📊 2026-05-17 漏洞情报日报 · 200 条 · 高危 81
每日漏洞情报汇总 · 2026-05-17
📊 2026-05-17 漏洞情报日报
📋 共 200 条
🔥 高危/严重 81 条
🚨 CISA-KEV 1 条
💣 Exploit-DB-RSS 3 条
🐙 GitHub-Advisory 55 条 🔥30
🛡️ NVD-Latest 51 条 🔥51
⚔️ Sploitus 90 条
🤖 今日安全态势分析
🎯 今日重点关注
- CVE-2026-8398 (CVSS 9.8) — DAEMON Tools Lite 供应链攻击:攻击者通过篡改官方安装包(版本12.5.0.2421~12.5.0.2434)植入恶意代码,影响大量Windows用户。无交互即可远程执行,危害极高。
- CVE-2026-45062 — FrankenPHP CGI路径分割漏洞:因Unicode处理缺陷,攻击者可绕过安全检查执行任意代码。影响所有使用FrankenPHP的Web服务,需公开访问。
- CVE-2026-6271 (CVSS 9.8) — WordPress Career Section插件任意文件上传:CV上传接口缺少文件类型校验,未认证攻击者可上传webshell,完全接管网站。
- CVE-2026-8181 (CVSS 9.8) — Burst Statistics插件认证绕过:返回值处理错误导致未授权登录,影响WordPress站点。攻击者可直接获取管理员权限。
- CVE-2026-45398 — Open WebUI检索API绕过知识库访问控制:IDOR漏洞允许攻击者越权访问知识库敏感数据,需网络可达且存在有效会话。
📈 威胁趋势
- 任意代码执行 / 文件上传 (RCE):今日共出现3起严重漏洞,包括DAEMON Tools供应链后门、FrankenPHP路径分割、Career Section文件上传。攻击面从传统Web应用扩展至桌面软件和PHP运行时。
- 认证与授权绕过:WordPress生态集中爆发(Burst Statistics、Form Notify、InfusedWoo Pro),均为CVSS 9.8漏洞。攻击者利用cookie验证缺陷或缺失权限检查直接接管账户。
- 路径遍历与文件覆盖:涉及Joplin OneNote转换器、Pipecat开发服务器及FrankenPHP。一旦配合可写目录,极易升级为代码执行。
- 拒绝服务 (DoS) / 资源消耗:nimiq-keys库的Ed25519签名长度校验缺失,构造特殊DHT记录即可导致全节点崩溃,威胁区块链基础设施。
- 信息泄露与侧信道:OpenMRS数据库存储的可执行字符串存在风险;Open WebUI的IDOR漏洞直接暴露知识库内容。
🛡️ 缓解建议
- 立即升级受影响组件:将DAEMON Tools Lite更新至12.5.0.2435以上;将FrankenPHP、Better Auth、Open WebUI、Joplin/nimiq-keys更新至最新版本。
- 检查并加固WordPress插件:重点排查Burst Statistics(3.4.1.1+)、Form Notify(1.1.10+)、Career Section(1.7+)、InfusedWoo Pro(5.1.2+)等插件,立即停用或升级至补丁版本。
- 临时访问控制与监控:对FrankenPHP服务器限制非ASCII请求;对OpenMRS数据库进行审计;在DAEMON Tools Lite主机上扫描异常进程与网络连接。
- 禁用不安全的开发/调试功能:在生产环境中切勿使用Pipecat的`--folder`标志;检查并禁用goshs的`--tunnel`模式;确保SSH HostKeyCallback使用安全实现。
🚨 CISA-KEV(1 条)
Unknown (1 条)
- CVE-2026-42897 - Microsoft Exchange Server Cross-Site Scripting Vulnerability
CVE-2026-42897
CVE-2026-42897 Microsoft Exchange Server Cross-Site Scripting Vulnerability 产品: Microsoft Microsoft 描述: Microsoft Exchange Server contains a cross-site…
💣 Exploit-DB-RSS(3 条)
Unknown (3 条)
- [local] Remote Sunrise Helper for Windows 2026.14 - Remote Code Execution
# Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated Remote Code Execution # Date: 2026-04-20 # Exploit Author: Chokri Hammedi #… - [local] Remote Sunrise Helper for Windows 2026.14 - Unauthenticated File/Directory Listing
#!/usr/bin/env python3 # Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated File/Directory Listing # Date: 2026-04-20 # Exploit Author:…
…另有 1 条 Unknown 级漏洞(已省略)
🐙 GitHub-Advisory(55 条)
High (30 条)
- CVE-2026-45398 - Open WebUI Vulnerable to IDOR: Retrieval API Bypasses Knowledge Base Access Cont
CVE-2026-45398High 3.1
# IDOR: Retrieval API Bypasses Knowledge Base Access Controls **Author:** Andrew Orr <aorr@tenable.com> ## Summary `_validate_collection_access()` ([PR… - CVE-2026-22810 - @joplin/onenote-converter: Path traversal in OneNote importer allows overwriting
CVE-2026-22810High
Summary A path traversal vulnerability in the OneNote importer allows overwriting arbitrary files on disk. Details The OneNote converter does not sanitize the… - CVE-2026-40092 - nimiq-keys: Unchecked Ed25519 signature length in TaggedPublicKey::verify causes
CVE-2026-40092High
Impact A malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record containing a `TaggedSigned<ValidatorRecord, KeyPair>`… - CVE-2026-41147 - NukeViet CMS: Stored Cross-Site Scripting (XSS) via insufficient server-side inp
CVE-2026-41147High
Impact NukeViet CMS <= 4.5.08 contains a Stored Cross-Site Scripting (XSS) vulnerability caused by insufficient server-side input sanitization in the Request… - CVE-2026-44716 - Pipecat: Path Traversal in Pipecat Runner `/files` Endpoint — Arbitrary File Rea
CVE-2026-44716High
## Summary A path traversal vulnerability exists in Pipecat's development runner (`src/pipecat/runner/run.py`). When the runner is started with the `--folder`… - CVE-2026-45062 - FrankenPHP: Unsafe Unicode Handling in CGI Path Splitting Allows Execution of No
CVE-2026-45062High
Summary The `splitPos()` function in [`cgi.go`](https://github.com/php/frankenphp/blob/main/cgi.go) misuses `golang.org/x/text/search` with `search.IgnoreCase`… - GHSA-mxg3-432p-mr72 - goshs: SSH host key verification disabled, allowing transparent MITM of every tu High
Summary The `--tunnel` / `-t` flag opens an outbound SSH connection to `localhost.run:22` with `HostKeyCallback: ssh.InsecureIgnoreHostKey()`. The Go… - CVE-2026-45364 - Better Auth: Rate limiter keys IPv6 addresses individually and is bypassable via
CVE-2026-45364High
Am I affected? Users are affected if all of the following are true: - Their app uses `better-auth` at a version `< 1.4.17`, or at a v1.5 prerelease tagged `<=… - CVE-2026-45548 - Budibase: SSRF in AI Extract File Automation Step via Missing IP Blacklist Valid
CVE-2026-45548High
## Vulnerability Details **CWE-918**: Server-Side Request Forgery (SSRF) The `processUrlFile` function in `packages/server/src/automations/steps/ai/extract.ts`… - CVE-2026-45715 - Budibase: SSRF Bypass via HTTP Redirect in REST Datasource Integration
CVE-2026-45715High
Summary The REST datasource integration follows HTTP redirects without re-checking the IP blacklist, allowing an authenticated Builder to access internal… - CVE-2026-45717 - Budibase: `PUT /api/datasources/:datasourceId` is protected only by `TABLE/READ`
CVE-2026-45717High
## Summary Budibase exposes a REST API for datasource management. The route `PUT /api/datasources/:datasourceId` is registered in the `authorizedRoutes` group… - CVE-2026-44692 - Authenticated Sharp users can download unrelated Laravel Storage objects through
CVE-2026-44692High
Sharp exposes a generic download endpoint that authorizes access only to the supplied Sharp entity instance, but then reads the target storage `disk` and… - CVE-2026-46491 - SimpleSAMLphp casserver FileSystemTicketStore path traversal allows out-of-ticke
CVE-2026-46491High
## Summary `simplesamlphp-module-casserver` builds file paths for the file-based CAS ticket store by directly concatenating the configured ticket directory… - GHSA-qxvm-r42f-5p8j - AVideo's Meet plugin: `uploadRecordedVideo.json.php` derives `users_id` from the High
## Summary **Type:** Authorization-bypass via user-controlled identifier. The Meet plugin's recorded-video upload endpoint… - CVE-2026-45574 - epa4all-client: TLS Certificate Validation Disabled in Production
CVE-2026-45574High
Impact An attacker on the network path between the ePA service and the Konnektor can present any TLS certificate (self-signed, expired, wrong CN) and intercept… - CVE-2026-45575 - Improper Verification of Cryptographic Signature in com.oviva.telematik:epa4all
CVE-2026-45575High
Impact An attacker who can MITM the TLS connection between the client and the IDP (within the TI network) can substitute a forged discovery document. The… - CVE-2026-45578 - AVideo: OS command injection in on_publish.php execAsync via unescaped m3u8 URL
CVE-2026-45578High
## Summary **Type:** Classic shell-metacharacter injection. The YPTSocket notification branch in `plugin/Live/on_publish.php` builds an `execAsync()` command… - CVE-2026-45331 - Open WebUI has a full SSRF Vulnerability in the RAG Web Search Feature
CVE-2026-45331High
# SSRF Bypass via IPv6/IPv4-mapped IPv6/IPv4-reserved-ranges in `validate_url()` ## Summary `validate_url()` in `backend/open_webui/retrieval/web/utils.py`… - CVE-2026-45338 - Open WebUI Vulnerable to SSRF via OAuth Profile Picture URL in _process_picture_
CVE-2026-45338High
## Summary A Server-Side Request Forgery (SSRF) vulnerability exists in `_process_picture_url()` in `backend/open_webui/utils/oauth.py` (line ~1338). The… - CVE-2026-42570 - Svelte devalue: DoS via sparse array deserialization
CVE-2026-42570High
`devalue.parse` could, due to quirks in some JavaScript engines, be convinced to allocate much more memory than was needed when deserializing sparse arrays,… - CVE-2026-45348 - pyLoad is vulnerable to stored XSS in Downloads view via unsanitized link URL in
CVE-2026-45348High
## Summary The `packages.js` template at `src/pyload/webui/app/themes/modern/templates/js/packages.js:172` interpolates a stored link URL into a template… - CVE-2026-45349 - Open WebUI has Broken Access Control for Completions API
CVE-2026-45349High
Summary Any user `X` can continue the conversation of any other user `Y`, as long as the Chat ID of `Y` is known. User `X` does not even need to be an admin to… - CVE-2026-45350 - Open WebUI's chat completion API allows tool restrictions to be bypassed
CVE-2026-45350High
Summary Open WebUI v0.6.43 contains a vulnerability in its chat completion API, which allows attackers to bypass tool restrictions, potentially enabling… - CVE-2026-45395 - Open WebUI: Missing `workspace.tools` Authorization Check on Tool Update Endpoin
CVE-2026-45395High
Summary The tool update endpoint (`POST /api/v1/tools/id/{id}/update`) is missing the `workspace.tools` permission check that is present on the tool create… - CVE-2026-45399 - Open WebUI: Low-privilege authenticated users can enumerate and stop global back
CVE-2026-45399High
Summary Any authenticated user with low privileges can enumerate active background tasks across the system and stop tasks belonging to other users via the GET… - CVE-2026-45400 - Open WebUI has a Server-Side Request Forgery (SSRF) bypass in `validate_url`
CVE-2026-45400High
Summary In the open-webui project, a parsing difference between the urlparse and requests libraries led to an SSRF bypass vulnerability. Details In the current… - CVE-2026-45401 - Open WebUI has a SSRF Bypass via HTTP Redirect Following in Web-Fetch and Image
CVE-2026-45401High
# Server-Side Request Forgery (SSRF) Bypass via HTTP Redirect Following in Web-Fetch, Image-Load, and Chat-Completion Endpoints ## Summary The `validate_url()`… - GHSA-3wgj-c2hg-vm6q - Open WebUI vulnerable to stored XSS via OAuth picture claim stored as SVG data U
CVE-2025-64496CVE-2025-64495High
# Summary When a user signs in via OAuth, Open WebUI fetches the `picture` claim URL, infers a MIME type from the URL extension via `mimetypes.guess_type`, and… - CVE-2026-45402 - Open WebUI: Cross-User File Access via Unchecked file_id in Folder Knowledge and
CVE-2026-45402High
# Cross-User File Access via Unchecked file_id in Folder Knowledge and Knowledge-Base Attach Endpoints ## Summary Multiple endpoints accept a user-supplied… - CVE-2026-45665 - Open WebUI has Stored XSS in Banner Component via Improper Sanitization Order
CVE-2026-45665High
Summary A Stored Cross-Site Scripting (XSS) vulnerability exists in the Banner component due to an improper sanitization order (specifically, DOMPurify is…
Medium (25 条)
- CVE-2025-65954 - SimpleSAMLphp casserver: Open Redirect in logout
CVE-2025-65954Medium
Summary The logout endpoint accepts a `url` query parameter to redirect to. casserver treats that url as trusted, and either (depending on configuration)… - CVE-2026-45106 - Weblate: Stored HTML injection in editor search preview
CVE-2026-45106Medium
Impact Weblate's live search preview renders unit `source` and `context` as HTML without escaping. Any contributor whose content reaches those fields stores… - GHSA-wxw3-q3m9-c3jr - Better Auth: OAuth callback accepts mismatched `state` when cookie-backed state Medium
Am I affected? Users are affected if all of the following are true: - The application uses `better-auth` at a version below `1.6.2` (or `@better-auth/sso`… - GHSA-vfvv-c25p-m7mm - rkyv: Panic safety bugs in `InlineVec::clear` and `SerVec::clear` enable arbitra Medium
`InlineVec::clear()` and `SerVec::clear()` in `rkyv` were not panic-safe. Both functions iterate over their elements and call `drop_in_place` on each, updating… - GHSA-rc6v-5rmx-w5mv - arnika is affected by medium-severity issues in UDP rotation, PQC handling, and Medium
Summary Three medium-severity issues in arnika affecting the UDP key-rotation protocol, PQC key file handling, and KMS TLS client. All require specific… - CVE-2026-46383 - Microsoft APM: Windows absolute-path tar member overwrite during legacy-bundle p
CVE-2026-46383Medium
Summary Microsoft APM contains a Windows-specific archive extraction boundary failure in the legacy-bundle probe used by `apm install <bundle>` on supported… - CVE-2026-45580 - AVideo: stored XSS via unescaped stream key in modeYoutubeLive.php class attribu
CVE-2026-45580Medium
## Summary **Type:** Stored cross-site scripting. The Live plugin's "YouTube-style" view renders the live transmission's stream key into an HTML class… - CVE-2026-45610 - AVideo: 2FA toggle endpoint has no CSRF protection, letting an attacker page sil
CVE-2026-45610Medium
## Summary **Type:** Cross-site request forgery on the 2FA toggle. `plugin/LoginControl/set.json.php` accepts `POST type=set2FA value=false`, calls…
…另有 17 条 Medium 级漏洞(已省略)
🛡️ NVD-Latest(51 条)
Critical (10 条)
- CVE-2026-8398 A supply chain attack compromised the official installation packages of DAEMON T
CVE-2026-8398Critical 9.8
CVE-2026-8398 CVSS:9.8 A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 through… - CVE-2026-5229 The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in v
CVE-2026-5229Critical 9.8
CVE-2026-5229 CVSS:9.8 The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.1.10. This is due to the… - CVE-2026-2347 Authorization bypass through User-Controlled key vulnerability in Akilli Commerc
CVE-2026-2347Critical 9.8
CVE-2026-2347 CVSS:9.8 Authorization bypass through User-Controlled key vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website… - CVE-2025-11024 Improper neutralization of special elements used in an SQL command ('SQL injecti
CVE-2025-11024Critical 9.8
CVE-2025-11024 CVSS:9.8 Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Akilli Commerce Software… - CVE-2026-6510 The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation vi
CVE-2026-6510Critical 9.8
CVE-2026-6510 CVSS:9.8 The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation via missing authorization in all versions up to, and… - CVE-2026-6271 The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload i
CVE-2026-6271Critical 9.8
CVE-2026-6271 CVSS:9.8 The Career Section plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 1.7 via the CV… - CVE-2026-8181 The Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Al
CVE-2026-8181Critical 9.8
CVE-2026-8181 CVSS:9.8 The Burst Statistics – Privacy-Friendly WordPress Analytics (Google Analytics Alternative) plugin for WordPress is vulnerable to… - CVE-2026-41258 OpenMRS is an open source electronic medical record system platform. From 2.7.0
CVE-2026-41258Critical 9.1
CVE-2026-41258 CVSS:9.1 OpenMRS is an open source electronic medical record system platform. From 2.7.0 to before 2.7.9 and 2.8.6, the… - CVE-2026-6512 The InfusedWoo Pro plugin for WordPress is vulnerable to authorization bypass in
CVE-2026-6512Critical 9.1
CVE-2026-6512 CVSS:9.1 The InfusedWoo Pro plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.1.2. This is due… - CVE-2026-42457 vCluster Platform provides a Kubernetes platform for managing virtual clusters,
CVE-2026-42457Critical 9.0
CVE-2026-42457 CVSS:9.0 vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to 4.4.3,…
High (41 条)
- CVE-2026-6228 The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege
CVE-2026-6228High 8.8
CVE-2026-6228 CVSS:8.8 The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36.… - CVE-2026-42559 RMCP is an official Rust SDK for the Model Context Protocol. Prior to version 1.
CVE-2026-42559High 8.8
CVE-2026-42559 CVSS:8.8 RMCP is an official Rust SDK for the Model Context Protocol. Prior to version 1.4.0, the rmcp crate's Streamable HTTP server transport… - CVE-2026-6637 Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged datab
CVE-2026-6637High 8.8
CVE-2026-6637 CVSS:8.8 Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating… - CVE-2026-6477 Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreS
CVE-2026-6477High 8.8
CVE-2026-6477 CVSS:8.8 Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and… - CVE-2026-6475 Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allo
CVE-2026-6475High 8.8
CVE-2026-6475 CVSS:8.8 Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g.… - CVE-2026-6473 Integer wraparound in multiple PostgreSQL server features allows an unprivileged
CVE-2026-6473High 8.8
CVE-2026-6473 CVSS:8.8 Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an… - CVE-2025-15025 Authorization bypass through User-Controlled key vulnerability in Yordam Informa
CVE-2025-15025High 8.8
CVE-2025-15025 CVSS:8.8 Authorization bypass through User-Controlled key vulnerability in Yordam Information Technology Consulting, Training and Electronic… - CVE-2025-12008 Authorization bypass through User-Controlled key vulnerability in APPYAP Technol
CVE-2025-12008High 8.8
CVE-2025-12008 CVSS:8.8 Authorization bypass through User-Controlled key vulnerability in APPYAP Technology and Information Inc. Yaay Social Media App allows… - CVE-2026-6506 The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation in
CVE-2026-6506High 8.8
CVE-2026-6506 CVSS:8.8 The InfusedWoo Pro plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.1.2. This is due… - CVE-2026-7481 GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 bef
CVE-2026-7481High 8.7
CVE-2026-7481 CVSS:8.7 GitLab has remediated an issue in GitLab EE affecting all versions from 16.4 before 18.9.7, 18.10 before 18.10.6, and 18.11 before… - CVE-2026-7377 GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 bef
CVE-2026-7377High 8.7
CVE-2026-7377 CVSS:8.7 GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before… - CVE-2026-6073 GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 bef
CVE-2026-6073High 8.7
CVE-2026-6073 CVSS:8.7 GitLab has remediated an issue in GitLab EE affecting all versions from 18.7 before 18.9.7, 18.10 before 18.10.6, and 18.11 before… - CVE-2026-2652 A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticat
CVE-2026-2652High 8.6
CVE-2026-2652 CVSS:8.6 A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is… - CVE-2026-41964 Permission control vulnerability in the web. Impact: Successful exploitation of
CVE-2026-41964High 8.4
CVE-2026-41964 CVSS:8.4 Permission control vulnerability in the web. Impact: Successful exploitation of this vulnerability may affect availability. 产品: - CVE-2026-34253 A buffer underflow vulnerability has been identified in the ogg123 utility from
CVE-2026-34253High 8.2
CVE-2026-34253 CVSS:8.2 A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread… - CVE-2026-5395 The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Fo
CVE-2026-5395High 8.2
CVE-2026-5395 CVSS:8.2 The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to… - CVE-2026-5396 The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Thro
CVE-2026-5396High 8.2
CVE-2026-5396 CVSS:8.2 The Fluent Forms plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to, and… - CVE-2026-35194 Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and
CVE-2026-35194High 8.1
CVE-2026-35194 CVSS:8.1 Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query… - CVE-2026-4094 The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is
CVE-2026-4094High 8.1
CVE-2026-4094 CVSS:8.1 The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to unauthorized data loss due to a missing… - CVE-2026-28761 Cross-site request forgery vulnerability exists in Musetheque V4 Information Dis
CVE-2026-28761High 8.1
CVE-2026-28761 CVSS:8.1 Cross-site request forgery vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier. If… - CVE-2026-4030 The Database Backup for WordPress plugin for WordPress is vulnerable to unauthor
CVE-2026-4030High 8.1
CVE-2026-4030 CVSS:8.1 The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up… - CVE-2026-3892 The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is
CVE-2026-3892High 8.1
CVE-2026-3892 CVSS:8.1 The Motors – Car Dealership & Classified Listings Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions… - CVE-2026-41702 VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that o
CVE-2026-41702High 7.8
CVE-2026-41702 CVSS:7.8 VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during an operation performed by a SETUID… - CVE-2026-38728 An issue in Nodemailer smtp_server before v.3.18.3 allows a remote attacker to c
CVE-2026-38728High 7.5
CVE-2026-38728 CVSS:7.5 An issue in Nodemailer smtp_server before v.3.18.3 allows a remote attacker to cause a denial of service via the SMTPStream._write,… - CVE-2026-6403 The Quick Playground plugin for WordPress is vulnerable to Path Traversal in ver
CVE-2026-6403High 7.5
CVE-2026-6403 CVSS:7.5 The Quick Playground plugin for WordPress is vulnerable to Path Traversal in versions up to and including 1.3.3. This is due to… - CVE-2026-6479 Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker
CVE-2026-6479High 7.5
CVE-2026-6479 CVSS:7.5 Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to… - CVE-2026-4031 The Database Backup for WordPress plugin for WordPress is vulnerable to authoriz
CVE-2026-4031High 7.5
CVE-2026-4031 CVSS:7.5 The Database Backup for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including,… - CVE-2026-4029 The Database Backup for WordPress plugin for WordPress is vulnerable to unauthor
CVE-2026-4029High 7.5
CVE-2026-4029 CVSS:7.5 The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database export in all versions up to, and… - CVE-2026-6514 The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in
CVE-2026-6514High 7.5
CVE-2026-6514 CVSS:7.5 The InfusedWoo Pro plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 5.1.2 via the… - CVE-2026-1659 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.0 b
CVE-2026-1659High 7.5
CVE-2026-1659 CVSS:7.5 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.0 before 18.9.7, 18.10 before 18.10.6, and 18.11 before… - CVE-2025-14870 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5
CVE-2025-14870High 7.5
CVE-2025-14870 CVSS:7.5 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before… - CVE-2025-14869 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5
CVE-2025-14869High 7.5
CVE-2025-14869 CVSS:7.5 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.5 before 18.9.7, 18.10 before 18.10.6, and 18.11 before… - CVE-2026-46419 Yubico webauthn-server-core (aka java-webauthn-server) 2.8.0 before 2.8.2 incorr
CVE-2026-46419High 7.5
CVE-2026-46419 CVSS:7.5 Yubico webauthn-server-core (aka java-webauthn-server) 2.8.0 before 2.8.2 incorrectly checks a function's return value in the second… - CVE-2026-39054 Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.
CVE-2026-39054High 7.3
CVE-2026-39054 CVSS:7.3 Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.executeCommands. The method starts a shell process and… - CVE-2026-24712 Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.
CVE-2026-24712High 7.3
CVE-2026-24712 CVSS:7.3 Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection. 产品: - CVE-2026-41937 Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the p
CVE-2026-41937High 7.2
CVE-2026-41937 CVSS:7.2 Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload endpoint that allows super_admin users to… - CVE-2026-6476 SQL injection in PostgreSQL pg_createsubscriber allows an attacker with pg_creat
CVE-2026-6476High 7.2
CVE-2026-6476 CVSS:7.2 SQL injection in PostgreSQL pg_createsubscriber allows an attacker with pg_create_subscription rights to execute arbitrary SQL as a… - CVE-2026-3718 The ManageWP Worker plugin for WordPress is vulnerable to Stored Cross-Site Scri
CVE-2026-3718High 7.2
CVE-2026-3718 CVSS:7.2 The ManageWP Worker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'MWP-Key-Name' HTTP request header in all… - CVE-2026-41935 Vvveb before 1.0.8.3 contains an uncontrolled recursion vulnerability in the adm
CVE-2026-41935High 7.1
CVE-2026-41935 CVSS:7.1 Vvveb before 1.0.8.3 contains an uncontrolled recursion vulnerability in the admin controller dispatch cycle where Base::init()… - CVE-2026-46446 SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords
CVE-2026-46446High 7.1
CVE-2026-46446 CVSS:7.1 SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to… - CVE-2026-46445 SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection.
CVE-2026-46445High 7.1
CVE-2026-46445 CVSS:7.1 SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection. 产品:
⚔️ Sploitus(90 条)
Unknown (90 条)
- Exploit for Code Injection in Rejetto Http_File_Server exploit
Exploit for Code Injection in Rejetto Http_File_Server exploit - lwip-2026-pocs exploit
lwip-2026-pocs exploit
…另有 88 条 Unknown 级漏洞(已省略)
🤖 漏洞情报自动汇总 · 2026-05-17 · 数据来源: NVD / GitHub Advisory / Sploitus / CISA-KEV