📊 2026-05-25 漏洞情报日报 · 200 条 · 高危 87
每日漏洞情报汇总 · 2026-05-25
📊 2026-05-25 漏洞情报日报
📋 共 200 条
🔥 高危/严重 87 条
🚨 CISA-KEV 1 条
🐙 GitHub-Advisory 17 条 🔥7
🛡️ NVD-Latest 80 条 🔥80
⚔️ Sploitus 102 条
🤖 今日安全态势分析
🎯 今日重点关注
- CVE-2026-34908/34909/34910 (CVSS 10.0) - Ubiquiti UniFi OS:三枚满分漏洞组合,分别涉及不当访问控制、路径遍历与命令注入。拥有网络访问权限的攻击者可借此完全控制底层系统,影响范围包括所有UniFi OS设备。
- CVE-2026-46716 - Nezha Monitor:权限绕过漏洞。低权限的RoleMember用户可通过cron API接口(未正确鉴权)在任意服务器上执行Shell命令,实现跨租户横向移动。
- CVE-2026-46670 - YesWiki:无需认证的SQL注入漏洞。攻击者通过Bazar表单导入路径可直接注入INSERT语句,窃取数据库全部内容,影响所有默认安装的YesWiki实例。
- CVE-2026-6960 (CVSS 9.8) - BookingPress Pro (WordPress):任意文件上传漏洞。因文件类型验证缺失,远程攻击者可上传恶意代码并在服务器上执行。
- CVE-2026-48207 (CVSS 9.8) - Apache Fory PyFory:不安全的反序列化漏洞。攻击者可绕过DeserializationPolicy验证钩子,利用还原状态与全局名称解析过程执行任意代码。
📈 威胁趋势
- 远程代码执行 (RCE) / 命令注入:占比最高。UniFi OS命令注入、Netatalk CNID守护进程堆溢出、BookingPress Pro文件上传均为高危RCE,攻击面覆盖网络设备与Web应用。
- 权限提升 / 授权绕过:Nezha Monitor角色鉴权缺失与Arcane全局变量端点未授权访问,均允许低权限用户获得管理员能力,跨租户攻击风险显著。
- 数据泄露 / 信息获取:YesWiki未认证SQL注入与FileBrowser路径遍历可直接读取数据库与文件系统;Trend Micro Apex One控制台文件上传同样可导致敏感数据泄露。
- 拒绝服务 (DoS) / 资源消耗:Parse Server因客户端版本头字段触发正则回溯,单次请求即可导致服务不可用;aiosend未验签即反序列化亦存在潜在DoS风险。
🛡️ 缓解建议
- 立即升级关键系统:优先更新UniFi OS、Nezha Monitor、YesWiki及BookingPress Pro至厂商发布的最新版本,修复CVE-2026-34908/9/10、CVE-2026-46716等高危漏洞。
- 强化访问控制与输入验证:审查所有API端点的角色鉴权逻辑(如Nezha、Arcane),禁止低权限用户访问管理接口;对所有用户输入进行严格的类型与路径白名单校验。
- 启用Web应用防火墙 (WAF) 与行为监控:针对YesWiki注入、Parse Server DoS等无需认证的漏洞,通过WAF规则阻断恶意请求;监控异常的文件上传与跨租户指令执行行为。
- 执行最小权限原则:限制UniFi OS、Netatalk等系统的网络暴露范围,确保BookingPress等插件运行于低权限账户,降低漏洞被利用后的影响。
🚨 CISA-KEV(1 条)
Unknown (1 条)
- CVE-2026-9082 - Drupal Core SQL Injection Vulnerability
CVE-2026-9082
CVE-2026-9082 Drupal Core SQL Injection Vulnerability 产品: Drupal Core 描述: Drupal Core contains a SQL injection vulnerability that could allow for privilege…
🐙 GitHub-Advisory(17 条)
Critical (3 条)
- CVE-2026-46716 - Nezha Monitoring: RoleMember can run shell on every server (cross-tenant RCE) vi
CVE-2026-46716Critical
## Summary `nezha`'s dashboard supports two user roles: `RoleAdmin` (Role==0) and `RoleMember` (Role==1). The cron routes `POST /api/v1/cron` and `PATCH… - CVE-2026-46670 - YesWiki: Unauthenticated SQL Injection
CVE-2026-46670Critical
Summary An unauthenticated SQL injection in the Bazar form-import path (`FormManager::create()`) allows any unauthenticated visitor of a default YesWiki… - GHSA-qqqm-5547-774x - FileBrowser Quantum: Path traversal in public share PATCH allows file ops outsid
CVE-2026-44542Critical
## Summary `publicPatchHandler` in `backend/http/public.go` joins user-controlled `fromPath` and `toPath` body fields with the trusted `d.share.Path` BEFORE…
High (4 条)
- CVE-2026-46717 - Nezha Monitoring: RoleMember-reachable SSRF with full response-body reflection v
CVE-2026-46717High
## Summary nezha's dashboard supports two user roles: `RoleAdmin` (Role==0) and `RoleMember` (Role==1). The notification routes `POST /api/v1/notification` and… - CVE-2026-47138 - Parse Server: Pre-authentication denial of service via client version header reg
CVE-2026-47138High
Impact An unauthenticated attacker who knows a publicly-known Parse Application ID can submit a single HTTP request whose client SDK version field contains… - CVE-2026-47125 - Arcane: Missing admin authorization on global variables endpoint
CVE-2026-47125High
## Summary The `PUT /api/environments/{id}/templates/variables` endpoint, which writes the system-wide `.env.global` file used for variable substitution in… - GHSA-7m8f-hgjq-8gc9 - aiosend: Deserialization of request body before signature verification (Pre-auth High
# Vulnerability Description In `aiosend/webhook/base.py`, the `WebhookHandler.feed_update()` method performs full deserialization of the incoming JSON via…
Medium (10 条)
- CVE-2026-47120 - Nezha Monitoring: RoleMember can fire other users' cron tasks via AlertRule.Fail
CVE-2026-47120Medium
## Summary `createAlertRule` and `createService` (and their `update*` siblings) accept `FailTriggerTasks []uint64` and `RecoverTriggerTasks []uint64` — IDs of… - CVE-2026-47157 - aiograpi: Unsafe signup challenge path handling
CVE-2026-47157Medium
aiograpi versions before 0.9.10 accepted server-supplied signup challenge paths and used them to build request URLs before validating that the paths were… - GHSA-ggxf-37hm-9wqf - instagrapi: Unsafe signup challenge path handling in instagrapi Medium
instagrapi versions before 2.6.9 accepted server-supplied signup challenge paths and used them to build request URLs before validating that the paths were… - CVE-2026-47124 - Nezha Monitoring: Nezha WebSocket server stream discloses cross-tenant server te
CVE-2026-47124Medium
Summary Any authenticated non-admin member can connect to the server-status WebSocket and receive telemetry for all servers, including servers owned by other… - CVE-2026-8723 - qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/u
CVE-2026-8723Medium
Summary `qs.stringify` throws `TypeError` when called with `arrayFormat: 'comma'` and `encodeValuesOnly: true` on an array containing `null` or `undefined`.… - CVE-2026-46715 - Flask-Security-Too OAuth reauthentication freshness bypass via cross- user OAu
CVE-2026-46715Medium
Summary Flask-Security-Too 5.8.0's OAuth reauthentication flow can mark a session as fresh after verifying an OAuth account that belongs to a different user.… - CVE-2026-46692 - ImageMagick: Heap Buffer Over-Write in distributed pixel cache server
CVE-2026-46692Medium
An attacker who can connect to a `magick -distribute-cache` service can cause a heap buffer over-write in the server process. - CVE-2026-46693 - ImageMagick: Race Condition in distributed pixel cache server can result in file
CVE-2026-46693Medium
An attacker who can connect to a magick -distribute-cache service can hijack a file descriptor in the server process when a race condition is met.
…另有 2 条 Medium 级漏洞(已省略)
🛡️ NVD-Latest(80 条)
Critical (17 条)
- CVE-2026-34910 A malicious actor with access to the network could exploit an Improper Input Val
CVE-2026-34910Critical 10.0
CVE-2026-34910 CVSS:10.0 A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to… - CVE-2026-34909 A malicious actor with access to the network could exploit a Path Traversal vuln
CVE-2026-34909Critical 10.0
CVE-2026-34909 CVSS:10.0 A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on… - CVE-2026-34908 A malicious actor with access to the network could exploit an Improper Access Co
CVE-2026-34908Critical 10.0
CVE-2026-34908 CVSS:10.0 A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make… - CVE-2026-44050 A heap-based buffer overflow in the CNID daemon comm_rcv() function in Netatalk
CVE-2026-44050Critical 9.9
CVE-2026-44050 CVSS:9.9 A heap-based buffer overflow in the CNID daemon comm_rcv() function in Netatalk 2.0.0 through 4.4.2 allows a remote authenticated… - CVE-2026-6960 The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file upload
CVE-2026-6960Critical 9.8
CVE-2026-6960 CVSS:9.8 The BookingPress Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the… - CVE-2026-48207 Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializ
CVE-2026-48207Critical 9.8
CVE-2026-48207 CVSS:9.8 Deserialization of untrusted data in Apache Fory PyFory. PyFory's ReduceSerializer could bypass documented DeserializationPolicy… - CVE-2025-71211 A vulnerability in the Trend Micro Apex One management console could allow a rem
CVE-2025-71211Critical 9.8
CVE-2025-71211 CVSS:9.8 A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute… - CVE-2025-71210 A vulnerability in the Trend Micro Apex One management console could allow a rem
CVE-2025-71210Critical 9.8
CVE-2025-71210 CVSS:9.8 A vulnerability in the Trend Micro Apex One management console could allow a remote attacker to upload malicious code and execute… - CVE-2026-5118 The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation
CVE-2026-5118Critical 9.8
CVE-2026-5118 CVSS:9.8 The Divi Form Builder plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 5.1.2. This is due to… - CVE-2026-6279 The Avada Builder (fusion-builder) plugin for WordPress is vulnerable to Unauthe
CVE-2026-6279Critical 9.8
CVE-2026-6279 CVSS:9.8 The Avada Builder (fusion-builder) plugin for WordPress is vulnerable to Unauthenticated Remote Code Execution via PHP Function… - CVE-2026-8631 A potential security vulnerability has been identified in the HP Linux Imaging a
CVE-2026-8631Critical 9.8
CVE-2026-8631 CVSS:9.8 A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may… - CVE-2026-9141 Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication
CVE-2026-9141Critical 9.8
CVE-2026-9141 CVSS:9.8 Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains an authentication bypass vulnerability in the embedded web configuration… - CVE-2026-9139 Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded crede
CVE-2026-9139Critical 9.8
CVE-2026-9139 CVSS:9.8 Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a hard-coded credential vulnerability in the embedded web configuration… - CVE-2026-39531 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
CVE-2026-39531Critical 9.3
CVE-2026-39531 CVSS:9.3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Wp Directory Kit WP Directory Kit… - CVE-2026-33000 A malicious actor with access to the network and high privileges could exploit a
CVE-2026-33000Critical 9.1
CVE-2026-33000 CVSS:9.1 A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerability found in… - CVE-2026-5433 Honeywell Control Network Module (CNM) contains command injection vulnerability
CVE-2026-5433Critical 9.1
CVE-2026-5433 CVSS:9.1 Honeywell Control Network Module (CNM) contains command injection vulnerability in the web interface. An attacker could exploit this… - CVE-2026-47372 Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values
CVE-2026-47372Critical 9.1
CVE-2026-47372 CVSS:9.1 Crypt::SaltedHash versions through 0.09 for Perl generate insecure random values for salts. These versions use the built-in rand…
High (63 条)
- CVE-2026-47102 LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /us
CVE-2026-47102High 8.8
CVE-2026-47102 CVSS:8.8 LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /user/update endpoint. While the endpoint correctly… - CVE-2026-47101 LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API key
CVE-2026-47101High 8.8
CVE-2026-47101 CVSS:8.8 LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to routes that their role does not… - CVE-2026-47114 IINA before 1.4.3 contains a user-assisted command execution vulnerability that
CVE-2026-47114High 8.8
CVE-2026-47114 CVSS:8.8 IINA before 1.4.3 contains a user-assisted command execution vulnerability that allows remote attackers to execute arbitrary commands… - CVE-2026-9089 The ConnectWise Automate™ Agent does not fully verify the authenticity of compon
CVE-2026-9089High 8.8
CVE-2026-9089 CVSS:8.8 The ConnectWise Automate™ Agent does not fully verify the authenticity of components obtained during plugin loading and self-update… - CVE-2026-39461 libcasper(3) communicates with helper processes via UNIX domain sockets, and use
CVE-2026-39461High 8.8
CVE-2026-39461 CVSS:8.8 libcasper(3) communicates with helper processes via UNIX domain sockets, and uses the select(2) system call to wait for data to become… - CVE-2026-44048 A stack-based buffer overflow via UCS-2 type confusion in convert_charset() in N
CVE-2026-44048High 8.8
CVE-2026-44048 CVSS:8.8 A stack-based buffer overflow via UCS-2 type confusion in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote… - CVE-2026-44047 An SQL injection vulnerability in the MySQL CNID backend in Netatalk 3.1.0 throu
CVE-2026-44047High 8.8
CVE-2026-44047 CVSS:8.8 An SQL injection vulnerability in the MySQL CNID backend in Netatalk 3.1.0 through 4.4.2 allows a remote authenticated attacker to… - CVE-2026-9126 Use after free in DOM in Google Chrome on prior to 148.0.7778.179 allowed a remo
CVE-2026-9126High 8.8
CVE-2026-9126 CVSS:8.8 Use after free in DOM in Google Chrome on prior to 148.0.7778.179 allowed a remote attacker to execute arbitrary code inside a sandbox… - CVE-2026-40165 authentik is an open-source identity provider. Versions 2025.12.4 and prior, and
CVE-2026-40165High 8.7
CVE-2026-40165 CVSS:8.7 authentik is an open-source identity provider. Versions 2025.12.4 and prior, and versions 2026.2.0-rc1 through 2026.2.2 were vulnerable… - CVE-2026-2740 Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus
CVE-2026-2740High 8.4
CVE-2026-2740 CVSS:8.4 Zohocorp ManageEngine ADSelfService Plus version before 6525, DataSecurity Plus before 6264 and RecoveryManager Plus before 6313 are… - CVE-2026-45253 ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) a
CVE-2026-45253High 8.4
CVE-2026-45253 CVSS:8.4 ptrace(PT_SC_REMOTE) failed to properly validate parameters for the syscall(2) and __syscall(2) meta-system calls. As a result, a user… - CVE-2026-9157 Improper input validation, Unrestricted upload of file with dangerous type vulne
CVE-2026-9157High 8.4
CVE-2026-9157 CVSS:8.4 Improper input validation, Unrestricted upload of file with dangerous type vulnerability in Gmission Web Fax allows Remote Code… - CVE-2026-48235 Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/r
CVE-2026-48235High 8.2
CVE-2026-48235 CVSS:8.2 Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in incs/remotes.inc.php where latitude, longitude, callsign,… - CVE-2026-48242 Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection cre
CVE-2026-48242High 8.1
CVE-2026-48242 CVSS:8.1 Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials (host, username, password, database name) in… - CVE-2026-48241 Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in
CVE-2026-48241High 8.1
CVE-2026-48241 CVSS:8.1 Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php (a public-facing database utility) that are… - CVE-2026-44051 An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows
CVE-2026-44051High 8.1
CVE-2026-44051 CVSS:8.1 An improper link resolution vulnerability in Netatalk 3.0.2 through 4.4.2 allows a remote authenticated attacker to read arbitrary… - CVE-2026-4858 Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.
CVE-2026-4858High 8.0
CVE-2026-4858 CVSS:8.0 Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to check integration URL for path… - CVE-2026-45208 A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow
CVE-2026-45208High 7.8
CVE-2026-45208 CVSS:7.8 A time-of-check time-of-use vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected… - CVE-2026-45207 An origin validation vulnerability in the Apex One/SEP agent could allow a local
CVE-2026-45207High 7.8
CVE-2026-45207 CVSS:7.8 An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected… - CVE-2026-45206 An origin validation vulnerability in the Apex One/SEP agent could allow a local
CVE-2026-45206High 7.8
CVE-2026-45206 CVSS:7.8 An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected… - CVE-2026-34930 An origin validation vulnerability in the Apex One/SEP agent could allow a local
CVE-2026-34930High 7.8
CVE-2026-34930 CVSS:7.8 An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected… - CVE-2026-34929 An origin validation vulnerability in the Apex One/SEP agent could allow a local
CVE-2026-34929High 7.8
CVE-2026-34929 CVSS:7.8 An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected… - CVE-2026-34928 An origin validation vulnerability in the Apex One/SEP agent could allow a local
CVE-2026-34928High 7.8
CVE-2026-34928 CVSS:7.8 An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected… - CVE-2026-34927 An origin validation vulnerability in the Apex One/SEP agent could allow a local
CVE-2026-34927High 7.8
CVE-2026-34927 CVSS:7.8 An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected… - CVE-2025-71217 An origin validation error vulnerability in the Trend Micro Apex One (mac) agent
CVE-2025-71217High 7.8
CVE-2025-71217 CVSS:7.8 An origin validation error vulnerability in the Trend Micro Apex One (mac) agent self-protection mechanism could allow a local attacker… - CVE-2025-71216 A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agen
CVE-2025-71216High 7.8
CVE-2025-71216 CVSS:7.8 A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent cache mechanism could allow a local attacker to… - CVE-2025-71214 An origin validation error vulnerability in the Trend Micro Apex One (mac) agent
CVE-2025-71214High 7.8
CVE-2025-71214 CVSS:7.8 An origin validation error vulnerability in the Trend Micro Apex One (mac) agent iCore service could allow a local attacker to escalate… - CVE-2025-71213 An origin validation error vulnerability in Trend Micro Apex One could allow a l
CVE-2025-71213High 7.8
CVE-2025-71213 CVSS:7.8 An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected… - CVE-2025-71212 A link following vulnerability in the Trend Micro Apex One scan engine could all
CVE-2025-71212High 7.8
CVE-2025-71212 CVSS:7.8 A link following vulnerability in the Trend Micro Apex One scan engine could allow a local attacker to escalate privileges on affected… - CVE-2026-45251 A file descriptor can be closed while a thread is blocked in a poll(2) or select
CVE-2026-45251High 7.8
CVE-2026-45251 CVSS:7.8 A file descriptor can be closed while a thread is blocked in a poll(2) or select(2) call waiting for that descriptor. Because the… - CVE-2026-28764 MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerabil
CVE-2026-28764High 7.8
CVE-2026-28764 CVSS:7.8 MediaArea MediaInfoLib LXF element parsing heap-based buffer overflow vulnerability 产品: - CVE-2026-45250 The setcred(2) system call is only available to privileged users. However, befo
CVE-2026-45250High 7.8
CVE-2026-45250 CVSS:7.8 The setcred(2) system call is only available to privileged users. However, before the privilege level of the caller is checked, the… - CVE-2026-8632 A potential security vulnerability has been identified in the HP Linux Imaging a
CVE-2026-8632High 7.8
CVE-2026-8632 CVSS:7.8 A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may… - CVE-2026-34911 A malicious actor with access to the network and low privileges could exploit a
CVE-2026-34911High 7.7
CVE-2026-34911 CVSS:7.7 A malicious actor with access to the network and low privileges could exploit a Path Traversal vulnerability found in UniFi OS devices… - CVE-2026-9133 Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before ve
CVE-2026-9133High 7.7
CVE-2026-9133 CVSS:7.7 Active debug code exists in the ARN resolver of amazon-mq rabbitmq-aws before version 0.2.1. A debug ARN scheme (arn:aws-debug:file)… - CVE-2026-44068 Incomplete sanitization of extended attribute (EA) path components in Netatalk 2
CVE-2026-44068High 7.6
CVE-2026-44068 CVSS:7.6 Incomplete sanitization of extended attribute (EA) path components in Netatalk 2.1.0 through 4.4.2 allows a remote authenticated… - CVE-2026-9144 Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-sit
CVE-2026-9144High 7.6
CVE-2026-9144 CVSS:7.6 Taiko AG1000-01A SMS Alert Gateway Rev 7.3 and Rev 8 contains a stored cross-site scripting vulnerability in the embedded web… - CVE-2026-46473 Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand. Secret
CVE-2026-46473High 7.5
CVE-2026-46473 CVSS:7.5 Authen::TOTP versions before 0.1.1 for Perl generate secrets using rand. Secrets were generated using Perl's built-in rand function,… - CVE-2025-13479 Authorization bypass through User-Controlled key vulnerability in PosCube Hardwa
CVE-2025-13479High 7.5
CVE-2025-13479 CVSS:7.5 Authorization bypass through User-Controlled key vulnerability in PosCube Hardware Software and Consulting Ltd. QR Menu allows… - CVE-2026-45255 When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, the
CVE-2026-45255High 7.5
CVE-2026-45255 CVSS:7.5 When bsdinstall or bsdconfig are prompted to scan for nearby Wi-Fi networks, they build up a list of network names and use bsddialog(1)… - CVE-2026-42001 Insufficient Validation of Autoprimary SOA Queries
CVE-2026-42001High 7.5
CVE-2026-42001 CVSS:7.5 Insufficient Validation of Autoprimary SOA Queries 产品: - CVE-2026-44062 A missing output length bounds check in pull_charset_flags() in Netatalk 2.0.4 t
CVE-2026-44062High 7.5
CVE-2026-44062 CVSS:7.5 A missing output length bounds check in pull_charset_flags() in Netatalk 2.0.4 through 4.4.2 allows a remote authenticated attacker to… - CVE-2026-44060 An integer underflow in dsi_writeinit() in Netatalk 1.5.0 through 4.4.2 allows a
CVE-2026-44060High 7.5
CVE-2026-44060 CVSS:7.5 An integer underflow in dsi_writeinit() in Netatalk 1.5.0 through 4.4.2 allows a remote unauthenticated attacker to cause a denial of… - CVE-2026-44055 A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 al
CVE-2026-44055High 7.5
CVE-2026-44055 CVSS:7.5 A logic error involving bitwise OR operations in Netatalk 3.1.4 through 4.4.2 allows a remote authenticated attacker to inject OS… - CVE-2026-44052 Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output
CVE-2026-44052High 7.5
CVE-2026-44052 CVSS:7.5 Netatalk 2.1.0 through 4.4.2 inserts LDAP simple-bind passwords into log output in cleartext, which allows an attacker with access to… - CVE-2026-44049 An out-of-bounds write due to improper null termination in convert_charset() in
CVE-2026-44049High 7.5
CVE-2026-44049 CVSS:7.5 An out-of-bounds write due to improper null termination in convert_charset() in Netatalk 2.0.4 through 4.4.2 allows a remote… - CVE-2026-40092 nimiq-blockchain provides persistent block storage for Nimiq's Rust implementati
CVE-2026-40092High 7.5
CVE-2026-40092 CVSS:7.5 nimiq-blockchain provides persistent block storage for Nimiq's Rust implementation. In versions 1.3.0 and below, a malicious network… - CVE-2026-47373 Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attack
CVE-2026-47373High 7.5
CVE-2026-47373 CVSS:7.5 Crypt::SaltedHash versions through 0.09 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq comparison.… - CVE-2026-44053 Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST
CVE-2026-44053High 7.4
CVE-2026-44053 CVSS:7.4 Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST128 UAM, which allows a remote attacker to obtain… - CVE-2026-44058 An authentication bypass vulnerability in Netatalk 2.2.2 through 4.4.2 allows a
CVE-2026-44058High 7.2
CVE-2026-44058 CVSS:7.2 An authentication bypass vulnerability in Netatalk 2.2.2 through 4.4.2 allows a remote privileged user to authenticate as an arbitrary… - CVE-2026-48240 Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/s
CVE-2026-48240High 7.1
CVE-2026-48240 CVSS:7.1 Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/statistics.php where the tick_id and f_tick_id POST… - CVE-2026-48239 Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/r
CVE-2026-48239High 7.1
CVE-2026-48239 CVSS:7.1 Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/reports.php where the tick_id POST parameter is… - CVE-2026-48238 Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/m
CVE-2026-48238High 7.1
CVE-2026-48238 CVSS:7.1 Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/mobile_main.php where the id GET parameter is… - CVE-2026-48237 Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in messag
CVE-2026-48237High 7.1
CVE-2026-48237 CVSS:7.1 Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in message.php where the frm_ticket_id and frm_resp_id POST… - CVE-2026-48236 Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in db_loa
CVE-2026-48236High 7.1
CVE-2026-48236 CVSS:7.1 Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in db_loader.php where the multiple POST parameters (ticketsdb,… - CVE-2026-48234 Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in portal
CVE-2026-48234High 7.1
CVE-2026-48234 CVSS:7.1 Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in portal/ajax/list_requests.php where the sort and dir GET… - CVE-2026-48233 Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/s
CVE-2026-48233High 7.1
CVE-2026-48233 CVSS:7.1 Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/sit_incidents.php where the offset GET parameter is… - CVE-2026-48232 Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/f
CVE-2026-48232High 7.1
CVE-2026-48232 CVSS:7.1 Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/fullsit_incidents.php where the offset GET parameter is… - CVE-2026-48231 Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in tables
CVE-2026-48231High 7.1
CVE-2026-48231 CVSS:7.1 Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in tables.php where the multiple POST parameters (tablename,… - CVE-2025-13477 Exposure of private personal information to an unauthorized actor, Insufficientl
CVE-2025-13477High 7.1
CVE-2025-13477 CVSS:7.1 Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital… - CVE-2026-44066 Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Net
CVE-2026-44066High 7.1
CVE-2026-44066 CVSS:7.1 Multiple heap out-of-bounds reads in the Spotlight RPC unmarshalling code in Netatalk 3.1.0 through 4.4.2 allow a remote authenticated… - CVE-2026-44064 An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 a
CVE-2026-44064High 7.1
CVE-2026-44064 CVSS:7.1 An out-of-bounds read in ASP session ID handling in Netatalk 1.3 through 4.4.2 allows an adjacent network attacker to obtain limited… - CVE-2025-71215 A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agen
CVE-2025-71215High 7.0
CVE-2025-71215 CVSS:7.0 A time-of-check time-of-use vulnerability in the Trend Micro Apex One (mac) agent iCore service signature verification could allow a…
⚔️ Sploitus(102 条)
Unknown (102 条)
- Exploit for CVE-2026-29923 exploit
CVE-2026-29923
Exploit for CVE-2026-29923 exploit - Exploit for CVE-2025-13673 exploit
CVE-2025-13673
Exploit for CVE-2025-13673 exploit
…另有 100 条 Unknown 级漏洞(已省略)
🤖 漏洞情报自动汇总 · 2026-05-25 · 数据来源: NVD / GitHub Advisory / Sploitus / CISA-KEV