📊 2026-05-21 漏洞情报日报 · 200 条 · 高危 99
每日漏洞情报汇总 · 2026-05-21
📊 2026-05-21 漏洞情报日报
📋 共 200 条
🔥 高危/严重 99 条
🚨 CISA-KEV 7 条
🐙 GitHub-Advisory 67 条 🔥33
🛡️ NVD-Latest 66 条 🔥66
⚔️ Sploitus 60 条
🤖 今日安全态势分析
🎯 今日重点关注
- CVE-2026-46421 及 @beproduct/nestjs-auth 恶意包事件:影响 @cap-js/* 系列库及 npm 生态。攻击者通过泄露的发布令牌(Token)植入恶意代码,窃取凭证并自我复制。属于供应链投毒(Supply Chain Compromise),利用条件为零,已安装受影响版本的开发环境将被直接感染。
- CVE-2026-43633 (CVSS 10.0):影响 HestiaCP 1.9.0-1.9.4 的 Web 终端组件。存在由 PHP 与 Node.js 会话格式不匹配引发的反序列化漏洞,允许未认证远程攻击者实现远程代码执行(RCE)。危害极高,攻击面广。
- CVE-2026-46339:影响 9router 服务。两个未认证的 API 端点可被串联利用,使任意网络可达的攻击者无需任何凭据即可执行操作系统命令。属于 Unauthenticated RCE,利用复杂度低,需立即关注。
- CVE-2026-45695:影响 Kopia HTTP 服务器(无密码启动模式)。攻击者可通过未认证接口提交恶意的 SFTP 存储配置,利用 SSH ProxyCommand 注入实现远程代码执行。主要威胁暴露于公网或内网中的备份服务。
- CVE-2026-42822 (CVSS 10.0):影响 Azure Local 的断线操作(Disconnected Operations)模块。存在身份验证不当漏洞,允许未经授权的攻击者通过网络权限提升。影响云边协同环境,利用门槛较低。
📈 威胁趋势
- 远程代码执行(RCE):占据今日高危漏洞主体。包括 HestiaCP(反序列化RCE)、Kopia(命令注入)、9router(未授权RCE)、Dokploy(OS命令注入)、Apache OFBiz(密码修改逻辑缺陷导致RCE)以及多个 WordPress 插件(文件上传RCE)。攻击手法多样,多为未认证或弱认证。
- 供应链攻击/投毒:出现两起重大软件供应链安全事件(@cap-js/* 与 @beproduct/nestjs-auth),攻击者利用泄露的npm令牌发布恶意版本,直接攻击开发和部署流水线,影响面呈指数级扩散。
- 身份认证与授权绕过:Azure Local(CVE-2026-42822)和 MCP Gateway(Authority注入)暴露出严重的认证验证缺失问题,可导致权限提升或会话劫持。
- 拒绝服务(DoS):Plug(CVE-2026-8468)存在未限制的多部分标头解析缓冲区累积漏洞,可导致内存耗尽,致使服务不可用。
- 信息泄露与身份伪造:Coder(CVE-2026-46354)的 Azure 实例身份验证存在签名验证缺失,允许攻击者绕过身份验证植入虚假实例身份。
🛡️ 缓解建议
- 立即隔离并扫描受影响组件:检查是否使用了 @cap-js/sqlite 2.2.2、@cap-js/postgres 2.2.2、@beproduct/nestjs-auth 版本区间等涉事软件包。对受影响的开发、构建环境进行隔离,并执行恶意软件扫描与凭证轮换。
- 升级或打补丁以修复已知RCE漏洞:立即将 HestiaCP 升级至 1.9.4 以上版本;将 Apache OFBiz 升级至 24.09.06;升级 Dokploy 至 0.26.6 以上;为 Kopia 服务器启用密码认证或防火墙限制来源。无法升级时禁用相关组件。
- 强化网络访问控制与认证:对于 9router、凭据暴露的Kopia及MCP Gateway等未授权API服务,立即通过防火墙规则、反向代理或IP白名单限制访问来源,禁止暴露于公网。启用强密码认证或多因素认证。
- 审计WordPress插件及第三方扩展:针对 Piotnet Forms 和 Piotnet Addons for Elementor Pro 插件存在的任意文件上传漏洞(CVE-2026-4883, CVE-2026-4885),立即将插件更新至最新版,或暂时禁用该功能。对所有来自第三方的扩展代码进行安全审查。
🚨 CISA-KEV(7 条)
Unknown (7 条)
- CVE-2026-45498 - Microsoft Defender Denial of Service Vulnerability
CVE-2026-45498
CVE-2026-45498 Microsoft Defender Denial of Service Vulnerability 产品: Microsoft Defender 描述: Microsoft Defender contains an unspecified vulnerability that… - CVE-2026-41091 - Microsoft Defender Link Following Vulnerability
CVE-2026-41091
CVE-2026-41091 Microsoft Defender Link Following Vulnerability 产品: Microsoft Defender 描述: Microsoft Defender contains a link following vulnerability that…
…另有 5 条 Unknown 级漏洞(已省略)
🐙 GitHub-Advisory(67 条)
Critical (6 条)
- CVE-2026-46421 - Supply chain compromise via malicious package versions (@cap-js/sqlite, @cap-j
CVE-2026-46421Critical
## Impact On April 29, 2026, compromised versions of `@cap-js/sqlite@2.2.2`, `@cap-js/postgres@2.2.2`, and `@cap-js/db-service@2.10.1` were published. The… - CVE-2026-45695 - Kopia: RCE via SSH ProxyCommand Injection
CVE-2026-45695Critical
## Summary Kopia's HTTP server, when started with `--without-password `, accepts unauthenticated requests to `/api/v1/repo/exists`. The handler forwards an… - CVE-2026-46339 - 9router: Unauthenticated Remote Code Execution via unprotected MCP custom plugin
CVE-2026-46339Critical
## Summary 9router exposes two unauthenticated API endpoints that, when chained together, allow any network-adjacent attacker to execute arbitrary OS commands… - GHSA-g53w-w6mj-hrpp - MCP Gateway: Authority-injection and JWT/session bypass via the unauthenticated Critical
## Summary The MCP router (ext_proc) exposes an `initialize`-method code path that, when a request carries an `mcp-init-host` header, bypasses the gateway JWT… - CVE-2026-46354 - Coder: PKCS#7 signature bypass in Azure instance identity allows unauthenticated
CVE-2026-46354Critical
## Summary `azureidentity.Validate()` verifies that the PKCS#7 signer certificate chains to a trusted Azure CA but never verifies the PKCS#7 signature itself.… - CVE-2026-46412 - Malicious code in @beproduct/nestjs-auth (0.1.2 through 0.1.19) — Mini Shai-Hulu
CVE-2026-46412Critical
## Summary Between 2026-05-11 20:19 UTC and 22:56 UTC, an attacker used a compromised npm publish token to publish 18 malicious versions of…
High (27 条)
- CVE-2026-45804 - Diffusers: TOCTOU Trust Remote Code Bypass
CVE-2026-45804High
## Background This vulnerability is found in the `diffusers` package - the `transformers`-equivalent library for diffusion models. It is found in the… - CVE-2026-8468 - Plug: Unbounded buffer accumulation in multipart header parsing causes denial of
CVE-2026-8468High
Summary An Allocation of Resources Without Limits or Throttling vulnerability in `Plug.Conn.read_part_headers/2` allows an unauthenticated attacker to exhaust… - GHSA-mw8f-w6p8-xrf4 - wger: cross-tenant account deletion / deactivation / activation by gym.manage_gy
CVE-2026-43948High
## Summary GHSA-mhc8-p3jx-84mm (CVE-2026-43948) reported that wger's `reset_user_password` and `gym_permissions_user_edit` views in `wger/gym/views/user.py`… - GHSA-9qv9-8xv6-5p35 - phpMyFAQ: Unauthenticated Password Reset Endpoint Allows User Enumeration and Fo High
Summary The password reset API can be triggered without authentication and without any out-of-band confirmation step. If an attacker knows a valid `username +… - GHSA-xvp4-phqj-cjr3 - phpMyFAQ: IDOR Account Takeover High
Summary An Insecure Direct Object Reference (IDOR) vulnerability in phpMyFAQ's Admin API allows any authenticated administrator to change the password of any… - GHSA-gp95-j463-vv28 - phpMyFAQ: Default Empty API Token Authentication Bypass High
Summary A default empty API client token allows any unauthenticated user to create and modify FAQ entries, categories, and questions via the REST API. The… - GHSA-w9xh-5f39-vq89 - phpMyFAQ: Missing Password Reset Token Allows Account Takeover via Username/Emai High
Summary An authentication bypass vulnerability in phpMyFAQ allows any unauthenticated attacker to reset the password of any user account, including SuperAdmin… - CVE-2026-45713 - Mailpit: Unauthenticated remote memory-exhaustion DoS via unlimited SMTP DATA an
CVE-2026-45713High
Summary The Mailpit SMTP server has a Server.MaxSize int field that controls the maximum allowed DATA payload size, but the field is never assigned anywhere… - CVE-2026-45738 - Argo CD: Stored XSS in application link annotations enables developer-to-admin p
CVE-2026-45738High
Summary A user with **application write access (developer role)** can set `link.argocd.argoproj.io/*` annotations on any ArgoCD Application. These annotation… - CVE-2026-45793 - Github Actions issued GITHUB_TOKEN disclosure in GitHub Actions logs
CVE-2026-45793High
Summary Composer leaks the full contents of tokens configured as GitHub OAuth tokens if they do not match Composer's expected format for such tokens to stderr.… - GHSA-hc3c-63hc-2r9f - libcrux: Potential Panic on Overlong Ciphertext Buffer High
An application that passes in a ciphertext buffer of length greater than `ptxt.len() + TAG_LEN` to `libcrux_chacha20poly1305::encrypt` or… - GHSA-fhvh-vw7h-9xf3 - libcrux-ml-dsa: Signature Verification on AVX2 Platforms Mishandles Edge Case High
The AVX2 implementation of ML-DSA verification incorrectly implemented the `use_hint` function, mishandling an edge case that should lead to signature… - CVE-2026-46426 - Budibase: Unrestricted Upload of File with Dangerous Type
CVE-2026-46426High
Summary The file upload endpoint `POST /api/attachments/process` does not enforce active-content restrictions for authenticated users. The checks for dangerous… - CVE-2026-39803 - Bandit: Unauthenticated one-shot DoS via `Transfer-Encoding: chunked`
CVE-2026-39803High
Summary Bandit's HTTP/1 chunked-body reader silently drops the request size cap that the application configures (e.g. `Plug.Parsers`' default 8 MB `length:`)… - CVE-2026-39806 - Bandit: Unauthenticated DoS via chunked request trailers in Bandit HTTP/1 decode
CVE-2026-39806High
Summary A worker-pinning denial of service in Bandit's HTTP/1 chunked transfer decoder. Any unauthenticated client that sends a `Transfer-Encoding: chunked`… - CVE-2026-45799 - Wire: skipGroup() missing negative-length check allows 10-byte payload to crash
CVE-2026-45799High
# CVE-2026-45799 ## Maintainer summary Wire's protobuf group-skipping logic did not reject negative lengths before skipping a length-delimited field inside a… - CVE-2026-45805 - PenPot MCP REPL server binds to 0.0.0.0 with unauthenticated /execute endpoint —
CVE-2026-45805High
Summary The MCP module's `ReplServer` binds to all interfaces (`0.0.0.0:4403`) and exposes a `/execute` endpoint that runs arbitrary code with zero… - CVE-2026-45783 - @libp2p/kad-dht: Unvalidated PUT_VALUE records allow unbounded disk exhaustion o
CVE-2026-45783High
Summary An unauthenticated remote peer can exhaust the disk storage of any `@libp2p/kad-dht` node running in server mode by sending an unbounded stream of… - CVE-2026-46377 - Dasel: Index-out-of-range panic in dasel selector lexer on trailing backslash in
CVE-2026-46377High
Summary `dasel`'s selector lexer panics with an index-out-of-range error when tokenizing a quoted string that ends with a trailing backslash (e.g., `"\` or… - CVE-2026-46378 - Dasel: Denial of service in dasel selector lexer due to infinite loop on untermi
CVE-2026-46378High
Summary `dasel`'s selector lexer enters a non-terminating loop when tokenizing an unterminated regex pattern such as `r/abc`. A 2-byte input (`r/`) is… - CVE-2026-46372 - SillyTavern: SSRF in SearXNG Search Proxy via Unvalidated baseUrl
CVE-2026-46372High
## Resolution SillyTavern 1.18.0 added a generic server-side request filter (Private Request Whitelisting). Since we expect users to use the application in a… - CVE-2026-46373 - SQLFluff: Recursive Stack Overflow in Parser
CVE-2026-46373High
Impact In deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious query with deliberate excessive… - CVE-2026-46374 - SQLFluff: Uncontrolled Resource Consumption in SQLFluff Parser
CVE-2026-46374High
Impact In deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious long query to any application using… - GHSA-7hgr-7h44-33w2 - CamoFox MCP: Unauthenticated HTTP MCP browser-control surface High
# Unauthenticated HTTP MCP browser-control surface in `camofox-mcp` ## Summary `camofox-mcp` exposed a Streamable HTTP MCP endpoint at `/mcp` with rate… - CVE-2026-46410 - FileBrowser Quantum: unauthenticated user share share info
CVE-2026-46410High
Impact Some sensitive info -- such as source and path can get exposed. Patches Update to the latest version Workarounds no - CVE-2026-46415 - Caddy Defender trusted proxy client IP bypass
CVE-2026-46415High
Impact Caddy Defender used `r.RemoteAddr` when evaluating whether a request should be blocked. `RemoteAddr` is the address of the immediate peer connected to… - CVE-2026-46417 - @angular/platform-server: SSRF via Hostname Hijacking
CVE-2026-46417High
Impact A Server-Side Request Forgery (SSRF) vulnerability exists in `@angular/platform-server`. The issue stems from how the server-side rendering (SSR) engine…
Medium (29 条)
- CVE-2026-45792 - RTK improperly trusts project-local filter configuration, allowing silent tamper
CVE-2026-45792Medium
RTK (Rust Token Killer) improperly trusts project-local configuration files. In versions prior to 0.32.0, RTK automatically loads `.rtk/filters.toml` from the… - CVE-2026-46420 - Setup PHP: Command Injection in Repository-Derived PHP Version Resolution
CVE-2026-46420Medium
Summary A command injection vulnerability was identified in `shivammathur/setup-php` when the action resolves the PHP version from repository-controlled files… - GHSA-5wxr-w449-57cm - Setup PHP: GitHub tokens configured by setup-php may be exposed through pinned a Medium
Impact This affects only workflows that pin an exact affected Composer semver version through setup-php, for example `tools: composer:2.9.7`. Workflows using… - CVE-2026-46430 - Algernon: Auto-refresh SSE event server binds to all interfaces by default on Li
CVE-2026-46430Medium
Summary The SSE event server bound to `0.0.0.0:5553` on Linux/macOS by default because the platform-dependent host default in `engine/flags.go:39-46` set `host… - CVE-2026-46431 - Algernon: Auto-refresh SSE event server sets Access-Control-Allow-Origin: *
CVE-2026-46431Medium
Summary The SSE event server's `Access-Control-Allow-Origin` response header was hardcoded to the wildcard `*` regardless of the caller's `Origin`. Because… - GHSA-m837-xvxr-vqwg - Flowise: Hardcoded CORS wildcard on TTS endpoint enables cross-origin credential Medium
Summary The TTS generation endpoint sets `Access-Control-Allow-Origin: *` as a hardcoded response header, independent of the server's CORS configuration. This… - GHSA-59fh-9f3p-7m39 - Flowise: Mass Assignment in PUT /api/v1/user Allows Authenticated Users to Overr Medium
Summary A Mass Assignment vulnerability in the PUT /api/v1/user endpoint allows authenticated users to directly modify restricted user fields, including the… - GHSA-c2c9-mfw7-p8hw - Flowise: Cross-Workspace Chatflow Disclosure via chatflows/apikey Endpoint Retur Medium
## Summary The `/api/v1/chatflows/apikey/:apikey` endpoint (whitelisted, accessible with API key auth only) returns all chatflows bound to the provided API key…
…另有 21 条 Medium 级漏洞(已省略)
Low (5 条)
- GHSA-pxh5-6rrc-8rjv - OpenTofu: Excessive resource usage in "tofu init" when installing dependencies f
CVE-2026-33814Low
Impact Unauthenticated denial of service. Summary When installing provider or module packages from attacker-controlled servers, the server may cause `tofu… - CVE-2026-45739 - Strawberry GraphQL: Default GraphiQL may expose HTTP headers in URLs
CVE-2026-45739Low
## Summary Strawberry's bundled GraphiQL template wrote values from the GraphiQL headers editor into the browser URL query string. If a user entered a… - CVE-2026-45803 - GitHub CLI: GitHub Actions log output in `gh run view` allows terminal escape se
CVE-2026-45803Low
Summary A security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users view GitHub Actions workflow…
…另有 2 条 Low 级漏洞(已省略)
🛡️ NVD-Latest(66 条)
Critical (20 条)
- CVE-2026-43633 HestiaCP versions 1.9.0 through 1.9.4 contain a deserialization vulnerability in
CVE-2026-43633Critical 10.0
CVE-2026-43633 CVSS:10.0 HestiaCP versions 1.9.0 through 1.9.4 contain a deserialization vulnerability in the web terminal component caused by a session format… - CVE-2026-42822 Improper authentication in Azure Local Disconnected Operations allows an unautho
CVE-2026-42822Critical 10.0
CVE-2026-42822 CVSS:10.0 Improper authentication in Azure Local Disconnected Operations allows an unauthorized attacker to elevate privileges over a network.… - CVE-2026-27130 Dokploy is a free, self-hostable Platform as a Service (PaaS). Versions 0.26.6 a
CVE-2026-27130Critical 9.9
CVE-2026-27130 CVSS:9.9 Dokploy is a free, self-hostable Platform as a Service (PaaS). Versions 0.26.6 and below have OS command injection through the appName… - CVE-2026-47323 Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filteri
CVE-2026-47323Critical 9.8
CVE-2026-47323 CVSS:9.8 Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and Knative HeaderFilterStrategy… - CVE-2026-4883 The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload du
CVE-2026-4883Critical 9.8
CVE-2026-4883 CVSS:9.8 The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the… - CVE-2026-43493 In the Linux kernel, the following vulnerability has been resolved: crypto: pcr
CVE-2026-43493Critical 9.8
CVE-2026-43493 CVSS:9.8 In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix handling of MAY_BACKLOG requests MAY_BACKLOG… - CVE-2026-45434 Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic
CVE-2026-45434Critical 9.8
CVE-2026-45434 CVSS:9.8 Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic Flaw Leading to Remote Code Execution This issue… - CVE-2026-4885 The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbit
CVE-2026-4885Critical 9.8
CVE-2026-4885 CVSS:9.8 The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in… - CVE-2026-8838 Unsafe use of Python's eval() on server-received data in the vector_in() functio
CVE-2026-8838Critical 9.8
CVE-2026-8838 CVSS:9.8 Unsafe use of Python's eval() on server-received data in the vector_in() function in amazon-redshift-python-driver before 2.1.14 allows… - CVE-2026-25244 WebdriverIO is a test automation framework for unit, e2e and component testing u
CVE-2026-25244Critical 9.8
CVE-2026-25244 CVSS:9.8 WebdriverIO is a test automation framework for unit, e2e and component testing using WebDriver, WebDriver BiDi and Appium. Versions… - CVE-2026-8836 A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmp_par
CVE-2026-8836Critical 9.8
CVE-2026-8836 CVSS:9.8 A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmp_parse_inbound_frame of the file src/apps/snmp/snmp_msg.c of… - CVE-2026-7304 SGLangs multimodal generation runtime is vulnerable to unauthenticated remote co
CVE-2026-7304Critical 9.8
CVE-2026-7304 CVSS:9.8 SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor… - CVE-2026-7301 SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0
CVE-2026-7301Critical 9.8
CVE-2026-7301 CVSS:9.8 SGLangs multimodal generation runtime scheduler's ROUTER socket binds to 0.0.0.0 by default and contains a sink that calls… - CVE-2026-2611 In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin
CVE-2026-2611Critical 9.6
CVE-2026-2611 CVSS:9.6 In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This… - CVE-2026-8948 Same-origin policy bypass in the DOM: Networking component. This vulnerability w
CVE-2026-8948Critical 9.1
CVE-2026-8948 CVSS:9.1 Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. 产品: mozilla… - CVE-2026-41919 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injecti
CVE-2026-41919Critical 9.1
CVE-2026-41919 CVSS:9.1 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache OFBiz. This issue affects… - CVE-2026-31986 Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz. This issue a
CVE-2026-31986Critical 9.1
CVE-2026-31986 CVSS:9.1 Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are… - CVE-2026-45230 DumbAssets through 1.0.11 contains a path traversal vulnerability in the POST /a
CVE-2026-45230Critical 9.1
CVE-2026-45230 CVSS:9.1 DumbAssets through 1.0.11 contains a path traversal vulnerability in the POST /api/delete-file endpoint and filesToDelete array… - CVE-2023-24215 Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware
CVE-2023-24215Critical 9.1
CVE-2023-24215 CVSS:9.1 Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain… - CVE-2026-7302 SGLangs multimodal generation runtime is vulnerable to an unauthenticated path t
CVE-2026-7302Critical 9.1
CVE-2026-7302 CVSS:9.1 SGLangs multimodal generation runtime is vulnerable to an unauthenticated path traversal vulnerability, allowing an attacker to write…
High (46 条)
- CVE-2026-46586 Improper Control of Generation of Code ('Code Injection'), Improper Neutralizati
CVE-2026-46586High 8.8
CVE-2026-46586 CVSS:8.8 Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval… - CVE-2026-27648 in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code ex
CVE-2026-27648High 8.8
CVE-2026-27648 CVSS:8.8 in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps. 产品: - CVE-2026-45495 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2026-45495High 8.8
CVE-2026-45495 CVSS:8.8 Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability 产品: microsoft edge_chromium - CVE-2026-41085 Thermo Fisher Scientific Torrent Suite Dx through 5.14.2 has a privilege escalat
CVE-2026-41085High 8.8
CVE-2026-41085 CVSS:8.8 Thermo Fisher Scientific Torrent Suite Dx through 5.14.2 has a privilege escalation vulnerability that may allow an authenticated user… - CVE-2025-57282 ngrok v4.3.3 and 5.0.0-beta.2 is vulnerable to Command Injection.
CVE-2025-57282High 8.8
CVE-2025-57282 CVSS:8.8 ngrok v4.3.3 and 5.0.0-beta.2 is vulnerable to Command Injection. 产品: - CVE-2026-7498 Improper neutralization of input during web page generation ('cross-site scripti
CVE-2026-7498High 8.8
CVE-2026-7498 CVSS:8.8 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Basamak Information Technology… - CVE-2026-6346 Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail
CVE-2026-6346High 8.7
CVE-2026-6346 CVSS:8.7 Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to sanitize sensitive configuration fields before… - CVE-2026-25781 in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it c
CVE-2026-25781High 8.4
CVE-2026-25781 CVSS:8.4 in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered. 产品: - CVE-2026-22810 Joplin is an open source note-taking and to-do application that organises notes
CVE-2026-22810High 8.2
CVE-2026-22810 CVSS:8.2 Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7… - CVE-2026-7504 A flaw was found in Keycloak's URL validation logic during redirect operations.
CVE-2026-7504High 8.1
CVE-2026-7504 CVSS:8.1 A flaw was found in Keycloak's URL validation logic during redirect operations. By crafting a malicious request, an attacker could… - CVE-2026-24792 in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code ex
CVE-2026-24792High 8.1
CVE-2026-24792 CVSS:8.1 in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps. 产品: - CVE-2026-8851 SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Acc
CVE-2026-8851High 8.1
CVE-2026-8851 CVSS:8.1 SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows… - CVE-2026-23558 The adjustments made for XSA-379 as well as those subsequently becoming XSA-387
CVE-2026-23558High 7.8
CVE-2026-23558 CVSS:7.8 The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does… - CVE-2026-47314 Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflo
CVE-2026-47314High 7.8
CVE-2026-47314 CVSS:7.8 Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot:… - CVE-2026-47311 Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows
CVE-2026-47311High 7.8
CVE-2026-47311 CVSS:7.8 Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot:… - CVE-2026-47310 Use after free vulnerability in Samsung Open Source Escargot allows Pointer Mani
CVE-2026-47310High 7.8
CVE-2026-47310 CVSS:7.8 Use after free vulnerability in Samsung Open Source Escargot allows Pointer Manipulation. This issue affects Escargot:… - CVE-2026-47092 Claude HUD through 0.0.12, patched in commit 234d9aa, contains a command injecti
CVE-2026-47092High 7.8
CVE-2026-47092 CVSS:7.8 Claude HUD through 0.0.12, patched in commit 234d9aa, contains a command injection vulnerability that allows local attackers to execute… - CVE-2026-41948 Dify version 1.14.1 and prior contain a path traversal vulnerability that allows
CVE-2026-41948High 7.7
CVE-2026-41948 CVSS:7.7 Dify version 1.14.1 and prior contain a path traversal vulnerability that allows authenticated users to manipulate requests forwarded… - CVE-2026-33233 AutoGPT is a workflow automation platform for creating, deploying, and managing
CVE-2026-33233High 7.6
CVE-2026-33233 CVSS:7.6 AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. In versions… - CVE-2026-6347 Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail
CVE-2026-6347High 7.6
CVE-2026-6347 CVSS:7.6 Mattermost versions 11.5.x <= 11.5.1, 10.11.x <= 10.11.13, 11.4.x <= 11.4.3 fail to sanitize sensitive configuration fields in the… - CVE-2026-8946 Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vul
CVE-2026-8946High 7.5
CVE-2026-8946 CVSS:7.5 Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36,… - CVE-2026-8945 Sandbox escape in Firefox and Firefox Focus for Android. This vulnerability was
CVE-2026-8945High 7.5
CVE-2026-8945 CVSS:7.5 Sandbox escape in Firefox and Firefox Focus for Android. This vulnerability was fixed in Firefox 151. 产品: - CVE-2026-8912 The Contest Gallery plugin for WordPress is vulnerable to SQL Injection via the
CVE-2026-8912High 7.5
CVE-2026-8912 CVSS:7.5 The Contest Gallery plugin for WordPress is vulnerable to SQL Injection via the 'form_input' parameter in versions up to, and including,… - CVE-2026-7507 A session fixation vulnerability was found in Keycloak's login-actions endpoints
CVE-2026-7507High 7.5
CVE-2026-7507 CVSS:7.5 A session fixation vulnerability was found in Keycloak's login-actions endpoints. An unauthenticated attacker could exploit this flaw by… - CVE-2026-7307 A flaw was found in Keycloak. A remote, unauthenticated attacker can send a spec
CVE-2026-7307High 7.5
CVE-2026-7307 CVSS:7.5 A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup… - CVE-2026-31910 Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz. This issue af
CVE-2026-31910High 7.5
CVE-2026-31910 CVSS:7.5 Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are… - CVE-2026-31909 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apac
CVE-2026-31909High 7.5
CVE-2026-31909 CVSS:7.5 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before… - CVE-2026-8813 This affects versions of the package exifreader before 4.39.0. A crafted image c
CVE-2026-8813High 7.5
CVE-2026-8813 CVSS:7.5 This affects versions of the package exifreader before 4.39.0. A crafted image containing an ICC mluc tag can set an attacker-controlled… - CVE-2025-15609 The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API
CVE-2025-15609High 7.5
CVE-2025-15609 CVSS:7.5 The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to… - CVE-2026-33232 AutoGPT is a workflow automation platform for creating, deploying, and managing
CVE-2026-33232High 7.5
CVE-2026-33232 CVSS:7.5 AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Versions… - CVE-2026-29963 HSC MailInspector 5.3.3-7 has a Path Traversal vulnerability due to improper val
CVE-2026-29963High 7.5
CVE-2026-29963 CVSS:7.5 HSC MailInspector 5.3.3-7 has a Path Traversal vulnerability due to improper validation of user-supplied input in the /tap/dw.php… - CVE-2026-29962 HSC MailInspector v5.3.3-7 contains a Local File Inclusion (LFI) vulnerability c
CVE-2026-29962High 7.5
CVE-2026-29962 CVSS:7.5 HSC MailInspector v5.3.3-7 contains a Local File Inclusion (LFI) vulnerability caused by improper control of user-supplied file paths.… - CVE-2025-56352 In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), the br
CVE-2025-56352High 7.5
CVE-2025-56352 CVSS:7.5 In tinyMQTT commit 6226ade15bd4f97be2d196352e64dd10937c1962 (2024-02-18), the broker mishandles protocol violations during CONNECT… - CVE-2026-39079 An issue in prestashop upsshipping all versions through at least 2.4.0 allows a
CVE-2026-39079High 7.5
CVE-2026-39079 CVSS:7.5 An issue in prestashop upsshipping all versions through at least 2.4.0 allows a remote attacker to obtain sensitive information via the… - CVE-2026-42009 A flaw was found in gnutls. A remote attacker could exploit an issue in the Data
CVE-2026-42009High 7.5
CVE-2026-42009 CVSS:7.5 A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering… - CVE-2026-45245 Summarize prior to 0.15.1 contains a vulnerability in the hover summary feature
CVE-2026-45245High 7.4
CVE-2026-45245 CVSS:7.4 Summarize prior to 0.15.1 contains a vulnerability in the hover summary feature that allows malicious pages to dispatch synthetic… - CVE-2026-41947 Dify version 1.14.1 and prior contains an authorization bypass vulnerability tha
CVE-2026-41947High 7.4
CVE-2026-41947 CVSS:7.4 Dify version 1.14.1 and prior contains an authorization bypass vulnerability that allows authenticated editor users to set and enable… - CVE-2026-8947 Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was f
CVE-2026-8947High 7.3
CVE-2026-8947 CVSS:7.3 Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR… - CVE-2026-29226 Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz via Content com
CVE-2026-29226High 7.3
CVE-2026-29226 CVSS:7.3 Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz:… - CVE-2026-22069 A local privilege escalation vulnerability exists in O+ Connect because it fails
CVE-2026-22069High 7.3
CVE-2026-22069 CVSS:7.3 A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe… - CVE-2026-32323 Mullvad VPN is a VPN client app for desktop and mobile. When using macOS with ve
CVE-2026-32323High 7.3
CVE-2026-32323 CVSS:7.3 Mullvad VPN is a VPN client app for desktop and mobile. When using macOS with versions 2026.1 and below, Mullvad VPN may allow local… - CVE-2026-26462 Offline Hospital Management System 5.3.0 allows remote code execution due to an
CVE-2026-26462High 7.3
CVE-2026-26462 CVSS:7.3 Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The… - CVE-2026-27891 FacturaScripts is an open source accounting and invoicing software. Versions 202
CVE-2026-27891High 7.2
CVE-2026-27891 CVSS:7.2 FacturaScripts is an open source accounting and invoicing software. Versions 2026 and below contain a critical vulnerability in the… - CVE-2026-7571 A flaw was found in Keycloak. A low-privilege user, with knowledge of user crede
CVE-2026-7571High 7.1
CVE-2026-7571 CVSS:7.1 A flaw was found in Keycloak. A low-privilege user, with knowledge of user credentials and client ID, can bypass a security control… - CVE-2026-45242 Summarize prior to 0.15.1 contains a path traversal vulnerability in the /v1/sum
CVE-2026-45242High 7.1
CVE-2026-45242 CVSS:7.1 Summarize prior to 0.15.1 contains a path traversal vulnerability in the /v1/summarize daemon endpoint that allows authenticated… - CVE-2026-4137 In mlflow/mlflow versions prior to 3.11.0, the `get_or_create_nfs_tmp_dir()` fun
CVE-2026-4137High 7.0
CVE-2026-4137 CVSS:7.0 In mlflow/mlflow versions prior to 3.11.0, the `get_or_create_nfs_tmp_dir()` function in `mlflow/utils/file_utils.py` creates temporary…
⚔️ Sploitus(60 条)
Unknown (60 条)
- Exploit for CVE-2020-25078 exploit
CVE-2020-25078
Exploit for CVE-2020-25078 exploit - Exploit for CVE-2026-0265 exploit
CVE-2026-0265
Exploit for CVE-2026-0265 exploit
…另有 58 条 Unknown 级漏洞(已省略)
🤖 漏洞情报自动汇总 · 2026-05-21 · 数据来源: NVD / GitHub Advisory / Sploitus / CISA-KEV