📊 2026-05-24 漏洞情报日报 · 200 条 · 高危 114
每日漏洞情报汇总 · 2026-05-24
📊 2026-05-24 漏洞情报日报
📋 共 200 条
🔥 高危/严重 114 条
🚨 CISA-KEV 1 条
🐙 GitHub-Advisory 17 条 🔥7
🛡️ NVD-Latest 107 条 🔥107
⚔️ Sploitus 75 条
🤖 今日安全态势分析
🎯 今日重点关注
- CVE-2026-46716 (Nezha Monitoring):权限提升/跨租户命令执行。RoleMember角色用户可通过未正确鉴权的Cron API在任意服务器上执行Shell命令,影响所有Nezha监控部署。
- CVE-2026-46670 (YesWiki):未认证SQL注入。攻击者可在默认安装的Bazar表单导入路径中注入恶意SQL,进而拖取全库数据,无需任何权限。
- CVE-2026-34908/34909/34910 (UniFi OS):三连击CVSS 10.0漏洞。包括命令注入、路径遍历与访问控制缺陷,网络可达的攻击者可直接接管UniFi设备底层系统。
- CVE-2026-45444 (WP Swings Gift Cards Pro):任意文件上传。WooCommerce插件允许攻击者上传恶意文件(如WebShell),导致站点完全沦陷。
- CVE-2026-20223 (Cisco Secure Workload):未认证权限提升。远程攻击者可绕过REST API验证,直接以Site Admin权限访问内部资源。
📈 威胁趋势
- 远程代码执行 / 命令注入:Nezha监控(CVE-2026-46716)、UniFi OS(CVE-2026-34910)、Netatalk(CVE-2026-44050)均允许攻击者直接或间接执行代码,威胁极高。
- 权限提升与访问控制绕过:Nezha跨租户逃逸、Arcane全局变量未授权写、Cisco Workload未认证API访问、UniFi OS不当访问控制,均为典型的垂直/水平权限缺陷。
- 信息泄露 / SQL注入:YesWiki未认证SQL注入(CVE-2026-46670)可直接读取全库;FileBrowser路径遍历(GHSA-qqqm-5547-774x)可泄露敏感文件。
- 拒绝服务:Parse Server(CVE-2026-47138)利用客户端版本头触发正则回溯,单次请求即可导致服务瘫痪。
- 文件上传与反序列化:WP Swings插件任意文件上传(CVE-2026-6960)、Apache PyFory反序列化绕过(CVE-2026-48207)及aiosend签名前反序列化,均能远程触发代码执行。
🛡️ 缓解建议
- 立即修复CVSS 10.0漏洞:优先升级UniFi OS设备至安全版本,禁用或更新WP Swings Gift Cards Pro插件,隔离Cisco Secure Workload的内部REST API访问。
- 调整Nezha监控权限模型:检查Cron与通知API的鉴权逻辑,确保只有RoleAdmin能执行跨服务器操作;同时审查已存在的RoleMember账户活动日志。
- 加固Web应用输入校验:为YesWiki、Parse Server及aiosend等应用启用WAF规则,封禁可疑SQL注入与畸形Header请求;对文件上传实施严格类型与内容检查。
- 限制网络暴露面并实施零信任:对Netatalk、FileBrowser等服务禁用公网直连,仅允许来自受信任IP的管理请求;定期审计所有第三方组件的安全补丁状态。
🚨 CISA-KEV(1 条)
Unknown (1 条)
- CVE-2026-9082 - Drupal Core SQL Injection Vulnerability
CVE-2026-9082
CVE-2026-9082 Drupal Core SQL Injection Vulnerability 产品: Drupal Core 描述: Drupal Core contains a SQL injection vulnerability that could allow for privilege…
🐙 GitHub-Advisory(17 条)
Critical (3 条)
- CVE-2026-46716 - Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) vi
CVE-2026-46716Critical
## Summary `nezha`'s dashboard supports two user roles: `RoleAdmin` (Role==0) and `RoleMember` (Role==1). The cron routes `POST /api/v1/cron` and `PATCH… - CVE-2026-46670 - YesWiki: Unauthenticated SQL Injection
CVE-2026-46670Critical
Summary An unauthenticated SQL injection in the Bazar form-import path (`FormManager::create()`) allows any unauthenticated visitor of a default YesWiki… - GHSA-qqqm-5547-774x - FileBrowser Quantum: Path traversal in public share PATCH allows file ops outsid
CVE-2026-44542Critical
## Summary `publicPatchHandler` in `backend/http/public.go` joins user-controlled `fromPath` and `toPath` body fields with the trusted `d.share.Path` BEFORE…
High (4 条)
- CVE-2026-46717 - Nezha Monitoring: RoleMember-reachable SSRF with full response-body reflection v
CVE-2026-46717High
## Summary nezha's dashboard supports two user roles: `RoleAdmin` (Role==0) and `RoleMember` (Role==1). The notification routes `POST /api/v1/notification` and… - CVE-2026-47138 - Parse Server: Pre-authentication denial of service via client version header reg
CVE-2026-47138High
Impact An unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains… - CVE-2026-47125 - Arcane: Missing admin authorization on global variables endpoint
CVE-2026-47125High
## Summary The `PUT /api/environments/{id}/templates/variables` endpoint, which writes the system-wide `.env.global` file used for variable substitution in… - GHSA-7m8f-hgjq-8gc9 - aiosend: Deserialization of request body before signature verification (Pre-auth High
# Vulnerability Description In `aiosend/webhook/base.py`, the `WebhookHandler.feed_update()` method performs full deserialization of the incoming JSON via…
Medium (10 条)
- CVE-2026-47120 - Nezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.Fail
CVE-2026-47120Medium
## Summary `createAlertRule` and `createService` (and their `update*` siblings) accept `FailTriggerTasks []uint64` and `RecoverTriggerTasks []uint64` — IDs of… - CVE-2026-47157 - aiograpi: Unsafe signup challenge path handling
CVE-2026-47157Medium
aiograpi versions before 0.9.10 accepted server-supplied signup challenge paths and used them to build request URLs before validating that the paths were… - GHSA-ggxf-37hm-9wqf - instagrapi: Unsafe signup challenge path handling in instagrapi Medium
instagrapi versions before 2.6.9 accepted server-supplied signup challenge paths and used them to build request URLs before validating that the paths were… - CVE-2026-47124 - Nezha Monitoring: Nezha WebSocket server stream discloses cross-tenant server te
CVE-2026-47124Medium
Summary Any authenticated non-admin member can connect to the server-status WebSocket and receive telemetry for all servers, including servers owned by other… - CVE-2026-8723 - qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/u
CVE-2026-8723Medium
Summary `qs.stringify` throws `TypeError` when called with `arrayFormat: 'comma'` and `encodeValuesOnly: true` on an array containing `null` or `undefined`.… - CVE-2026-46715 - Flask-Security-Too OAuth reauthentication freshness bypass via cross- user OAu
CVE-2026-46715Medium
Summary Flask-Security-Too 5.8.0's OAuth reauthentication flow can mark a session as fresh after verifying an OAuth account that belongs to a different user.… - CVE-2026-46692 - ImageMagick: Heap Buffer Over-Write in distributed pixel cache server
CVE-2026-46692Medium
An attacker who can connect to a `magick -distribute-cache` service can cause a heap buffer over-write in the server process. - CVE-2026-46693 - ImageMagick: Race Condition in distributed pixel cache server can result in file
CVE-2026-46693Medium
An attacker who can connect to a magick -distribute-cache service can hijack a file descriptor in the server process when a race condition is met.
…另有 2 条 Medium 级漏洞(已省略)
🛡️ NVD-Latest(107 条)
Critical (20 条)
- CVE-2026-34910 A malicious actor with access to the network could exploit an Improper Input Val
CVE-2026-34910Critical 10.0
CVE-2026-34910 CVSS:10.0 A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to… - CVE-2026-34909 A malicious actor with access to the network could exploit a Path Traversal vuln
CVE-2026-34909Critical 10.0
CVE-2026-34909 CVSS:10.0 A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on… - CVE-2026-34908 A malicious actor with access to the network could exploit an Improper Access Co
CVE-2026-34908Critical 10.0
CVE-2026-34908 CVSS:10.0 A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make… - CVE-2026-45444 Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift
CVE-2026-45444Critical 10.0
CVE-2026-45444 CVSS:10.0 Unrestricted Upload of File with Dangerous Type vulnerability in WP Swings Gift Cards For WooCommerce Pro allows Using Malicious… - CVE-2026-20223 A vulnerability in the access validation of internal REST APIs of Cisco Sec
CVE-2026-20223Critical 10.0
CVE-2026-20223 CVSS:10.0 A vulnerability in the access validation of internal REST APIs of Cisco Secure Workload could allow an unauthenticated, remote… - CVE-2026-44050 A heap-based buffer overflow in the CNID daemon comm_rcv() function in Netatalk
CVE-2026-44050Critical 9.9
CVE-2026-44050 CVSS:9.9 A heap-based buffer overflow in the CNID daemon comm_rcv() function in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated… - CVE-2026-6960 The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file upload
CVE-2026-6960Critical 9.8
CVE-2026-6960 CVSS:9.8 The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the… - CVE-2026-48207 Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializ
CVE-2026-48207Critical 9.8
CVE-2026-48207 CVSS:9.8 Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy… - CVE-2025-71211 A vulnerability in the Trend Micro Apex One management console could allow a rem
CVE-2025-71211Critical 9.8
CVE-2025-71211 CVSS:9.8 A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute… - CVE-2025-71210 A vulnerability in the Trend Micro Apex One management console could allow a rem
CVE-2025-71210Critical 9.8
CVE-2025-71210 CVSS:9.8 A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute… - CVE-2026-5118 The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation
CVE-2026-5118Critical 9.8
CVE-2026-5118 CVSS:9.8 The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to… - CVE-2026-6279 The Avada Builder (fusion-builder) plugin for WordPress is vulnerable to Unauthe
CVE-2026-6279Critical 9.8
CVE-2026-6279 CVSS:9.8 The Avada Builder (fusion-builder) plugin for WordPress is vulnerable to Unauthenticated Remote Code Execution via PHP Function… - CVE-2026-8631 A potential security vulnerability has been identified in the HP Linux Imaging a
CVE-2026-8631Critical 9.8
CVE-2026-8631 CVSS:9.8 A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may… - CVE-2026-9141 Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication
CVE-2026-9141Critical 9.8
CVE-2026-9141 CVSS:9.8 Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration… - CVE-2026-9139 Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded crede
CVE-2026-9139Critical 9.8
CVE-2026-9139 CVSS:9.8 Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration… - CVE-2026-39531 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
CVE-2026-39531Critical 9.3
CVE-2026-39531 CVSS:9.3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit… - CVE-2026-33000 A malicious actor with access to the network and high privileges could exploit a
CVE-2026-33000Critical 9.1
CVE-2026-33000 CVSS:9.1 A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerability found in… - CVE-2026-5433 Honeywell Control Network Module (CNM) contains command injection vulnerability
CVE-2026-5433Critical 9.1
CVE-2026-5433 CVSS:9.1 Honeywell Control Network Module (CNM) contains command injection vulnerability in the web interface. An attacker could exploit this… - CVE-2026-47372 Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values
CVE-2026-47372Critical 9.1
CVE-2026-47372 CVSS:9.1 Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. These versions use the built-in rand… - CVE-2026-8598 An undocumented configuration export port is accessible on some models of ZKTec
CVE-2026-8598Critical 9.1
CVE-2026-8598 CVSS:9.1 An undocumented configuration export port is accessible on some models of ZKTeco CCTV cameras. This port does not require authentication…
High (87 条)
- CVE-2026-47102 LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /us
CVE-2026-47102High 8.8
CVE-2026-47102 CVSS:8.8 LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /user/update endpoint. While the endpoint correctly… - CVE-2026-47101 LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API key
CVE-2026-47101High 8.8
CVE-2026-47101 CVSS:8.8 LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to routes that their role does not… - CVE-2026-47114 IINA before 1.4.3 contains a user-assisted command execution vulnerability that
CVE-2026-47114High 8.8
CVE-2026-47114 CVSS:8.8 IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote attackers to execute arbitrary commands… - CVE-2026-9089 The ConnectWise Automate™ Agent does not fully verify the authenticity of compon
CVE-2026-9089High 8.8
CVE-2026-9089 CVSS:8.8 The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update… - CVE-2026-39461 libcasper(3) communicates with helper processes via UNIX domain sockets, and use
CVE-2026-39461High 8.8
CVE-2026-39461 CVSS:8.8 libcasper(3) communicates with helper processes via UNIX domain sockets, and uses the select(2) system call to wait for data to become… - CVE-2026-44048 A stack-based buffer overflow via UCS-2 type confusion in convert_charset() in N
CVE-2026-44048High 8.8
CVE-2026-44048 CVSS:8.8 A stack-based buffer overflow via UCS-2 type confusion in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote… - CVE-2026-44047 An SQL injection vulnerability in the MySQL CNID backend in Netatalk 3.1.0 throu
CVE-2026-44047High 8.8
CVE-2026-44047 CVSS:8.8 An SQL injection vulnerability in the MySQL CNID backend in Netatalk 3.1.0 through 4.4.2 allows a remote authenticated attacker to… - CVE-2026-9126 Use after free in DOM in Google Chrome on prior to 148.0.7778.179 allowed a remo
CVE-2026-9126High 8.8
CVE-2026-9126 CVSS:8.8 Use after free in DOM in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox… - CVE-2026-9121 Out of bounds read in GPU in Google Chrome on prior to 148.0.7778.179 allowed a
CVE-2026-9121High 8.8
CVE-2026-9121 CVSS:8.8 Out of bounds read in GPU in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to potentially exploit heap corruption… - CVE-2026-9120 Use after free in WebRTC in Google Chrome prior to 148.0.7778.179 allowed a remo
CVE-2026-9120High 8.8
CVE-2026-9120 CVSS:8.8 Use after free in WebRTC in Google Chrome prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a crafted HTML… - CVE-2026-9119 Heap buffer overflow in WebRTC in Google Chrome on prior to 148.0.7778.179 allow
CVE-2026-9119High 8.8
CVE-2026-9119 CVSS:8.8 Heap buffer overflow in WebRTC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a… - CVE-2026-9118 Use after free in XR in Google Chrome on Windows prior to 148.0.7778.179 allowed
CVE-2026-9118High 8.8
CVE-2026-9118 CVSS:8.8 Use after free in XR in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a… - CVE-2026-9114 Use after free in QUIC in Google Chrome on prior to 148.0.7778.179 allowed a rem
CVE-2026-9114High 8.8
CVE-2026-9114 CVSS:8.8 Use after free in QUIC in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox… - CVE-2026-9112 Use after free in GPU in Google Chrome on Windows prior to 148.0.7778.179 allowe
CVE-2026-9112High 8.8
CVE-2026-9112 CVSS:8.8 Use after free in GPU in Google Chrome on Windows prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a… - CVE-2026-9111 Use after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.179 allow
CVE-2026-9111High 8.8
CVE-2026-9111 CVSS:8.8 Use after free in WebRTC in Google Chrome on Linux prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code via a… - CVE-2026-24217 NVIDIA BioNeMo Core for Linux contains a vulnerability where a user could cause
CVE-2026-24217High 8.8
CVE-2026-24217 CVSS:8.8 NVIDIA BioNeMo Core for Linux contains a vulnerability where a user could cause a path traversal by loading a malicious file. A… - CVE-2026-44926 InfoScale CmdServer before 7.4.2 mishandles access control.
CVE-2026-44926High 8.8
CVE-2026-44926 CVSS:8.8 InfoScale CmdServer before 7.4.2 mishandles access control. 产品: - CVE-2026-44925 Cross-Site Request Forgery (CSRF) vulnerability in InfoScale v.9.1.3 Operations
CVE-2026-44925High 8.8
CVE-2026-44925 CVSS:8.8 Cross-Site Request Forgery (CSRF) vulnerability in InfoScale v.9.1.3 Operations Manager (VIOM) allows an attacker to force the user… - CVE-2026-24425 Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerabi
CVE-2026-24425High 8.8
CVE-2026-24425 CVSS:8.8 Twig versions 2.16.x and 3.9.0 through 3.25.x contain a sandbox bypass vulnerability when using a SourcePolicyInterface that allows… - CVE-2026-40165 authentik is an open-source identity provider. Versions 2025.12.4 and prior, and
CVE-2026-40165High 8.7
CVE-2026-40165 CVSS:8.7 authentik is an open-source identity provider. Versions 2025.12.4 and prior, and versions 2026.2.0-rc1 through 2026.2.2 were vulnerable… - CVE-2026-39310 Trilium Notes is a cross-platform, hierarchical note taking application focused
CVE-2026-39310High 8.6
CVE-2026-39310 CVSS:8.6 Trilium Notes is a cross-platform, hierarchical note taking application focused on building large personal knowledge bases. In versions… - CVE-2026-2740 Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus
CVE-2026-2740High 8.4
CVE-2026-2740 CVSS:8.4 Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are… - CVE-2026-45253 ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) a
CVE-2026-45253High 8.4
CVE-2026-45253 CVSS:8.4 ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls. As a result, a user… - CVE-2026-9157 Improper input validation, Unrestricted upload of file with dangerous type vulne
CVE-2026-9157High 8.4
CVE-2026-9157 CVSS:8.4 Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code… - CVE-2026-48235 Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/r
CVE-2026-48235High 8.2
CVE-2026-48235 CVSS:8.2 Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude, longitude, callsign,… - CVE-2026-24188 NVIDIA TensorRT contains a vulnerability where an attacker could cause an out-of
CVE-2026-24188High 8.2
CVE-2026-24188 CVSS:8.2 NVIDIA TensorRT contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this… - CVE-2026-48242 Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection cre
CVE-2026-48242High 8.1
CVE-2026-48242 CVSS:8.1 Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials (host, username, password, database name) in… - CVE-2026-48241 Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in
CVE-2026-48241High 8.1
CVE-2026-48241 CVSS:8.1 Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php (a public-facing database utility) that are… - CVE-2026-44051 An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows
CVE-2026-44051High 8.1
CVE-2026-44051 CVSS:8.1 An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attacker to read arbitrary… - CVE-2026-24218 NVIDIA DGX OS contains a vulnerability in the factory provisioning process, wher
CVE-2026-24218High 8.1
CVE-2026-24218 CVSS:8.1 NVIDIA DGX OS contains a vulnerability in the factory provisioning process, where the cloning of a base image causes identical SSH… - CVE-2026-4858 Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.
CVE-2026-4858High 8.0
CVE-2026-4858 CVSS:8.0 Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to check integration URL for path… - CVE-2026-45208 A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow
CVE-2026-45208High 7.8
CVE-2026-45208 CVSS:7.8 A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected… - CVE-2026-45207 An origin validation vulnerability in the Apex One/SEP agent could allow a local
CVE-2026-45207High 7.8
CVE-2026-45207 CVSS:7.8 An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected… - CVE-2026-45206 An origin validation vulnerability in the Apex One/SEP agent could allow a local
CVE-2026-45206High 7.8
CVE-2026-45206 CVSS:7.8 An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected… - CVE-2026-34930 An origin validation vulnerability in the Apex One/SEP agent could allow a local
CVE-2026-34930High 7.8
CVE-2026-34930 CVSS:7.8 An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected… - CVE-2026-34929 An origin validation vulnerability in the Apex One/SEP agent could allow a local
CVE-2026-34929High 7.8
CVE-2026-34929 CVSS:7.8 An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected… - CVE-2026-34928 An origin validation vulnerability in the Apex One/SEP agent could allow a local
CVE-2026-34928High 7.8
CVE-2026-34928 CVSS:7.8 An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected… - CVE-2026-34927 An origin validation vulnerability in the Apex One/SEP agent could allow a local
CVE-2026-34927High 7.8
CVE-2026-34927 CVSS:7.8 An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected… - CVE-2025-71217 An origin validation error vulnerability in the Trend Micro Apex One (mac) agent
CVE-2025-71217High 7.8
CVE-2025-71217 CVSS:7.8 An origin validation error vulnerability in the Trend Micro Apex One (mac) agent self-protection mechanism could allow a local attacker… - CVE-2025-71216 A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agen
CVE-2025-71216High 7.8
CVE-2025-71216 CVSS:7.8 A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent cache mechanism could allow a local attacker to… - CVE-2025-71214 An origin validation error vulnerability in the Trend Micro Apex One (mac) agent
CVE-2025-71214High 7.8
CVE-2025-71214 CVSS:7.8 An origin validation error vulnerability in the Trend Micro Apex One (mac) agent iCore service could allow a local attacker to escalate… - CVE-2025-71213 An origin validation error vulnerability in Trend Micro Apex One could allow a l
CVE-2025-71213High 7.8
CVE-2025-71213 CVSS:7.8 An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected… - CVE-2025-71212 A link following vulnerability in the Trend Micro Apex One scan engine could all
CVE-2025-71212High 7.8
CVE-2025-71212 CVSS:7.8 A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalate privileges on affected… - CVE-2026-45251 A file descriptor can be closed while a thread is blocked in a poll(2) or select
CVE-2026-45251High 7.8
CVE-2026-45251 CVSS:7.8 A file descriptor can be closed while a thread is blocked in a poll(2) or select(2) call waiting for that descriptor. Because the… - CVE-2026-28764 MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerabil
CVE-2026-28764High 7.8
CVE-2026-28764 CVSS:7.8 MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerability 产品: - CVE-2026-45250 The setcred(2) system call is only available to privileged users. However, befo
CVE-2026-45250High 7.8
CVE-2026-45250 CVSS:7.8 The setcred(2) system call is only available to privileged users. However, before the privilege level of the caller is checked, the… - CVE-2026-8632 A potential security vulnerability has been identified in the HP Linux Imaging a
CVE-2026-8632High 7.8
CVE-2026-8632 CVSS:7.8 A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may… - CVE-2026-24216 NVIDIA BioNemo for Linux contains a vulnerability where a user could cause a des
CVE-2026-24216High 7.8
CVE-2026-24216 CVSS:7.8 NVIDIA BioNemo for Linux contains a vulnerability where a user could cause a deserialization of untrusted data. A successful exploit of… - CVE-2026-22554 MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerabilit
CVE-2026-22554High 7.8
CVE-2026-22554 CVSS:7.8 MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability 产品: - CVE-2026-34911 A malicious actor with access to the network and low privileges could exploit a
CVE-2026-34911High 7.7
CVE-2026-34911 CVSS:7.7 A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices… - CVE-2026-9133 Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before ve
CVE-2026-9133High 7.7
CVE-2026-9133 CVSS:7.7 Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme (arn:aws-debug:file)… - CVE-2026-44068 Incomplete sanitization of extended attribute (EA) path components in Netatalk 2
CVE-2026-44068High 7.6
CVE-2026-44068 CVSS:7.6 Incomplete sanitization of extended attribute (EA) path components in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated… - CVE-2026-9144 Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-sit
CVE-2026-9144High 7.6
CVE-2026-9144 CVSS:7.6 Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-site scripting vulnerability in the embedded web… - CVE-2026-5783 Improper neutralization of input during web page generation ('cross-site scripti
CVE-2026-5783High 7.6
CVE-2026-5783 CVSS:7.6 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Beyaz Computer Software Design… - CVE-2026-46473 Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand. Secret
CVE-2026-46473High 7.5
CVE-2026-46473 CVSS:7.5 Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function,… - CVE-2025-13479 Authorization bypass through User-Controlled key vulnerability in PosCube Hardwa
CVE-2025-13479High 7.5
CVE-2025-13479 CVSS:7.5 Authorization bypass through User-Controlled key vulnerability in PosCube Hardware Software and Consulting Ltd. QR Menu allows… - CVE-2026-45255 When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, the
CVE-2026-45255High 7.5
CVE-2026-45255 CVSS:7.5 When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog(1)… - CVE-2026-42001 Insufficient Validation of Autoprimary SOA Queries
CVE-2026-42001High 7.5
CVE-2026-42001 CVSS:7.5 Insufficient Validation of Autoprimary SOA Queries 产品: - CVE-2026-44062 A missing output length bounds check in pull_charset_flags() in Netatalk 2.0.4 t
CVE-2026-44062High 7.5
CVE-2026-44062 CVSS:7.5 A missing output length bounds check in pull_charset_flags() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to… - CVE-2026-44060 An integer underflow in dsi_writeinit() in Netatalk 1.5.0 through 4.4.2 allows a
CVE-2026-44060High 7.5
CVE-2026-44060 CVSS:7.5 An integer underflow in dsi_writeinit() in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of… - CVE-2026-44055 A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 al
CVE-2026-44055High 7.5
CVE-2026-44055 CVSS:7.5 A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated attacker to inject OS… - CVE-2026-44052 Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output
CVE-2026-44052High 7.5
CVE-2026-44052 CVSS:7.5 Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to… - CVE-2026-44049 An out-of-bounds write due to improper null termination in convert_charset() in
CVE-2026-44049High 7.5
CVE-2026-44049 CVSS:7.5 An out-of-bounds write due to improper null termination in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote… - CVE-2026-40092 nimiq-blockchain provides persistent block storage for Nimiq's Rust implementati
CVE-2026-40092High 7.5
CVE-2026-40092 CVSS:7.5 nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and below, a malicious network… - CVE-2026-47373 Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attack
CVE-2026-47373High 7.5
CVE-2026-47373 CVSS:7.5 Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison.… - CVE-2026-9123 Heap buffer overflow in Chromecast in Google Chrome on Android, Linux, ChromeOS
CVE-2026-9123High 7.5
CVE-2026-9123 CVSS:7.5 Heap buffer overflow in Chromecast in Google Chrome on Android, Linux, ChromeOS prior to 148.0.7778.179 allowed a local attacker to… - CVE-2026-9117 Type Confusion in GFX in Google Chrome on Linux, ChromeOS prior to 148.0.7778.17
CVE-2026-9117High 7.5
CVE-2026-9117 CVSS:7.5 Type Confusion in GFX in Google Chrome on Linux, ChromeOS prior to 148.0.7778.179 allowed a remote attacker who had compromised the… - CVE-2026-20239 In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform
CVE-2026-20239High 7.5
CVE-2026-20239 CVSS:7.5 In Splunk Enterprise versions below 10.2.2 and 10.0.5, and Splunk Cloud Platform versions below 10.3.2512.8, 10.2.2510.11,… - CVE-2026-39047 Buffer Overflow vulnerability in EPSON L14150 FL27PB allows a remote attacker to
CVE-2026-39047High 7.5
CVE-2026-39047 CVSS:7.5 Buffer Overflow vulnerability in EPSON L14150 FL27PB allows a remote attacker to execute arbitrary code via the RAW Printing Service… - CVE-2025-32750 Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Informatio
CVE-2025-32750High 7.5
CVE-2025-32750 CVSS:7.5 Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An… - CVE-2026-44053 Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST
CVE-2026-44053High 7.4
CVE-2026-44053 CVSS:7.4 Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST128 UAM, which allows a remote attacker to obtain… - CVE-2026-39850 Yii 2 is a PHP application framework. Versions 2.0.54 and prior contain flawed l
CVE-2026-39850High 7.4
CVE-2026-39850 CVSS:7.4 Yii 2 is a PHP application framework. Versions 2.0.54 and prior contain flawed logic in the core view rendering method… - CVE-2026-44058 An authentication bypass vulnerability in Netatalk 2.2.2 through 4.4.2 allows a
CVE-2026-44058High 7.2
CVE-2026-44058 CVSS:7.2 An authentication bypass vulnerability in Netatalk 2.2.2 through 4.4.2 allows a remote privileged user to authenticate as an arbitrary… - CVE-2026-7613 The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored
CVE-2026-7613High 7.2
CVE-2026-7613 CVSS:7.2 The Cost of Goods by PixelYourSite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the… - CVE-2026-48240 Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/s
CVE-2026-48240High 7.1
CVE-2026-48240 CVSS:7.1 Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/statistics.php where the tick_id and f_tick_id POST… - CVE-2026-48239 Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/r
CVE-2026-48239High 7.1
CVE-2026-48239 CVSS:7.1 Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/reports.php where the tick_id POST parameter is… - CVE-2026-48238 Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/m
CVE-2026-48238High 7.1
CVE-2026-48238 CVSS:7.1 Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/mobile_main.php where the id GET parameter is… - CVE-2026-48237 Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in messag
CVE-2026-48237High 7.1
CVE-2026-48237 CVSS:7.1 Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in message.php where the frm_ticket_id and frm_resp_id POST… - CVE-2026-48236 Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in db_loa
CVE-2026-48236High 7.1
CVE-2026-48236 CVSS:7.1 Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in db_loader.php where the multiple POST parameters (ticketsdb,… - CVE-2026-48234 Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in portal
CVE-2026-48234High 7.1
CVE-2026-48234 CVSS:7.1 Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in portal/ajax/list_requests.php where the sort and dir GET… - CVE-2026-48233 Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/s
CVE-2026-48233High 7.1
CVE-2026-48233 CVSS:7.1 Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/sit_incidents.php where the offset GET parameter is… - CVE-2026-48232 Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/f
CVE-2026-48232High 7.1
CVE-2026-48232 CVSS:7.1 Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/fullsit_incidents.php where the offset GET parameter is… - CVE-2026-48231 Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in tables
CVE-2026-48231High 7.1
CVE-2026-48231 CVSS:7.1 Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in tables.php where the multiple POST parameters (tablename,… - CVE-2025-13477 Exposure of private personal information to an unauthorized actor, Insufficientl
CVE-2025-13477High 7.1
CVE-2025-13477 CVSS:7.1 Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital… - CVE-2026-44066 Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Net
CVE-2026-44066High 7.1
CVE-2026-44066 CVSS:7.1 Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Netatalk 3.1.0 through 4.4.2 allow a remote authenticated… - CVE-2026-44064 An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 a
CVE-2026-44064High 7.1
CVE-2026-44064 CVSS:7.1 An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network attacker to obtain limited… - CVE-2025-71215 A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agen
CVE-2025-71215High 7.0
CVE-2025-71215 CVSS:7.0 A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent iCore service signature verification could allow a…
⚔️ Sploitus(75 条)
Unknown (75 条)
- Exploit for Path Traversal in Fortinet Fortiproxy exploit
Exploit for Path Traversal in Fortinet Fortiproxy exploit - web-vuln-scanner exploit
web-vuln-scanner exploit
…另有 73 条 Unknown 级漏洞(已省略)
🤖 漏洞情报自动汇总 · 2026-05-24 · 数据来源: NVD / GitHub Advisory / Sploitus / CISA-KEV