📊 2026-05-16 漏洞情报日报 · 200 条 · 高危 101
每日漏洞情报汇总 · 2026-05-16
📊 2026-05-16 漏洞情报日报
📋 共 200 条
🔥 高危/严重 101 条
🚨 CISA-KEV 1 条
💣 Exploit-DB-RSS 7 条
🐙 GitHub-Advisory 75 条 🔥44
🛡️ NVD-Latest 57 条 🔥57
⚔️ Sploitus 60 条
🤖 今日安全态势分析
🎯 今日重点关注
- CVE-2026-45311 & CVE-2026-45374 (DeepSeek TUI):两个Critical级别RCE漏洞。前者利用`run_tests`工具自动执行恶意仓库的`cargo test`;后者利用`task_create`工具的不安全默认配置(默认允许shell、自动审批)。攻击者可通过诱导用户加载恶意仓库或进行Prompt注入实现远程代码执行。
- CVE-2026-45353 (Electerm):本地代码执行漏洞。同一用户下的任意进程可通过Electerm的单实例Socket发送恶意JSON载荷,创建标签页并执行任意命令。攻击前提是攻击者已在目标系统上获得低权限代码执行环境。
- CVE-2026-45288 (Marten):SQL注入漏洞。全文本搜索API未对用户输入的`regConfig`参数进行参数化处理,直接拼接到SQL语句中。导致任何暴露该参数的数据流均可被攻击者利用,实现数据库越权操作。
- CVE-2026-6271 (WordPress Career Section插件):任意文件上传漏洞。简历上传处理器因缺失文件类型校验,攻击者可直接上传恶意Web Shell,实现对网站的完全控制。
- CVE-2026-8181 (WordPress Burst Statistics插件):认证绕过漏洞。由于返回值处理错误,导致攻击者无需密码即可登录任意用户账户,包括管理员账户。
📈 威胁趋势
- 远程代码执行 (RCE) / 命令注入:数量最多(6+),覆盖DeepSeek TUI、Electerm、utcp-cli、vm2、ELECOM AP等产品。攻击面从Web应用延伸至AI工具链和物联网设备。
- 权限提升 / 认证绕过:WordPress生态成为重灾区,Burst Statistics、InfusedWoo Pro、Career Section三个插件均存在此类漏洞,CVSS均为9.8。说明插件安全审计亟待加强。
- SQL注入:Marten(CVE-2026-45288)及Akilli电商平台(CVE-2025-11024)两例,均为未对用户输入做安全处理,攻击者可盲注获取敏感数据。
- 身份伪造 / 会话劫持:MCPHub(GHSA-wf8q-wvv8-p8jf)允许任意用户指定用户名冒充管理员;Akilli电商平台(CVE-2026-2347)存在用户控制密钥的授权绕过问题。
- 其他:ELECOM AP存在无需认证即可访问管理界面的漏洞(CVE-2026-40621),可能导致设备被接管;Ecommerce Systempay因弱密码学实现可被暴力破解支付密钥。
🛡️ 缓解建议
- 立即更新受影响软件:优先升级DeepSeek TUI至修复版本(修改`allow_shell`和`auto_approve`默认值);更新所有WordPress插件(Burst Statistics、Career Section、InfusedWoo Pro)至最新版本;检查ELECOM AP固件更新。
- 强化输入验证与参数化查询:针对Marten等数据库应用,立即对所有用户可控的SQL参数(如`regConfig`)实施白名单校验或参数化绑定,杜绝字符串拼接。
- 加固本地执行环境:对于Electerm等客户端应用,建议限制单实例Socket的访问权限,仅允许Electerm自身进程通信;同时通过安全策略阻止不可信进程的跨进程消息发送。
- 启用Web应用防火墙(WAF)与日志审计:对WordPress站点启用WAF规则,拦截常见文件上传、SQL注入和认证绕过Payload;同时开启详细访问日志,监控异常的POST请求和登录行为。
🚨 CISA-KEV(1 条)
Unknown (1 条)
- CVE-2026-42897 - Microsoft Exchange Server Cross-Site Scripting Vulnerability
CVE-2026-42897
CVE-2026-42897 Microsoft Exchange Server Cross-Site Scripting Vulnerability 产品: Microsoft Microsoft 描述: Microsoft Exchange Server contains a cross-site…
💣 Exploit-DB-RSS(7 条)
Unknown (7 条)
- [local] Remote Sunrise Helper for Windows 2026.14 - Remote Code Execution
# Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated Remote Code Execution # Date: 2026-04-20 # Exploit Author: Chokri Hammedi #… - [local] Remote Sunrise Helper for Windows 2026.14 - Unauthenticated File/Directory Listing
#!/usr/bin/env python3 # Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated File/Directory Listing # Date: 2026-04-20 # Exploit Author:…
…另有 5 条 Unknown 级漏洞(已省略)
🐙 GitHub-Advisory(75 条)
Critical (7 条)
- CVE-2026-45311 - DeepSeek TUI: run_tests Tool Enables RCE via Malicious Repository Without Approv
CVE-2026-45311Critical
Summary The `run_tests` tool executes `cargo test` in the workspace with `ApprovalRequirement::Auto`, meaning it runs without any user approval prompt. The… - CVE-2026-45374 - DeepSeek TUI: task_create Insecure Defaults Enable RCE via Prompt Injection in P
CVE-2026-45374Critical
Summary The `task_create` tool spawns durable sub-agents that inherit two insecure defaults: - `allow_shell` defaults to `true` (`config.rs:1499`:… - CVE-2026-45353 - Electerm Local code through electerm's single-instance socket
CVE-2026-45353Critical
Impact _Local code execution without UI interaction: any same-user process can send a JSON payload to electerm's single-instance socket/pipe, causing the app… - GHSA-wf8q-wvv8-p8jf - @samanhappy/mcphub: SSE Endpoint Accepts Arbitrary Username from URL Path Withou Critical
Summary A critical identity spoofing vulnerability in MCPHub allows any unauthenticated user to impersonate any other user — including administrators — on SSE… - CVE-2026-45288 - Marten has an injection vulnerability in its full-text search regConfig paramete
CVE-2026-45288Critical
## Summary Marten's full-text search APIs interpolated the user-supplied `regConfig` parameter directly into the generated SQL without parameterization or… - CVE-2026-45369 - utcp-cli Vulnerable to Command Injection via Unsanitized Argument Substitution i
CVE-2026-45369Critical
## Summary The `_substitute_utcp_args` method in `cli_communication_protocol.py` inserts user-controlled `tool_args` values directly into shell command strings… - CVE-2026-45411 - vm2 Has a Sandbox Breakout Using Async Generator
CVE-2026-45411Critical
Summary VM2 suffers from a sandbox breakout vulnerability. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary…
High (37 条)
- CVE-2026-45398 - Open WebUI Vulnerable to IDOR: Retrieval API Bypasses Knowledge Base Access Cont
CVE-2026-45398High 3.1
# IDOR: Retrieval API Bypasses Knowledge Base Access Controls **Author:** Andrew Orr <aorr@tenable.com> ## Summary `_validate_collection_access()` ([PR… - CVE-2026-22810 - @joplin/onenote-converter: Path traversal in OneNote importer allows overwriting
CVE-2026-22810High
Summary A path traversal vulnerability in the OneNote importer allows overwriting arbitrary files on disk. Details The OneNote converter does not sanitize the… - CVE-2026-40092 - nimiq-keys: Unchecked Ed25519 signature length in TaggedPublicKey::verify causes
CVE-2026-40092High
Impact A malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record containing a `TaggedSigned<ValidatorRecord, KeyPair>`… - CVE-2026-41147 - NukeViet CMS: Stored Cross-Site Scripting (XSS) via insufficient server-side inp
CVE-2026-41147High
Impact NukeViet CMS <= 4.5.08 contains a Stored Cross-Site Scripting (XSS) vulnerability caused by insufficient server-side input sanitization in the Request… - CVE-2026-44716 - Pipecat: Path Traversal in Pipecat Runner `/files` Endpoint — Arbitrary File Rea
CVE-2026-44716High
## Summary A path traversal vulnerability exists in Pipecat's development runner (`src/pipecat/runner/run.py`). When the runner is started with the `--folder`… - CVE-2026-45062 - FrankenPHP: Unsafe Unicode Handling in CGI Path Splitting Allows Execution of No
CVE-2026-45062High
Summary The `splitPos()` function in [`cgi.go`](https://github.com/php/frankenphp/blob/main/cgi.go) misuses `golang.org/x/text/search` with `search.IgnoreCase`… - GHSA-mxg3-432p-mr72 - goshs: SSH host key verification disabled, allowing transparent MITM of every tu High
Summary The `--tunnel` / `-t` flag opens an outbound SSH connection to `localhost.run:22` with `HostKeyCallback: ssh.InsecureIgnoreHostKey()`. The Go… - CVE-2026-45364 - Better Auth: Rate limiter keys IPv6 addresses individually and is bypassable via
CVE-2026-45364High
Am I affected? Users are affected if all of the following are true: - Their app uses `better-auth` at a version `< 1.4.17`, or at a v1.5 prerelease tagged `<=… - CVE-2026-45548 - Budibase: SSRF in AI Extract File Automation Step via Missing IP Blacklist Valid
CVE-2026-45548High
## Vulnerability Details **CWE-918**: Server-Side Request Forgery (SSRF) The `processUrlFile` function in `packages/server/src/automations/steps/ai/extract.ts`… - CVE-2026-45715 - Budibase: SSRF Bypass via HTTP Redirect in REST Datasource Integration
CVE-2026-45715High
Summary The REST datasource integration follows HTTP redirects without re-checking the IP blacklist, allowing an authenticated Builder to access internal… - CVE-2026-45717 - Budibase: `PUT /api/datasources/:datasourceId` is protected only by `TABLE/READ`
CVE-2026-45717High
## Summary Budibase exposes a REST API for datasource management. The route `PUT /api/datasources/:datasourceId` is registered in the `authorizedRoutes` group… - CVE-2026-44692 - Authenticated Sharp users can download unrelated Laravel Storage objects through
CVE-2026-44692High
Sharp exposes a generic download endpoint that authorizes access only to the supplied Sharp entity instance, but then reads the target storage `disk` and… - CVE-2026-46491 - SimpleSAMLphp casserver FileSystemTicketStore path traversal allows out-of-ticke
CVE-2026-46491High
## Summary `simplesamlphp-module-casserver` builds file paths for the file-based CAS ticket store by directly concatenating the configured ticket directory… - GHSA-qxvm-r42f-5p8j - AVideo's Meet plugin: `uploadRecordedVideo.json.php` derives `users_id` from the High
## Summary **Type:** Authorization-bypass via user-controlled identifier. The Meet plugin's recorded-video upload endpoint… - CVE-2026-45574 - epa4all-client: TLS Certificate Validation Disabled in Production
CVE-2026-45574High
Impact An attacker on the network path between the ePA service and the Konnektor can present any TLS certificate (self-signed, expired, wrong CN) and intercept… - CVE-2026-45575 - Improper Verification of Cryptographic Signature in com.oviva.telematik:epa4all
CVE-2026-45575High
Impact An attacker who can MITM the TLS connection between the client and the IDP (within the TI network) can substitute a forged discovery document. The… - CVE-2026-45578 - AVideo: OS command injection in on_publish.php execAsync via unescaped m3u8 URL
CVE-2026-45578High
## Summary **Type:** Classic shell-metacharacter injection. The YPTSocket notification branch in `plugin/Live/on_publish.php` builds an `execAsync()` command… - CVE-2026-45331 - Open WebUI has a full SSRF Vulnerability in the RAG Web Search Feature
CVE-2026-45331High
# SSRF Bypass via IPv6/IPv4-mapped IPv6/IPv4-reserved-ranges in `validate_url()` ## Summary `validate_url()` in `backend/open_webui/retrieval/web/utils.py`… - CVE-2026-45338 - Open WebUI Vulnerable to SSRF via OAuth Profile Picture URL in _process_picture_
CVE-2026-45338High
## Summary A Server-Side Request Forgery (SSRF) vulnerability exists in `_process_picture_url()` in `backend/open_webui/utils/oauth.py` (line ~1338). The… - CVE-2026-42570 - Svelte devalue: DoS via sparse array deserialization
CVE-2026-42570High
`devalue.parse` could, due to quirks in some JavaScript engines, be convinced to allocate much more memory than was needed when deserializing sparse arrays,… - CVE-2026-45348 - pyLoad is vulnerable to stored XSS in Downloads view via unsanitized link URL in
CVE-2026-45348High
## Summary The `packages.js` template at `src/pyload/webui/app/themes/modern/templates/js/packages.js:172` interpolates a stored link URL into a template… - CVE-2026-45349 - Open WebUI has Broken Access Control for Completions API
CVE-2026-45349High
Summary Any user `X` can continue the conversation of any other user `Y`, as long as the Chat ID of `Y` is known. User `X` does not even need to be an admin to… - CVE-2026-45350 - Open WebUI's chat completion API allows tool restrictions to be bypassed
CVE-2026-45350High
Summary Open WebUI v0.6.43 contains a vulnerability in its chat completion API, which allows attackers to bypass tool restrictions, potentially enabling… - CVE-2026-45395 - Open WebUI: Missing `workspace.tools` Authorization Check on Tool Update Endpoin
CVE-2026-45395High
Summary The tool update endpoint (`POST /api/v1/tools/id/{id}/update`) is missing the `workspace.tools` permission check that is present on the tool create… - CVE-2026-45399 - Open WebUI: Low-privilege authenticated users can enumerate and stop global back
CVE-2026-45399High
Summary Any authenticated user with low privileges can enumerate active background tasks across the system and stop tasks belonging to other users via the GET… - CVE-2026-45400 - Open WebUI has a Server-Side Request Forgery (SSRF) bypass in `validate_url`
CVE-2026-45400High
Summary In the open-webui project, a parsing difference between the urlparse and requests libraries led to an SSRF bypass vulnerability. Details In the current… - CVE-2026-45401 - Open WebUI has a SSRF Bypass via HTTP Redirect Following in Web-Fetch and Image
CVE-2026-45401High
# Server-Side Request Forgery (SSRF) Bypass via HTTP Redirect Following in Web-Fetch, Image-Load, and Chat-Completion Endpoints ## Summary The `validate_url()`… - GHSA-3wgj-c2hg-vm6q - Open WebUI vulnerable to stored XSS via OAuth picture claim stored as SVG data U
CVE-2025-64496CVE-2025-64495High
# Summary When a user signs in via OAuth, Open WebUI fetches the `picture` claim URL, infers a MIME type from the URL extension via `mimetypes.guess_type`, and… - CVE-2026-45402 - Open WebUI: Cross-User File Access via Unchecked file_id in Folder Knowledge and
CVE-2026-45402High
# Cross-User File Access via Unchecked file_id in Folder Knowledge and Knowledge-Base Attach Endpoints ## Summary Multiple endpoints accept a user-supplied… - CVE-2026-45665 - Open WebUI has Stored XSS in Banner Component via Improper Sanitization Order
CVE-2026-45665High
Summary A Stored Cross-Site Scripting (XSS) vulnerability exists in the Banner component due to an improper sanitization order (specifically, DOMPurify is… - CVE-2026-45671 - Open WebUI: shared-chat branch ignores access_type, allowing unauthorized file d
CVE-2026-45671High
Summary Any authenticated user can permanently delete files owned by other users via `DELETE /api/v1/files/{id}` when the target file is referenced in any… - CVE-2026-45672 - Open WebUI: Jupyter code execution works despite `ENABLE_CODE_EXECUTION=false` —
CVE-2026-45672High
Summary The `/api/v1/utils/code/execute` endpoint executes arbitrary Python code via Jupyter for any verified user, even when the admin has set… - CVE-2026-45675 - Open WebUI: LDAP and OAuth First-User Race Condition Allows Multiple Admin Accou
CVE-2026-45675High
## Summary The LDAP and OAuth authentication flows use a TOCTOU (Time-of-Check-Time-of-Use) pattern for first-user admin role assignment. The regular signup… - CVE-2026-45310 - DeepSeek TUI has SSRF via HTTP Redirect Bypass in fetch_url Tool
CVE-2026-45310High
Summary The `fetch_url` tool validates the initial URL's resolved IP address against a restricted-IP blocklist (`is_restricted_ip()`) to prevent SSRF attacks… - CVE-2026-45373 - DeepSeek TUI has SSRF IPV6 bypass
CVE-2026-45373High
Summary Although SSRF is validated against hostnames that resolve to private IPv6 addresses, when providing the IPV6 in URL as `http://[::1]`, the SSRF… - CVE-2026-46509 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Po
CVE-2026-46509High
Impact Prototype pollution is possible when property paths contain `__proto__`/`constructor`/`prototype`. The property path must not be exposed as user input. - CVE-2026-45370 - python-utcp: Full Process Environment Exposed to CLI Subprocess - Secrets Leakag
CVE-2026-45370High
## Summary `_prepare_environment()` in `cli_communication_protocol.py` passes a full copy of `os.environ` to every CLI subprocess. When combined with the…
Medium (31 条)
- CVE-2025-65954 - SimpleSAMLphp casserver: Open Redirect in logout
CVE-2025-65954Medium
Summary The logout endpoint accepts a `url` query parameter to redirect to. casserver treats that url as trusted, and either (depending on configuration)… - CVE-2026-45106 - Weblate: Stored HTML injection in editor search preview
CVE-2026-45106Medium
Impact Weblate's live search preview renders unit `source` and `context` as HTML without escaping. Any contributor whose content reaches those fields stores… - GHSA-wxw3-q3m9-c3jr - Better Auth: OAuth callback accepts mismatched `state` when cookie-backed state Medium
Am I affected? Users are affected if all of the following are true: - The application uses `better-auth` at a version below `1.6.2` (or `@better-auth/sso`… - GHSA-vfvv-c25p-m7mm - rkyv: Panic safety bugs in `InlineVec::clear` and `SerVec::clear` enable arbitra Medium
`InlineVec::clear()` and `SerVec::clear()` in `rkyv` were not panic-safe. Both functions iterate over their elements and call `drop_in_place` on each, updating… - GHSA-rc6v-5rmx-w5mv - arnika is affected by medium-severity issues in UDP rotation, PQC handling, and Medium
Summary Three medium-severity issues in arnika affecting the UDP key-rotation protocol, PQC key file handling, and KMS TLS client. All require specific… - CVE-2026-46383 - Microsoft APM: Windows absolute-path tar member overwrite during legacy-bundle p
CVE-2026-46383Medium
Summary Microsoft APM contains a Windows-specific archive extraction boundary failure in the legacy-bundle probe used by `apm install <bundle>` on supported… - CVE-2026-45580 - AVideo: stored XSS via unescaped stream key in modeYoutubeLive.php class attribu
CVE-2026-45580Medium
## Summary **Type:** Stored cross-site scripting. The Live plugin's "YouTube-style" view renders the live transmission's stream key into an HTML class… - CVE-2026-45610 - AVideo: 2FA toggle endpoint has no CSRF protection, letting an attacker page sil
CVE-2026-45610Medium
## Summary **Type:** Cross-site request forgery on the 2FA toggle. `plugin/LoginControl/set.json.php` accepts `POST type=set2FA value=false`, calls…
…另有 23 条 Medium 级漏洞(已省略)
🛡️ NVD-Latest(57 条)
Critical (10 条)
- CVE-2026-2347 Authorization bypass through User-Controlled key vulnerability in Akilli Commerc
CVE-2026-2347Critical 9.8
CVE-2026-2347 CVSS:9.8 Authorization bypass through User-Controlled key vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website… - CVE-2025-11024 Improper neutralization of special elements used in an SQL command ('SQL injecti
CVE-2025-11024Critical 9.8
CVE-2025-11024 CVSS:9.8 Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software… - CVE-2026-6510 The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation vi
CVE-2026-6510Critical 9.8
CVE-2026-6510 CVSS:9.8 The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation via missing authorization in all versions up to, and… - CVE-2026-6271 The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload i
CVE-2026-6271Critical 9.8
CVE-2026-6271 CVSS:9.8 The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7 via the CV… - CVE-2026-8181 The Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Al
CVE-2026-8181Critical 9.8
CVE-2026-8181 CVSS:9.8 The Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin for WordPress is vulnerable to… - CVE-2020-37168 Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerabili
CVE-2020-37168Critical 9.8
CVE-2020-37168 CVSS:9.8 Ecommerce Systempay 1.0 contains a weak cryptographic implementation vulnerability that allows attackers to brute force the… - CVE-2026-42062 ELECOM wireless LAN access point devices contain an OS command injection in proc
CVE-2026-42062Critical 9.8
CVE-2026-42062 CVSS:9.8 ELECOM wireless LAN access point devices contain an OS command injection in processing of username parameter. If processing a crafted… - CVE-2026-40621 ELECOM wireless LAN access point devices do not require authentication to access
CVE-2026-40621Critical 9.8
CVE-2026-40621 CVSS:9.8 ELECOM wireless LAN access point devices do not require authentication to access some specific URLs. The affected product may be… - CVE-2026-6512 The InfusedWoo Pro plugin for WordPress is vulnerable to authorization bypass in
CVE-2026-6512Critical 9.1
CVE-2026-6512 CVSS:9.1 The InfusedWoo Pro plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.2. This is due… - CVE-2026-42457 vCluster Platform provides a Kubernetes platform for managing virtual clusters,
CVE-2026-42457Critical 9.0
CVE-2026-42457 CVSS:9.0 vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to 4.4.3,…
High (47 条)
- CVE-2026-42559 RMCP is an official Rust SDK for the Model Context Protocol. Prior to version 1.
CVE-2026-42559High 8.8
CVE-2026-42559 CVSS:8.8 RMCP is an official Rust SDK for the Model Context Protocol. Prior to version 1.4.0, the rmcp crate's Streamable HTTP server transport… - CVE-2026-6637 Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged datab
CVE-2026-6637High 8.8
CVE-2026-6637 CVSS:8.8 Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating… - CVE-2026-6477 Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreS
CVE-2026-6477High 8.8
CVE-2026-6477 CVSS:8.8 Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and… - CVE-2026-6475 Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allo
CVE-2026-6475High 8.8
CVE-2026-6475 CVSS:8.8 Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g.… - CVE-2026-6473 Integer wraparound in multiple PostgreSQL server features allows an unprivileged
CVE-2026-6473High 8.8
CVE-2026-6473 CVSS:8.8 Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an… - CVE-2025-15025 Authorization bypass through User-Controlled key vulnerability in Yordam Informa
CVE-2025-15025High 8.8
CVE-2025-15025 CVSS:8.8 Authorization bypass through User-Controlled key vulnerability in Yordam Information Technology Consulting, Training and Electronic… - CVE-2025-12008 Authorization bypass through User-Controlled key vulnerability in APPYAP Technol
CVE-2025-12008High 8.8
CVE-2025-12008 CVSS:8.8 Authorization bypass through User-Controlled key vulnerability in APPYAP Technology and Information Inc. Yaay Social Media App allows… - CVE-2026-6506 The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation in
CVE-2026-6506High 8.8
CVE-2026-6506 CVSS:8.8 The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.1.2. This is due… - CVE-2026-3425 The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Local File
CVE-2026-3425High 8.8
CVE-2026-3425 CVSS:8.8 The RTMKit Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.2… - CVE-2026-7481 GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 bef
CVE-2026-7481High 8.7
CVE-2026-7481 CVSS:8.7 GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.9.7, 18.10 before 18.10.6, and 18.11 before… - CVE-2026-7377 GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 bef
CVE-2026-7377High 8.7
CVE-2026-7377 CVSS:8.7 GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before… - CVE-2026-6073 GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 bef
CVE-2026-6073High 8.7
CVE-2026-6073 CVSS:8.7 GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before… - CVE-2020-37221 Atomic Alarm Clock 6.3 contains a stack overflow vulnerability that allows local
CVE-2020-37221High 8.4
CVE-2020-37221 CVSS:8.4 Atomic Alarm Clock 6.3 contains a stack overflow vulnerability that allows local attackers to execute arbitrary code by supplying a… - CVE-2026-5395 The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Fo
CVE-2026-5395High 8.2
CVE-2026-5395 CVSS:8.2 The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to… - CVE-2026-5396 The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Thro
CVE-2026-5396High 8.2
CVE-2026-5396 CVSS:8.2 The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and… - CVE-2020-37218 Joomla com_hdwplayer 4.2 contains an SQL injection vulnerability in the search.p
CVE-2020-37218High 8.2
CVE-2020-37218 CVSS:8.2 Joomla com_hdwplayer 4.2 contains an SQL injection vulnerability in the search.php file that allows unauthenticated attackers to… - CVE-2026-4030 The Database Backup for WordPress plugin for WordPress is vulnerable to unauthor
CVE-2026-4030High 8.1
CVE-2026-4030 CVSS:8.1 The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up… - CVE-2026-3892 The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is
CVE-2026-3892High 8.1
CVE-2026-3892 CVSS:8.1 The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions… - CVE-2026-20916 An authenticated iControl REST user with low privileges can create or modify arb
CVE-2026-20916High 8.1
CVE-2026-20916 CVSS:8.1 An authenticated iControl REST user with low privileges can create or modify arbitrary files through an undisclosed iControl REST… - CVE-2020-37223 IObit Uninstaller 9.5.0.15 contains an unquoted service path vulnerability in th
CVE-2020-37223High 7.8
CVE-2020-37223 CVSS:7.8 IObit Uninstaller 9.5.0.15 contains an unquoted service path vulnerability in the IObitUnSvr service that allows local attackers to… - CVE-2026-6479 Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker
CVE-2026-6479High 7.5
CVE-2026-6479 CVSS:7.5 Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to… - CVE-2026-4031 The Database Backup for WordPress plugin for WordPress is vulnerable to authoriz
CVE-2026-4031High 7.5
CVE-2026-4031 CVSS:7.5 The Database Backup for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including,… - CVE-2026-4029 The Database Backup for WordPress plugin for WordPress is vulnerable to unauthor
CVE-2026-4029High 7.5
CVE-2026-4029 CVSS:7.5 The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database export in all versions up to, and… - CVE-2026-6514 The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in
CVE-2026-6514High 7.5
CVE-2026-6514 CVSS:7.5 The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.1.2 via the… - CVE-2026-1659 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.0 b
CVE-2026-1659High 7.5
CVE-2026-1659 CVSS:7.5 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before… - CVE-2025-14870 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5
CVE-2025-14870High 7.5
CVE-2025-14870 CVSS:7.5 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before… - CVE-2025-14869 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5
CVE-2025-14869High 7.5
CVE-2025-14869 CVSS:7.5 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before… - CVE-2026-46419 Yubico webauthn-server-core (aka java-webauthn-server) 2.8.0 before 2.8.2 incorr
CVE-2026-46419High 7.5
CVE-2026-46419 CVSS:7.5 Yubico webauthn-server-core (aka java-webauthn-server) 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second… - CVE-2025-28344 striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function Aux
CVE-2025-28344High 7.5
CVE-2025-28344 CVSS:7.5 striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function AuxJack. 产品: - CVE-2025-28343 striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function Thr
CVE-2025-28343High 7.5
CVE-2025-28343 CVSS:7.5 striso-control-firmware 54c9722 is vulnerable to Buffer Overflow in function ThreadReadButtons. 产品: - CVE-2020-37220 Huawei HG630 V2 router contains an authentication bypass vulnerability that allo
CVE-2020-37220High 7.5
CVE-2020-37220 CVSS:7.5 Huawei HG630 V2 router contains an authentication bypass vulnerability that allows unauthenticated attackers to obtain administrative… - CVE-2020-37219 Joomla com_fabrik 3.9.11 contains a directory traversal vulnerability that allow
CVE-2020-37219High 7.5
CVE-2020-37219 CVSS:7.5 Joomla com_fabrik 3.9.11 contains a directory traversal vulnerability that allows unauthenticated attackers to list arbitrary files by… - CVE-2026-24712 Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.
CVE-2026-24712High 7.3
CVE-2026-24712 CVSS:7.3 Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection. 产品: - CVE-2024-55045 Firmament-Autopilot FMT-Firmware commit de5aec was discovered to contain a buffe
CVE-2024-55045High 7.3
CVE-2024-55045 CVSS:7.3 Firmament-Autopilot FMT-Firmware commit de5aec was discovered to contain a buffer overflow via the task_mavobc_entry function at… - CVE-2026-37430 An arbitrary file upload vulnerability in the ShopOrderImportController.java com
CVE-2026-37430High 7.3
CVE-2026-37430 CVSS:7.3 An arbitrary file upload vulnerability in the ShopOrderImportController.java component of qihang-wms commit 75c15a allows attackers to… - CVE-2026-41937 Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the p
CVE-2026-41937High 7.2
CVE-2026-41937 CVSS:7.2 Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload endpoint that allows super_admin users to… - CVE-2026-6476 SQL injection in PostgreSQL pg_createsubscriber allows an attacker with pg_creat
CVE-2026-6476High 7.2
CVE-2026-6476 CVSS:7.2 SQL injection in PostgreSQL pg_createsubscriber allows an attacker with pg_create_subscription rights to execute arbitrary SQL as a… - CVE-2026-3718 The ManageWP Worker plugin for WordPress is vulnerable to Stored Cross-Site Scri
CVE-2026-3718High 7.2
CVE-2026-3718 CVSS:7.2 The ManageWP Worker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'MWP-Key-Name' HTTP request header in all… - CVE-2020-37222 Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that
CVE-2020-37222High 7.2
CVE-2020-37222 CVSS:7.2 Kuicms Php EE 2.0 contains a persistent cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious… - CVE-2026-6177 The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site
CVE-2026-6177High 7.2
CVE-2026-6177 CVSS:7.2 The Custom Twitter Feeds plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.5.4. This… - CVE-2026-35506 ELECOM wireless LAN access point devices contain an OS command injection vulnera
CVE-2026-35506High 7.2
CVE-2026-35506 CVSS:7.2 ELECOM wireless LAN access point devices contain an OS command injection vulnerability in processing of ping_ip_addr parameter. If… - CVE-2026-41935 Vvveb before 1.0.8.3 contains an uncontrolled recursion vulnerability in the adm
CVE-2026-41935High 7.1
CVE-2026-41935 CVSS:7.1 Vvveb before 1.0.8.3 contains an uncontrolled recursion vulnerability in the admin controller dispatch cycle where Base::init()… - CVE-2026-46446 SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords
CVE-2026-46446High 7.1
CVE-2026-46446 CVSS:7.1 SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to… - CVE-2026-46445 SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection.
CVE-2026-46445High 7.1
CVE-2026-46445 CVSS:7.1 SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection. 产品: - CVE-2020-37226 Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that
CVE-2020-37226High 7.1
CVE-2020-37226 CVSS:7.1 Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database… - CVE-2020-37224 Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that
CVE-2020-37224High 7.1
CVE-2020-37224 CVSS:7.1 Joomla J2 JOBS 1.3.0 contains an authenticated SQL injection vulnerability that allows authenticated attackers to manipulate database… - CVE-2026-4609 The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is
CVE-2026-4609High 7.1
CVE-2026-4609 CVSS:7.1 The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized access due to a missing…
⚔️ Sploitus(60 条)
Unknown (60 条)
- Exploit for Improper Handling of Exceptional Conditions in Newtonsoft Json.Net exploit
Exploit for Improper Handling of Exceptional Conditions in Newtonsoft Json.Net exploit - Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel exploit
Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel exploit
…另有 58 条 Unknown 级漏洞(已省略)
🤖 漏洞情报自动汇总 · 2026-05-16 · 数据来源: NVD / GitHub Advisory / Sploitus / CISA-KEV