📊 2026-05-15 漏洞情报日报 · 200 条 · 高危 107
每日漏洞情报汇总 · 2026-05-15
📊 2026-05-15 漏洞情报日报
📋 共 200 条
🔥 高危/严重 107 条
🚨 CISA-KEV 1 条
💣 Exploit-DB-RSS 8 条
🐙 GitHub-Advisory 73 条 🔥42
🛡️ NVD-Latest 65 条 🔥65
⚔️ Sploitus 53 条
🤖 今日安全态势分析
🎯 今日重点关注
- CVE-2026-22599 (Strapi SQL注入):影响 @strapi/content-type-builder <=5.33.1 (v5) 版本。攻击者利用内容类型构建器中的SQL注入漏洞,结合高权限可访问并篡改数据库核心数据。攻击向量为网络远程,无需用户交互。
- CVE-2026-45311 / CVE-2026-45374 (DeepSeek TUI 远程代码执行):影响 DeepSeek TUI 工具。run_tests 工具自动执行恶意仓库中的 `cargo test` 且无需用户批准;task_create 工具创建的子代理默认开启 shell 和自动批准功能。攻击者可通过提示注入诱导代理执行任意命令。
- CVE-2026-41050 (Fleet Helm 部署器权限提升):CVSS v3 评分高达 9.9。Fleet 的 Helm 部署器在两条代码路径中未完全应用 ServiceAccount 模拟,允许拥有 git 推送权限的租户读取下游集群任意命名空间的秘密。影响面覆盖企业容器编排环境。
- CVE-2026-34263 (SAP Commerce Cloud 未授权代码注入):CVSS v3 评分 9.6。由于 Spring Security 配置不当,未认证用户可上传恶意配置并注入代码,导致服务器端任意代码执行。影响 SAP 商业云平台的所有版本。
📈 威胁趋势
- 远程代码执行 (RCE): 今日占比最高,包括 DeepSeek TUI 的两种 RCE 漏洞、ELECOM 无线 AP 的命令注入 (CVE-2026-42062)、SAP Commerce Cloud 的代码注入 (CVE-2026-34263)、Electerm 的本地代码执行等。攻击面广泛,从开发工具到企业应用均受影响。
- 权限提升与身份绕过: 包括 Obot 的授权绕过 (GHSA-vw82-7fv8-r6gp)、Fleet 的 ServiceAccount 模拟缺陷 (CVE-2026-41050)、@samanhappy/mcphub 的任意用户名伪造 (GHSA-wf8q-wvv8-p8jf)、ELECOM 无线 AP 的未授权访问 (CVE-2026-40621)。这类漏洞常导致横向移动或数据泄露。
- SQL 注入: 涉及 Strapi (CVE-2026-22599)、Marten 全文搜索 (CVE-2026-45288)、Akilli E-Commerce (CVE-2025-6577)。SQL注入仍是数据驱动应用的头号威胁。
- 命令注入: 涉及 utcp-cli (CVE-2026-45369)、ELECOM 无线 AP。直接拼接未过滤用户输入到 shell 命令中,危害极大。
- 其他高危: 弱加密 (CVE-2020-37168,影响支付系统)、缓冲区溢出 (CVE-2026-32661,影响邮件安全产品)、JDBC 外部脚本执行 (CVE-2025-11159,影响数据分析平台)。
🛡️ 缓解建议
- 立即升级受影响组件: 优先升级 Strapi 至 5.33.1 以上版本、Fleet 至修复版本、DeepSeek TUI 至最新版本。检查 ELECOM 无线 AP 是否提供固件更新并立即应用。
- 加强访问控制与权限审计: 对于 Fleet、SAP Commerce Cloud 等存在身份模拟或未授权访问风险的组件,立即启用最小权限原则,审查 ServiceAccount 绑定和 Spring Security 配置。对于 Obot MCP 网关,确保 ACR 策略覆盖所有端点。
- 启用安全默认配置并限制高危特性: 针对 DeepSeek TUI 等工具,手动设置 `allow_shell` 和 `auto_approve` 为 `false`。在 Electerm 中限制本地 socket 访问权限(仅允许特定用户组)。在 Marten 等数据库中强制参数化查询,禁止直接拼接用户输入。
- 部署 Web 应用防火墙 (WAF) 与入侵检测: 在 ELECOM 无线 AP、SAP Commerce Cloud 等设备或应用前部署 WAF,配置规则拦截命令注入和 SQL 注入尝试。启用日志审计,监控针对这些组件的高危请求模式。
🚨 CISA-KEV(1 条)
Unknown (1 条)
- CVE-2026-20182 - Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
CVE-2026-20182
CVE-2026-20182 Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability 产品: Cisco Catalyst SD-WAN 描述: Cisco Catalyst SD-WAN Controller & Manager…
💣 Exploit-DB-RSS(8 条)
Low (1 条)
- [webapps] glances 4.5.2 - command injection
CVE-2026-33641Low 3.1
#!/usr/bin/env python3 # Exploit Title: glances 4.5.2 - command injection # Date: 2026-04-09 # Exploit Author: Stepanov Daniil # Vendor Homepage:…
Unknown (7 条)
- [webapps] PJPROJECT 2.16 - Heap Bufferoverflow
CVE-2026-25994cve-2026-25994
# Exploit Title: PJPROJECT 2.16 - Heap Bufferoverflow # Google Dork: CVE-2026-25994 PJSIP PJNATH (pjsip ≤ 2.16) # Date: Apr 6 2026 # Exploit Author: V.Nos -… - [webapps] ePati Antikor NGFW 2.0.1301 - Authentication Bypass
CVE-2026-2624
# Exploit Title: ePati Antikor NGFW 2.0.1301 - Authentication Bypass # Date: 2026-04-13 # Exploit Author: [SADIK ERTÜRK] # Vendor Homepage:…
…另有 5 条 Unknown 级漏洞(已省略)
🐙 GitHub-Advisory(73 条)
Critical (11 条)
- CVE-2026-22599 - Strapi Vulnerable to SQL Injection in Content Type Builder
CVE-2026-22599Critical 4.0
Summary of CVE-2026-22599 Vulnerability Details - CVE: CVE-2026-22599 - CVSS v3.1 Vector: `CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N`… - GHSA-vw82-7fv8-r6gp - Obot has an authorization bypass in /mcp-connect/{id} that allows any authentica Critical 3.1
## Summary If you have the MCP Server ID, you can connect to the MCP server even if you don't have permissions to the server. The MCP gateway endpoint… - CVE-2026-45311 - DeepSeek TUI: run_tests Tool Enables RCE via Malicious Repository Without Approv
CVE-2026-45311Critical
Summary The `run_tests` tool executes `cargo test` in the workspace with `ApprovalRequirement::Auto`, meaning it runs without any user approval prompt. The… - CVE-2026-45374 - DeepSeek TUI: task_create Insecure Defaults Enable RCE via Prompt Injection in P
CVE-2026-45374Critical
Summary The `task_create` tool spawns durable sub-agents that inherit two insecure defaults: - `allow_shell` defaults to `true` (`config.rs:1499`:… - CVE-2026-45353 - Electerm Local code through electerm's single-instance socket
CVE-2026-45353Critical
Impact _Local code execution without UI interaction: any same-user process can send a JSON payload to electerm's single-instance socket/pipe, causing the app… - GHSA-wf8q-wvv8-p8jf - @samanhappy/mcphub: SSE Endpoint Accepts Arbitrary Username from URL Path Withou Critical
Summary A critical identity spoofing vulnerability in MCPHub allows any unauthenticated user to impersonate any other user — including administrators — on SSE… - CVE-2026-45288 - Marten has an injection vulnerability in its full-text search regConfig paramete
CVE-2026-45288Critical
## Summary Marten's full-text search APIs interpolated the user-supplied `regConfig` parameter directly into the generated SQL without parameterization or… - CVE-2026-45369 - utcp-cli Vulnerable to Command Injection via Unsanitized Argument Substitution i
CVE-2026-45369Critical
## Summary The `_substitute_utcp_args` method in `cli_communication_protocol.py` inserts user-controlled `tool_args` values directly into shell command strings… - CVE-2026-45411 - vm2 Has a Sandbox Breakout Using Async Generator
CVE-2026-45411Critical
Summary VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary… - CVE-2026-45083 - Goobi viewer - Core: Unauthenticated Solr Streaming Expression Proxy
CVE-2026-45083Critical
Summary The Goobi viewer REST endpoint `POST /api/v1/index/stream` accepted an arbitrary Solr streaming expression from unauthenticated network clients and… - CVE-2026-45375 - SiYuan Bazaar marketplace renders unescaped package `name` and `version` metadat
CVE-2026-45375Critical
Summary SiYuan's Bazaar (community marketplace) renders the `name` and `version` fields of a package's `plugin.json` (and the equivalent `theme.json` /…
High (31 条)
- CVE-2026-45398 - Open WebUI Vulnerable to IDOR: Retrieval API Bypasses Knowledge Base Access Cont
CVE-2026-45398High 3.1
# IDOR: Retrieval API Bypasses Knowledge Base Access Controls **Author:** Andrew Orr <aorr@tenable.com> ## Summary `_validate_collection_access()` ([PR… - CVE-2026-45331 - Open WebUI has a full SSRF Vulnerability in the RAG Web Search Feature
CVE-2026-45331High
# SSRF Bypass via IPv6/IPv4-mapped IPv6/IPv4-reserved-ranges in `validate_url()` ## Summary `validate_url()` in `backend/open_webui/retrieval/web/utils.py`… - CVE-2026-45338 - Open WebUI Vulnerable to SSRF via OAuth Profile Picture URL in _process_picture_
CVE-2026-45338High
## Summary A Server-Side Request Forgery (SSRF) vulnerability exists in `_process_picture_url()` in `backend/open_webui/utils/oauth.py` (line ~1338). The… - CVE-2026-42570 - Svelte devalue: DoS via sparse array deserialization
CVE-2026-42570High
`devalue.parse` could, due to quirks in some JavaScript engines, be convinced to allocate much more memory than was needed when deserializing sparse arrays,… - CVE-2026-45348 - pyLoad is vulnerable to stored XSS in Downloads view via unsanitized link URL in
CVE-2026-45348High
## Summary The `packages.js` template at `src/pyload/webui/app/themes/modern/templates/js/packages.js:172` interpolates a stored link URL into a template… - CVE-2026-45349 - Open WebUI has Broken Access Control for Completions API
CVE-2026-45349High
Summary Any user `X` can continue the conversation of any other user `Y`, as long as the Chat ID of `Y` is known. User `X` does not even need to be an admin to… - CVE-2026-45350 - Open WebUI's chat completion API allows tool restrictions to be bypassed
CVE-2026-45350High
Summary Open WebUI v0.6.43 contains a vulnerability in its chat completion API, which allows attackers to bypass tool restrictions, potentially enabling… - CVE-2026-45395 - Open WebUI: Missing `workspace.tools` Authorization Check on Tool Update Endpoin
CVE-2026-45395High
Summary The tool update endpoint (`POST /api/v1/tools/id/{id}/update`) is missing the `workspace.tools` permission check that is present on the tool create… - CVE-2026-45399 - Open WebUI: Low-privilege authenticated users can enumerate and stop global back
CVE-2026-45399High
Summary Any authenticated user with low privileges can enumerate active background tasks across the system and stop tasks belonging to other users via the GET… - CVE-2026-45400 - Open WebUI has a Server-Side Request Forgery (SSRF) bypass in `validate_url`
CVE-2026-45400High
Summary In the open-webui project, a parsing difference between the urlparse and requests libraries led to an SSRF bypass vulnerability. Details In the current… - CVE-2026-45401 - Open WebUI has a SSRF Bypass via HTTP Redirect Following in Web-Fetch and Image
CVE-2026-45401High
# Server-Side Request Forgery (SSRF) Bypass via HTTP Redirect Following in Web-Fetch, Image-Load, and Chat-Completion Endpoints ## Summary The `validate_url()`… - GHSA-3wgj-c2hg-vm6q - Open WebUI vulnerable to stored XSS via OAuth picture claim stored as SVG data U
CVE-2025-64496CVE-2025-64495High
# Summary When a user signs in via OAuth, Open WebUI fetches the `picture` claim URL, infers a MIME type from the URL extension via `mimetypes.guess_type`, and… - CVE-2026-45402 - Open WebUI: Cross-User File Access via Unchecked file_id in Folder Knowledge and
CVE-2026-45402High
# Cross-User File Access via Unchecked file_id in Folder Knowledge and Knowledge-Base Attach Endpoints ## Summary Multiple endpoints accept a user-supplied… - CVE-2026-45665 - Open WebUI has Stored XSS in Banner Component via Improper Sanitization Order
CVE-2026-45665High
Summary A Stored Cross-Site Scripting (XSS) vulnerability exists in the Banner component due to an improper sanitization order (specifically, DOMPurify is… - CVE-2026-45671 - Open WebUI: shared-chat branch ignores access_type, allowing unauthorized file d
CVE-2026-45671High
Summary Any authenticated user can permanently delete files owned by other users via `DELETE /api/v1/files/{id}` when the target file is referenced in any… - CVE-2026-45672 - Open WebUI: Jupyter code execution works despite `ENABLE_CODE_EXECUTION=false` —
CVE-2026-45672High
Summary The `/api/v1/utils/code/execute` endpoint executes arbitrary Python code via Jupyter for any verified user, even when the admin has set… - CVE-2026-45675 - Open WebUI: LDAP and OAuth First-User Race Condition Allows Multiple Admin Accou
CVE-2026-45675High
## Summary The LDAP and OAuth authentication flows use a TOCTOU (Time-of-Check-Time-of-Use) pattern for first-user admin role assignment. The regular signup… - CVE-2026-45310 - DeepSeek TUI has SSRF via HTTP Redirect Bypass in fetch_url Tool
CVE-2026-45310High
Summary The `fetch_url` tool validates the initial URL's resolved IP address against a restricted-IP blocklist (`is_restricted_ip()`) to prevent SSRF attacks… - CVE-2026-45373 - DeepSeek TUI has SSRF IPV6 bypass
CVE-2026-45373High
Summary Although SSRF is validated against hostnames that resolve to private IPv6 addresses, when providing the IPV6 in URL as `http://[::1]`, the SSRF… - CVE-2026-46509 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Po
CVE-2026-46509High
Impact Prototype pollution is possible when property paths contain `__proto__`/`constructor`/`prototype`. The property path must not be exposed as user input. - CVE-2026-45370 - python-utcp: Full Process Environment Exposed to CLI Subprocess - Secrets Leakag
CVE-2026-45370High
## Summary `_prepare_environment()` in `cli_communication_protocol.py` passes a full copy of `os.environ` to every CLI subprocess. When combined with the… - CVE-2026-44724 - Systeminformation vulnerable to Linux command injection in networkInterfaces() v
CVE-2026-44724High
## Summary On Linux, `systeminformation` is vulnerable to command injection in `networkInterfaces()` when an **active NetworkManager connection profile name**… - CVE-2026-45134 - LangSmith SDK: Public prompt pull deserializes untrusted manifests without trust
CVE-2026-45134High
## Description The LangSmith SDK's prompt pull methods (`pull_prompt` / `pull_prompt_commit` in Python, `pullPrompt` / `pullPromptCommit` in JS/TS) fetch and… - CVE-2026-44738 - Grav: Twig sandbox allows editor-role users to exfiltrate all plugin secrets via
CVE-2026-44738High
## Summary The Twig sandbox allow-list permits any user with the `admin.pages` role to call `config.toArray()` from within a page body, dumping the entire… - CVE-2026-44797 - Nautobot: Webhook definitions could be used for server-side request forgery (SSR
CVE-2026-44797High
Impact Nautobot's `Webhook` data model and associated feature set could be configured by users with sufficient access to perform requests to various hosts and… - CVE-2026-44798 - Nautobot: GitRepository.current_head field should not be writable through REST A
CVE-2026-44798High
Impact A user with access to add/change a GitRepository record could use the REST API to directly set the `current_head` field on the record, which was not… - CVE-2026-45136 - claude-code-cache-fix vulnerable to local code execution via Python triple-quote
CVE-2026-45136High
## Summary `tools/quota-statusline.sh` (introduced in v3.5.0) interpolates Claude Code's hook stdin payload directly into a Python triple-quoted string… - CVE-2026-45137 - Anchor: Program<'info, System> is not properly validated
CVE-2026-45137High
Summary An logic error causes anchor programs to accept any program id when requiring the system program id, causing false assumptions resulting in potential… - CVE-2026-45152 - uniget is Vulnerable to Command Injection in tool.Check Leading to Arbitrary Cod
CVE-2026-45152High
I discovered a command injection vulnerability in uniget that allows arbitrary command execution through the metadata loading and version check mechanism.… - GHSA-429q-fhh4-r6hj - Anchor: `InterfaceAccount` allows account substitution between unexpected types High
Impact Any uses of `InterfaceAccount` allows another unexpected account type to be passed, after https://github.com/solana-foundation/anchor/pull/3837 disabled… - CVE-2026-45371 - SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs
CVE-2026-45371High
Summary SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs `POST /api/graph/getGraph`, `POST /api/graph/getLocalGraph`, `POST…
Medium (30 条)
- CVE-2025-64526 - Strapi has a rate limit bypass on users-permissions plugin via attacker-controll
CVE-2025-64526Medium 4.0
Summary of CVE-2025-64526 Vulnerability Details - CVE: CVE-2025-64526 - CVSS v3.1 Vector: `CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N`… - CVE-2026-45318 - Open WebUI has stored XSS via unsanitized Office/Excel/DOCX file preview renderi
CVE-2026-45318Medium
## Related advisory This advisory tracks a regression of the original Excel-preview XSS that was publicly disclosed and patched under… - CVE-2026-45317 - Open WebUI Vulnerable to Cross-Site Request Forgery (CSRF) via Image URL Manipul
CVE-2026-45317Medium
## Summary An application-wide Cross-Site Request Forgery (CSRF) vulnerability was found Open-WebUl's image uploading functionality. An attacker can set an… - CVE-2026-42599 - Svelte SSR vulnerable to cross-site scripting via spread attributes
CVE-2026-42599Medium
When using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads… - CVE-2026-45339 - Open WebUI's API key endpoint restrictions bypassed via `x-api-key` header — ful
CVE-2026-45339Medium
Summary Open WebUI allows admins to restrict which API endpoints an API key can access. When an API key is restricted from `/api/v1/messages`, requests using… - CVE-2026-45345 - Open WebUI missing authorization check at the model update function - models fro
CVE-2026-45345Medium
Summary A user can modify another user's model even if its visibility is set to `Private`. The finding resulted from a penetration test for a customer. It is… - CVE-2026-45346 - Open WebUI Has Stored Cross-Site Scripting in SVG Renderer
CVE-2026-45346Medium
Summary There is a Cross-Site Scripting vulnerability in Open WebUI SVG renderer implementation. Details It is possible permanently save any HTML/JavaScript… - CVE-2026-45347 - Open WebUI vulnerable to blind server side request forgery (SSRF) via the PDF ge
CVE-2026-45347Medium
Summary Blind server side request forgery (SSRF) via the PDF generate function. The finding resulted from a penetration test for a customer. It is suspected…
…另有 22 条 Medium 级漏洞(已省略)
Low (1 条)
- CVE-2026-22706 - Strapi: Password Reset Does Not Revoke Existing Refresh Sessions
CVE-2026-22706Low 4.0
Summary of CVE-2026-22706 Vulnerability Details - CVE: CVE-2026-22706 - CVSS v3.1 Vector: `CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N`…
🛡️ NVD-Latest(65 条)
Critical (13 条)
- CVE-2026-41050 Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two co
CVE-2026-41050Critical 9.9
CVE-2026-41050 CVSS:9.9 Fleet's Helm deployer did not fully apply ServiceAccount impersonation in two code paths, allowing a tenant with git push access to a… - CVE-2020-37168 Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerabili
CVE-2020-37168Critical 9.8
CVE-2020-37168 CVSS:9.8 Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows attackers to brute force the… - CVE-2026-42062 ELECOM wireless LAN access point devices contain an OS command injection in proc
CVE-2026-42062Critical 9.8
CVE-2026-42062 CVSS:9.8 ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted… - CVE-2026-40621 ELECOM wireless LAN access point devices do not require authentication to access
CVE-2026-40621Critical 9.8
CVE-2026-40621 CVSS:9.8 ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be… - CVE-2026-32661 Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailSuite and G
CVE-2026-32661Critical 9.8
CVE-2026-32661 CVSS:9.8 Stack-based buffer overflow vulnerability exists in GUARDIANWALL MailSuite and GUARDIANWALL Mail Security Cloud (SaaS version). If a… - CVE-2025-6577 Improper neutralization of special elements used in an SQL command ('SQL injecti
CVE-2025-6577Critical 9.8
CVE-2025-6577 CVSS:9.8 Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software… - CVE-2026-34263 Due to improper Spring Security configuration, SAP Commerce cloud allows an unau
CVE-2026-34263Critical 9.6
CVE-2026-34263 CVSS:9.6 Due to improper Spring Security configuration, SAP Commerce cloud allows an unauthenticated user to perform malicious configuration… - CVE-2025-11159 Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a J
CVE-2025-11159Critical 9.1
CVE-2025-11159 CVSS:9.1 Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to… - CVE-2026-41551 A vulnerability has been identified in ROS# (All versions < V2.2.2). Affected ve
CVE-2026-41551Critical 9.1
CVE-2026-41551 CVSS:9.1 A vulnerability has been identified in ROS# (All versions < V2.2.2). Affected versions contain a path traversal vulnerability because… - CVE-2026-25787 Affected devices do not properly validate and sanitize Technology Object (TO) na
CVE-2026-25787Critical 9.1
CVE-2026-25787 CVSS:9.1 Affected devices do not properly validate and sanitize Technology Object (TO) name rendered on the "Motion Control Diagnostics" page of… - CVE-2026-25786 Affected devices do not properly validate and sanitize PLC/station name rendered
CVE-2026-25786Critical 9.1
CVE-2026-25786 CVSS:9.1 Affected devices do not properly validate and sanitize PLC/station name rendered on the "communication" parameters page of the web… - CVE-2026-22924 A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). Th
CVE-2026-22924Critical 9.1
CVE-2026-22924 CVSS:9.1 A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected application does not properly restrict… - CVE-2025-40949 A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.1
CVE-2025-40949Critical 9.1
CVE-2025-40949 CVSS:9.1 A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1),…
High (52 条)
- CVE-2026-3425 The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Local File
CVE-2026-3425High 8.8
CVE-2026-3425 CVSS:8.8 The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.2… - CVE-2026-8053 An issue in MongoDB Server's time-series collection implementation allows an aut
CVE-2026-8053High 8.8
CVE-2026-8053 CVSS:8.8 An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to… - CVE-2026-2465 Incorrect Authorization vulnerability in E-Kalite Software Hardware Engineering
CVE-2026-2465High 8.8
CVE-2026-2465 CVSS:8.8 Incorrect Authorization vulnerability in E-Kalite Software Hardware Engineering Design and Internet Services Industry and Trade Ltd. Co.… - CVE-2026-6001 Authorization bypass through User-Controlled key vulnerability in ABIS Technolog
CVE-2026-6001High 8.8
CVE-2026-6001 CVSS:8.8 Authorization bypass through User-Controlled key vulnerability in ABIS Technology Ltd. Co. BAPSİS allows Exploitation of Trusted… - CVE-2026-7256 ** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the CGI pro
CVE-2026-7256High 8.8
CVE-2026-7256 CVSS:8.8 ** UNSUPPORTED WHEN ASSIGNED ** A command injection vulnerability in the CGI program of Zyxel WRE6505 v2 firmware version… - CVE-2020-37221 Atomic Alarm Clock 6.3 contains a stack overflow vulnerability that allows local
CVE-2020-37221High 8.4
CVE-2020-37221 CVSS:8.4 Atomic Alarm Clock 6.3 contains a stack overflow vulnerability that allows local attackers to execute arbitrary code by supplying a… - CVE-2026-25705 A vulnerability has been identified in [Rancher's Extensions](https://rancherman
CVE-2026-25705High 8.4
CVE-2026-25705 CVSS:8.4 A vulnerability has been identified in [Rancher's… - CVE-2025-40946 A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blu
CVE-2025-40946High 8.3
CVE-2025-40946 CVSS:8.3 A vulnerability has been identified in blueplanet 100 NX3 M8 (All versions), blueplanet 100 TL3 GEN2 (All versions < V6.1.4.9),… - CVE-2020-37218 Joomla com_hdwplayer 4.2 contains an SQL injection vulnerability in the search.p
CVE-2020-37218High 8.2
CVE-2020-37218 CVSS:8.2 Joomla com_hdwplayer 4.2 contains an SQL injection vulnerability in the search.php file that allows unauthenticated attackers to… - CVE-2026-41713 A malicious user could craft input that is stored in conversation memory and lat
CVE-2026-41713High 8.2
CVE-2026-41713 CVSS:8.2 A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way.… - CVE-2026-39432 Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Inco
CVE-2026-39432High 8.2
CVE-2026-39432 CVSS:8.2 Missing Authorization vulnerability in Arraytics Timetics allows Exploiting Incorrectly Configured Access Control Security Levels. This… - CVE-2026-20916 An authenticated iControl REST user with low privileges can create or modify arb
CVE-2026-20916High 8.1
CVE-2026-20916 CVSS:8.1 An authenticated iControl REST user with low privileges can create or modify arbitrary files through an undisclosed iControl REST… - CVE-2026-7635 The coreActivity: Activity Logging for WordPress plugin for WordPress is vulnera
CVE-2026-7635High 8.1
CVE-2026-7635 CVSS:8.1 The coreActivity: Activity Logging for WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and… - CVE-2020-37223 IObit Uninstaller 9.5.0.15 contains an unquoted service path vulnerability in th
CVE-2020-37223High 7.8
CVE-2020-37223 CVSS:7.8 IObit Uninstaller 9.5.0.15 contains an unquoted service path vulnerability in the IObitUnSvr service that allows local attackers to… - CVE-2026-44612 Bytello Share (Windows Edition) installer executable provided by Bytello insecur
CVE-2026-44612High 7.8
CVE-2026-44612 CVSS:7.8 Bytello Share (Windows Edition) installer executable provided by Bytello insecurely loads Dynamic Link Libraries. If there is a crafted… - CVE-2026-21020 Improper export of android application components in OmaCP prior to SMR May-2026
CVE-2026-21020High 7.8
CVE-2026-21020 CVSS:7.8 Improper export of android application components in OmaCP prior to SMR May-2026 Release 1 allows local attackers to trigger privileged… - CVE-2026-44412 A vulnerability has been identified in Solid Edge SE2026 (All versions < V226.0
CVE-2026-44412High 7.8
CVE-2026-44412 CVSS:7.8 A vulnerability has been identified in Solid Edge SE2026 (All versions < V226.0 Update 5). The affected applications contain a stack… - CVE-2026-44411 A vulnerability has been identified in Solid Edge SE2026 (All versions < V226.0
CVE-2026-44411High 7.8
CVE-2026-44411 CVSS:7.8 A vulnerability has been identified in Solid Edge SE2026 (All versions < V226.0 Update 5). The affected application is vulnerable to… - CVE-2026-27662 Affected devices do not properly restrict access to the web browser via the Cont
CVE-2026-27662High 7.7
CVE-2026-27662 CVSS:7.7 Affected devices do not properly restrict access to the web browser via the Control Panel when no corresponding security mechanisms are… - CVE-2025-28344 striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function Aux
CVE-2025-28344High 7.5
CVE-2025-28344 CVSS:7.5 striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function AuxJack. 产品: - CVE-2025-28343 striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function Thr
CVE-2025-28343High 7.5
CVE-2025-28343 CVSS:7.5 striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function ThreadReadButtons. 产品: - CVE-2020-37220 Huawei HG630 V2 router contains an authentication bypass vulnerability that allo
CVE-2020-37220High 7.5
CVE-2020-37220 CVSS:7.5 Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative… - CVE-2020-37219 Joomla com_fabrik 3.9.11 contains a directory traversal vulnerability that allow
CVE-2020-37219High 7.5
CVE-2020-37219 CVSS:7.5 Joomla com_fabrik 3.9.11 contains a directory traversal vulnerability that allows unauthenticated attackers to list arbitrary files by… - CVE-2026-6276 Using libcurl, when a custom `Host:` header is first set for an HTTP request and
CVE-2026-6276High 7.5
CVE-2026-6276 CVSS:7.5 Using libcurl, when a custom `Host:` header is first set for an HTTP request and a second request is subsequently done using the same… - CVE-2026-5773 libcurl might in some circumstances reuse the wrong connection for SMB(S) transf
CVE-2026-5773High 7.5
CVE-2026-5773 CVSS:7.5 libcurl might in some circumstances reuse the wrong connection for SMB(S) transfers. libcurl features a pool of recent connections so… - CVE-2026-4798 The Avada Builder plugin for WordPress is vulnerable to time-based SQL Injection
CVE-2026-4798High 7.5
CVE-2026-4798 CVSS:7.5 The Avada Builder plugin for WordPress is vulnerable to time-based SQL Injection via the ‘product_order’ parameter in all versions up… - CVE-2026-6929 The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for Wo
CVE-2026-6929High 7.5
CVE-2026-6929 CVSS:7.5 The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to time-based blind SQL Injection… - CVE-2026-8336 After invoking $_internalJsEmit, which is not intended to be directly accessible
CVE-2026-8336High 7.5
CVE-2026-8336 CVSS:7.5 After invoking $_internalJsEmit, which is not intended to be directly accessible, or mapreduce command’s map function in a certain way,… - CVE-2026-41712 Spring AI's chat memory component contained a problematic default that, when not
CVE-2026-41712High 7.5
CVE-2026-41712 CVSS:7.5 Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data… - CVE-2026-8162 multiparty@4.2.3 and lower versions are vulnerable to denial of service via unca
CVE-2026-8162High 7.5
CVE-2026-8162 CVSS:7.5 multiparty@4.2.3 and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request… - CVE-2026-8161 multiparty@4.2.3 and lower versions are vulnerable to denial of service via unca
CVE-2026-8161High 7.5
CVE-2026-8161 CVSS:7.5 multiparty@4.2.3 and lower versions are vulnerable to denial of service via uncaught exception. By sending a multipart/form-data request… - CVE-2026-8159 multiparty@4.2.3 and lower versions are vulnerable to denial of service via regu
CVE-2026-8159High 7.5
CVE-2026-8159 CVSS:7.5 multiparty@4.2.3 and lower versions are vulnerable to denial of service via regular expression backtracking in the Content-Disposition… - CVE-2026-33893 A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.00
CVE-2026-33893High 7.5
CVE-2026-33893 CVSS:7.5 A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012),… - CVE-2026-22925 A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). Th
CVE-2026-22925High 7.5
CVE-2026-22925 CVSS:7.5 A vulnerability has been identified in SIMATIC CN 4100 (All versions < V5.0). The affected application is susceptible to resource… - CVE-2025-40947 A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.1
CVE-2025-40947High 7.5
CVE-2025-40947 CVSS:7.5 A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.17.1), RUGGEDCOM ROX MX5000RE (All versions < V2.17.1),… - CVE-2025-40833 The affected devices contain a null pointer dereference vulnerability while proc
CVE-2025-40833High 7.5
CVE-2025-40833 CVSS:7.5 The affected devices contain a null pointer dereference vulnerability while processing specially crafted IPv4 requests. This could… - CVE-2026-2993 The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable
CVE-2026-2993High 7.5
CVE-2026-2993 CVSS:7.5 The AI Chatbot & Workflow Automation by AIWU plugin for WordPress is vulnerable to SQL Injection in versions up to, and including,… - CVE-2026-7287 ** UNSUPPORTED WHEN ASSIGNED ** A buffer overflow vulnerability in the formWep()
CVE-2026-7287High 7.5
CVE-2026-7287 CVSS:7.5 ** UNSUPPORTED WHEN ASSIGNED ** A buffer overflow vulnerability in the formWep(), formWlAc(), formPasswordSetup(), formUpgradeCert(),… - CVE-2026-41872 "Kura Sushi Official App" provided by EPG, Inc. is vulnerable to improper certif
CVE-2026-41872High 7.4
CVE-2026-41872 CVSS:7.4 "Kura Sushi Official App" provided by EPG, Inc. is vulnerable to improper certificate validation. A man-in-the-middle attack may allow… - CVE-2024-55045 Firmament-Autopilot FMT-Firmware commit de5aec was discovered to contain a buffe
CVE-2024-55045High 7.3
CVE-2024-55045 CVSS:7.3 Firmament-Autopilot FMT-Firmware commit de5aec was discovered to contain a buffer overflow via the task_mavobc_entry function at… - CVE-2026-37430 An arbitrary file upload vulnerability in the ShopOrderImportController.java com
CVE-2026-37430High 7.3
CVE-2026-37430 CVSS:7.3 An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang-wms commit 75c15a allows attackers to… - CVE-2026-33862 A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.00
CVE-2026-33862High 7.3
CVE-2026-33862 CVSS:7.3 A vulnerability has been identified in Teamcenter V2312 (All versions < V2312.0014), Teamcenter V2406 (All versions < V2406.0012),… - CVE-2020-37222 Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that
CVE-2020-37222High 7.2
CVE-2020-37222 CVSS:7.2 Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious… - CVE-2026-6177 The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site
CVE-2026-6177High 7.2
CVE-2026-6177 CVSS:7.2 The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.5.4. This… - CVE-2026-35506 ELECOM wireless LAN access point devices contain an OS command injection vulnera
CVE-2026-35506High 7.2
CVE-2026-35506 CVSS:7.2 ELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of ping_ip_addr parameter. If… - CVE-2026-6888 Successful exploitation of the SQL injection vulnerability could allow a remote
CVE-2026-6888High 7.2
CVE-2026-6888 CVSS:7.2 Successful exploitation of the SQL injection vulnerability could allow a remote authenticated attacker to execute arbitrary commands via… - CVE-2026-6690 The LifePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting
CVE-2026-6690High 7.2
CVE-2026-6690 CVSS:7.2 The LifePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'n' parameter of the lp_update_mds AJAX action… - CVE-2020-37226 Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that
CVE-2020-37226High 7.1
CVE-2020-37226 CVSS:7.1 Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database… - CVE-2020-37224 Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that
CVE-2020-37224High 7.1
CVE-2020-37224 CVSS:7.1 Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database… - CVE-2026-4609 The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is
CVE-2026-4609High 7.1
CVE-2026-4609 CVSS:7.1 The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized access due to a missing… - CVE-2026-25789 Affected devices do not properly validate and sanitize filenames on the Firmware
CVE-2026-25789High 7.1
CVE-2026-25789 CVSS:7.1 Affected devices do not properly validate and sanitize filenames on the Firmware Update page. This could allow a remote attacker to… - CVE-2026-45430 The Salesforce module before 1.x-1.0.1 for Backdrop CMS does not properly use a
CVE-2026-45430High 7.1
CVE-2026-45430 CVSS:7.1 The Salesforce module before 1.x-1.0.1 for Backdrop CMS does not properly use a random state parameter to protect the authorization…
⚔️ Sploitus(53 条)
Unknown (53 条)
- OrchidMantis exploit
OrchidMantis exploit - Exploit for Missing Authentication for Critical Function in Flowiseai Flowise exploit
Exploit for Missing Authentication for Critical Function in Flowiseai Flowise exploit
…另有 51 条 Unknown 级漏洞(已省略)
🤖 漏洞情报自动汇总 · 2026-05-15 · 数据来源: NVD / GitHub Advisory / Sploitus / CISA-KEV