT 的
iss字段获取验证公钥,攻击者可签发任意伪造 JWT,实现完全的认证绕过,接管用户账户。利用条件:能向 /api/1.0/unity-control/auth/tokens 发送请求即可。 - Universal Robots PolyScope RCE (CVE-2026-8153): 仪表盘服务器界面存在 OS 命令注入漏洞,未经认证的攻击者可远程执行任意操作系统命令。利用条件:攻击者能访问机器人 Dashboard 服务端网络端口。
- Netgate pfSense XMLRPC 代码执行 (CVE-2025-69691): pfSense CE 2.8.0 的 XMLRPC API 允许通过
pfsense.exec_php调用执行 PHP 代码,虽然供应商认为这是管理员功能,但外部攻击者可能通过组合其他漏洞获取管理员权限后利用。
📈 威胁趋势
- 远程代码执行 / 命令注入 (RCE / OS CI): 今日漏洞中数量最多、严重程度最高。涉及面广,包括 Angular 表达式沙箱逃逸(JS)、WebdriverIO BrowserStack 服务(Git 分支名注入)、MCP Server 域名查询模块(OS 命令注入)、Universal Robots 工业机器人(OS 命令注入)和多个 WordPress 插件的文件上传 RCE。
- 权限提升 / 认证绕过: 包括 CloudNativePG 的数据库超级用户降权缺陷、Unity Catalog 的 JWT 验证逻辑缺陷导致的完全认证绕过、OpenCart 的会话固定攻击、TheCartPress 的未授权管理员创建。
- 信息泄露 / 沙箱逃逸: SandboxJS 暴露内部回调函数的
Function.caller泄露导致沙箱逃逸;Budibase 的插件上传 SSRF 漏洞(可探测内网、泄露敏感信息)。 - Web 应用通用漏洞: 多个 WordPress 插件(Download From Files、MStore API)及老版本 OpenCATS 存在任意文件上传漏洞,无需认证即可利用。
🛡️ 缓解建议
- 紧急修复核心组件: 优先对 CloudNativePG、Unity Catalog、Universal Robots 及涉及 Angular 表达式的应用进行版本升级至修复版本,这些漏洞利用条件简单且影响范围大。
- 限制非必要网络暴露: 禁止将 pfSense XMLRPC API、Universal Robots Dashboard、CloudNativePG metrics 等管理/监控接口暴露在公网;对 Unity Catalog 的 token 端点实施网络策略或 IP 白名单。
- 更新旧有 WordPress 插件: 针对今日披露的多个历史 WordPress 插件漏洞(CVE-2021-47940、CVE-2021-47933 等),检查并停用或更新至最新版本,尤其是未被积极维护的该插件。
- 实施输入验证与沙箱加固: 对所有接受表达式、模板、插件上传的应用程序进行输入过滤,禁用危险的 JavaScript 属性(如 Function.caller);禁止在服务端允许用户级别的表达式引擎执行。
🐙 GitHub-Advisory(59 条)
Critical (7 条)
- GHSA-v6wj-c83f-v46x - @profullstack/mcp-server vulnerable to OS Command Injection in domain_lookup Mod Critical 3.1
<html> <body> <!--StartFragment--><html><head></head><body><h1>Security Advisory: OS Command Injection in <code>profullstack/mcp-server</code>… - CVE-2026-44477 - CloudNativePG's metrics exporter allows privilege escalation to PostgreSQL super
CVE-2026-44477Critical
Impact The CloudNativePG metrics exporter opens its PostgreSQL connection as the `postgres` superuser via the pod-local Unix socket, then demotes the session… - CVE-2026-44643 - Angular Expressions - Remote Code Execution using filters
CVE-2026-44643Critical
## Impact An attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. Example of vulnerable code: ``` const… - GHSA-h29g-c9cx-c73q - torrentpier has PHP Serialize Injections Critical
Summary Hi, there. We've found PHP Serialize Injections in your project “torrentpier". According to the OWASP, it can pose a significant risk: enable an… - CVE-2026-25244 - WebdriverIO BrowserStack Service has a Command Injection issue
CVE-2026-25244Critical
Summary A command injection vulnerability exists in `@wdio/browserstack-service` that allows remote code execution (RCE) when processing git branch names in… - CVE-2026-27478 - Unity Catalog has a JWT Issuer Validation Bypass tht Allows Complete User Impers
CVE-2026-27478Critical
**Context:** A critical authentication bypass vulnerability exists in the Unity Catalog token exchange endpoint (/api/1.0/unity-control/auth/tokens). The… - CVE-2026-43898 - SandboxJS has a sandbox escape via Function.caller leakage of internal call op
CVE-2026-43898Critical
Summary Sandbox-defined functions expose `Function.caller`, allowing sandboxed code to recover the internal `LispType.Call` runtime callback. That callback can…
High (25 条)
- CVE-2026-45061 - Budibase vulnerable to SSRF via trivial `.tar.gz` substring bypass in Plugin URL
CVE-2026-45061High 3.1
## 1. Summary | Field | Value | |-------|-------| | **Title** | SSRF via trivial `.tar.gz` substring bypass in Plugin URL upload | | **Product** | Budibase… - CVE-2026-44575 - Next.js has a Middleware / Proxy bypass in App Router applications via segment-p
CVE-2026-44575High
Impact App Router applications that rely on middleware or proxy-based checks for authorization can allow unauthorized access through transport-specific route… - CVE-2026-44578 - Next.js vulnerable to server-side request forgery in applications using WebSocke
CVE-2026-44578High
Impact Self-hosted applications using the built-in Node.js server can be vulnerable to server-side request forgery through crafted WebSocket upgrade requests.… - CVE-2026-44579 - Next.js vulnerable to Denial of Service via connection exhaustion in application
CVE-2026-44579High
Impact Applications using Partial Prerendering through the Cache Components feature can be vulnerable to connection exhaustion through crafted POST requests to… - CVE-2026-44483 - @rvf/set-get has a prototype pollution issue that's reachable via @rvf/core prep
CVE-2026-44483High
## Summary `setPath` in `@rvf/set-get` (used by `@rvf/core` to flatten incoming form data into a nested object) does not block the keys `__proto__`,… - GHSA-mhwj-73qx-jqxm - @theecryptochad/merge-guard has Prototype Pollution in its deepMerge() function High
## Summary `@theecryptochad/merge-guard` versions prior to 1.0.1 are vulnerable to Prototype Pollution via the `deepMerge()` function. An attacker who controls… - CVE-2026-44516 - Valtimo has sensitive data exposure through HTTP request/response logging in Log
CVE-2026-44516High
Summary The `LoggingRestClientCustomizer` in the `web` module automatically intercepts all outgoing HTTP calls made via Spring's `RestClient` and logs the full… - CVE-2026-44521 - elFinder MySQL has a SQL Injection in its Volume Driver (elFinderVolumeMySQL)
CVE-2026-44521High
## Summary An authenticated SQL injection vulnerability in the elFinder MySQL volume driver (`elFinderVolumeMySQL`) allows any logged-in user, including users… - CVE-2026-44543 - Local Path Provisioner Vulnerable to HelperPod Template Injection
CVE-2026-44543High
Impact A malicious user with permission to edit the `local-path-config` ConfigMap in the `local-path-storage` namespace can manipulate the `helperPod.yaml`… - CVE-2026-45033 - GitHub Copilot CLI: Nested Bare Repository Can Execute Arbitrary Commands via co
CVE-2026-45033High
## Summary A security vulnerability has been identified in GitHub Copilot CLI where a malicious bare git repository nested inside a project directory can… - CVE-2026-40217 - LiteLLM has a sandbox escape in custom-code guardrail
CVE-2026-40217High
Impact The `POST /guardrails/test_custom_code` endpoint runs user-supplied Python inside a hand-rolled sandbox. The sandbox can be escaped using bytecode-level… - CVE-2026-45047 - Bird-lg-go has a Fatal Out-of-Memory (OOM) Denial of Service via Unbounded JSON
CVE-2026-45047High
Summary The `apiHandler` (and similarly `webHandlerTelegramBot`) processes user-provided JSON payloads by directly using… - CVE-2026-45109 - Next.js has a Middleware / Proxy bypass in App Router applications via segment-p
CVE-2026-45109High
Impact It was found that the fix addressing [CVE-2026-44575](https://github.com/vercel/next.js/security/advisories/GHSA-267c-6grr-h53f) did not apply to… - CVE-2026-34463 - MantisBT is Vulnerable to Stored HTML Injection/XSS in Clone Issue Form
CVE-2026-34463High
When cloning an issue originating from a Project other than the current one, the clone form (bug_report_page.php) prepends the source Project name before the… - CVE-2026-39850 - Yii 2: Local file inclusion via view parameter name collision
CVE-2026-39850High
The core view rendering method `View::renderPhpFile()` calls `extract($_params_, EXTR_OVERWRITE)` before the `require` statement that includes the view file. A… - CVE-2026-40596 - MantisBT is Vulnerable to XSS leading to account takeover via updating a user's
CVE-2026-40596High
Any authenticated user can inject arbitrary HTML via updating their account's font family. Impact Cross-site scripting. The injected payload will be reflected… - CVE-2026-40597 - MantisBT has a Content Security Policy bypass via attachments
CVE-2026-40597High
Given any pre-existing XSS / HTML injection vulnerability, an attacker can bypass the Content Security Policy's _script-src_ directive by uploading a crafted… - CVE-2026-40607 - MantisBT is Vulnerable to Stored XSS in Saved-Filter Owner Column
CVE-2026-40607High
Incorrect escaping of a saved filter's owner allows an attacker to inject arbitrary HTML on systems where $g_show_user_realname = ON. Impact Cross-site… - CVE-2026-42071 - MantisBT has a Private Bugnote Attachment Content Leak via REST API
CVE-2026-42071High
A missing authorization check in MantisBT's file visibility function allows any authenticated user (REPORTER+) to download attachments on private bugnotes they… - CVE-2026-44635 - Kysely: JSON-path traversal injection via unsanitized path-leg metacharacters in
CVE-2026-44635High
## Summary Kysely 0.28.12 added a `sanitizeStringLiteral()` call inside `DefaultQueryCompiler.visitJSONPathLeg` (commit `0a602bf`, PR #1727) to fix… - CVE-2026-44655 - MantisBT has Stored XSS on Move Attachments Admin Page
CVE-2026-44655High
Unescaped Project Name allows an attacker that can set it (which typically requires manager or administrator access level) to inject HTML in Move Attachments… - CVE-2026-44657 - MantisBT Vulnerable to Stored XSS in File Download
CVE-2026-44657High
Using *show_inline=1* parameter and a valid *file_show_inline_token* CSRF token on file_download.php, an attacker can execute code by uploading a crafted XHTML… - CVE-2026-44983 - smallbitvec: Integer overflow in safe API leads to heap buffer overflow
CVE-2026-44983High
Summary An integer overflow in the internal capacity calculation of `smallbitvec` can lead to an undersized heap allocation, resulting in a heap buffer… - CVE-2026-44895 - @yoda.digital/gitlab-mcp-server's SSE transport has no authentication and wildca
CVE-2026-44895High
## SSE Transport Has No Authentication and Wildcard CORS, Exposing All 86 GitLab Tools Including Destructive Operations A review of `mcp-gitlab-server` at… - CVE-2026-44966 - Velocity.js has a Prototype Pollution vulnerability through #set path assignment
CVE-2026-44966High
Summary A prototype pollution vulnerability was discovered in Velocity.js <= 2.1.5. This issue occurs during the processing of #set directives in Velocity…
Medium (24 条)
- CVE-2026-44576 - Next.js vulnerable to cache poisoning in React Server Component responses
CVE-2026-44576Medium
Impact Applications using React Server Components can be vulnerable to cache poisoning when shared caches do not correctly partition response variants. Under… - CVE-2026-44577 - Next.js has a Denial of Service in the Image Optimization API
CVE-2026-44577Medium
Impact When self-hosting Next.js with the default image loader, the Image Optimization API fetches local images entirely into memory without enforcing a… - CVE-2026-44580 - Next.js has cross-site scripting in beforeInteractive scripts with untrusted inp
CVE-2026-44580Medium
Impact Applications that use `beforeInteractive` scripts together with untrusted content can be vulnerable to cross-site scripting. In affected versions,… - CVE-2026-44581 - Next.js vulnerable to cross-site scripting in App Router applications using CSP
CVE-2026-44581Medium
Impact App Router applications that rely on CSP nonces can be vulnerable to stored cross-site scripting when deployed behind shared caches. In affected… - CVE-2026-33052 - MantisBT Has Authorization Bypass in Global Profile Creation
CVE-2026-33052Medium
MantisBT allows a low-privileged authenticated user having *add_profile_threshold* to create a global profile despite not having… - CVE-2026-34390 - MantisBT Vulnerable to Privilege Escalation from Manager to Administrator
CVE-2026-34390Medium
Insufficient access control checks in _ProjectUsersAddCommand_ (used in *manage_proj_user_add.php* and REST API endpoint `PUT /project/{id}/users`) allows… - CVE-2026-34579 - MantisBT has an authorization bypass in private issue monitoring
CVE-2026-34579Medium
Using a crafted POST request to bug_monitor_add.php, a user with project-level access can add themselves as a monitor for a private issue they do not have… - CVE-2026-34744 - MantisBT has an authorization bypass that allows reading attachments after losin
CVE-2026-34744Medium
MantisBT permits a user to list and download their own attachments from an Issue created by another user, even after that Issue becomes private and direct…
…另有 16 条 Medium 级漏洞(已省略)
Low (3 条)
- CVE-2026-44582 - Next.js vulnerable to cache poisoning via collisions in React Server Component c
CVE-2026-44582Low
Impact React Server Component responses can be vulnerable to cache poisoning in deployments that rely on shared caches with insufficient response partitioning.… - CVE-2026-44572 - Next.js's Middleware / Proxy redirects can be cache-poisoned
CVE-2026-44572Low
Impact Next.js uses the `x-nextjs-data` request header for internal data requests. On affected versions, an external client could send this header on a normal… - CVE-2026-44459 - Hono has improper validation of NumericDate claims (exp, nbf, iat) in JWT verify
CVE-2026-44459Low
Summary Improper validation of the JWT NumericDate claims `exp`, `nbf`, and `iat` in `hono/utils/jwt` allows tokens with non-spec-compliant claim values to…
🛡️ NVD-Latest(60 条)
Critical (14 条)
- CVE-2025-69691 Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exe
CVE-2025-69691Critical 9.9
CVE-2025-69691 CVSS:9.9 Netgate pfSense CE 2.8.0 allows code execution in the XMLRPC API via pfsense.exec_php. NOTE: the Supplier disputes this because the API… - CVE-2021-47940 WordPress Plugin Download From Files version 1.48 and earlier contains an arbitr
CVE-2021-47940Critical 9.8
CVE-2021-47940 CVSS:9.8 WordPress Plugin Download From Files version 1.48 and earlier contains an arbitrary file upload vulnerability that allows… - CVE-2021-47936 OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauth
CVE-2021-47936Critical 9.8
CVE-2021-47936 CVSS:9.8 OpenCATS 0.9.4 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary commands by… - CVE-2021-47933 WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that
CVE-2021-47933Critical 9.8
CVE-2021-47933 CVSS:9.8 WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious… - CVE-2021-47932 WordPress TheCartPress 1.5.3.6 contains an unauthenticated privilege escalation
CVE-2021-47932Critical 9.8
CVE-2021-47932 CVSS:9.8 WordPress TheCartPress 1.5.3.6 contains an unauthenticated privilege escalation vulnerability that allows attackers to create… - CVE-2021-47923 OpenCart 3.0.3.8 contains a session fixation vulnerability that allows attackers
CVE-2021-47923Critical 9.8
CVE-2021-47923 CVSS:9.8 OpenCart 3.0.3.8 contains a session fixation vulnerability that allows attackers to hijack user sessions by injecting arbitrary values… - CVE-2026-8153 OS command injection in Dashboard Server interface in Universal Robots PolyScope
CVE-2026-8153Critical 9.8
CVE-2026-8153 CVSS:9.8 OS command injection in Dashboard Server interface in Universal Robots PolyScope versions prior to 5.21.1 allows unauthenticated… - CVE-2023-46453 Certain GL.iNet devices with 4.x firmware allow authentication bypass (resulting
CVE-2023-46453Critical 9.8
CVE-2023-46453 CVSS:9.8 Certain GL.iNet devices with 4.x firmware allow authentication bypass (resulting in administrative control of the device) via a… - CVE-2026-42569 phpVMS is a PHP application to run and simulate an airline. Prior to version 7.0
CVE-2026-42569Critical 9.4
CVE-2026-42569 CVSS:9.4 phpVMS is a PHP application to run and simulate an airline. Prior to version 7.0.6, a critical vulnerability in phpVMS allowed… - CVE-2026-42560 auth provides authentication via oauth2, direct and email. From versions 1.18.0
CVE-2026-42560Critical 9.1
CVE-2026-42560 CVSS:9.1 auth provides authentication via oauth2, direct and email. From versions 1.18.0 to before 1.25.2 and 2.0.0 to before 2.1.2, the Patreon… - CVE-2026-44313 Linkwarden is a self-hosted, open-source collaborative bookmark manager to colle
CVE-2026-44313Critical 9.1
CVE-2026-44313 CVSS:9.1 Linkwarden is a self-hosted, open-source collaborative bookmark manager to collect, organize and archive webpages. Prior to version… - CVE-2013-10075 Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The
CVE-2013-10075Critical 9.1
CVE-2013-10075 CVSS:9.1 Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and… - CVE-2025-69690 Netgate pfSense CE 2.7.2 allows code execution by using the module installer wit
CVE-2025-69690Critical 9.1
CVE-2025-69690 CVSS:9.1 Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing… - CVE-2024-51092 LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via O
CVE-2024-51092Critical 9.1
CVE-2024-51092 CVSS:9.1 LibreNMS before 24.10.0 allows a remote attacker to execute arbitrary code via OS command injection involving AboutController.php's…
High (46 条)
- CVE-2022-50944 Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authentic
CVE-2022-50944High 8.8
CVE-2022-50944 CVSS:8.8 Aero CMS 0.0.1 contains a PHP code injection vulnerability that allows authenticated attackers to execute arbitrary PHP code by… - CVE-2021-47949 CyberPanel 2.1 contains a command execution vulnerability that allows authentica
CVE-2021-47949High 8.8
CVE-2021-47949 CVSS:8.8 CyberPanel 2.1 contains a command execution vulnerability that allows authenticated attackers to read arbitrary files and execute… - CVE-2021-47943 TextPattern CMS 4.8.7 contains a remote code execution vulnerability that allows
CVE-2021-47943High 8.8
CVE-2021-47943 CVSS:8.8 TextPattern CMS 4.8.7 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands… - CVE-2021-47939 Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows a
CVE-2021-47939High 8.8
CVE-2021-47939 CVSS:8.8 Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to… - CVE-2021-47938 ImpressCMS 1.4.2 contains a remote code execution vulnerability in the autotasks
CVE-2021-47938High 8.8
CVE-2021-47938 CVSS:8.8 ImpressCMS 1.4.2 contains a remote code execution vulnerability in the autotasks administrative interface that allows authenticated… - CVE-2021-47937 e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authen
CVE-2021-47937High 8.8
CVE-2021-47937 CVSS:8.8 e107 CMS 2.3.0 contains a remote code execution vulnerability that allows authenticated users with theme installation permissions to… - CVE-2021-47935 Sentry 8.2.0 contains a remote code execution vulnerability that allows authenti
CVE-2021-47935High 8.8
CVE-2021-47935 CVSS:8.8 Sentry 8.2.0 contains a remote code execution vulnerability that allows authenticated superusers to execute arbitrary commands by… - CVE-2026-8234 A security vulnerability has been detected in EFM ipTIME A8004T 14.18.2. This vu
CVE-2026-8234High 8.8
CVE-2026-8234 CVSS:8.8 A security vulnerability has been detected in EFM ipTIME A8004T 14.18.2. This vulnerability affects the function formWifiBasicSet of the… - CVE-2026-42605 AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to vers
CVE-2026-42605High 8.8
CVE-2026-42605 CVSS:8.8 AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the currentDirectory request parameter in… - CVE-2026-5127 The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Members
CVE-2026-5127High 8.8
CVE-2026-5127 CVSS:8.8 The User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration plugin for WordPress is… - CVE-2026-8138 A vulnerability was found in Tenda CX12L 16.03.53.12. This issue affects the fun
CVE-2026-8138High 8.8
CVE-2026-8138 CVSS:8.8 A vulnerability was found in Tenda CX12L 16.03.53.12. This issue affects the function formSetPPTPServer of the file… - CVE-2026-8137 A vulnerability has been found in Totolink X5000R 9.1.0u.6369_B20230113. This vu
CVE-2026-8137High 8.8
CVE-2026-8137 CVSS:8.8 A vulnerability has been found in Totolink X5000R 9.1.0u.6369_B20230113. This vulnerability affects the function sub_458E40 of the file… - CVE-2026-41705 Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to fil
CVE-2026-41705High 8.6
CVE-2026-41705 CVSS:8.6 Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs.… - CVE-2026-4935 The OttoKit: All-in-One Automation Platform WordPress plugin before 1.1.23 does
CVE-2026-4935High 8.6
CVE-2026-4935 CVSS:8.6 The OttoKit: All-in-One Automation Platform WordPress plugin before 1.1.23 does not properly sanitize user input before using it in a… - CVE-2026-42562 Plainpad is a self hosted note taking app. Prior to version 1.1.1, Plainpad allo
CVE-2026-42562High 8.3
CVE-2026-42562 CVSS:8.3 Plainpad is a self hosted note taking app. Prior to version 1.1.1, Plainpad allows a low-privilege authenticated user to self-escalate… - CVE-2021-47941 WordPress Plugin Survey & Poll 1.5.7.3 contains an SQL injection vulnerability t
CVE-2021-47941High 8.2
CVE-2021-47941 CVSS:8.2 WordPress Plugin Survey & Poll 1.5.7.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute… - CVE-2021-47930 Balbooa Joomla Forms Builder 2.0.6 contains an unauthenticated SQL injection vul
CVE-2021-47930High 8.2
CVE-2021-47930 CVSS:8.2 Balbooa Joomla Forms Builder 2.0.6 contains an unauthenticated SQL injection vulnerability in the form submission handler that allows… - CVE-2021-47928 Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability that
CVE-2021-47928High 8.2
CVE-2021-47928 CVSS:8.2 Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability that allows unauthenticated attackers to extract database… - CVE-2026-42606 AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to vers
CVE-2026-42606High 8.1
CVE-2026-42606 CVSS:8.1 AzuraCast is a self-hosted, all-in-one web radio management suite. Prior to version 0.23.6, the ApplyXForwarded middleware… - CVE-2026-42296 Argo Workflows is an open source container-native workflow engine for orchestrat
CVE-2026-42296High 8.1
CVE-2026-42296 CVSS:8.1 Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Prior to versions… - CVE-2026-6665 The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strl
CVE-2026-6665High 8.1
CVE-2026-6665 CVSS:8.1 The SCRAM code in PgBouncer before 1.25.2 did not check the return value of strlcat() correctly when building the contents of the SCRAM… - CVE-2022-50994 DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command inje
CVE-2022-50994High 8.1
CVE-2022-50994 CVSS:8.1 DrayTek Vigor 2960 firmware versions prior to 1.5.1.4 contain an OS command injection vulnerability in the CGI login handler that… - CVE-2025-66467 Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows use
CVE-2025-66467High 8.0
CVE-2025-66467 CVSS:8.0 Missing MinIO policy cleanup on bucket deletion via Apache CloudStack allows users to retain access to buckets which they previously… - CVE-2021-47945 Argus Surveillance DVR 4.0 contains an unquoted service path vulnerability in th
CVE-2021-47945High 7.8
CVE-2021-47945 CVSS:7.8 Argus Surveillance DVR 4.0 contains an unquoted service path vulnerability in the DVRWatchdog service that allows local attackers to… - CVE-2026-42301 pyp2spec generates working Fedora RPM spec file for Python projects. Prior to ve
CVE-2026-42301High 7.8
CVE-2026-42301 CVSS:7.8 pyp2spec generates working Fedora RPM spec file for Python projects. Prior to version 0.14.1, pyp2spec was writing PyPI package… - CVE-2026-43284 In the Linux kernel, the following vulnerability has been resolved: xfrm: esp:
CVE-2026-43284High 7.8
CVE-2026-43284 CVSS:7.8 In the Linux kernel, the following vulnerability has been resolved: xfrm: esp: avoid in-place decrypt on shared skb frags… - CVE-2026-8148 NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local attacker to es
CVE-2026-8148High 7.8
CVE-2026-8148 CVSS:7.8 NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM via registry… - CVE-2022-26522 The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti
CVE-2022-26522High 7.8
CVE-2022-26522 CVSS:7.8 The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to… - CVE-2026-8177 XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when
CVE-2026-8177High 7.5
CVE-2026-8177 CVSS:7.5 XML::LibXML versions through 2.0210 for Perl read out-of-bounds heap memory when parsing XML node names containing truncated UTF-8 byte… - CVE-2021-47944 memono Notepad 4.2 contains a denial of service vulnerability that allows attack
CVE-2021-47944High 7.5
CVE-2021-47944 CVSS:7.5 memono Notepad 4.2 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively… - CVE-2026-42575 apko allows users to build and publish OCI container images built from apk packa
CVE-2026-42575High 7.5
CVE-2026-42575 CVSS:7.5 apko allows users to build and publish OCI container images built from apk packages. Prior to version 1.2.7, apko verifies the… - CVE-2026-42574 apko allows users to build and publish OCI container images built from apk packa
CVE-2026-42574High 7.5
CVE-2026-42574 CVSS:7.5 apko allows users to build and publish OCI container images built from apk packages. From version 0.14.8 to before version 1.2.5, a… - CVE-2026-41311 LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScri
CVE-2026-41311High 7.5
CVE-2026-41311 CVSS:7.5 LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to version 10.25.7, a circular block… - CVE-2026-6664 An integer overflow in network packet parsing code in PgBouncer before 1.25.2 by
CVE-2026-6664High 7.5
CVE-2026-6664 CVSS:7.5 An integer overflow in network packet parsing code in PgBouncer before 1.25.2 bypasses a boundary check and can lead to a crash. An… - CVE-2024-46508 yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens i
CVE-2024-46508High 7.5
CVE-2024-46508 CVSS:7.5 yeti-platform yeti before 2.1.12 allows attackers to generate valid JWT tokens is the secret is not changed (by setting… - CVE-2024-27686 Mikrotik RouterOS (x86) 6.40.5 through 6.49.10 (fixed in 7) allows a remote atta
CVE-2024-27686High 7.5
CVE-2024-27686 CVSS:7.5 Mikrotik RouterOS (x86) 6.40.5 through 6.49.10 (fixed in 7) allows a remote attacker to cause a denial of service (device crash) via… - CVE-2026-8216 A vulnerability was identified in Industrial Application Software IAS Canias ERP
CVE-2026-8216High 7.3
CVE-2026-8216 CVSS:7.3 A vulnerability was identified in Industrial Application Software IAS Canias ERP 8.03. This issue affects the function… - CVE-2025-67888 An issue was discovered in Control Web Panel (CWP) before 0.9.8.1209. User input
CVE-2025-67888High 7.3
CVE-2025-67888 CVSS:7.3 An issue was discovered in Control Web Panel (CWP) before 0.9.8.1209. User input passed via the "key" GET parameter to /admin/index.php… - CVE-2025-55449 AstrBotDevs AstrBot 3.5.15 has Advanced_System_for_Text_Response_and_Bot_Operati
CVE-2025-55449High 7.3
CVE-2025-55449 CVSS:7.3 AstrBotDevs AstrBot 3.5.15 has Advanced_System_for_Text_Response_and_Bot_Operations_Tool as the hardcoded private key used to sign a… - CVE-2024-53326 LINQPad before 5.52.01 Pro edition is vulnerable to Unsafe Deserialization in LI
CVE-2024-53326High 7.3
CVE-2024-53326 CVSS:7.3 LINQPad before 5.52.01 Pro edition is vulnerable to Unsafe Deserialization in LINQPad.AutoRefManager::PopulateFromCache(), leading to… - CVE-2024-46507 A SSTI (server side template injection) vulnerability in the custom template exp
CVE-2024-46507High 7.3
CVE-2024-46507 CVSS:7.3 A SSTI (server side template injection) vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows… - CVE-2024-45257 A Command Injection issue in the payload build page in BYOB (Build Your Own Botn
CVE-2024-45257High 7.3
CVE-2024-45257 CVSS:7.3 A Command Injection issue in the payload build page in BYOB (Build Your Own Botnet) 2.0 allows attackers to execute arbitrary commands… - CVE-2024-33288 Prison Management System Using PHP v1.0 was discovered to contain a SQL injectio
CVE-2024-33288High 7.3
CVE-2024-33288 CVSS:7.3 Prison Management System Using PHP v1.0 was discovered to contain a SQL injection vulnerability via the username on the Admin login… - CVE-2023-42344 Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain
CVE-2023-42344High 7.3
CVE-2023-42344 CVSS:7.3 Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE… - CVE-2026-3828 Some Hikvision switch products (discontinued since December 2023) are vulnerable
CVE-2026-3828High 7.2
CVE-2026-3828 CVSS:7.2 Some Hikvision switch products (discontinued since December 2023) are vulnerable to authenticated remote command execution due to… - CVE-2026-7330 The Auto Affiliate Links plugin for WordPress is vulnerable to Stored Cross-Site
CVE-2026-7330High 7.2
CVE-2026-7330 CVSS:7.2 The Auto Affiliate Links plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 6.8.8 This…
⚔️ Sploitus(81 条)
Unknown (81 条)
- Exploit for Basic XSS in Espocrm exploit
Exploit for Basic XSS in Espocrm exploit - wetfish_pentest exploit
wetfish_pentest exploit
…另有 79 条 Unknown 级漏洞(已省略)
🤖 漏洞情报自动汇总 · 2026-05-12 · 数据来源: NVD / GitHub Advisory / Sploitus / CISA-KEV