📊 2026-05-18 漏洞情报日报 · 200 条 · 高危 98
每日漏洞情报汇总 · 2026-05-18
📊 2026-05-18 漏洞情报日报
📋 共 200 条
🔥 高危/严重 98 条
💣 Exploit-DB-RSS 3 条
🐙 GitHub-Advisory 25 条 🔥16
🛡️ NVD-Latest 82 条 🔥82
⚔️ Sploitus 90 条
🤖 今日安全态势分析
🎯 今日重点关注
- CVE-2026-8398 (CVSS 9.8) - DAEMON Tools Lite 供应链攻击:官方安装包被植入恶意代码,影响Windows版本12.5.0.2421至12.5.0.2434。攻击者通过合法分发渠道投放后门,用户安装即被控,利用条件极低,危害范围广。
- CVE-2018-25332 (CVSS 9.8) - GitBucket 4.23.1 未授权远程代码执行:弱Token生成与不安全文件上传结合,允许未认证攻击者执行任意命令。鉴于版本老旧且未修复,企业若未升级将面临直接沦陷风险。
- CVE-2026-45062 - FrankenPHP CGI 路径拆分漏洞:因Unicode处理不当导致路径分割逻辑缺陷,可绕过限制执行任意PHP文件。对使用CGI模式部署的PHP应用构成严重威胁,利用链清晰。
- GHSA-mxg3-432p-mr72 - goshs SSH隧道中间人攻击:开发工具goshs的tunnel模式禁用主机密钥验证,允许攻击者透明执行MITM,截获或篡改SSH流量。开发者使用该功能时若网络不可信,凭证将暴露。
📈 威胁趋势
- 远程代码执行 (RCE) / 任意文件上传:今日最严重的威胁类型,共5个Critical级漏洞涉及该领域。包括WordPress插件(CVE-2018-25335)、GitBucket(CVE-2018-25332)、ACL Analytics(CVE-2018-25320)和jsonpickle(CVE-2021-47952)的反序列化缺陷。
- 路径遍历与文件写入:出现2个High级漏洞(Joplin OneNote转换器、Pipecat Runner),均允许攻击者利用路径遍历覆盖或读取服务器任意文件,常作为RCE的前置步骤。
- 身份验证绕过与逻辑缺陷:涉及WordPress Form Notify插件(CVE-2026-5229)、数字标牌系统(CVE-2020-37228)及Better Auth(CVE-2026-45364)。后者因IPv6限速密钥设计缺陷,可被攻击者暴力破解。
- 拒绝服务 (DoS) 与内存安全:Nimiq节点因未检查Ed25519签名长度导致崩溃(CVE-2026-40092);libbabl库存在双重释放绕过(CVE-2020-37239),可导致程序崩溃或潜在利用。
- 信息泄露与SSRF:Budibase AI提取步骤(CVE-2026-45548)因缺失IP黑名单导致SSRF,可探测内网;DAEMON Tools供应链事件直接导致用户信息外泄。
🛡️ 缓解建议
- 立即隔离与扫描:重点排查DAEMON Tools Lite受影响版本(12.5.0.2421-2434),立即卸载并扫描主机是否存在异常进程或连接。同时检查GitBucket、WordPress插件是否仍使用CVE涉及的老旧版本,并执行安全升级。
- 升级关键组件:针对Joplin、FrankenPHP、Better Auth、Pipecat及NukeViet CMS,应升级至最新修补版本。针对Nimiq节点应用官方补丁修复签名验证逻辑。
- 强化开发安全基线和配置:禁止在开发或生产环境中使用“goshs”的隧道模式;检查所有PHP应用是否使用CGI模式,如受CVE-2026-45062影响应卸载或切换至FPM模式。禁用Budibase中AI提取自动化步骤,直至厂商发布补丁。
- 加固边界防御:检查Web应用防火墙(WAF)规则,确保能拦截路径遍历(如../%2e%2e/)及JSON反序列化攻击载荷(如py/repr对象)。对暴露在公网的WordPress站点,强制部署双因素认证并审计用户Cookie验证逻辑。
💣 Exploit-DB-RSS(3 条)
Unknown (3 条)
- [local] Remote Sunrise Helper for Windows 2026.14 - Remote Code Execution
# Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated Remote Code Execution # Date: 2026-04-20 # Exploit Author: Chokri Hammedi #… - [local] Remote Sunrise Helper for Windows 2026.14 - Unauthenticated File/Directory Listing
#!/usr/bin/env python3 # Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated File/Directory Listing # Date: 2026-04-20 # Exploit Author:…
…另有 1 条 Unknown 级漏洞(已省略)
🐙 GitHub-Advisory(25 条)
High (16 条)
- CVE-2026-22810 - @joplin/onenote-converter: Path traversal in OneNote importer allows overwriting
CVE-2026-22810High
Summary A path traversal vulnerability in the OneNote importer allows overwriting arbitrary files on disk. Details The OneNote converter does not sanitize the… - CVE-2026-40092 - nimiq-keys: Unchecked Ed25519 signature length in TaggedPublicKey::verify causes
CVE-2026-40092High
Impact A malicious network peer can crash any Nimiq full node by publishing a crafted Kademlia DHT record containing a `TaggedSigned<ValidatorRecord, KeyPair>`… - CVE-2026-41147 - NukeViet CMS: Stored Cross-Site Scripting (XSS) via insufficient server-side inp
CVE-2026-41147High
Impact NukeViet CMS <= 4.5.08 contains a Stored Cross-Site Scripting (XSS) vulnerability caused by insufficient server-side input sanitization in the Request… - CVE-2026-44716 - Pipecat: Path Traversal in Pipecat Runner `/files` Endpoint — Arbitrary File Rea
CVE-2026-44716High
## Summary A path traversal vulnerability exists in Pipecat's development runner (`src/pipecat/runner/run.py`). When the runner is started with the `--folder`… - CVE-2026-45062 - FrankenPHP: Unsafe Unicode Handling in CGI Path Splitting Allows Execution of No
CVE-2026-45062High
Summary The `splitPos()` function in [`cgi.go`](https://github.com/php/frankenphp/blob/main/cgi.go) misuses `golang.org/x/text/search` with `search.IgnoreCase`… - GHSA-mxg3-432p-mr72 - goshs: SSH host key verification disabled, allowing transparent MITM of every tu High
Summary The `--tunnel` / `-t` flag opens an outbound SSH connection to `localhost.run:22` with `HostKeyCallback: ssh.InsecureIgnoreHostKey()`. The Go… - CVE-2026-45364 - Better Auth: Rate limiter keys IPv6 addresses individually and is bypassable via
CVE-2026-45364High
Am I affected? Users are affected if all of the following are true: - Their app uses `better-auth` at a version `< 1.4.17`, or at a v1.5 prerelease tagged `<=… - CVE-2026-45548 - Budibase: SSRF in AI Extract File Automation Step via Missing IP Blacklist Valid
CVE-2026-45548High
## Vulnerability Details **CWE-918**: Server-Side Request Forgery (SSRF) The `processUrlFile` function in `packages/server/src/automations/steps/ai/extract.ts`… - CVE-2026-45715 - Budibase: SSRF Bypass via HTTP Redirect in REST Datasource Integration
CVE-2026-45715High
Summary The REST datasource integration follows HTTP redirects without re-checking the IP blacklist, allowing an authenticated Builder to access internal… - CVE-2026-45717 - Budibase: `PUT /api/datasources/:datasourceId` is protected only by `TABLE/READ`
CVE-2026-45717High
## Summary Budibase exposes a REST API for datasource management. The route `PUT /api/datasources/:datasourceId` is registered in the `authorizedRoutes` group… - CVE-2026-44692 - Authenticated Sharp users can download unrelated Laravel Storage objects through
CVE-2026-44692High
Sharp exposes a generic download endpoint that authorizes access only to the supplied Sharp entity instance, but then reads the target storage `disk` and… - CVE-2026-46491 - SimpleSAMLphp casserver FileSystemTicketStore path traversal allows out-of-ticke
CVE-2026-46491High
## Summary `simplesamlphp-module-casserver` builds file paths for the file-based CAS ticket store by directly concatenating the configured ticket directory… - GHSA-qxvm-r42f-5p8j - AVideo's Meet plugin: `uploadRecordedVideo.json.php` derives `users_id` from the High
## Summary **Type:** Authorization-bypass via user-controlled identifier. The Meet plugin's recorded-video upload endpoint… - CVE-2026-45574 - epa4all-client: TLS Certificate Validation Disabled in Production
CVE-2026-45574High
Impact An attacker on the network path between the ePA service and the Konnektor can present any TLS certificate (self-signed, expired, wrong CN) and intercept… - CVE-2026-45575 - Improper Verification of Cryptographic Signature in com.oviva.telematik:epa4all
CVE-2026-45575High
Impact An attacker who can MITM the TLS connection between the client and the IDP (within the TI network) can substitute a forged discovery document. The… - CVE-2026-45578 - AVideo: OS command injection in on_publish.php execAsync via unescaped m3u8 URL
CVE-2026-45578High
## Summary **Type:** Classic shell-metacharacter injection. The YPTSocket notification branch in `plugin/Live/on_publish.php` builds an `execAsync()` command…
Medium (9 条)
- CVE-2025-65954 - SimpleSAMLphp casserver: Open Redirect in logout
CVE-2025-65954Medium
Summary The logout endpoint accepts a `url` query parameter to redirect to. casserver treats that url as trusted, and either (depending on configuration)… - CVE-2026-45106 - Weblate: Stored HTML injection in editor search preview
CVE-2026-45106Medium
Impact Weblate's live search preview renders unit `source` and `context` as HTML without escaping. Any contributor whose content reaches those fields stores… - GHSA-wxw3-q3m9-c3jr - Better Auth: OAuth callback accepts mismatched `state` when cookie-backed state Medium
Am I affected? Users are affected if all of the following are true: - The application uses `better-auth` at a version below `1.6.2` (or `@better-auth/sso`… - GHSA-vfvv-c25p-m7mm - rkyv: Panic safety bugs in `InlineVec::clear` and `SerVec::clear` enable arbitra Medium
`InlineVec::clear()` and `SerVec::clear()` in `rkyv` were not panic-safe. Both functions iterate over their elements and call `drop_in_place` on each, updating… - GHSA-rc6v-5rmx-w5mv - arnika is affected by medium-severity issues in UDP rotation, PQC handling, and Medium
Summary Three medium-severity issues in arnika affecting the UDP key-rotation protocol, PQC key file handling, and KMS TLS client. All require specific… - CVE-2026-46383 - Microsoft APM: Windows absolute-path tar member overwrite during legacy-bundle p
CVE-2026-46383Medium
Summary Microsoft APM contains a Windows-specific archive extraction boundary failure in the legacy-bundle probe used by `apm install <bundle>` on supported… - CVE-2026-45580 - AVideo: stored XSS via unescaped stream key in modeYoutubeLive.php class attribu
CVE-2026-45580Medium
## Summary **Type:** Stored cross-site scripting. The Live plugin's "YouTube-style" view renders the live transmission's stream key into an HTML class… - CVE-2026-45610 - AVideo: 2FA toggle endpoint has no CSRF protection, letting an attacker page sil
CVE-2026-45610Medium
## Summary **Type:** Cross-site request forgery on the 2FA toggle. `plugin/LoginControl/set.json.php` accepts `POST type=set2FA value=false`, calls…
…另有 1 条 Medium 级漏洞(已省略)
🛡️ NVD-Latest(82 条)
Critical (11 条)
- CVE-2018-25335 WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerabili
CVE-2018-25335Critical 9.8
CVE-2018-25335 CVSS:9.8 WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload… - CVE-2018-25332 GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability
CVE-2018-25332Critical 9.8
CVE-2018-25332 CVSS:9.8 GitBucket 4.23.1 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands by… - CVE-2018-25320 ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code executi
CVE-2018-25320Critical 9.8
CVE-2018-25320 CVSS:9.8 ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute… - CVE-2021-47952 python jsonpickle 2.0.0 contains a remote code execution vulnerability that allo
CVE-2021-47952Critical 9.8
CVE-2021-47952 CVSS:9.8 python jsonpickle 2.0.0 contains a remote code execution vulnerability that allows attackers to execute arbitrary Python commands by… - CVE-2020-37239 libbabl 0.1.62 contains a broken double free detection vulnerability that allows
CVE-2020-37239Critical 9.8
CVE-2020-37239 CVSS:9.8 libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety checks by exploiting… - CVE-2020-37228 iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulner
CVE-2020-37228Critical 9.8
CVE-2020-37228 CVSS:9.8 iDS6 DSSPro Digital Signage System 6.2 contains a CAPTCHA security bypass vulnerability that allows attackers to bypass authentication… - CVE-2026-8398 A supply chain attack compromised the official installation packages of DAEMON T
CVE-2026-8398Critical 9.8
CVE-2026-8398 CVSS:9.8 A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 through… - CVE-2026-5229 The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in v
CVE-2026-5229Critical 9.8
CVE-2026-5229 CVSS:9.8 The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.1.10. This is due to the… - CVE-2026-2347 Authorization bypass through User-Controlled key vulnerability in Akilli Commerc
CVE-2026-2347Critical 9.8
CVE-2026-2347 CVSS:9.8 Authorization bypass through User-Controlled key vulnerability in Akilli Commerce Software Technologies Ltd. Co. E-Commerce Website… - CVE-2026-41258 OpenMRS is an open source electronic medical record system platform. From 2.7.0
CVE-2026-41258Critical 9.1
CVE-2026-41258 CVSS:9.1 OpenMRS is an open source electronic medical record system platform. From 2.7.0 to before 2.7.9 and 2.8.6, the… - CVE-2026-42457 vCluster Platform provides a Kubernetes platform for managing virtual clusters,
CVE-2026-42457Critical 9.0
CVE-2026-42457 CVSS:9.0 vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to 4.4.3,…
High (71 条)
- CVE-2026-8719 The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPre
CVE-2026-8719High 8.8
CVE-2026-8719 CVSS:8.8 The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPress is vulnerable to Privilege Escalation in version… - CVE-2021-47979 WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vu
CVE-2021-47979High 8.8
CVE-2021-47979 CVSS:8.8 WordPress Plugin Backup and Restore 1.0.3 contains an arbitrary file deletion vulnerability that allows authenticated attackers to… - CVE-2021-47976 TextPattern CMS 4.9.0-dev contains a remote code execution vulnerability that al
CVE-2021-47976High 8.8
CVE-2021-47976 CVSS:8.8 TextPattern CMS 4.9.0-dev contains a remote code execution vulnerability that allows authenticated attackers to upload arbitrary PHP… - CVE-2020-37227 HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that
CVE-2020-37227High 8.8
CVE-2020-37227 CVSS:8.8 HS Brand Logo Slider 2.1 contains an unrestricted file upload vulnerability that allows authenticated users to bypass client-side file… - CVE-2026-6228 The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege
CVE-2026-6228High 8.8
CVE-2026-6228 CVSS:8.8 The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Privilege Escalation in versions up to and including 3.28.36.… - CVE-2026-42559 RMCP is an official Rust SDK for the Model Context Protocol. Prior to version 1.
CVE-2026-42559High 8.8
CVE-2026-42559 CVSS:8.8 RMCP is an official Rust SDK for the Model Context Protocol. Prior to version 1.4.0, the rmcp crate's Streamable HTTP server transport… - CVE-2026-6637 Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged datab
CVE-2026-6637High 8.8
CVE-2026-6637 CVSS:8.8 Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating… - CVE-2026-6477 Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreS
CVE-2026-6477High 8.8
CVE-2026-6477 CVSS:8.8 Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and… - CVE-2026-6475 Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allo
CVE-2026-6475High 8.8
CVE-2026-6475 CVSS:8.8 Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g.… - CVE-2026-6473 Integer wraparound in multiple PostgreSQL server features allows an unprivileged
CVE-2026-6473High 8.8
CVE-2026-6473 CVSS:8.8 Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an… - CVE-2025-15025 Authorization bypass through User-Controlled key vulnerability in Yordam Informa
CVE-2025-15025High 8.8
CVE-2025-15025 CVSS:8.8 Authorization bypass through User-Controlled key vulnerability in Yordam Information Technology Consulting, Training and Electronic… - CVE-2025-12008 Authorization bypass through User-Controlled key vulnerability in APPYAP Technol
CVE-2025-12008High 8.8
CVE-2025-12008 CVSS:8.8 Authorization bypass through User-Controlled key vulnerability in APPYAP Technology and Information Inc. Yaay Social Media App allows… - CVE-2026-2652 A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticat
CVE-2026-2652High 8.6
CVE-2026-2652 CVSS:8.6 A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is… - CVE-2018-25328 VX Search 10.6.18 contains a local buffer overflow vulnerability that allows att
CVE-2018-25328High 8.4
CVE-2018-25328 CVSS:8.4 VX Search 10.6.18 contains a local buffer overflow vulnerability that allows attackers to overwrite the instruction pointer by… - CVE-2018-25323 Allok AVI DivX MPEG to DVD Converter 2.6.1217 contains a structured exception ha
CVE-2018-25323High 8.4
CVE-2018-25323 CVSS:8.4 Allok AVI DivX MPEG to DVD Converter 2.6.1217 contains a structured exception handler buffer overflow vulnerability that allows local… - CVE-2018-25322 Allok Fast AVI MPEG Splitter 1.2 contains a stack based buffer overflow vulnerab
CVE-2018-25322High 8.4
CVE-2018-25322 CVSS:8.4 Allok Fast AVI MPEG Splitter 1.2 contains a stack based buffer overflow vulnerability that allows local attackers to execute arbitrary… - CVE-2026-41964 Permission control vulnerability in the web. Impact: Successful exploitation of
CVE-2026-41964High 8.4
CVE-2026-41964 CVSS:8.4 Permission control vulnerability in the web. Impact: Successful exploitation of this vulnerability may affect availability. 产品: - CVE-2018-25339 Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows
CVE-2018-25339High 8.2
CVE-2018-25339 CVSS:8.2 Zechat 1.5 contains a SQL injection vulnerability in the v parameter that allows unauthenticated attackers to extract database… - CVE-2018-25338 Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that
CVE-2018-25338High 8.2
CVE-2018-25338 CVSS:8.2 Zechat 1.5 contains a SQL injection vulnerability in the hashtag parameter that allows unauthenticated attackers to extract database… - CVE-2018-25333 Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulner
CVE-2018-25333High 8.2
CVE-2018-25333 CVSS:8.2 Nordex N149/4.0-4.5 Wind Turbine Web Server 4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to… - CVE-2018-25330 Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL
CVE-2018-25330High 8.2
CVE-2018-25330 CVSS:8.2 Joomla! extension EkRishta 2.10 contains persistent cross-site scripting and SQL injection vulnerabilities that allow attackers to… - CVE-2026-46728 Das U-Boot before 2026.04 allows FIT (Flat Image Tree) signature verification by
CVE-2026-46728High 8.2
CVE-2026-46728 CVSS:8.2 Das U-Boot before 2026.04 allows FIT (Flat Image Tree) signature verification bypass because hashed-nodes is omitted from a hash. 产品: - CVE-2021-47956 EgavilanMedia PHPCRUD 1.0 contains an SQL injection vulnerability that allows un
CVE-2021-47956High 8.2
CVE-2021-47956 CVSS:8.2 EgavilanMedia PHPCRUD 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries… - CVE-2021-47954 LayerBB 1.1.4 contains an SQL injection vulnerability that allows unauthenticate
CVE-2021-47954High 8.2
CVE-2021-47954 CVSS:8.2 LayerBB 1.1.4 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting… - CVE-2020-37244 Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows u
CVE-2020-37244High 8.2
CVE-2020-37244 CVSS:8.2 Supsystic Membership 1.4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL… - CVE-2020-37243 Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'si
CVE-2020-37243High 8.2
CVE-2020-37243 CVSS:8.2 Supsystic Pricing Table 1.8.7 contains an SQL injection vulnerability in the 'sidx' GET parameter that allows unauthenticated attackers… - CVE-2020-37242 Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability that allo
CVE-2020-37242High 8.2
CVE-2020-37242 CVSS:8.2 Supsystic Ultimate Maps 1.1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL… - CVE-2026-8657 Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Prototype P
CVE-2026-8657High 8.2
CVE-2026-8657 CVSS:8.2 Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Prototype Pollution via the jsondiffpatch.patch() and… - CVE-2026-34253 A buffer underflow vulnerability has been identified in the ogg123 utility from
CVE-2026-34253High 8.2
CVE-2026-34253 CVSS:8.2 A buffer underflow vulnerability has been identified in the ogg123 utility from the vorbis-tools 1.4.3 package in function remotethread… - CVE-2026-35194 Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and
CVE-2026-35194High 8.1
CVE-2026-35194 CVSS:8.1 Code injection in SQL code generation in Apache Flink 1.15.0 through 1.20.x and 2.0.0 through 2.x allows authenticated users with query… - CVE-2026-4094 The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is
CVE-2026-4094High 8.1
CVE-2026-4094 CVSS:8.1 The FOX – Currency Switcher Professional for WooCommerce plugin for WordPress is vulnerable to unauthorized data loss due to a missing… - CVE-2026-28761 Cross-site request forgery vulnerability exists in Musetheque V4 Information Dis
CVE-2026-28761High 8.1
CVE-2026-28761 CVSS:8.1 Cross-site request forgery vulnerability exists in Musetheque V4 Information Disclosure for IPKNOWLEDGE V4L1 rev2203.0 and earlier. If… - CVE-2026-4030 The Database Backup for WordPress plugin for WordPress is vulnerable to unauthor
CVE-2026-4030High 8.1
CVE-2026-4030 CVSS:8.1 The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized arbitrary file read and deletion in all versions up… - CVE-2021-47974 VX Search 13.5.28 contains an unquoted service path vulnerability in both VX Sea
CVE-2021-47974High 7.8
CVE-2021-47974 CVSS:7.8 VX Search 13.5.28 contains an unquoted service path vulnerability in both VX Search Server and VX Search Enterprise services that… - CVE-2020-37247 Kite 4.2.0.1 U1 contains an unquoted service path vulnerability in the KiteServi
CVE-2020-37247High 7.8
CVE-2020-37247 CVSS:7.8 Kite 4.2.0.1 U1 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to… - CVE-2020-37232 Advanced System Care Service 13.0.0.157 contains an unquoted service path vulner
CVE-2020-37232High 7.8
CVE-2020-37232 CVSS:7.8 Advanced System Care Service 13.0.0.157 contains an unquoted service path vulnerability in the AdvancedSystemCareService13 service… - CVE-2020-37231 Privacy Drive 3.17.0 contains an unquoted service path vulnerability in the pdsv
CVE-2020-37231High 7.8
CVE-2020-37231 CVSS:7.8 Privacy Drive 3.17.0 contains an unquoted service path vulnerability in the pdsvc.exe service binary that allows local attackers to… - CVE-2020-37230 Syncplify.me Server! 5.0.37 contains an unquoted service path vulnerability in t
CVE-2020-37230High 7.8
CVE-2020-37230 CVSS:7.8 Syncplify.me Server! 5.0.37 contains an unquoted service path vulnerability in the SMWebRestServicev5 service that allows local… - CVE-2020-37229 OKI sPSV Port Manager 1.0.41 contains an unquoted service path vulnerability in
CVE-2020-37229High 7.8
CVE-2020-37229 CVSS:7.8 OKI sPSV Port Manager 1.0.41 contains an unquoted service path vulnerability in the sPSVOpLclSrv service that allows local attackers to… - CVE-2026-41702 VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that o
CVE-2026-41702High 7.8
CVE-2026-41702 CVSS:7.8 VMware Fusion contains a TOCTOU (Time-of-check Time-of-use) vulnerability that occurs during an operation performed by a SETUID… - CVE-2018-25329 WordPress Plugin WP with Spritz 1.0 contains a remote file inclusion vulnerabili
CVE-2018-25329High 7.5
CVE-2018-25329 CVSS:7.5 WordPress Plugin WP with Spritz 1.0 contains a remote file inclusion vulnerability that allows unauthenticated attackers to read… - CVE-2018-25326 Google Drive for WordPress 2.2 contains a path traversal vulnerability that allo
CVE-2018-25326High 7.5
CVE-2018-25326 CVSS:7.5 Google Drive for WordPress 2.2 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by… - CVE-2018-25325 Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allo
CVE-2018-25325High 7.5
CVE-2018-25325 CVSS:7.5 Woocommerce CSV Importer 3.3.6 contains a path traversal vulnerability that allows any registered user to delete arbitrary files by… - CVE-2021-47977 WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 contains
CVE-2021-47977High 7.5
CVE-2021-47977 CVSS:7.5 WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 contains a directory traversal vulnerability that allows… - CVE-2021-47973 Sticky Notes Widget 3.0.6 contains a denial of service vulnerability that allows
CVE-2021-47973High 7.5
CVE-2021-47973 CVSS:7.5 Sticky Notes Widget 3.0.6 contains a denial of service vulnerability that allows attackers to crash the application by pasting… - CVE-2021-47972 Sticky Notes & Color Widgets 1.4.2 contains a denial of service vulnerability th
CVE-2021-47972High 7.5
CVE-2021-47972 CVSS:7.5 Sticky Notes & Color Widgets 1.4.2 contains a denial of service vulnerability that allows attackers to crash the application by… - CVE-2021-47971 My Notes Safe 5.3 contains a denial of service vulnerability that allows attacke
CVE-2021-47971High 7.5
CVE-2021-47971 CVSS:7.5 My Notes Safe 5.3 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long… - CVE-2021-47970 Macaron Notes 5.5 contains a denial of service vulnerability that allows attacke
CVE-2021-47970High 7.5
CVE-2021-47970 CVSS:7.5 Macaron Notes 5.5 contains a denial of service vulnerability that allows attackers to crash the application by creating notes with… - CVE-2021-47969 Color Notes 1.4 contains a denial of service vulnerability that allows attackers
CVE-2021-47969High 7.5
CVE-2021-47969 CVSS:7.5 Color Notes 1.4 contains a denial of service vulnerability that allows attackers to crash the application by pasting excessively long… - CVE-2021-47942 Home Assistant Community Store (HACS) 1.10.0 contains a path traversal vulnerabi
CVE-2021-47942High 7.5
CVE-2021-47942 CVSS:7.5 Home Assistant Community Store (HACS) 1.10.0 contains a path traversal vulnerability that allows unauthenticated attackers to read… - CVE-2020-37245 Supsystic Digital Publications 1.6.9 contains a path traversal vulnerability in
CVE-2020-37245High 7.5
CVE-2020-37245 CVSS:7.5 Supsystic Digital Publications 1.6.9 contains a path traversal vulnerability in the Folder input field that allows attackers to access… - CVE-2026-38728 An issue in Nodemailer smtp_server before v.3.18.3 allows a remote attacker to c
CVE-2026-38728High 7.5
CVE-2026-38728 CVSS:7.5 An issue in Nodemailer smtp_server before v.3.18.3 allows a remote attacker to cause a denial of service via the SMTPStream._write,… - CVE-2026-6403 The Quick Playground plugin for WordPress is vulnerable to Path Traversal in ver
CVE-2026-6403High 7.5
CVE-2026-6403 CVSS:7.5 The Quick Playground plugin for WordPress is vulnerable to Path Traversal in versions up to and including 1.3.3. This is due to… - CVE-2026-6479 Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker
CVE-2026-6479High 7.5
CVE-2026-6479 CVSS:7.5 Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AF_UNIX socket to… - CVE-2026-4031 The Database Backup for WordPress plugin for WordPress is vulnerable to authoriz
CVE-2026-4031High 7.5
CVE-2026-4031 CVSS:7.5 The Database Backup for WordPress plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including,… - CVE-2026-4029 The Database Backup for WordPress plugin for WordPress is vulnerable to unauthor
CVE-2026-4029High 7.5
CVE-2026-4029 CVSS:7.5 The Database Backup for WordPress plugin for WordPress is vulnerable to unauthorized database export in all versions up to, and… - CVE-2026-8758 A vulnerability was determined in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This
CVE-2026-8758High 7.3
CVE-2026-8758 CVSS:7.3 A vulnerability was determined in Metasoft 美特软件 MetaCRM up to 6.4.0 Beta06. This impacts an unknown function of the file… - CVE-2026-8757 A vulnerability was found in adenhq hive up to 0.11.0. This affects the function
CVE-2026-8757High 7.3
CVE-2026-8757 CVSS:7.3 A vulnerability was found in adenhq hive up to 0.11.0. This affects the function _read_events_tail of the file… - CVE-2026-8756 A vulnerability has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d
CVE-2026-8756High 7.3
CVE-2026-8756 CVSS:7.3 A vulnerability has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The impacted element is the… - CVE-2026-8755 A flaw has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548d
CVE-2026-8755High 7.3
CVE-2026-8755 CVSS:7.3 A flaw has been found in fishaudio Bert-VITS2 up to 8f7fbd8c4770965225d258db548da27dc8dd934c. The affected element is the function… - CVE-2026-8751 A security flaw has been discovered in h2oai h2o-3 up to 7402. This affects the
CVE-2026-8751High 7.3
CVE-2026-8751 CVSS:7.3 A security flaw has been discovered in h2oai h2o-3 up to 7402. This affects the function importBinaryModel of the file… - CVE-2026-8734 A vulnerability was determined in Oinone Pamirs up to 7.2.0. Affected by this is
CVE-2026-8734High 7.3
CVE-2026-8734 CVSS:7.3 A vulnerability was determined in Oinone Pamirs up to 7.2.0. Affected by this issue is the function RSQLToSQLNodeConnector.makeVariable… - CVE-2026-8725 A weakness has been identified in CoreWorxLab CAAL up to 1.6.0. The affected ele
CVE-2026-8725High 7.3
CVE-2026-8725 CVSS:7.3 A weakness has been identified in CoreWorxLab CAAL up to 1.6.0. The affected element is an unknown function of the file… - CVE-2026-39054 Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.
CVE-2026-39054High 7.3
CVE-2026-39054 CVSS:7.3 Oinone Pamirs 7.0.0 contains a command injection vulnerability in CommandHelper.executeCommands. The method starts a shell process and… - CVE-2026-24712 Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.
CVE-2026-24712High 7.3
CVE-2026-24712 CVSS:7.3 Northern.tech CFEngine Enterprise and Community before 3.21.8, 3.24.3, and 3.27.0 allows Command injection. 产品: - CVE-2021-47975 WP Learn Manager 1.1.2 contains a stored cross-site scripting vulnerability that
CVE-2021-47975High 7.2
CVE-2021-47975 CVSS:7.2 WP Learn Manager 1.1.2 contains a stored cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious… - CVE-2026-41937 Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the p
CVE-2026-41937High 7.2
CVE-2026-41937 CVSS:7.2 Vvveb before 1.0.8.3 contains an unrestricted file upload vulnerability in the plugin upload endpoint that allows super_admin users to… - CVE-2026-6476 SQL injection in PostgreSQL pg_createsubscriber allows an attacker with pg_creat
CVE-2026-6476High 7.2
CVE-2026-6476 CVSS:7.2 SQL injection in PostgreSQL pg_createsubscriber allows an attacker with pg_create_subscription rights to execute arbitrary SQL as a… - CVE-2018-25319 Redaxo CMS Addon MyEvents 2.2.1 contains an SQL injection vulnerability that all
CVE-2018-25319High 7.1
CVE-2018-25319 CVSS:7.1 Redaxo CMS Addon MyEvents 2.2.1 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database… - CVE-2021-47980 Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authent
CVE-2021-47980High 7.1
CVE-2021-47980 CVSS:7.1 Fuel CMS 1.4.13 contains a blind SQL injection vulnerability that allows authenticated attackers to manipulate database queries by… - CVE-2026-41935 Vvveb before 1.0.8.3 contains an uncontrolled recursion vulnerability in the adm
CVE-2026-41935High 7.1
CVE-2026-41935 CVSS:7.1 Vvveb before 1.0.8.3 contains an uncontrolled recursion vulnerability in the admin controller dispatch cycle where Base::init()…
⚔️ Sploitus(90 条)
Unknown (90 条)
- Alfred-TryHackMe-Walkthrough-Jenkins-Exploitation-Windows-Token-Privilege-Escalation exploit
Alfred-TryHackMe-Walkthrough-Jenkins-Exploitation-Windows-Token-Privilege-Escalation exploit - Exploit for CVE-2026-8181 exploit
CVE-2026-8181
Exploit for CVE-2026-8181 exploit
…另有 88 条 Unknown 级漏洞(已省略)
🤖 漏洞情报自动汇总 · 2026-05-18 · 数据来源: NVD / GitHub Advisory / Sploitus / CISA-KEV