📊 2026-05-23 漏洞情报日报 · 200 条 · 高危 102
每日漏洞情报汇总 · 2026-05-23
📊 2026-05-23 漏洞情报日报
📋 共 200 条
🔥 高危/严重 102 条
🚨 CISA-KEV 1 条
🐙 GitHub-Advisory 42 条 🔥17
🛡️ NVD-Latest 85 条 🔥85
⚔️ Sploitus 72 条
🤖 今日安全态势分析
🎯 今日重点关注
- CVE-2026-46670 (YesWiki) — 未认证SQL注入:影响YesWiki默认安装,攻击者无需登录即可通过Bazar表单导入路径注入任意SQL语句,导致数据库全量读取与数据泄露,风险极高。
- CVE-2026-46614 (Fission) — 内部路由公开暴露:Fission路由组件未验证HTTPTrigger是否存在,导致所有函数内部路由对外暴露,攻击者可未经授权直接调用函数,引发远程代码执行风险。
- CVE-2026-46633 (Twig) — PHP代码注入:模板引擎Twig在处理`{% use %}`标签时,因对单引号转义缺失,导致PHP代码注入。任何允许用户控制模板名称的场景均可触发RCE。
- CVE-2026-45444 (WP Swings Gift Cards Pro) — 任意文件上传 (CVSS 10.0):WordPress插件存在未限制文件上传漏洞,攻击者可直接上传恶意文件至服务器,实现远程代码执行与站点完全控制。
📈 威胁趋势
- 远程代码执行 (RCE) 与任意文件上传 (6起):今日威胁之首。包括Twig模板注入、Fission路由滥用、WordPress多款插件(Avada Builder、Divi Builder、Trend Micro Apex One)的RCE及文件上传漏洞,攻击链成熟,极易被利用。
- 未授权访问与配置不当 (4起):Fission StorageSvc未认证CRUD接口、Cisco Secure Workload内REST API权限验证缺失、Fission运行时Pod令牌自动挂载等,暴露未授权数据操作与权限提升路径。
- SQL注入 (1起):YesWiki漏洞可直接读取数据库,结合身份绕过风险极高。
- 反序列化与签名绕过 (2起):aiosend在签名验证前反序列化请求体、Apache PyFory反序列化绕过策略,可被用于构造恶意请求执行任意代码。
- 缓冲区溢出 (1起):Netatalk CNID守护进程堆溢出,远程认证后即可执行代码,影响范围广。
🛡️ 缓解建议
- 立即升级核心受影响组件:优先升级YesWiki、Fission、Twig、Netatalk至最新安全版本;针对WordPress插件,立即更新Divi Form Builder(>5.1.2)、Avada Builder(>3.15.2)、Gift Cards Pro(>4.2.6)及Trend Micro Apex One至修复版本。
- 配置安全访问控制:对Fission路由器、StorageSvc等内部组件启用网络隔离与API网关认证,避免直接暴露于公网;检查Cisco Secure Workload内部REST API的权限策略,实施最小权限原则。
- 强化输入验证与反序列化安全:在应用层对用户输入(特别是SQL语句、模板名称、文件上传路径)实施严格的参数化与白名单过滤;确保所有Webhook和序列化框架(如Pydantic)均在验证签名后再处理数据。
- 审查运行时权限与令牌配置:对于Kubernetes环境(如Fission),禁止默认挂载服务账号令牌至运行时Pod,使用细粒度的RBAC限制Secrets和ConfigMaps的访问范围。
🚨 CISA-KEV(1 条)
Unknown (1 条)
- CVE-2026-9082 - Drupal Core SQL Injection Vulnerability
CVE-2026-9082
CVE-2026-9082 Drupal Core SQL Injection Vulnerability 产品: Drupal Core 描述: Drupal Core contains a SQL injection vulnerability that could allow for privilege…
🐙 GitHub-Advisory(42 条)
Critical (5 条)
- CVE-2026-46670 - YesWiki: Unauthenticated SQL Injection
CVE-2026-46670Critical
Summary An unauthenticated SQL injection in the Bazar form-import path (`FormManager::create()`) allows any unauthenticated visitor of a default YesWiki… - GHSA-qqqm-5547-774x - FileBrowser Quantum: Path traversal in public share PATCH allows file ops outsid
CVE-2026-44542Critical
## Summary `publicPatchHandler` in `backend/http/public.go` joins user-controlled `fromPath` and `toPath` body fields with the trusted `d.share.Path` BEFORE… - CVE-2026-46614 - Fission router exposes /fission-function/<ns>/<name> on its public listener, all
CVE-2026-46614Critical
Summary The Fission router registers an internal-style route — `/fission-function/<name>` and `/fission-function/<ns>/<name>` — for every `Function` object,… - GHSA-q2f7-m237-v562 - @hulumi/policies: GitHub OIDC trust policy bypass via AWS set-qualified conditio Critical
Impact: @hulumi/policies versions before 1.3.2 only checked exact AWS IAM StringLike/StringEquals condition operator keys in G_OIDC_1. Set-qualified operators… - CVE-2026-46633 - Twig: PHP code injection via `{% use %}` template name
CVE-2026-46633Critical
Description `Compiler::string()` escapes `"`, `$`, `\`, NUL and TAB when generating PHP double-quoted string literals, but does not escape single quotes. In…
High (12 条)
- GHSA-7m8f-hgjq-8gc9 - aiosend: Deserialization of request body before signature verification (Pre-auth High
# Vulnerability Description In `aiosend/webhook/base.py`, the `WebhookHandler.feed_update()` method performs full deserialization of the incoming JSON via… - CVE-2026-46612 - Fission StorageSvc /v1/archive endpoint exposes unauthenticated CRUD over all fu
CVE-2026-46612High
Summary The Fission `storagesvc` component registers archive CRUD handlers (`/v1/archive` GET / POST / DELETE and `/v1/archives` list) directly on its HTTP… - CVE-2026-46617 - Fission runtime pods automount the fission-fetcher service-account token into th
CVE-2026-46617High
Summary Fission runtime pods were created with `ServiceAccountName: fission-fetcher`, and the `fission-fetcher` ServiceAccount was granted namespace-wide `get`… - CVE-2026-46643 - Snappy: Binary path is never shell-escaped due to an inverted is_executable chec
CVE-2026-46643High
Impact On POSIX, escapeshellarg(‘/usr/bin/wkhtmltopdf’) returns the literal string ‘/usr/bin/wkhtmltopdf’ with the single-quote characters included.… - CVE-2026-46654 - Plonky3 MultiField32Challenger: transcript malleability and challenge entropy lo
CVE-2026-46654High
Impact - **Key**: `challenger/src/multi_field_challenger.rs` | `MultiField32Challenger::duplexing` | `transcript_malleability` - **Affected files**:… - CVE-2026-46519 - MCP Server Kubernetes: Tool Access Control Bypass via Presentation-Layer Filteri
CVE-2026-46519High
## Summary `mcp-server-kubernetes` exposes three environment variables (`ALLOW_ONLY_READONLY_TOOLS`, `ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS`, `ALLOWED_TOOLS`)… - GHSA-2ffm-hxrq-qqmm - @hulumi/drift: Orphan reconciler accepted externally supplied execute plans High
Impact: @hulumi/drift versions before 1.3.2 could accept externally supplied execute plans without sufficient provenance checks, allowing unsafe reconciliation… - GHSA-g43v-9x7q-83pq - @hulumi/policies: HULUMI-H1 SecureBucket parent spoof bypass High
Impact: @hulumi/policies versions before 1.3.2 could accept spoofed SecureBucket parent evidence for HULUMI-H1, allowing policy evaluation to miss an unsafe… - GHSA-4xrh-5m3m-328w - @hulumi/policies: CIS 1.16 admin policy bypass for inline and attached IAM polic High
Impact: @hulumi/policies versions before 1.3.2 did not fully inspect inline and attached IAM policy evidence for the administrator-policy guardrail, so some… - GHSA-59f3-7227-wmh4 - @hulumi/policies: Stack-wide evidence bypassed Cloudflare and deployment-governa High
Impact: @hulumi/policies versions before 1.3.2 used stack-wide evidence shortcuts in several Cloudflare and deployment-governance validators. Unrelated… - CVE-2026-46673 - Russh: Unchecked CryptoVec allocation and growth handling is reachable
CVE-2026-46673High
Title Unchecked `CryptoVec` allocation and growth handling was reachable from local agent inputs in current `russh` releases and from remote SSH traffic in… - CVE-2026-46625 - JavaScript Cookie: Per-instance prototype hijack in assign() enables cookie-attr
CVE-2026-46625High
## Summary `js-cookie`'s internal `assign()` helper copies properties with `for...in` + plain assignment. When the source object is produced by `JSON.parse`,…
Medium (19 条)
- CVE-2026-46556 - FlaskBB: SSRF in get_image_info() via unrestricted avatar URL
CVE-2026-46556Medium 6.5
###Summary A Server-Side Request Forgery (SSRF) vulnerability in get_image_info() allows any authenticated user to force the server to send HTTP requests to… - CVE-2026-8723 - qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/u
CVE-2026-8723Medium
Summary `qs.stringify` throws `TypeError` when called with `arrayFormat: 'comma'` and `encodeValuesOnly: true` on an array containing `null` or `undefined`.… - CVE-2026-46715 - Flask-Security-Too OAuth reauthentication freshness bypass via cross- user OAu
CVE-2026-46715Medium
Summary Flask-Security-Too 5.8.0's OAuth reauthentication flow can mark a session as fresh after verifying an OAuth account that belongs to a different user.… - CVE-2026-46692 - ImageMagick: Heap Buffer Over-Write in distributed pixel cache server
CVE-2026-46692Medium
An attacker who can connect to a `magick -distribute-cache` service can cause a heap buffer over-write in the server process. - CVE-2026-46693 - ImageMagick: Race Condition in distributed pixel cache server can result in file
CVE-2026-46693Medium
An attacker who can connect to a magick -distribute-cache service can hijack a file descriptor in the server process when a race condition is met. - CVE-2026-47165 - ImageMagick: Information Disclosure in distributed pixel cache server because it
CVE-2026-47165Medium
The distributed pixel cache was originally designed to operate without a challenge–response authentication model. However, given today’s heightened security… - CVE-2026-47166 - ImageMagick: Heap Buffer Over-Read in distributed pixel cache server
CVE-2026-47166Medium
An attacker who can connect to a magick -distribute-cache service can cause a heap buffer over-read in the server process. - CVE-2026-46561 - pyload-ng: SSRF via HTTP Redirect Bypass in parse_urls API
CVE-2026-46561Medium
## Summary The SSRF mitigation added in commit `33c55da` for GHSA-7gvf-3w72-p2pg is incomplete. The `PREREQFUNCTION`-based private IP check was correctly…
…另有 11 条 Medium 级漏洞(已省略)
Low (6 条)
- CVE-2026-46668 - SpiceDB: Caveat structures with nested lists can result in improper cache reuse
CVE-2026-46668Low
Impact Users are impacted if: - They have a caveat structure with a nested list, e.g.: ```zed caveat shape(x list<any>) { x == [["a"], "b"] } ``` - Their… - CVE-2026-46549 - NocoDB: OAuth Token Scope Not Enforced at ACL Layer Allows Scope Escalation
CVE-2026-46549Low
Summary The OAuth token strategy attached `oauth_scope` and `oauth_granted_resources` to the request user, but the ACL middleware never consulted either. An… - CVE-2026-46553 - NocoDB: Attachment Size Limit Bypass via Upload-by-URL
CVE-2026-46553Low
Summary The upload-by-URL path did not enforce `NC_ATTACHMENT_FIELD_SIZE` against either the remote file's advertised `Content-Length` or the decoded length of…
…另有 3 条 Low 级漏洞(已省略)
🛡️ NVD-Latest(85 条)
Critical (15 条)
- CVE-2026-45444 Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift
CVE-2026-45444Critical 10.0
CVE-2026-45444 CVSS:10.0 Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious… - CVE-2026-20223 A vulnerability in the access validation of internal REST APIs of Cisco Sec
CVE-2026-20223Critical 10.0
CVE-2026-20223 CVSS:10.0 A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote… - CVE-2026-44050 A heap-based buffer overflow in the CNID daemon comm_rcv() function in Netatalk
CVE-2026-44050Critical 9.9
CVE-2026-44050 CVSS:9.9 A heap-based buffer overflow in the CNID daemon comm_rcv() function in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated… - CVE-2026-48207 Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializ
CVE-2026-48207Critical 9.8
CVE-2026-48207 CVSS:9.8 Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy… - CVE-2025-71211 A vulnerability in the Trend Micro Apex One management console could allow a rem
CVE-2025-71211Critical 9.8
CVE-2025-71211 CVSS:9.8 A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute… - CVE-2025-71210 A vulnerability in the Trend Micro Apex One management console could allow a rem
CVE-2025-71210Critical 9.8
CVE-2025-71210 CVSS:9.8 A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute… - CVE-2026-5118 The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation
CVE-2026-5118Critical 9.8
CVE-2026-5118 CVSS:9.8 The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to… - CVE-2026-6279 The Avada Builder (fusion-builder) plugin for WordPress is vulnerable to Unauthe
CVE-2026-6279Critical 9.8
CVE-2026-6279 CVSS:9.8 The Avada Builder (fusion-builder) plugin for WordPress is vulnerable to Unauthenticated Remote Code Execution via PHP Function… - CVE-2026-8631 A potential security vulnerability has been identified in the HP Linux Imaging a
CVE-2026-8631Critical 9.8
CVE-2026-8631 CVSS:9.8 A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may… - CVE-2026-9141 Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication
CVE-2026-9141Critical 9.8
CVE-2026-9141 CVSS:9.8 Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration… - CVE-2026-9139 Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded crede
CVE-2026-9139Critical 9.8
CVE-2026-9139 CVSS:9.8 Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration… - CVE-2026-39531 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
CVE-2026-39531Critical 9.3
CVE-2026-39531 CVSS:9.3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit… - CVE-2026-5433 Honeywell Control Network Module (CNM) contains command injection vulnerability
CVE-2026-5433Critical 9.1
CVE-2026-5433 CVSS:9.1 Honeywell Control Network Module (CNM) contains command injection vulnerability in the web interface. An attacker could exploit this… - CVE-2026-47372 Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values
CVE-2026-47372Critical 9.1
CVE-2026-47372 CVSS:9.1 Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. These versions use the built-in rand… - CVE-2026-8598 An undocumented configuration export port is accessible on some models of ZKTec
CVE-2026-8598Critical 9.1
CVE-2026-8598 CVSS:9.1 An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication…
High (70 条)
- CVE-2026-9089 The ConnectWise Automate™ Agent does not fully verify the authenticity of compon
CVE-2026-9089High 8.8
CVE-2026-9089 CVSS:8.8 The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update… - CVE-2026-39461 libcasper(3) communicates with helper processes via UNIX domain sockets, and use
CVE-2026-39461High 8.8
CVE-2026-39461 CVSS:8.8 libcasper(3) communicates with helper processes via UNIX domain sockets, and uses the select(2) system call to wait for data to become… - CVE-2026-44048 A stack-based buffer overflow via UCS-2 type confusion in convert_charset() in N
CVE-2026-44048High 8.8
CVE-2026-44048 CVSS:8.8 A stack-based buffer overflow via UCS-2 type confusion in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote… - CVE-2026-44047 An SQL injection vulnerability in the MySQL CNID backend in Netatalk 3.1.0 throu
CVE-2026-44047High 8.8
CVE-2026-44047 CVSS:8.8 An SQL injection vulnerability in the MySQL CNID backend in Netatalk 3.1.0 through 4.4.2 allows a remote authenticated attacker to… - CVE-2026-9126 Use after free in DOM in Google Chrome on prior to 148.0.7778.179 allowed a remo
CVE-2026-9126High 8.8
CVE-2026-9126 CVSS:8.8 Use after free in DOM in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox… - CVE-2026-9121 Out of bounds read in GPU in Google Chrome on prior to 148.0.7778.179 allowed a
CVE-2026-9121High 8.8
CVE-2026-9121 CVSS:8.8 Out of bounds read in GPU in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to potentially exploit heap corruption… - CVE-2026-9120 Use after free in WebRTC in Google Chrome prior to 148.0.7778.179 allowed a remo
CVE-2026-9120High 8.8
CVE-2026-9120 CVSS:8.8 Use after free in WebRTC in Google Chrome prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML… - CVE-2026-9119 Heap buffer overflow in WebRTC in Google Chrome on prior to 148.0.7778.179 allow
CVE-2026-9119High 8.8
CVE-2026-9119 CVSS:8.8 Heap buffer overflow in WebRTC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a… - CVE-2026-9118 Use after free in XR in Google Chrome on Windows prior to 148.0.7778.179 allowed
CVE-2026-9118High 8.8
CVE-2026-9118 CVSS:8.8 Use after free in XR in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a… - CVE-2026-9114 Use after free in QUIC in Google Chrome on prior to 148.0.7778.179 allowed a rem
CVE-2026-9114High 8.8
CVE-2026-9114 CVSS:8.8 Use after free in QUIC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox… - CVE-2026-9112 Use after free in GPU in Google Chrome on Windows prior to 148.0.7778.179 allowe
CVE-2026-9112High 8.8
CVE-2026-9112 CVSS:8.8 Use after free in GPU in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a… - CVE-2026-9111 Use after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.179 allow
CVE-2026-9111High 8.8
CVE-2026-9111 CVSS:8.8 Use after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a… - CVE-2026-24217 NVIDIA BioNeMo Core for Linux contains a vulnerability where a user could cause
CVE-2026-24217High 8.8
CVE-2026-24217 CVSS:8.8 NVIDIA BioNeMo Core for Linux contains a vulnerability where a user could cause a path traversal by loading a malicious file. A… - CVE-2026-44926 InfoScale CmdServer before 7.4.2 mishandles access control.
CVE-2026-44926High 8.8
CVE-2026-44926 CVSS:8.8 InfoScale CmdServer before 7.4.2 mishandles access control. 产品: - CVE-2026-44925 Cross-Site Request Forgery (CSRF) vulnerability in InfoScale v.9.1.3 Operations
CVE-2026-44925High 8.8
CVE-2026-44925 CVSS:8.8 Cross-Site Request Forgery (CSRF) vulnerability in InfoScale v.9.1.3 Operations Manager (VIOM) allows an attacker to force the user… - CVE-2026-24425 Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerabi
CVE-2026-24425High 8.8
CVE-2026-24425 CVSS:8.8 Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows… - CVE-2026-40165 authentik is an open-source identity provider. Versions 2025.12.4 and prior, and
CVE-2026-40165High 8.7
CVE-2026-40165 CVSS:8.7 authentik is an open-source identity provider. Versions 2025.12.4 and prior, and versions 2026.2.0-rc1 through 2026.2.2 were vulnerable… - CVE-2026-39310 Trilium Notes is a cross-platform, hierarchical note taking application focused
CVE-2026-39310High 8.6
CVE-2026-39310 CVSS:8.6 Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions… - CVE-2026-2740 Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus
CVE-2026-2740High 8.4
CVE-2026-2740 CVSS:8.4 Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are… - CVE-2026-45253 ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) a
CVE-2026-45253High 8.4
CVE-2026-45253 CVSS:8.4 ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls. As a result, a user… - CVE-2026-9157 Improper input validation, Unrestricted upload of file with dangerous type vulne
CVE-2026-9157High 8.4
CVE-2026-9157 CVSS:8.4 Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code… - CVE-2026-24188 NVIDIA TensorRT contains a vulnerability where an attacker could cause an out-of
CVE-2026-24188High 8.2
CVE-2026-24188 CVSS:8.2 NVIDIA TensorRT contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this… - CVE-2026-44051 An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows
CVE-2026-44051High 8.1
CVE-2026-44051 CVSS:8.1 An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attacker to read arbitrary… - CVE-2026-24218 NVIDIA DGX OS contains a vulnerability in the factory provisioning process, wher
CVE-2026-24218High 8.1
CVE-2026-24218 CVSS:8.1 NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH… - CVE-2026-4858 Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.
CVE-2026-4858High 8.0
CVE-2026-4858 CVSS:8.0 Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to check integration URL for path… - CVE-2026-45208 A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow
CVE-2026-45208High 7.8
CVE-2026-45208 CVSS:7.8 A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected… - CVE-2026-45207 An origin validation vulnerability in the Apex One/SEP agent could allow a local
CVE-2026-45207High 7.8
CVE-2026-45207 CVSS:7.8 An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected… - CVE-2026-45206 An origin validation vulnerability in the Apex One/SEP agent could allow a local
CVE-2026-45206High 7.8
CVE-2026-45206 CVSS:7.8 An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected… - CVE-2026-34930 An origin validation vulnerability in the Apex One/SEP agent could allow a local
CVE-2026-34930High 7.8
CVE-2026-34930 CVSS:7.8 An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected… - CVE-2026-34929 An origin validation vulnerability in the Apex One/SEP agent could allow a local
CVE-2026-34929High 7.8
CVE-2026-34929 CVSS:7.8 An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected… - CVE-2026-34928 An origin validation vulnerability in the Apex One/SEP agent could allow a local
CVE-2026-34928High 7.8
CVE-2026-34928 CVSS:7.8 An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected… - CVE-2026-34927 An origin validation vulnerability in the Apex One/SEP agent could allow a local
CVE-2026-34927High 7.8
CVE-2026-34927 CVSS:7.8 An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected… - CVE-2025-71217 An origin validation error vulnerability in the Trend Micro Apex One (mac) agent
CVE-2025-71217High 7.8
CVE-2025-71217 CVSS:7.8 An origin validation error vulnerability in the Trend Micro Apex One (mac) agent self-protection mechanism could allow a local attacker… - CVE-2025-71216 A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agen
CVE-2025-71216High 7.8
CVE-2025-71216 CVSS:7.8 A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent cache mechanism could allow a local attacker to… - CVE-2025-71214 An origin validation error vulnerability in the Trend Micro Apex One (mac) agent
CVE-2025-71214High 7.8
CVE-2025-71214 CVSS:7.8 An origin validation error vulnerability in the Trend Micro Apex One (mac) agent iCore service could allow a local attacker to escalate… - CVE-2025-71213 An origin validation error vulnerability in Trend Micro Apex One could allow a l
CVE-2025-71213High 7.8
CVE-2025-71213 CVSS:7.8 An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected… - CVE-2025-71212 A link following vulnerability in the Trend Micro Apex One scan engine could all
CVE-2025-71212High 7.8
CVE-2025-71212 CVSS:7.8 A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalate privileges on affected… - CVE-2026-45251 A file descriptor can be closed while a thread is blocked in a poll(2) or select
CVE-2026-45251High 7.8
CVE-2026-45251 CVSS:7.8 A file descriptor can be closed while a thread is blocked in a poll(2) or select(2) call waiting for that descriptor. Because the… - CVE-2026-28764 MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerabil
CVE-2026-28764High 7.8
CVE-2026-28764 CVSS:7.8 MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerability 产品: - CVE-2026-45250 The setcred(2) system call is only available to privileged users. However, befo
CVE-2026-45250High 7.8
CVE-2026-45250 CVSS:7.8 The setcred(2) system call is only available to privileged users. However, before the privilege level of the caller is checked, the… - CVE-2026-8632 A potential security vulnerability has been identified in the HP Linux Imaging a
CVE-2026-8632High 7.8
CVE-2026-8632 CVSS:7.8 A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may… - CVE-2026-24216 NVIDIA BioNemo for Linux contains a vulnerability where a user could cause a des
CVE-2026-24216High 7.8
CVE-2026-24216 CVSS:7.8 NVIDIA BioNemo for Linux contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of… - CVE-2026-22554 MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerabilit
CVE-2026-22554High 7.8
CVE-2026-22554 CVSS:7.8 MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability 产品: - CVE-2026-9133 Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before ve
CVE-2026-9133High 7.7
CVE-2026-9133 CVSS:7.7 Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme (arn:aws-debug:file)… - CVE-2026-44068 Incomplete sanitization of extended attribute (EA) path components in Netatalk 2
CVE-2026-44068High 7.6
CVE-2026-44068 CVSS:7.6 Incomplete sanitization of extended attribute (EA) path components in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated… - CVE-2026-9144 Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-sit
CVE-2026-9144High 7.6
CVE-2026-9144 CVSS:7.6 Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-site scripting vulnerability in the embedded web… - CVE-2026-5783 Improper neutralization of input during web page generation ('cross-site scripti
CVE-2026-5783High 7.6
CVE-2026-5783 CVSS:7.6 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Beyaz Computer Software Design… - CVE-2025-13479 Authorization bypass through User-Controlled key vulnerability in PosCube Hardwa
CVE-2025-13479High 7.5
CVE-2025-13479 CVSS:7.5 Authorization bypass through User-Controlled key vulnerability in PosCube Hardware Software and Consulting Ltd. QR Menu allows… - CVE-2026-45255 When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, the
CVE-2026-45255High 7.5
CVE-2026-45255 CVSS:7.5 When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog(1)… - CVE-2026-42001 Insufficient Validation of Autoprimary SOA Queries
CVE-2026-42001High 7.5
CVE-2026-42001 CVSS:7.5 Insufficient Validation of Autoprimary SOA Queries 产品: - CVE-2026-44062 A missing output length bounds check in pull_charset_flags() in Netatalk 2.0.4 t
CVE-2026-44062High 7.5
CVE-2026-44062 CVSS:7.5 A missing output length bounds check in pull_charset_flags() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to… - CVE-2026-44060 An integer underflow in dsi_writeinit() in Netatalk 1.5.0 through 4.4.2 allows a
CVE-2026-44060High 7.5
CVE-2026-44060 CVSS:7.5 An integer underflow in dsi_writeinit() in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of… - CVE-2026-44055 A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 al
CVE-2026-44055High 7.5
CVE-2026-44055 CVSS:7.5 A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated attacker to inject OS… - CVE-2026-44052 Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output
CVE-2026-44052High 7.5
CVE-2026-44052 CVSS:7.5 Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to… - CVE-2026-44049 An out-of-bounds write due to improper null termination in convert_charset() in
CVE-2026-44049High 7.5
CVE-2026-44049 CVSS:7.5 An out-of-bounds write due to improper null termination in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote… - CVE-2026-40092 nimiq-blockchain provides persistent block storage for Nimiq's Rust implementati
CVE-2026-40092High 7.5
CVE-2026-40092 CVSS:7.5 nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and below, a malicious network… - CVE-2026-47373 Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attack
CVE-2026-47373High 7.5
CVE-2026-47373 CVSS:7.5 Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison.… - CVE-2026-9123 Heap buffer overflow in Chromecast in Google Chrome on Android, Linux, ChromeOS
CVE-2026-9123High 7.5
CVE-2026-9123 CVSS:7.5 Heap buffer overflow in Chromecast in Google Chrome on Android, Linux, ChromeOS prior to 148.0.7778.179 allowed a local attacker to… - CVE-2026-9117 Type Confusion in GFX in Google Chrome on Linux, ChromeOS prior to 148.0.7778.17
CVE-2026-9117High 7.5
CVE-2026-9117 CVSS:7.5 Type Confusion in GFX in Google Chrome on Linux, ChromeOS prior to 148.0.7778.179 allowed a remote attacker who had compromised the… - CVE-2026-20239 In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform
CVE-2026-20239High 7.5
CVE-2026-20239 CVSS:7.5 In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11,… - CVE-2026-39047 Buffer Overflow vulnerability in EPSON L14150 FL27PB allows a remote attacker to
CVE-2026-39047High 7.5
CVE-2026-39047 CVSS:7.5 Buffer Overflow vulnerability in EPSON L14150 FL27PB allows a remote attacker to execute arbitrary code via the RAW Printing Service… - CVE-2025-32750 Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Informatio
CVE-2025-32750High 7.5
CVE-2025-32750 CVSS:7.5 Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An… - CVE-2026-44053 Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST
CVE-2026-44053High 7.4
CVE-2026-44053 CVSS:7.4 Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST128 UAM, which allows a remote attacker to obtain… - CVE-2026-39850 Yii 2 is a PHP application framework. Versions 2.0.54 and prior contain flawed l
CVE-2026-39850High 7.4
CVE-2026-39850 CVSS:7.4 Yii 2 is a PHP application framework. Versions 2.0.54 and prior contain flawed logic in the core view rendering method… - CVE-2026-44058 An authentication bypass vulnerability in Netatalk 2.2.2 through 4.4.2 allows a
CVE-2026-44058High 7.2
CVE-2026-44058 CVSS:7.2 An authentication bypass vulnerability in Netatalk 2.2.2 through 4.4.2 allows a remote privileged user to authenticate as an arbitrary… - CVE-2026-7613 The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored
CVE-2026-7613High 7.2
CVE-2026-7613 CVSS:7.2 The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the… - CVE-2025-13477 Exposure of private personal information to an unauthorized actor, Insufficientl
CVE-2025-13477High 7.1
CVE-2025-13477 CVSS:7.1 Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital… - CVE-2026-44066 Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Net
CVE-2026-44066High 7.1
CVE-2026-44066 CVSS:7.1 Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Netatalk 3.1.0 through 4.4.2 allow a remote authenticated… - CVE-2026-44064 An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 a
CVE-2026-44064High 7.1
CVE-2026-44064 CVSS:7.1 An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network attacker to obtain limited… - CVE-2025-71215 A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agen
CVE-2025-71215High 7.0
CVE-2025-71215 CVSS:7.0 A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent iCore service signature verification could allow a…
⚔️ Sploitus(72 条)
Unknown (72 条)
- Exploit for SQL Injection in Litellm exploit
Exploit for SQL Injection in Litellm exploit - web-app-security-lab exploit
web-app-security-lab exploit
…另有 70 条 Unknown 级漏洞(已省略)
🤖 漏洞情报自动汇总 · 2026-05-23 · 数据来源: NVD / GitHub Advisory / Sploitus / CISA-KEV