📊 2026-05-14 漏洞情报日报 · 200 条 · 高危 110
每日漏洞情报汇总 · 2026-05-14
📊 2026-05-14 漏洞情报日报
📋 共 200 条
🔥 高危/严重 110 条
💣 Exploit-DB-RSS 4 条
🐙 GitHub-Advisory 54 条 🔥35
🛡️ NVD-Latest 75 条 🔥75
⚔️ Sploitus 67 条
🤖 今日安全态势分析
🎯 今日重点关注
- 供应链投毒(Critical):CVE-2026-45321 影响
@tanstack/*系列42个npm包。攻击者通过窃取GitHub Actions OIDC凭据,在2026-05-11短时间内发布84个恶意版本,旨在窃取云凭证与GitHub Token,影响面极广。 - 未授权远程代码执行(Critical):CVE-2026-45087 影响 Dalfox Server模式。服务默认监听
0.0.0.0:6664且无需API密钥,可导致未授权攻击者通过found-action参数完全控制服务器。 - SQL注入(Critical):CVE-2026-22599 影响 Strapi 内容类型构建器(v5.33.1及之前版本)。尽管需要高权限,但在利用后可达数据完全泄露与篡改,需重点关注内部后台安全。
- 认证绕过(Critical):GHSA-vw82-7fv8-r6gp 影响 Obot MCP服务器。由于
/mcp-connect/{id}端点未强制访问控制,任何持有MCP ID的已认证用户均可越权连接他人MCP服务器。 - 硬编码凭据(Critical):CVE-2026-40636 影响 Dell ECS(3.8.1.0-3.8.1.7)及ObjectScale。存在硬编码凭据,拥有本地访问权限的未授权攻击者可全面接管系统。
📈 威胁趋势
- 远程代码执行(RCE):占比最高,涉及Dalfox、Mapfish Print、SAP Commerce Cloud等产品,多因未授权访问或输入过滤不足导致,危害极大。
- SQL注入:涉及Strapi、Akilli E-Commerce、SAP S/4HANA等多个系统,部分漏洞虽然需要认证,但可导致核心业务数据泄露。
- 权限提升与授权绕过:典型如pgAdmin 4(CVE-2026-7813)存在授权漏洞,Obot认证绕过,以及Grav CMS允许攻击者控制注册用户组权限。
- 供应链安全事件:
@tanstack/*投毒事件凸显了通过OIDC凭证劫持进行软件供应链攻击的严重威胁。
🛡️ 缓解建议
- 立即升级与隔离:针对
@tanstack/*投毒,立即扫描并替换npm lockfile中的恶意版本;针对Dalfox、Strapi、Dell ECS等产品,建议在补丁发布后立即升级,无法升级的应断开公网访问。 - 强化网络访问控制:针对Dalfox Server、Goobi viewer、Mapfish Print等未授权RCE漏洞,立即通过防火墙或反向代理限制相关端口(如6664)仅对可信IP开放,并启用API密钥认证。
- 审计认证与授权逻辑:对pgAdmin 4、Obot、SAP Commerce Cloud进行授权配置审计,确保所有API端点均遵循最小权限原则,禁止用户越权访问未授权的资源。
- 启用行为监控与日志告警:针对SQL注入类漏洞,在数据库层面启用参数化查询,同时部署WAF规则拦截恶意SQL语句;针对供应链投毒,加强对npm发布的流水线监控,以防OIDC令牌被滥用。
💣 Exploit-DB-RSS(4 条)
Low (1 条)
- [webapps] glances 4.5.2 - command injection
CVE-2026-33641Low 3.1
#!/usr/bin/env python3 # Exploit Title: glances 4.5.2 - command injection # Date: 2026-04-09 # Exploit Author: Stepanov Daniil # Vendor Homepage:…
Unknown (3 条)
- [webapps] Flowise < 3.0.5 - Missing Authentication for Critical Function
CVE-2025-58434
# Exploit Title: Flowise < 3.0.5 - Missing Authentication for Critical Function # Date: 10/11/2025 # Exploit Author: [nltt0] (https://github.com/nltt-br)) #… - [webapps] coreruleset 4.21.0 - Firewall Bypass
CVE-2026-21876
# Exploit Title: coreruleset 4.21.0 - Firewall Bypass # Date:* 04/08/2026* # Exploit Author: Daytrift Newgen # Vendor Homepage: https://github.com/coreruleset…
…另有 1 条 Unknown 级漏洞(已省略)
🐙 GitHub-Advisory(54 条)
Critical (12 条)
- CVE-2026-22599 - Strapi Vulnerable to SQL Injection in Content Type Builder
CVE-2026-22599Critical 4.0
Summary of CVE-2026-22599 Vulnerability Details - CVE: CVE-2026-22599 - CVSS v3.1 Vector: `CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N`… - GHSA-vw82-7fv8-r6gp - Obot has an authorization bypass in /mcp-connect/{id} that allows any authentica Critical 3.1
## Summary If you have the MCP Server ID, you can connect to the MCP server even if you don't have permissions to the server. The MCP gateway endpoint… - CVE-2026-45087 - Dalfox Server Mode Vulnerable to Unauthenticated Remote Code Execution via `foun
CVE-2026-45087Critical 3.1
# GHSA: Unauthenticated Remote Code Execution via `found-action` in Dalfox Server Mode ## Summary When dalfox is started in REST API server mode (`dalfox… - CVE-2026-45083 - Goobi viewer - Core: Unauthenticated Solr Streaming Expression Proxy
CVE-2026-45083Critical
Summary The Goobi viewer REST endpoint `POST /api/v1/index/stream` accepted an arbitrary Solr streaming expression from unauthenticated network clients and… - CVE-2026-45375 - SiYuan Bazaar marketplace renders unescaped package `name` and `version` metadat
CVE-2026-45375Critical
Summary SiYuan's Bazaar (community marketplace) renders the `name` and `version` fields of a package's `plugin.json` (and the equivalent `theme.json` /… - CVE-2026-44672 - Mapfish Print: Remote Code Injection (RCE) in Dynamic table
CVE-2026-44672Critical
Impact The attacker can execute arbitrary code without being authenticated Mitigation Upgrade to a patched version (please check affected/patched version… - CVE-2026-45321 - Malware in @tanstack/* packages exfiltrates cloud credentials, GitHub tokens, an
CVE-2026-45321Critical
## Summary On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 `@tanstack/*` packages were published to the npm registry.… - CVE-2026-45091 - sealed-env: TOTP secret embedded in unseal token payload (enterprise mode)
CVE-2026-45091Critical
In sealed-env enterprise mode, versions 0.1.0-alpha.1 through 0.1.0-alpha.3 embedded the operator's literal TOTP secret in the JWS payload of every minted… - CVE-2026-42074 - OpenClaude Sandbox Bypass via Model-Controlled `dangerouslyDisableSandbox` Input
CVE-2026-42074Critical
Summary The `dangerouslyDisableSandbox` parameter is exposed as part of the BashTool input schema, meaning the LLM (an untrusted principal per the project's… - CVE-2026-44593 - esm.sh: Legacy Route Path Traversal Can Lead to RCE
CVE-2026-44593Critical
Impact - Arbitrary File Write – An attacker can cause the server to write data to any file path it has write permission for. - Privilege Escalation / RCE – By… - CVE-2026-44649 - SillyTavern has Authentication Bypass via SSO Header Injection
CVE-2026-44649Critical
## Resolution SillyTavern 1.18.0 now includes a configuration option to limit which IP addresses can authorize using SSO headers, limiting to just loopback… - CVE-2026-44650 - SillyTavern has a Path Traversal issue
CVE-2026-44650Critical
## Summary `POST /api/extensions/delete` endpoint accepts `extensionName: "."` which bypasses `sanitize-filename` validation, causing the entire user…
High (23 条)
- CVE-2026-45088 - Dalfox Server Mode has an Unauthenticated Arbitrary File Read with Out-of-Band E
CVE-2026-45088High 3.1
## Summary When dalfox is run in REST API server mode, the `custom-payload-file` field in `model.Options` is JSON-tagged and deserialized directly from the… - CVE-2026-45089 - Dalfox Server Mode has an Unauthenticated Arbitrary File Create/Append via `outp
CVE-2026-45089High 3.1
## Summary When dalfox is run in REST API server mode, the `output`, `output-all`, and `debug` fields in `model.Options` are JSON-tagged and deserialized… - CVE-2026-45090 - Dalfox has an Unauthenticated Remote DoS via Closed-Channel Write in `ParameterA
CVE-2026-45090High 3.1
## Summary `ParameterAnalysis` in `pkg/scanning/parameterAnalysis.go` runs two sequential worker stages that both write to the same `results` channel. The… - CVE-2026-44724 - Systeminformation vulnerable to Linux command injection in networkInterfaces() v
CVE-2026-44724High
## Summary On Linux, `systeminformation` is vulnerable to command injection in `networkInterfaces()` when an **active NetworkManager connection profile name**… - CVE-2026-45134 - LangSmith SDK: Public prompt pull deserializes untrusted manifests without trust
CVE-2026-45134High
## Description The LangSmith SDK's prompt pull methods (`pull_prompt` / `pull_prompt_commit` in Python, `pullPrompt` / `pullPromptCommit` in JS/TS) fetch and… - CVE-2026-44738 - Grav: Twig sandbox allows editor-role users to exfiltrate all plugin secrets via
CVE-2026-44738High
## Summary The Twig sandbox allow-list permits any user with the `admin.pages` role to call `config.toArray()` from within a page body, dumping the entire… - CVE-2026-44797 - Nautobot: Webhook definitions could be used for server-side request forgery (SSR
CVE-2026-44797High
Impact Nautobot's `Webhook` data model and associated feature set could be configured by users with sufficient access to perform requests to various hosts and… - CVE-2026-44798 - Nautobot: GitRepository.current_head field should not be writable through REST A
CVE-2026-44798High
Impact A user with access to add/change a GitRepository record could use the REST API to directly set the `current_head` field on the record, which was not… - CVE-2026-45136 - claude-code-cache-fix vulnerable to local code execution via Python triple-quote
CVE-2026-45136High
## Summary `tools/quota-statusline.sh` (introduced in v3.5.0) interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string… - CVE-2026-45137 - Anchor: Program<'info, System> is not properly validated
CVE-2026-45137High
Summary An logic error causes anchor programs to accept any program id when requiring the system program id, causing false assumptions resulting in potential… - CVE-2026-45152 - uniget is Vulnerable to Command Injection in tool.Check Leading to Arbitrary Cod
CVE-2026-45152High
I discovered a command injection vulnerability in uniget that allows arbitrary command execution through the metadata loading and version check mechanism.… - GHSA-429q-fhh4-r6hj - Anchor: `InterfaceAccount` allows account substitution between unexpected types High
Impact Any uses of `InterfaceAccount` allows another unexpected account type to be passed, after https://github.com/solana-foundation/anchor/pull/3837 disabled… - CVE-2026-45371 - SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs
CVE-2026-45371High
Summary SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs `POST /api/graph/getGraph`, `POST /api/graph/getLocalGraph`, `POST… - CVE-2026-44697 - Klever-Go MultiDataInterceptor has remote OOM via crafted compressed P2P payload
CVE-2026-44697High
## Summary A remote, unauthenticated denial-of-service vulnerability in `Batch.Decompress` (`data/batch/batch.go`) allows any peer that participates in a topic… - CVE-2026-42290 - protobuf.js is Vulnerable to OS Command Injection in the CLI
CVE-2026-42290High
## Summary `pbts` invoked JSDoc by building a shell command string from input file paths and executing it through `child_process.exec`. File paths containing… - CVE-2026-44289 - protobuf.js: Denial of service through unbounded protobuf recursion
CVE-2026-44289High
## Summary protobufjs could recurse without a depth limit while decoding nested protobuf data. This affected both skipping unknown group fields and generated… - CVE-2026-44290 - protobuf.js: Process-wide denial of service through unsafe option paths
CVE-2026-44290High
## Summary protobufjs allowed certain schema option paths to traverse through inherited object properties while applying options. A crafted protobuf schema or… - CVE-2026-44291 - protobuf.js: Code generation gadget after prototype pollution
CVE-2026-44291High
## Summary protobufjs used plain objects with inherited prototypes for internal type lookup tables used by generated encode and decode functions. If… - CVE-2026-44293 - protobuf.js: Code injection through bytes field defaults in generated toObject c
CVE-2026-44293High
## Summary protobufjs generated JavaScript for `toObject` conversion could include an unsafe expression derived from a schema-controlled `bytes` field default… - CVE-2026-44295 - protobuf.js: Code injection in pbjs static output from crafted schema names
CVE-2026-44295High
## Summary `pbjs` static code generation could emit unsafe JavaScript identifiers derived from schema-controlled names. When generating static JavaScript from… - CVE-2026-44594 - esm.sh: Path Traversal via package.json browser field allows reading arbitrary s
CVE-2026-44594High
Summary A Local File Inclusion (LFI) vulnerability exists in the esbuild plugin's handling of the `browser` field in `package.json`. An attacker can publish an… - CVE-2026-44648 - SillyTavern: Existing sessions are not invalidated after password change, allowi
CVE-2026-44648High
Summary Changing a user’s password does not invalidate existing sessions, allowing an attacker with a stolen cookie to retain access even after the victim… - CVE-2026-44660 - UltraJSON has a Memory Leak in ujson.dump() on Write Failure
CVE-2026-44660High
Summary When `ujson.dump()` writes to a file-like object and the write operation raises an exception, the serialized JSON string object is not decremented,…
Medium (17 条)
- CVE-2025-64526 - Strapi has a rate limit bypass on users-permissions plugin via attacker-controll
CVE-2025-64526Medium 4.0
Summary of CVE-2025-64526 Vulnerability Details - CVE: CVE-2025-64526 - CVSS v3.1 Vector: `CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N`… - CVE-2026-44740 - go-billy: Lack of depth and cycle detection in symlink resolution may lead to in
CVE-2026-44740Medium
Impact Multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource… - CVE-2026-44774 - Traefik: Gateway API TraefikService backend accepts rest@internal, allowing unau
CVE-2026-44774Medium
## Summary There is a medium severity vulnerability in Traefik's Kubernetes Gateway API provider that allows a tenant with `HTTPRoute` creation permissions to… - CVE-2026-44794 - Nautobot: REST API permits creation of GenericForeignKey references to objects t
CVE-2026-44794Medium
Impact In the case of inter-object references via `GenericForeignKey` (a pattern allowing an object to reference another object that may belong to one of… - CVE-2026-44796 - Nautobot: Object bulk rename UI actions vulnerable to denial of service by craft
CVE-2026-44796Medium
Impact Nautobot UI object-bulk-rename endpoints (for example, `/dcim/interfaces/rename/`) were vulnerable to application-wide denial of service via maliciously… - CVE-2026-45147 - SiYuan: Broken access control in `/api/tag/getTag` — Reader role can mutate `Con
CVE-2026-45147Medium
Summary `POST /api/tag/getTag` is registered with `model.CheckAuth` only, omitting both `model.CheckAdminRole` and `model.CheckReadonly`, despite the handler… - CVE-2026-45148 - SiYuan has broken access control in `/api/search/{searchAsset,searchTag,searchWi
CVE-2026-45148Medium
Summary The advisory `GHSA-c77m-r996-jr3q` patched `getBookmark` so that, when invoked by a publish-mode `RoleReader`, results are filtered through… - GHSA-v25j-wqcw-fvhj - wger has an Uncontrolled Resource Consumption issue Medium
Summary Any authenticated user can create a routine spanning an arbitrarily long date range (e.g. 100 years) and then trigger the `date_sequence` computation…
…另有 9 条 Medium 级漏洞(已省略)
Low (2 条)
- CVE-2026-22706 - Strapi: Password Reset Does Not Revoke Existing Refresh Sessions
CVE-2026-22706Low 4.0
Summary of CVE-2026-22706 Vulnerability Details - CVE: CVE-2026-22706 - CVSS v3.1 Vector: `CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N`… - CVE-2026-45028 - Astro: Server island encrypted parameters vulnerable to cross-component replay
CVE-2026-45028Low
Impact Astro versions prior to 6.1.10 used AES-GCM encryption to protect the confidentiality and integrity of server island props and slots parameters, but did…
🛡️ NVD-Latest(75 条)
Critical (13 条)
- CVE-2026-7813 Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Se
CVE-2026-7813Critical 9.9
CVE-2026-7813 CVSS:9.9 Authorization vulnerability in pgAdmin 4 server mode affecting Server Groups, Servers, Shared Servers, Background Processes, and… - CVE-2025-6577 Improper neutralization of special elements used in an SQL command ('SQL injecti
CVE-2025-6577Critical 9.8
CVE-2025-6577 CVSS:9.8 Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software… - CVE-2026-40636 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to
CVE-2026-40636Critical 9.8
CVE-2026-40636 CVSS:9.8 Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains a use of hard-coded credentials… - CVE-2026-34263 Due to improper Spring Security configuration, SAP Commerce cloud allows an unau
CVE-2026-34263Critical 9.6
CVE-2026-34263 CVSS:9.6 Due to improper Spring Security configuration, SAP Commerce cloud allows an unauthenticated user to perform malicious configuration… - CVE-2026-34260 SAP S/4HANA (SAP Enterprise Search for ABAP) contains a SQL injection vulnerabil
CVE-2026-34260Critical 9.6
CVE-2026-34260 CVSS:9.6 SAP S/4HANA (SAP Enterprise Search for ABAP) contains a SQL injection vulnerability that allows an authenticated attacker to inject… - CVE-2026-45321 On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions
CVE-2026-45321Critical 9.6
CVE-2026-45321 CVSS:9.6 On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the… - CVE-2026-42613 Grav is a file-based Web platform. Prior to 2.0.0-beta.2, the Login::register()
CVE-2026-42613Critical 9.4
CVE-2026-42613 CVSS:9.4 Grav is a file-based Web platform. Prior to 2.0.0-beta.2, the Login::register() method in the Login plugin accepts attacker-controlled… - CVE-2026-41551 A vulnerability has been identified in ROS# (All versions < V2.2.2). Affected ve
CVE-2026-41551Critical 9.1
CVE-2026-41551 CVSS:9.1 A vulnerability has been identified in ROS# (All versions < V2.2.2). Affected versions contain a path traversal vulnerability because… - CVE-2026-25787 Affected devices do not properly validate and sanitize Technology Object (TO) na
CVE-2026-25787Critical 9.1
CVE-2026-25787 CVSS:9.1 Affected devices do not properly validate and sanitize Technology Object (TO) name rendered on the "Motion Control Diagnostics" page of… - CVE-2026-25786 Affected devices do not properly validate and sanitize PLC/station name rendered
CVE-2026-25786Critical 9.1
CVE-2026-25786 CVSS:9.1 Affected devices do not properly validate and sanitize PLC/station name rendered on the "communication" parameters page of the web… - CVE-2026-22924 A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). Th
CVE-2026-22924Critical 9.1
CVE-2026-22924 CVSS:9.1 A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected application does not properly restrict… - CVE-2025-40949 A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.1
CVE-2025-40949Critical 9.1
CVE-2025-40949 CVSS:9.1 A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1),… - CVE-2026-42607 Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authenticated user
CVE-2026-42607Critical 9.1
CVE-2026-42607 CVSS:9.1 Grav is a file-based Web platform. Prior to 2.0.0-beta.2, an authenticated user with administrative privileges can achieve Remote Code…
High (62 条)
- CVE-2026-42611 Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged (with
CVE-2026-42611High 8.9
CVE-2026-42611 CVSS:8.9 Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a low-privileged (with the ability to create a page) user can cause XSS with… - CVE-2026-2465 Incorrect Authorization vulnerability in E-Kalite Software Hardware Engineering
CVE-2026-2465High 8.8
CVE-2026-2465 CVSS:8.8 Incorrect Authorization vulnerability in E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd. Co.… - CVE-2026-6001 Authorization bypass through User-Controlled key vulnerability in ABIS Technolog
CVE-2026-6001High 8.8
CVE-2026-6001 CVSS:8.8 Authorization bypass through User-Controlled key vulnerability in ABIS Technology Ltd. Co. BAPSİS allows Exploitation of Trusted… - CVE-2026-7256 ** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the CGI pro
CVE-2026-7256High 8.8
CVE-2026-7256 CVSS:8.8 ** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version… - CVE-2026-42843 Grav API Plugin is a RESTful API for Grav CMS that provides full headless access
CVE-2026-42843High 8.8
CVE-2026-42843 CVSS:8.8 Grav API Plugin is a RESTful API for Grav CMS that provides full headless access to your site's content, media, configuration, users,… - CVE-2026-42603 OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses
CVE-2026-42603High 8.8
CVE-2026-42603 CVSS:8.8 OWASP BLT is a QA testing and vulnerability disclosure platform that encompasses websites, apps, git repositories, and more. Prior to… - CVE-2026-7816 OS command injection (CWE-78) vulnerability in pgAdmin 4 Import/Export query exp
CVE-2026-7816High 8.8
CVE-2026-7816 CVSS:8.8 OS command injection (CWE-78) vulnerability in pgAdmin 4 Import/Export query export. User-supplied input was interpolated directly into… - CVE-2026-7815 SQL injection vulnerability in pgAdmin 4 Maintenance Tool. Four user-supplied J
CVE-2026-7815High 8.8
CVE-2026-7815 CVSS:8.8 SQL injection vulnerability in pgAdmin 4 Maintenance Tool. Four user-supplied JSON fields (buffer_usage_limit, vacuum_parallel,… - CVE-2026-8260 A vulnerability was found in D-Link DCS-935L up to 1.10.01. The impacted element
CVE-2026-8260High 8.8
CVE-2026-8260 CVSS:8.8 A vulnerability was found in D-Link DCS-935L up to 1.10.01. The impacted element is the function SetDeviceSettings of the file… - CVE-2026-33362 In Meari IoT SDK builds embedded in CloudEdge 5.5.0 (build 220), Arenti 1.8.1 (b
CVE-2026-33362High 8.6
CVE-2026-33362 CVSS:8.6 In Meari IoT SDK builds embedded in CloudEdge 5.5.0 (build 220), Arenti 1.8.1 (build 220), and white-label Android apps <= 1.8.x… - CVE-2025-10470 The Magic Link authentication flow accepts multiple invalid authentication reque
CVE-2025-10470High 8.6
CVE-2025-10470 CVSS:8.6 The Magic Link authentication flow accepts multiple invalid authentication requests without adequate rate limiting or resource control,… - CVE-2026-42612 Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a stored Cross-Site Sc
CVE-2026-42612High 8.5
CVE-2026-42612 CVSS:8.5 Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a stored Cross-Site Scripting (XSS) vulnerability in getgrav/grav allows… - CVE-2025-40946 A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blu
CVE-2025-40946High 8.3
CVE-2025-40946 CVSS:8.3 A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3 GEN2 (All versions < V6.1.4.9),… - CVE-2026-41713 A malicious user could craft input that is stored in conversation memory and lat
CVE-2026-41713High 8.2
CVE-2026-41713 CVSS:8.2 A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way.… - CVE-2026-39432 Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Inco
CVE-2026-39432High 8.2
CVE-2026-39432 CVSS:8.2 Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels. This… - CVE-2026-34259 Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment,
CVE-2026-34259High 8.2
CVE-2026-34259 CVSS:8.2 Due to an OS Command Execution vulnerability in SAP Forecasting & Replenishment, an authenticated attacker with administrative… - CVE-2026-30635 Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows atta
CVE-2026-30635High 8.1
CVE-2026-30635 CVSS:8.1 Command injection vulnerability in automagik-genie 2.5.27 MCP Server allows attackers to execute arbitrary commands via the view_task… - CVE-2026-7819 Symbolic-link path traversal (CWE-61, CWE-22) in pgAdmin 4 File Manager. check_
CVE-2026-7819High 8.1
CVE-2026-7819 CVSS:8.1 Symbolic-link path traversal (CWE-61, CWE-22) in pgAdmin 4 File Manager. check_access_permission used os.path.abspath, which resolves… - CVE-2026-42609 Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a business logic vulne
CVE-2026-42609High 8.1
CVE-2026-42609 CVSS:8.1 Grav is a file-based Web platform. Prior to 2.0.0-beta.2, a business logic vulnerability in the Grav Admin Panel allows a… - CVE-2026-4802 A flaw was found in Cockpit. This vulnerability allows a remote attacker to achi
CVE-2026-4802High 8.0
CVE-2026-4802 CVSS:8.0 A flaw was found in Cockpit. This vulnerability allows a remote attacker to achieve arbitrary command execution on the host by… - CVE-2026-32658 Dell Automation Platform versions prior to 2.0.0.0, contains a missing authoriza
CVE-2026-32658High 8.0
CVE-2026-32658 CVSS:8.0 Dell Automation Platform versions prior to 2.0.0.0, contains a missing authorization vulnerability. A low privileged attacker with… - CVE-2026-44412 A vulnerability has been identified in Solid Edge SE2026 (All versions < V226.0
CVE-2026-44412High 7.8
CVE-2026-44412 CVSS:7.8 A vulnerability has been identified in Solid Edge SE2026 (All versions < V226.0 Update 5). The affected applications contain a stack… - CVE-2026-44411 A vulnerability has been identified in Solid Edge SE2026 (All versions < V226.0
CVE-2026-44411High 7.8
CVE-2026-44411 CVSS:7.8 A vulnerability has been identified in Solid Edge SE2026 (All versions < V226.0 Update 5). The affected application is vulnerable to… - CVE-2026-43500 In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also
CVE-2026-43500High 7.8
CVE-2026-43500 CVSS:7.8 In the Linux kernel, the following vulnerability has been resolved: rxrpc: Also unshare DATA/RESPONSE packets when paged frags are… - CVE-2026-27662 Affected devices do not properly restrict access to the web browser via the Cont
CVE-2026-27662High 7.7
CVE-2026-27662 CVSS:7.7 Affected devices do not properly restrict access to the web browser via the Control Panel when no corresponding security mechanisms are… - CVE-2026-44738 Grav is a file-based Web platform. Prior to 2.0.0-rc.2, the Twig sandbox allow-l
CVE-2026-44738High 7.7
CVE-2026-44738 CVSS:7.7 Grav is a file-based Web platform. Prior to 2.0.0-rc.2, the Twig sandbox allow-list permits any user with the admin.pages role to call… - CVE-2026-33356 In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated l
CVE-2026-33356High 7.7
CVE-2026-33356 CVSS:7.7 In Meari IoT Cloud MQTT Broker deployments running EMQX 4.x, any authenticated low-privilege account can subscribe to global wildcard… - CVE-2026-41712 Spring AI's chat memory component contained a problematic default that, when not
CVE-2026-41712High 7.5
CVE-2026-41712 CVSS:7.5 Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data… - CVE-2026-8162 multiparty@4.2.3 and lower versions are vulnerable to denial of service via unca
CVE-2026-8162High 7.5
CVE-2026-8162 CVSS:7.5 multiparty@4.2.3 and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request… - CVE-2026-8161 multiparty@4.2.3 and lower versions are vulnerable to denial of service via unca
CVE-2026-8161High 7.5
CVE-2026-8161 CVSS:7.5 multiparty@4.2.3 and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request… - CVE-2026-8159 multiparty@4.2.3 and lower versions are vulnerable to denial of service via regu
CVE-2026-8159High 7.5
CVE-2026-8159 CVSS:7.5 multiparty@4.2.3 and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition… - CVE-2026-33893 A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.00
CVE-2026-33893High 7.5
CVE-2026-33893 CVSS:7.5 A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012),… - CVE-2026-22925 A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). Th
CVE-2026-22925High 7.5
CVE-2026-22925 CVSS:7.5 A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected application is susceptible to resource… - CVE-2025-40947 A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.1
CVE-2025-40947High 7.5
CVE-2025-40947 CVSS:7.5 A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1),… - CVE-2025-40833 The affected devices contain a null pointer dereference vulnerability while proc
CVE-2025-40833High 7.5
CVE-2025-40833 CVSS:7.5 The affected devices contain a null pointer dereference vulnerability while processing specially crafted IPv4 requests. This could… - CVE-2026-2993 The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable
CVE-2026-2993High 7.5
CVE-2026-2993 CVSS:7.5 The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to SQL Injection in versions up to, and including,… - CVE-2026-7287 ** UNSUPPORTED WHEN ASSIGNED ** A buffer overflow vulnerability in the formWep()
CVE-2026-7287High 7.5
CVE-2026-7287 CVSS:7.5 ** UNSUPPORTED WHEN ASSIGNED ** A buffer overflow vulnerability in the formWep(), formWlAc(), formPasswordSetup(), formUpgradeCert(),… - CVE-2026-33361 In Meari IoT SDK image handling (libmrplayer.so) as observed in CloudEdge 5.5.0
CVE-2026-33361High 7.5
CVE-2026-33361 CVSS:7.5 In Meari IoT SDK image handling (libmrplayer.so) as observed in CloudEdge 5.5.0 (build 220), Arenti 1.8.1 (build 220), and related… - CVE-2026-33359 In Meari IoT Cloud alert image storage on Alibaba OSS (latest observed; storage
CVE-2026-33359High 7.5
CVE-2026-33359 CVSS:7.5 In Meari IoT Cloud alert image storage on Alibaba OSS (latest observed; storage service version not disclosed), motion snapshots are… - CVE-2026-33357 In Meari client applications embedding "com.meari.sdk" (including CloudEdge 5.5.
CVE-2026-33357High 7.5
CVE-2026-33357 CVSS:7.5 In Meari client applications embedding "com.meari.sdk" (including CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related… - CVE-2026-31248 Docling's METS GBS backend is vulnerable to XML Entity Expansion (XXE) attacks t
CVE-2026-31248High 7.5
CVE-2026-31248 CVSS:7.5 Docling's METS GBS backend is vulnerable to XML Entity Expansion (XXE) attacks thru 2.61.0. The backend extracts and validates XML… - CVE-2026-31247 Docling's JATS XML backend is vulnerable to XML Entity Expansion (XXE) attacks t
CVE-2026-31247High 7.5
CVE-2026-31247 CVSS:7.5 Docling's JATS XML backend is vulnerable to XML Entity Expansion (XXE) attacks thru 2.61.0. The backend uses etree.parse() to parse XML… - CVE-2025-65418 docuFORM Managed Print Service Client 11.11c is vulnerable to a directory traver
CVE-2025-65418High 7.5
CVE-2025-65418 CVSS:7.5 docuFORM Managed Print Service Client 11.11c is vulnerable to a directory traversal allowing attackers to read arbitrary files via… - CVE-2026-41872 "Kura Sushi Official App" provided by EPG, Inc. is vulnerable to improper certif
CVE-2026-41872High 7.4
CVE-2026-41872 CVSS:7.4 "Kura Sushi Official App" provided by EPG, Inc. is vulnerable to improper certificate validation. A man-in-the-middle attack may allow… - CVE-2026-33862 A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.00
CVE-2026-33862High 7.3
CVE-2026-33862 CVSS:7.3 A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012),… - CVE-2026-31254 The flash-attention project thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62
CVE-2026-31254High 7.3
CVE-2026-31254 CVSS:7.3 The flash-attention project thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 (2025-13-04) contains a code injection vulnerability… - CVE-2026-31253 The flash-attention training framework thru commit e724e2588cbe754beb97cf7c011b5
CVE-2026-31253High 7.3
CVE-2026-31253 CVSS:7.3 The flash-attention training framework thru commit e724e2588cbe754beb97cf7c011b5e7e34119e62 (2025-13-04) contains an insecure… - CVE-2026-31251 CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) cont
CVE-2026-31251High 7.3
CVE-2026-31251 CVSS:7.3 CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability… - CVE-2026-31250 CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) cont
CVE-2026-31250High 7.3
CVE-2026-31250 CVSS:7.3 CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability… - CVE-2026-31249 CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) cont
CVE-2026-31249High 7.3
CVE-2026-31249 CVSS:7.3 CosyVoice thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e (2025-30-21) contains an insecure deserialization vulnerability… - CVE-2025-61314 A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_orderopt.php
CVE-2025-61314High 7.3
CVE-2025-61314 CVSS:7.3 A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_orderopt.php component of GmbH Mecury Managed Print Services… - CVE-2025-61313 A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_markeralerts
CVE-2025-61313High 7.3
CVE-2025-61313 CVSS:7.3 A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_markeralerts.php component of GmbH Mecury Managed Print Services… - CVE-2025-61312 A reflected cross-site scripted (XSS) vulnerability in the acc-menu_pricess.php
CVE-2025-61312High 7.3
CVE-2025-61312 CVSS:7.3 A reflected cross-site scripted (XSS) vulnerability in the acc-menu_pricess.php component of GmbH Mecury Managed Print Services… - CVE-2025-61311 A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_alerts.php c
CVE-2025-61311High 7.3
CVE-2025-61311 CVSS:7.3 A reflected cross-site scripted (XSS) vulnerability in the dfm-menu_alerts.php component of GmbH Mecury Managed Print Services… - CVE-2025-10908 Due to a lack of user account state validation during authentication, locked use
CVE-2025-10908High 7.3
CVE-2025-10908 CVSS:7.3 Due to a lack of user account state validation during authentication, locked user accounts can be successfully authenticated using… - CVE-2026-6433 The Custom css-js-php WordPress plugin through 2.0.7 does not properly sanitize
CVE-2026-6433High 7.3
CVE-2026-6433 CVSS:7.3 The Custom css-js-php WordPress plugin through 2.0.7 does not properly sanitize user input before using it in a SQL query, and the… - CVE-2026-6690 The LifePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting
CVE-2026-6690High 7.2
CVE-2026-6690 CVSS:7.2 The LifePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'n' parameter of the lp_update_mds AJAX action… - CVE-2026-41951 Path traversal vulnerability exists in GROWI v7.5.0 and earlier, which may allow
CVE-2026-41951High 7.2
CVE-2026-41951 CVSS:7.2 Path traversal vulnerability exists in GROWI v7.5.0 and earlier, which may allow an attacker to execute arbitrary EJS templates on the… - CVE-2026-25789 Affected devices do not properly validate and sanitize filenames on the Firmware
CVE-2026-25789High 7.1
CVE-2026-25789 CVSS:7.1 Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This could allow a remote attacker to… - CVE-2026-45430 The Salesforce module before 1.x-1.0.1 for Backdrop CMS does not properly use a
CVE-2026-45430High 7.1
CVE-2026-45430 CVSS:7.1 The Salesforce module before 1.x-1.0.1 for Backdrop CMS does not properly use a random state parameter to protect the authorization… - CVE-2026-2393 A Server-Side Request Forgery (SSRF) vulnerability exists in MLflow versions pri
CVE-2026-2393High 7.1
CVE-2026-2393 CVSS:7.1 A Server-Side Request Forgery (SSRF) vulnerability exists in MLflow versions prior to 3.9.0. The `_create_webhook()` function in… - CVE-2026-7818 Deserialization of untrusted data (CWE-502) in pgAdmin 4 FileBackedSessionManage
CVE-2026-7818High 7.0
CVE-2026-7818 CVSS:7.0 Deserialization of untrusted data (CWE-502) in pgAdmin 4 FileBackedSessionManager. The session manager performed unsafe deserialization…
⚔️ Sploitus(67 条)
Unknown (67 条)
- Exploit for CVE-2026-40369 exploit
CVE-2026-40369
Exploit for CVE-2026-40369 exploit - Rcon-Bruteforce exploit
Rcon-Bruteforce exploit
…另有 65 条 Unknown 级漏洞(已省略)
🤖 漏洞情报自动汇总 · 2026-05-14 · 数据来源: NVD / GitHub Advisory / Sploitus / CISA-KEV