📊 2026-05-22 漏洞情报日报 · 200 条 · 高危 96
每日漏洞情报汇总 · 2026-05-22
📊 2026-05-22 漏洞情报日报
📋 共 200 条
🔥 高危/严重 96 条
🚨 CISA-KEV 2 条
💣 Exploit-DB-RSS 5 条
🐙 GitHub-Advisory 67 条 🔥30
🛡️ NVD-Latest 66 条 🔥66
⚔️ Sploitus 60 条
🤖 今日安全态势分析
🎯 今日重点关注
- CVE-2026-42960 (Unbound DNS 服务器) — DNS缓存投毒:影响NLnet Labs Unbound ≤1.25.0版本。攻击者可利用权威区段的混杂记录投毒DNS缓存,CVSS评分10.0,可导致大规模流量劫持,影响范围广且利用难度低。
- CVE-2026-43633 (HestiaCP 控制面板) — 反序列化导致RCE:影响HestiaCP 1.9.0~1.9.4版本。Web终端组件因PHP与Node.js会话格式不一致存在未授权反序列化漏洞,CVSS 10.0,远程攻击者可无需认证实现任意代码执行,接管服务器。
- CVE-2026-46633 (Twig 模板引擎) — PHP代码注入:Twig编译器中`{% use %}`标签处理模板名时未转义单引号,攻击者可通过构造恶意模板名,在服务器端注入并执行任意PHP代码。该引擎被广泛用于Symfony等框架,影响面极大。
- CVE-2026-46614 (Fission 无服务器平台) — 函数路由未授权访问:Fission路由器为所有Function对象自动注册内部路由`/fission-function//`,无需HTTPTrigger即可访问。攻击者可枚举并直接调用内部函数,导致未授权代码执行或数据泄露。
- CVE-2026-46421 (SAP CAP Java 供应链投毒) — 凭证窃取与横向传播:`@cap-js/sqlite`、`@cap-js/postgres`等包被恶意版本替换,自动窃取环境中凭证并自我复制。影响所有使用该版本进行开发的构建和部署流水线。
📈 威胁趋势
- 远程代码执行 (RCE) & 反序列化攻击激增:Twig模板引擎、HestiaCP、WordPress Boost插件均出现高风险RCE漏洞。反序列化仍是注入攻击的主要入口,特别是PHP、Java环境中相关漏洞呈高发态势。
- 权限提升与认证绕过:BoxLite沙箱出现权限绕过和路径遍历;NVIDIA Triton推理服务器存在认证绕过漏洞。云原生和AI基础设施的权限管控缺陷正成为新的攻击热点。
- DNS基础设施与供应链安全:Unbound出现CVSS 10.0的缓存投毒漏洞,威胁核心网络基础设施。同时,npm/Java生态供应链投毒事件再次出现,攻击手法更隐蔽(如利用set-qualified条件操作符绕过OIDC信任策略)。
- WordPress插件成重灾区:今日披露的多个CVSS 9.8漏洞涉及Boost、Easy Elements、ProSolution WP Client等插件,涵盖对象注入、文件上传和权限提升,表明插件生态安全监管仍不足。
🛡️ 缓解建议
- 立即升级受影响的核心组件:优先升级Unbound DNS服务器至1.25.1以上版本;升级HestiaCP至1.9.5;升级Twig至最新版本。对于Fission平台,应立即限制内部路由的公开暴露并实施认证。
- 排查并清除供应链恶意包:检查项目依赖中是否存在`@cap-js/sqlite@2.2.2`、`@cap-js/postgres@2.2.2`及`@cap-js/db-service@2.10.1`版本,立即替换为纯净版本并轮换所有可能泄露的凭证。
- 限制WordPress插件与最小权限原则:立即更新已披露漏洞的Boost、Easy Elements、ProSolution WP Client等插件。同时对所有WordPress网站启用Web应用防火墙 (WAF),禁止直接上传或反序列化不受信任的输入。
- 加强容器和沙箱环境的访问控制:针对BoxLite及Kubernetes环境,建议关闭自动挂载服务账号令牌(如Fission的fission-fetcher),并实施严格的最小RBAC权限策略,防止容器逃逸和信息泄露。
🚨 CISA-KEV(2 条)
Unknown (2 条)
- CVE-2026-34926 - Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability
CVE-2026-34926
CVE-2026-34926 Trend Micro Apex One (On-Premise) Directory Traversal Vulnerability 产品: Trend Micro Apex One 描述: Trend Micro Apex One (on-premise) contains a… - CVE-2025-34291 - Langflow Origin Validation Error Vulnerability
CVE-2025-34291
CVE-2025-34291 Langflow Origin Validation Error Vulnerability 产品: Langflow Langflow 描述: Langflow contains an origin validation error vulnerability in which an…
💣 Exploit-DB-RSS(5 条)
Unknown (5 条)
- [webapps] FUXA 1.2.9 - RCE
CVE-2026-25895
# Exploit Title: FUXA 1.2.9 - RCE # Date: 4/24/2026 # Exploit Author: Anthony Cihan (Hann1bl3L3ct3r) # Vendor Homepage: https://github.com/frangoteam/FUXA #… - [webapps] solaredge - (CSRF-OOB-Injection)
# Titles: solaredge - (CSRF-OOB-Injection) # Author: nu11secur1tyAI # Date: 2026-04-26 # Vendor: SolarEdge Technologies Ltd. # Software: SolarEdge Monitoring…
…另有 3 条 Unknown 级漏洞(已省略)
🐙 GitHub-Advisory(67 条)
Critical (6 条)
- CVE-2026-46614 - Fission router exposes /fission-function/<ns>/<name> on its public listener, all
CVE-2026-46614Critical
Summary The Fission router registers an internal-style route — `/fission-function/<name>` and `/fission-function/<ns>/<name>` — for every `Function` object,… - GHSA-q2f7-m237-v562 - @hulumi/policies: GitHub OIDC trust policy bypass via AWS set-qualified conditio Critical
Impact: @hulumi/policies versions before 1.3.2 only checked exact AWS IAM StringLike/StringEquals condition operator keys in G_OIDC_1. Set-qualified operators… - CVE-2026-46633 - Twig: PHP code injection via `{% use %}` template name
CVE-2026-46633Critical
Description `Compiler::string()` escapes `"`, `$`, `\`, NUL and TAB when generating PHP double-quoted string literals, but does not escape single quotes. In… - CVE-2026-46695 - BoxLite: Permission Bypass Allows Modification of Read-Only Files
CVE-2026-46695Critical
#### Summary Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and launch OCI containers within them to run… - CVE-2026-46703 - Boxlite: Path Traversal Vulnerability Leads to Arbitrary File Write on the Host
CVE-2026-46703Critical
#### Summary Boxlite is a sandbox service that allows users to create lightweight virtual machines (Boxes) and run OCI containers within them. Boxlite allows… - CVE-2026-46421 - Supply chain compromise via malicious package versions (@cap-js/sqlite, @cap-j
CVE-2026-46421Critical
## Impact On April 29, 2026, compromised versions of `@cap-js/sqlite@2.2.2`, `@cap-js/postgres@2.2.2`, and `@cap-js/db-service@2.10.1` were published. The…
High (24 条)
- CVE-2026-46612 - Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all fu
CVE-2026-46612High
Summary The Fission `storagesvc` component registers archive CRUD handlers (`/v1/archive` GET / POST / DELETE and `/v1/archives` list) directly on its HTTP… - CVE-2026-46617 - Fission runtime pods automount the fission-fetcher service-account token into th
CVE-2026-46617High
Summary Fission runtime pods were created with `ServiceAccountName: fission-fetcher`, and the `fission-fetcher` ServiceAccount was granted namespace-wide `get`… - CVE-2026-46643 - Snappy: Binary path is never shell-escaped due to an inverted is_executable chec
CVE-2026-46643High
Impact On POSIX, escapeshellarg(‘/usr/bin/wkhtmltopdf’) returns the literal string ‘/usr/bin/wkhtmltopdf’ with the single-quote characters included.… - CVE-2026-46654 - Plonky3 MultiField32Challenger: transcript malleability and challenge entropy lo
CVE-2026-46654High
Impact - **Key**: `challenger/src/multi_field_challenger.rs` | `MultiField32Challenger::duplexing` | `transcript_malleability` - **Affected files**:… - CVE-2026-46519 - MCP Server Kubernetes: Tool Access Control Bypass via Presentation-Layer Filteri
CVE-2026-46519High
## Summary `mcp-server-kubernetes` exposes three environment variables (`ALLOW_ONLY_READONLY_TOOLS`, `ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS`, `ALLOWED_TOOLS`)… - GHSA-2ffm-hxrq-qqmm - @hulumi/drift: Orphan reconciler accepted externally supplied execute plans High
Impact: @hulumi/drift versions before 1.3.2 could accept externally supplied execute plans without sufficient provenance checks, allowing unsafe reconciliation… - GHSA-g43v-9x7q-83pq - @hulumi/policies: HULUMI-H1 SecureBucket parent spoof bypass High
Impact: @hulumi/policies versions before 1.3.2 could accept spoofed SecureBucket parent evidence for HULUMI-H1, allowing policy evaluation to miss an unsafe… - GHSA-4xrh-5m3m-328w - @hulumi/policies: CIS 1.16 admin policy bypass for inline and attached IAM polic High
Impact: @hulumi/policies versions before 1.3.2 did not fully inspect inline and attached IAM policy evidence for the administrator-policy guardrail, so some… - GHSA-59f3-7227-wmh4 - @hulumi/policies: Stack-wide evidence bypassed Cloudflare and deployment-governa High
Impact: @hulumi/policies versions before 1.3.2 used stack-wide evidence shortcuts in several Cloudflare and deployment-governance validators. Unrelated… - CVE-2026-46673 - Russh: Unchecked CryptoVec allocation and growth handling is reachable
CVE-2026-46673High
Title Unchecked `CryptoVec` allocation and growth handling was reachable from local agent inputs in current `russh` releases and from remote SSH traffic in… - CVE-2026-46625 - JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attr
CVE-2026-46625High
## Summary `js-cookie`'s internal `assign()` helper copies properties with `for...in` + plain assignment. When the source object is produced by `JSON.parse`,… - CVE-2026-46639 - Twig: Sandbox property and method bypass via object-destructuring assignment
CVE-2026-46639High
Description The object-destructuring assignment syntax introduced in Twig 3.24.0 generates a call to `CoreExtension::getAttribute()` with the `$sandboxed`… - CVE-2026-46640 - Twig: Arbitrary PHP code execution via `_self.(<string>)` macro-reference compil
CVE-2026-46640High
Description The `obj.(expr)` dynamic-attribute syntax (added in 3.15.0 as the replacement for the deprecated `attribute()` function) lets the attribute be an… - CVE-2026-46679 - js-libp2p: Memory DoS via subscription flood of unique topics
CVE-2026-46679High
Summary Three cooperating omissions in `@libp2p/gossipsub` allow an unauthenticated single peer to exhaust the Node.js heap of any gossipsub node with default… - CVE-2026-46680 - containerd user ID handling bypass allows runAsNonRoot evasion
CVE-2026-46680High
Impact A bug was found in containerd where containers launched with a numeric `User` directive that cannot be parsed as a 32-bit integer are incorrectly… - CVE-2026-46681 - @nevware21/ts-utils: Prototype Pollution in objDeepCopy/objCopyProps via for...i
CVE-2026-46681High
## Summary The _copyProps function in lib/src/object/copy.ts uses for...in to iterate over source object properties without an Object.hasOwnProperty check, and… - CVE-2026-46701 - Network-AI: Unauthenticated Cross-Origin MCP Tool Invocation via Empty Default S
CVE-2026-46701High
# Unauthenticated Cross-Origin MCP Tool Invocation via Empty Default Secret | Field | Value | | ---------------- | ----- | | Repository |… - CVE-2026-45804 - Diffusers: TOCTOU Trust Remote Code Bypass
CVE-2026-45804High
## Background This vulnerability is found in the `diffusers` package - the `transformers`-equivalent library for diffusion models. It is found in the… - CVE-2026-8468 - Plug: Unbounded buffer accumulation in multipart header parsing causes denial of
CVE-2026-8468High
Summary An Allocation of Resources Without Limits or Throttling vulnerability in `Plug.Conn.read_part_headers/2` allows an unauthenticated attacker to exhaust… - GHSA-mw8f-w6p8-xrf4 - wger: cross-tenant account deletion / deactivation / activation by gym.manage_gy
CVE-2026-43948High
## Summary GHSA-mhc8-p3jx-84mm (CVE-2026-43948) reported that wger's `reset_user_password` and `gym_permissions_user_edit` views in `wger/gym/views/user.py`… - GHSA-9qv9-8xv6-5p35 - phpMyFAQ: Unauthenticated Password Reset Endpoint Allows User Enumeration and Fo High
Summary The password reset API can be triggered without authentication and without any out-of-band confirmation step. If an attacker knows a valid `username +… - GHSA-xvp4-phqj-cjr3 - phpMyFAQ: IDOR Account Takeover High
Summary An Insecure Direct Object Reference (IDOR) vulnerability in phpMyFAQ's Admin API allows any authenticated administrator to change the password of any… - GHSA-gp95-j463-vv28 - phpMyFAQ: Default Empty API Token Authentication Bypass High
Summary A default empty API client token allows any unauthenticated user to create and modify FAQ entries, categories, and questions via the REST API. The… - GHSA-w9xh-5f39-vq89 - phpMyFAQ: Missing Password Reset Token Allows Account Takeover via Username/Emai High
Summary An authentication bypass vulnerability in phpMyFAQ allows any unauthenticated attacker to reset the password of any user account, including SuperAdmin…
Medium (26 条)
- CVE-2026-46556 - FlaskBB: SSRF in get_image_info() via unrestricted avatar URL
CVE-2026-46556Medium 6.5
###Summary A Server-Side Request Forgery (SSRF) vulnerability in get_image_info() allows any authenticated user to force the server to send HTTP requests to… - CVE-2026-46561 - pyload-ng: SSRF via HTTP Redirect Bypass in parse_urls API
CVE-2026-46561Medium
## Summary The SSRF mitigation added in commit `33c55da` for GHSA-7gvf-3w72-p2pg is incomplete. The `PREREQFUNCTION`-based private IP check was correctly… - CVE-2026-46616 - Umbraco.Cms: Open Redirect Vulnerability in Surface Controllers
CVE-2026-46616Medium
Impact Some of the Surface Controllers in the CMS provide to support member related operations fail to validate redirect URLs, making Razor templates that… - CVE-2026-46618 - Fission builder accepts arbitrary buildcmd strings from Environment.spec.builder
CVE-2026-46618Medium
Summary Before the round-1 security sweep, `pkg/builder/builder.go` passed `Environment.spec.builder.command` directly into `exec.Command(...)` after a… - CVE-2026-46683 - Snappy : SSRF and local file read via the xsl-style-sheet option
CVE-2026-46683Medium
Impact It impacts applications where: - the PHP daemon run with root permissions ; - the application is either running outside a container or has sensitive… - CVE-2026-46547 - NocoDB: Reflected Cross-Site Scripting via Page Leaving Redirect URL
CVE-2026-46547Medium
Summary A reflected XSS vulnerability exists in the Page Leaving Warning page. The `ncRedirectUrl` and `ncBackUrl` query parameters are used in… - CVE-2026-46548 - NocoDB: SSRF Protection Bypass in Notification Webhook Plugins (Slack, Discord,
CVE-2026-46548Medium
Summary The `request-filtering-agent` SSRF protection was non-functional in the four notification webhook plugins (Slack, Discord, Mattermost, Teams) because… - CVE-2026-46550 - NocoDB: Refresh Token Cookie Set Without `secure` and `sameSite` Flags
CVE-2026-46550Medium
Summary The refresh-token cookie was set with `httpOnly: true` but missing both the `secure` flag and the `sameSite` attribute. Over plain HTTP the cookie…
…另有 18 条 Medium 级漏洞(已省略)
Low (11 条)
- CVE-2026-46668 - SpiceDB: Caveat structures with nested lists can result in improper cache reuse
CVE-2026-46668Low
Impact Users are impacted if: - They have a caveat structure with a nested list, e.g.: ```zed caveat shape(x list<any>) { x == [["a"], "b"] } ``` - Their… - CVE-2026-46549 - NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation
CVE-2026-46549Low
Summary The OAuth token strategy attached `oauth_scope` and `oauth_granted_resources` to the request user, but the ACL middleware never consulted either. An… - CVE-2026-46553 - NocoDB: Attachment Size Limit Bypass via Upload-by-URL
CVE-2026-46553Low
Summary The upload-by-URL path did not enforce `NC_ATTACHMENT_FIELD_SIZE` against either the remote file's advertised `Content-Length` or the decoded length of…
…另有 8 条 Low 级漏洞(已省略)
🛡️ NVD-Latest(66 条)
Critical (17 条)
- CVE-2026-42960 NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning
CVE-2026-42960Critical 10.0
CVE-2026-42960 CVSS:10.0 NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to poisoning via promiscuous records for the authority section.… - CVE-2026-43633 HestiaCP versions 1.9.0 through 1.9.4 contain a deserialization vulnerability in
CVE-2026-43633Critical 10.0
CVE-2026-43633 CVSS:10.0 HestiaCP versions 1.9.0 through 1.9.4 contain a deserialization vulnerability in the web terminal component caused by a session format… - CVE-2026-33278 NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability
CVE-2026-33278Critical 9.8
CVE-2026-33278 CVSS:9.8 NLnet Labs Unbound 1.19.1 up to and including version 1.25.0 has a vulnerability in the DNSSEC validator that enables denial of service… - CVE-2026-7637 The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions
CVE-2026-7637Critical 9.8
CVE-2026-7637 CVSS:9.8 The Boost plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 2.0.3 via deserialization of… - CVE-2026-24207 NVIDIA Triton Inference Server contains a vulnerability where an attacker could
CVE-2026-24207Critical 9.8
CVE-2026-24207 CVSS:9.8 NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of… - CVE-2026-7284 The Easy Elements for Elementor – Addons & Website Templates plugin for WordPres
CVE-2026-7284Critical 9.8
CVE-2026-7284 CVSS:9.8 The Easy Elements for Elementor – Addons & Website Templates plugin for WordPress is vulnerable to privilege escalation via user… - CVE-2026-6555 The ProSolution WP Client plugin for WordPress is vulnerable to Arbitrary File U
CVE-2026-6555Critical 9.8
CVE-2026-6555 CVSS:9.8 The ProSolution WP Client plugin for WordPress is vulnerable to Arbitrary File Upload in versions up to, and including, 2.0.0. This is… - CVE-2026-47323 Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filteri
CVE-2026-47323Critical 9.8
CVE-2026-47323 CVSS:9.8 Camel-CXF and Camel-Knative Message Header Injection via Missing Inbound Filtering The CXF and Knative HeaderFilterStrategy… - CVE-2026-4883 The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload du
CVE-2026-4883Critical 9.8
CVE-2026-4883 CVSS:9.8 The Piotnet Forms plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in the… - CVE-2026-43493 In the Linux kernel, the following vulnerability has been resolved: crypto: pcr
CVE-2026-43493Critical 9.8
CVE-2026-43493 CVSS:9.8 In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Fix handling of MAY_BACKLOG requests MAY_BACKLOG… - CVE-2026-45434 Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic
CVE-2026-45434Critical 9.8
CVE-2026-45434 CVSS:9.8 Improper Authentication vulnerability in Apache OFBiz via Password-Change Logic Flaw Leading to Remote Code Execution This issue… - CVE-2026-4885 The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbit
CVE-2026-4885Critical 9.8
CVE-2026-4885 CVSS:9.8 The Piotnet Addons for Elementor Pro plugin for WordPress is vulnerable to arbitrary file upload due to missing file type validation in… - CVE-2026-2611 In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin
CVE-2026-2611Critical 9.6
CVE-2026-2611 CVSS:9.6 In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This… - CVE-2026-8948 Same-origin policy bypass in the DOM: Networking component. This vulnerability w
CVE-2026-8948Critical 9.1
CVE-2026-8948 CVSS:9.1 Same-origin policy bypass in the DOM: Networking component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. 产品: mozilla… - CVE-2026-41919 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injecti
CVE-2026-41919Critical 9.1
CVE-2026-41919 CVSS:9.1 Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection') vulnerability in Apache OFBiz. This issue affects… - CVE-2026-31986 Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz. This issue a
CVE-2026-31986Critical 9.1
CVE-2026-31986 CVSS:9.1 Use of Hard-coded Cryptographic Key vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are… - CVE-2026-22314 Improper Control of Generation of Code ('Code Injection') vulnerability in Mesal
CVE-2026-22314Critical 9.0
CVE-2026-22314 CVSS:9.0 Improper Control of Generation of Code ('Code Injection') vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona…
High (49 条)
- CVE-2026-5200 The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution
CVE-2026-5200High 8.8
CVE-2026-5200 CVSS:8.8 The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to… - CVE-2026-7522 The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Lo
CVE-2026-7522High 8.8
CVE-2026-7522 CVSS:8.8 The Advanced Database Cleaner – Premium plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including,… - CVE-2026-7467 The Read More & Accordion plugin for WordPress is vulnerable to Privilege Escala
CVE-2026-7467High 8.8
CVE-2026-7467 CVSS:8.8 The Read More & Accordion plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 3.5.7. This… - CVE-2026-6456 The Account Switcher plugin for WordPress is vulnerable to Privilege Escalation
CVE-2026-6456High 8.8
CVE-2026-6456 CVSS:8.8 The Account Switcher plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.2. This is due… - CVE-2026-46586 Improper Control of Generation of Code ('Code Injection'), Improper Neutralizati
CVE-2026-46586High 8.8
CVE-2026-46586 CVSS:8.8 Improper Control of Generation of Code ('Code Injection'), Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval… - CVE-2026-27648 in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code ex
CVE-2026-27648High 8.8
CVE-2026-27648 CVSS:8.8 in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps. 产品: - CVE-2026-25781 in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it c
CVE-2026-25781High 8.4
CVE-2026-25781 CVSS:8.4 in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered. 产品: - CVE-2026-9057 A broken access control issue has been identified in the Talend Administration C
CVE-2026-9057High 8.2
CVE-2026-9057 CVSS:8.2 A broken access control issue has been identified in the Talend Administration Center, that allows a user with “View” permission to… - CVE-2026-47784 In memcached before 1.6.42, password data for SASL password database authenticat
CVE-2026-47784High 8.1
CVE-2026-47784 CVSS:8.1 In memcached before 1.6.42, password data for SASL password database authentication has a timing side channel because memcmp is used by… - CVE-2026-47783 In memcached before 1.6.42, username data for SASL password database authenticat
CVE-2026-47783High 8.1
CVE-2026-47783 CVSS:8.1 In memcached before 1.6.42, username data for SASL password database authentication has a timing side channel because a loop exits as… - CVE-2026-43618 Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the c
CVE-2026-43618High 8.1
CVE-2026-43618 CVSS:8.1 Rsync version 3.4.2 and prior contain an integer overflow vulnerability in the compressed-token decoder where a 32-bit signed counter… - CVE-2026-7504 A flaw was found in Keycloak's URL validation logic during redirect operations.
CVE-2026-7504High 8.1
CVE-2026-7504 CVSS:8.1 A flaw was found in Keycloak's URL validation logic during redirect operations. By crafting a malicious request, an attacker could… - CVE-2026-24792 in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code ex
CVE-2026-24792High 8.1
CVE-2026-24792 CVSS:8.1 in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps. 产品: - CVE-2025-11954 Cross-Site request forgery (CSRF) vulnerability in Sitemio Information Technolog
CVE-2025-11954High 8.0
CVE-2025-11954 CVSS:8.0 Cross-Site request forgery (CSRF) vulnerability in Sitemio Information Technologies Trade Ltd. Co. WISECP allows Cross Site Request… - CVE-2026-24214 NVIDIA Triton Inference Server contains a vulnerability in the DALI backend wher
CVE-2026-24214High 8.0
CVE-2026-24214 CVSS:8.0 NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an integer overflow. A… - CVE-2026-24213 NVIDIA Triton Inference Server contains a vulnerability in the DALI backend wher
CVE-2026-24213High 8.0
CVE-2026-24213 CVSS:8.0 NVIDIA Triton Inference Server contains a vulnerability in the DALI backend where an attacker could cause an out-of-bounds read. A… - CVE-2026-0856 Improper Access Control vulnerability in Mesalvo Meona Client Launcher Component
CVE-2026-0856High 7.8
CVE-2026-0856 CVSS:7.8 Improper Access Control vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables a normal user… - CVE-2026-44933 `PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this ro
CVE-2026-44933High 7.8
CVE-2026-44933 CVSS:7.8 `PluginScript` attempts to `chroot` the plugin to the `repoManagerRoot`, this root is frequently `/` (the system root) in standard… - CVE-2026-41054 In `src/havegecmd.c`, the `socket_handler` function performs a credential check
CVE-2026-41054High 7.8
CVE-2026-41054 CVSS:7.8 In `src/havegecmd.c`, the `socket_handler` function performs a credential check on the abstract UNIX socket (`\0/sys/entropy/haveged`).… - CVE-2026-23558 The adjustments made for XSA-379 as well as those subsequently becoming XSA-387
CVE-2026-23558High 7.8
CVE-2026-23558 CVSS:7.8 The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does… - CVE-2026-47314 Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflo
CVE-2026-47314High 7.8
CVE-2026-47314 CVSS:7.8 Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot:… - CVE-2026-47311 Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows
CVE-2026-47311High 7.8
CVE-2026-47311 CVSS:7.8 Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot:… - CVE-2026-47310 Use after free vulnerability in Samsung Open Source Escargot allows Pointer Mani
CVE-2026-47310High 7.8
CVE-2026-47310 CVSS:7.8 Use after free vulnerability in Samsung Open Source Escargot allows Pointer Manipulation. This issue affects Escargot:… - CVE-2026-9064 A flaw was found in 389-ds-base. The get_ldapmessage_controls_ext() function in
CVE-2026-9064High 7.5
CVE-2026-9064 CVSS:7.5 A flaw was found in 389-ds-base. The get_ldapmessage_controls_ext() function in the LDAP server does not enforce an upper bound on the… - CVE-2026-42959 NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vu
CVE-2026-42959High 7.5
CVE-2026-42959 CVSS:7.5 NLnet Labs Unbound up to and including version 1.25.0 has a denial of service vulnerability in the DNSSEC validator that can lead to a… - CVE-2026-42944 NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability
CVE-2026-42944High 7.5
CVE-2026-42944 CVSS:7.5 NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple… - CVE-2026-41292 NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degrada
CVE-2026-41292High 7.5
CVE-2026-41292 CVSS:7.5 NLnet Labs Unbound up to and including version 1.25.0 is vulnerable to a degradation of service attack related to parsing long lists of… - CVE-2026-9010 The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the
CVE-2026-9010High 7.5
CVE-2026-9010 CVSS:7.5 The Boost plugin for WordPress is vulnerable to time-based SQL Injection via the 'current_url' and 'user_name' parameters in versions up… - CVE-2026-9003 E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerabil
CVE-2026-9003High 7.5
CVE-2026-9003 CVSS:7.5 E-LAN Hybrid Recording System developed by TONNET has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject… - CVE-2026-24210 NVIDIA Triton Inference Server contains a vulnerability where an attacker could
CVE-2026-24210High 7.5
CVE-2026-24210 CVSS:7.5 NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an integer overflow. A successful exploit of this… - CVE-2026-24209 NVIDIA Triton Inference Server contains a vulnerability where an attacker could
CVE-2026-24209High 7.5
CVE-2026-24209 CVSS:7.5 NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a path traversal issue. A successful exploit of… - CVE-2026-24163 NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where a
CVE-2026-24163High 7.5
CVE-2026-24163 CVSS:7.5 NVIDIA TRT-LLM for any platform contains a vulnerability in RPC testing, where an attacker could cause an unsafe deserialization. A… - CVE-2025-33255 NVIDIA TRT-LLM for any platform contains a vulnerability in MPI server, where an
CVE-2025-33255High 7.5
CVE-2025-33255 CVSS:7.5 NVIDIA TRT-LLM for any platform contains a vulnerability in MPI server, where an attacker could cause an unsafe deserialization. A… - CVE-2026-3985 The Creative Mail – Easier WordPress & WooCommerce Email Marketing plugin for Wo
CVE-2026-3985High 7.5
CVE-2026-3985 CVSS:7.5 The Creative Mail – Easier WordPress & WooCommerce Email Marketing plugin for WordPress is vulnerable to SQL Injection via the… - CVE-2026-8946 Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vul
CVE-2026-8946High 7.5
CVE-2026-8946 CVSS:7.5 Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36,… - CVE-2026-8945 Sandbox escape in Firefox and Firefox Focus for Android. This vulnerability was
CVE-2026-8945High 7.5
CVE-2026-8945 CVSS:7.5 Sandbox escape in Firefox and Firefox Focus for Android. This vulnerability was fixed in Firefox 151. 产品: - CVE-2026-8912 The Contest Gallery plugin for WordPress is vulnerable to SQL Injection via the
CVE-2026-8912High 7.5
CVE-2026-8912 CVSS:7.5 The Contest Gallery plugin for WordPress is vulnerable to SQL Injection via the 'form_input' parameter in versions up to, and including,… - CVE-2026-7507 A session fixation vulnerability was found in Keycloak's login-actions endpoints
CVE-2026-7507High 7.5
CVE-2026-7507 CVSS:7.5 A session fixation vulnerability was found in Keycloak's login-actions endpoints. An unauthenticated attacker could exploit this flaw by… - CVE-2026-7307 A flaw was found in Keycloak. A remote, unauthenticated attacker can send a spec
CVE-2026-7307High 7.5
CVE-2026-7307 CVSS:7.5 A flaw was found in Keycloak. A remote, unauthenticated attacker can send a specially crafted XML input to the Security Assertion Markup… - CVE-2026-31910 Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz. This issue af
CVE-2026-31910High 7.5
CVE-2026-31910 CVSS:7.5 Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 24.09.06. Users are… - CVE-2026-31909 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apac
CVE-2026-31909High 7.5
CVE-2026-31909 CVSS:7.5 Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before… - CVE-2026-8813 This affects versions of the package exifreader before 4.39.0. A crafted image c
CVE-2026-8813High 7.5
CVE-2026-8813 CVSS:7.5 This affects versions of the package exifreader before 4.39.0. A crafted image containing an ICC mluc tag can set an attacker-controlled… - CVE-2025-15609 The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API
CVE-2025-15609High 7.5
CVE-2025-15609 CVSS:7.5 The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to… - CVE-2026-24206 NVIDIA Triton Inference Server contains a vulnerability where an attacker could
CVE-2026-24206High 7.3
CVE-2026-24206 CVSS:7.3 NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause an authentication bypass. A successful exploit of… - CVE-2026-8947 Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was f
CVE-2026-8947High 7.3
CVE-2026-8947 CVSS:7.3 Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR… - CVE-2026-29226 Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz via Content com
CVE-2026-29226High 7.3
CVE-2026-29226 CVSS:7.3 Server-Side Request Forgery (SSRF) vulnerability in Apache OFBiz via Content component operations. This issue affects Apache OFBiz:… - CVE-2026-22315 Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Co
CVE-2026-22315High 7.2
CVE-2026-22315 CVSS:7.2 Incorrect Privilege Assignment vulnerability in Mesalvo Meona Client Launcher Component, Mesalvo Meona Server Component enables the… - CVE-2026-7571 A flaw was found in Keycloak. A low-privilege user, with knowledge of user crede
CVE-2026-7571High 7.1
CVE-2026-7571 CVSS:7.1 A flaw was found in Keycloak. A low-privilege user, with knowledge of user credentials and client ID, can bypass a security control… - CVE-2026-29518 Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race
CVE-2026-29518High 7.0
CVE-2026-29518 CVSS:7.0 Rsync versions before 3.4.3 contain a time-of-check to time-of-use (TOCTOU) race condition in daemon file handling that allows…
⚔️ Sploitus(60 条)
Unknown (60 条)
- Exploit for CVE-2026-5118 exploit
CVE-2026-5118
Exploit for CVE-2026-5118 exploit - bug-bounty-hunts exploit
bug-bounty-hunts exploit
…另有 58 条 Unknown 级漏洞(已省略)
🤖 漏洞情报自动汇总 · 2026-05-22 · 数据来源: NVD / GitHub Advisory / Sploitus / CISA-KEV