📊 2026-05-27 漏洞情报日报 · 200 条 · 高危 64
每日漏洞情报汇总 · 2026-05-27
📊 2026-05-27 漏洞情报日报
📋 共 200 条
🔥 高危/严重 64 条
🚨 CISA-KEV 1 条
💣 Exploit-DB-RSS 6 条
🐙 GitHub-Advisory 22 条 🔥13
🛡️ NVD-Latest 51 条 🔥51
⚔️ Sploitus 120 条
🤖 今日安全态势分析
🎯 今日重点关注
- CVE-2026-33137 (XWiki Platform):严重未授权XAR导入漏洞。攻击者无需认证即可通过REST API `/wikis/{wikiName}` 创建或修改wiki文档,可能导致完全接管Wiki服务器。
- CVE-2026-43945 (FUXA):前未授权远程代码执行。通过路径操纵与配置注入,无需登录即可触发以root权限执行任意命令,直接威胁工业控制系统安全。
- CVE-2026-9458 / 9457 / 9456 等 (Totolink A8000RU):堆栈级严重漏洞。该路由器Web管理接口中setWanCfg、UploadFirmwareFile等函数存在命令注入,CVSS 9.8,攻击者无需认证即可远程控制设备。
- CVE-2026-23734 (XWiki Platform):路径遍历漏洞。通过`ssx`/`jsx`资源参数可读取服务器配置文件(如xwiki.cfg),泄露数据库密码、密钥等敏感信息。
- CVE-2026-48048 (XWiki Platform):口令哈希泄露漏洞。修补不当导致仍可通过768次请求逐位还原用户密码哈希,威胁账号安全。
📈 威胁趋势
- 远程代码执行 (RCE):FUXA (CVE-2026-43945) 与 Totolink A8000RU (CVE-2026-9454~9458等) 均被标记为预认证RCE,且可获最高权限,构成最直接严重威胁。
- 信息泄露:XWiki平台集中爆发三起相关漏洞(CVE-2026-23734、48048、33137),涉及配置、口令哈希及文档内容的未授权访问,攻击链成熟。
- 跨站脚本 (XSS)与权限绕过:Typebot存在存储型XSS(CVE-2026-28445);Fedify存在LD签名绕过(CVE-2026-42462);yeoman-environment存在无认证包安装风险。
🛡️ 缓解建议
- 立即升级XWiki平台:针对CVE-2026-23734、33137、48048三个严重/高危漏洞,请立即升级至官方已修复的最新版本,并检查是否存在异常文档或用户。
- 封锁FUXA对外暴露接口:对FUXA v.1.3.0-2706及更早版本,立即在边界防火墙限制其Web管理页面的公网访问,并联系厂商获取安全补丁。
- 隔离或固件升级Totolink设备:对于Totolink A8000RU 7.1cu.643_b20200521版本,建议立即隔离该设备所在网络,停止使用暴露的公网管理功能,并关注厂商固件更新。
- 审核系统日志与配置:检查XWiki的访问日志,重点排查异常`?resource=/../../`路径请求;同时确认开源组件(如yeoman-environment)是否运行在受漏洞影响的版本(>=2.9.0且<6.0.1)中。
🚨 CISA-KEV(1 条)
Unknown (1 条)
- CVE-2026-48172 - LiteSpeed cPanel Plugin Privilege Escalation Vulnerability
CVE-2026-48172
CVE-2026-48172 LiteSpeed cPanel Plugin Privilege Escalation Vulnerability 产品: LiteSpeed cPanel Plugin 描述: LiteSpeed cPanel Plugin contains privilege escalation…
💣 Exploit-DB-RSS(6 条)
Unknown (6 条)
- [local] Linux Kernel 6.8 - Local Privilege Escalation
CVE-2026-31431
* Exploit Title: Linux Kernel 5.4 - 6.8 - Local Privilege Escalation * Google Dork: N/A * Date: 2026-04-30 * Exploit Author: Long Fong Chan… - [webapps] cPanel - CRLF Injection
CVE-2026-41940
# ExploitTitle: cPanel 11.40 - CRLF Injection # Author: nu11secur1tyAI # Date: 2026-04-30 # Vendor: cPanel, L.L.C. # Software: cPanel & WHM (cpsrvd) #…
…另有 4 条 Unknown 级漏洞(已省略)
🐙 GitHub-Advisory(22 条)
Critical (2 条)
- CVE-2026-23734 - XWiki Platform has path traversal via resources parameter in ssx and jsx endpoin
CVE-2026-23734Critical
Impact It's possible to get access and read configuration files by using URLs such as… - CVE-2026-33137 - XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}
CVE-2026-33137Critical
Impact `POST /wikis/{wikiName}` executes a XAR import without performing any authentication or authorization checks, allowing an unauthenticated attacker to…
High (11 条)
- CVE-2026-28445 - Typebot has Stored XSS via Rating Block Custom Icon that Bypasses isUnsafe Sandb
CVE-2026-28445High 3.1
## Summary The rating block's custom icon feature accepts arbitrary HTML/SVG via the `customIcon.svg` field and renders it using Solid's `innerHTML` directive… - CVE-2026-43945 - FUXA Vulnerable to Pre-auth RCE via Path Manipulation & Configuration Injection
CVE-2026-43945High 3.1
**Pre-auth** RCE in FUXA via Logic Bypass Summary A Critical vulnerability chain exists in FUXA (v.1.3.0-2706) that allows an unauthenticated remote attacker… - CVE-2026-48048 - XWiki Platform's Livetable results still allow reconstructing password hashes us
CVE-2026-48048High
Impact XWiki discovered that the patch for GHSA-5cf8-vrr8-8hjm was insufficient and with slightly modified parameters to the `LiveTableResults`, it is still… - CVE-2026-42089 - yeoman-environment Vulnerable to Arbitrary Package Installation without User Con
CVE-2026-42089High
Impact `yeoman-environment` versions `>= 2.9.0` and `< 6.0.1` install missing local generator packages from caller-supplied package names without user… - CVE-2026-42462 - Fedify has an LD-Signature Bypass via JSON-LD Named-Graph Restructuring
CVE-2026-42462High
Summary An attacker can make use of JSON-LD features to restructure a JSON-LD document that would change how Fedify interprets it without changing its Linked… - CVE-2026-43946 - FUXA has an unauthenticated arbitrary tag value disclosure via /api/getTagValue
CVE-2026-43946High
Summary An authorization bypass in the /api/getTagValue endpoint allows unauthenticated access to tag values when the referenced script does not exist. Details… - CVE-2026-43947 - FUXA Vulnerable to Unauthenticated Remote Code Execution via Script Test Mode Au
CVE-2026-43947High
Summary An unauthenticated Remote Code Execution vulnerability exists in FUXA when `secureEnabled` is set to `true`. The `POST /api/runscript` endpoint checks… - CVE-2026-44174 - Kirby CMS has an Arbitrary Method Call via REST API Search and Collection Query
CVE-2026-44174High
TL;DR This vulnerability affects all Kirby sites that might have potential attackers in the group of authenticated Panel users. **This vulnerability is of high… - CVE-2026-44175 - Kirby CMS vulnerable to cross-site scripting (XSS) from list field content in th
CVE-2026-44175High
TL;DR This vulnerability affects all Kirby sites that use the list field or list block, when content is authored by users who may not be fully trusted. The… - CVE-2026-44177 - Kirby CMS has pre-authentication path traversal and PHP file inclusion during us
CVE-2026-44177High
TL;DR This vulnerability affects all Kirby sites on Kirby 5.3.0-5.4.0 and is independent from setup conditions and authentication. **This vulnerability is of… - CVE-2026-46717 - Nezha Monitoring: RoleMember-reachable SSRF with full response-body reflection v
CVE-2026-46717High
## Summary nezha's dashboard supports two user roles: `RoleAdmin` (Role==0) and `RoleMember` (Role==1). The notification routes `POST /api/v1/notification` and…
Medium (8 条)
- CVE-2025-66407 - Weblate has a Server-Side Request Forgery issue
CVE-2025-66407Medium
Impact The Create Component functionality in Weblate allows authorized users to add new translation components by specifying both a version control system and… - CVE-2026-39964 - Typebot.io has stored XSS via `javascript`: URI in text bubble links — bot autho
CVE-2026-39964Medium
Summary The Typebot viewer (`packages/embeds/js`) renders anchor tags from rich text bubble content without filtering the `javascript:` URI scheme. A bot… - CVE-2026-26028 - CryptPad has a Sanitizer Bypass in Diffmarked.js that Allows Arbitrary HTML Inje
CVE-2026-26028Medium
Summary CryptPad’s HTML sanitizer in Diffmarked.js can be bypassed due to incomplete filtering of restricted tags. Because the sanitizer only validates the src… - CVE-2026-48047 - XWiki Platform vulnerable to potential arbitrary file writing using path travers
CVE-2026-48047Medium
Impact A potential path traversal vulnerability allow an attacker who manages to get a malicious WebJar extension installed on the wiki to write arbitrary… - CVE-2026-41207 - netty-incubator-codec-ohttp's HPKEContext operations may produce empty byte[] on
CVE-2026-41207Medium
HKDF_expand: returns non-NULL on failure. The byte[] is filled with zeros and has no way to distinguish success from failure. Since this output is used as HKDF… - CVE-2026-42568 - Yamcs Vulnerable to LDAP Injection in LdapAuthModule
CVE-2026-42568Medium
Summary An LDAP injection vulnerability exists in `org.yamcs.security.LdapAuthModule` when constructing search filters. The username parameter is inserted… - CVE-2026-44176 - Kirby CMS's `pages.access` permission is not checked during rendering of page dr
CVE-2026-44176Medium
TL;DR This vulnerability affects all Kirby sites where users of a particular role have no permission to access pages (`pages.access` permission is disabled).… - CVE-2026-44210 - Kata Containers have VM Escape via virtiofsd Argument Injection through Default
CVE-2026-44210Medium
## Summary Kata Containers ships with a default configuration that allows pod creators to inject arbitrary command-line arguments into the virtiofsd process…
Low (1 条)
- CVE-2026-35202 - Pterodactyl has a database resource limit bypass via race condition in Client AP
CVE-2026-35202Low
Summary The Pterodactyl Client API has a logic flaw that lets users bypass their assigned limits for database allocations. This happens because the database…
🛡️ NVD-Latest(51 条)
Critical (15 条)
- CVE-2026-9458 A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The impa
CVE-2026-9458Critical 9.8
CVE-2026-9458 CVSS:9.8 A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setWanCfg of the file… - CVE-2026-9457 A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. The affe
CVE-2026-9457Critical 9.8
CVE-2026-9457 CVSS:9.8 A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function UploadFirmwareFile of the… - CVE-2026-9456 A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is t
CVE-2026-9456Critical 9.8
CVE-2026-9456 CVSS:9.8 A vulnerability was found in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setOpenVpnCfg of the file… - CVE-2026-9455 A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This iss
CVE-2026-9455Critical 9.8
CVE-2026-9455 CVSS:9.8 A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function UploadOpenVpnCert of the file… - CVE-2026-9454 A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerabilit
CVE-2026-9454Critical 9.8
CVE-2026-9454 CVSS:9.8 A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setOpenVpnCertGenerationCfg of… - CVE-2026-9436 A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. The impacted elem
CVE-2026-9436Critical 9.8
CVE-2026-9436 CVSS:9.8 A flaw has been found in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setL2tpServerCfg of the file… - CVE-2026-9435 A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. The affect
CVE-2026-9435Critical 9.8
CVE-2026-9435 CVSS:9.8 A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. The affected element is the function setQosCfg of the file… - CVE-2026-9434 A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b202005
CVE-2026-9434Critical 9.8
CVE-2026-9434 CVSS:9.8 A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setWiFiWpsCfg of the file… - CVE-2026-9433 A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. This iss
CVE-2026-9433Critical 9.8
CVE-2026-9433 CVSS:9.8 A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. This issue affects the function setMacFilterRules of the file… - CVE-2026-9432 A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. Thi
CVE-2026-9432Critical 9.8
CVE-2026-9432 CVSS:9.8 A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setWiFiAdvancedCfg… - CVE-2026-9408 A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. Affected b
CVE-2026-9408Critical 9.8
CVE-2026-9408 CVSS:9.8 A vulnerability was detected in Totolink A8000RU 7.1cu.643_b20200521. Affected by this issue is the function setStaticDhcpRules of the… - CVE-2026-9407 A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b202005
CVE-2026-9407Critical 9.8
CVE-2026-9407 CVSS:9.8 A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. Affected by this vulnerability is the function… - CVE-2026-9406 A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Affected
CVE-2026-9406Critical 9.8
CVE-2026-9406 CVSS:9.8 A weakness has been identified in Totolink A8000RU 7.1cu.643_b20200521. Affected is the function setRemoteCfg of the file… - CVE-2026-9405 A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. Thi
CVE-2026-9405Critical 9.8
CVE-2026-9405 CVSS:9.8 A security flaw has been discovered in Totolink A8000RU 7.1cu.643_b20200521. This impacts the function setGameSpeedCfg of the file… - CVE-2026-2651 A vulnerability in MLflow versions <=3.10.1.dev0 allows unauthorized access to m
CVE-2026-2651Critical 9.0
CVE-2026-2651 CVSS:9.0 A vulnerability in MLflow versions <=3.10.1.dev0 allows unauthorized access to multipart upload (MPU) endpoints when the…
High (36 条)
- CVE-2026-9461 A security vulnerability has been detected in Edimax EW-7438RPn 1.31. Affected i
CVE-2026-9461High 8.8
CVE-2026-9461 CVSS:8.8 A security vulnerability has been detected in Edimax EW-7438RPn 1.31. Affected is the function formRadius of the file… - CVE-2026-9460 A weakness has been identified in Edimax EW-7438RPn 1.31. This impacts the funct
CVE-2026-9460High 8.8
CVE-2026-9460 CVSS:8.8 A weakness has been identified in Edimax EW-7438RPn 1.31. This impacts the function formAccept of the file /goform/formAccept. Executing… - CVE-2026-9459 A security flaw has been discovered in Edimax EW-7438RPn 1.31. This affects the
CVE-2026-9459High 8.8
CVE-2026-9459 CVSS:8.8 A security flaw has been discovered in Edimax EW-7438RPn 1.31. This affects the function formConnectionSetting of the file… - CVE-2026-9443 A security vulnerability has been detected in Edimax BR-6478AC 1.23. This vulner
CVE-2026-9443High 8.8
CVE-2026-9443 CVSS:8.8 A security vulnerability has been detected in Edimax BR-6478AC 1.23. This vulnerability affects the function formL2TPSetup of the file… - CVE-2026-9442 A weakness has been identified in Edimax BR-6478AC 1.23. This affects the functi
CVE-2026-9442High 8.8
CVE-2026-9442 CVSS:8.8 A weakness has been identified in Edimax BR-6478AC 1.23. This affects the function formiNICSiteSurvey of the file… - CVE-2026-9431 A vulnerability was identified in Tenda F1202 1.2.0.20(408). This affects the fu
CVE-2026-9431High 8.8
CVE-2026-9431 CVSS:8.8 A vulnerability was identified in Tenda F1202 1.2.0.20(408). This affects the function fromPptpUserAdd of the file /goform/PptpUserAdd.… - CVE-2026-9430 A vulnerability was determined in Tenda F1202 1.2.0.20(408). Affected by this is
CVE-2026-9430High 8.8
CVE-2026-9430 CVSS:8.8 A vulnerability was determined in Tenda F1202 1.2.0.20(408). Affected by this issue is the function formGstDhcpSetSer of the file… - CVE-2026-9429 A vulnerability was found in Tenda F1202 1.2.0.20(408). Affected by this vulnera
CVE-2026-9429High 8.8
CVE-2026-9429 CVSS:8.8 A vulnerability was found in Tenda F1202 1.2.0.20(408). Affected by this vulnerability is the function formWrlExtraSet of the file… - CVE-2026-9428 A vulnerability has been found in Tenda F1202 1.2.0.20(408). Affected is the fun
CVE-2026-9428High 8.8
CVE-2026-9428 CVSS:8.8 A vulnerability has been found in Tenda F1202 1.2.0.20(408). Affected is the function fromPPTPUserSetting of the file… - CVE-2026-9427 A flaw has been found in Edimax EW-7438RPn 1.31. This impacts the function formW
CVE-2026-9427High 8.8
CVE-2026-9427 CVSS:8.8 A flaw has been found in Edimax EW-7438RPn 1.31. This impacts the function formWlSiteSurvey of the file /goform/formWlSiteSurvey of the… - CVE-2026-9426 A vulnerability was detected in Edimax EW-7438RPn 1.31. This affects the functio
CVE-2026-9426High 8.8
CVE-2026-9426 CVSS:8.8 A vulnerability was detected in Edimax EW-7438RPn 1.31. This affects the function formHwSet of the file /goform/formHwSet. The… - CVE-2026-9425 A security vulnerability has been detected in Edimax EW-7438RPn 1.31. The impact
CVE-2026-9425High 8.8
CVE-2026-9425 CVSS:8.8 A security vulnerability has been detected in Edimax EW-7438RPn 1.31. The impacted element is the function formWlanMP of the file… - CVE-2018-25377 Flash Slideshow Maker Professional 5.20 contains a buffer overflow vulnerability
CVE-2018-25377High 8.4
CVE-2018-25377 CVSS:8.4 Flash Slideshow Maker Professional 5.20 contains a buffer overflow vulnerability in the registration dialog that allows local attackers… - CVE-2018-25376 Socusoft 3GP Photo Slideshow 8.05 contains a buffer overflow vulnerability in th
CVE-2018-25376High 8.4
CVE-2018-25376 CVSS:8.4 Socusoft 3GP Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to… - CVE-2018-25375 SocuSoft iPod Photo Slideshow 8.05 contains a buffer overflow vulnerability in t
CVE-2018-25375High 8.4
CVE-2018-25375 CVSS:8.4 SocuSoft iPod Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to… - CVE-2018-25373 SocuSoft DVD Photo Slideshow Professional 8.07 contains a stack-based buffer ove
CVE-2018-25373High 8.4
CVE-2018-25373 CVSS:8.4 SocuSoft DVD Photo Slideshow Professional 8.07 contains a stack-based buffer overflow vulnerability in the registration name field that… - CVE-2018-25366 CuteFTP 5.0 XP contains a buffer overflow vulnerability that allows local attack
CVE-2018-25366High 8.4
CVE-2018-25366 CVSS:8.4 CuteFTP 5.0 XP contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by injecting malicious… - CVE-2018-25360 AgataSoft Auto PingMaster 1.5 contains a stack-based buffer overflow vulnerabili
CVE-2018-25360High 8.4
CVE-2018-25360 CVSS:8.4 AgataSoft Auto PingMaster 1.5 contains a stack-based buffer overflow vulnerability in the Trace Route host name field that allows local… - CVE-2018-25359 Splinterware System Scheduler Pro 5.12 contains an insecure file permissions vul
CVE-2018-25359High 8.4
CVE-2018-25359 CVSS:8.4 Splinterware System Scheduler Pro 5.12 contains an insecure file permissions vulnerability that allows low-privilege users to escalate… - CVE-2018-25379 Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in
CVE-2018-25379High 8.2
CVE-2018-25379 CVSS:8.2 Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter that allows unauthenticated… - CVE-2018-25372 MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability tha
CVE-2018-25372High 8.2
CVE-2018-25372 CVSS:8.2 MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary… - CVE-2018-25371 mooSocial Store Plugin 2.6 contains a blind SQL injection vulnerability that all
CVE-2018-25371High 8.2
CVE-2018-25371 CVSS:8.2 mooSocial Store Plugin 2.6 contains a blind SQL injection vulnerability that allows unauthenticated attackers to manipulate database… - CVE-2018-25364 Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticat
CVE-2018-25364High 8.2
CVE-2018-25364 CVSS:8.2 Twitter-Clone 1 contains a SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by… - CVE-2018-25362 Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows
CVE-2018-25362High 8.2
CVE-2018-25362 CVSS:8.2 Twitter-Clone 1 contains a SQL injection vulnerability in follow.php that allows attackers to manipulate database queries by injecting… - CVE-2026-45361 Apache Airflow providers-google's `ComputeEngineSSHHook` disables SSH host-key v
CVE-2026-45361High 8.1
CVE-2026-45361 CVSS:8.1 Apache Airflow providers-google's `ComputeEngineSSHHook` disables SSH host-key verification by default, exposing SSH traffic between an… - CVE-2026-25193 Insertion of Sensitive Information into Log File (CWE-532) in some Command Centr
CVE-2026-25193High 8.1
CVE-2026-25193 CVSS:8.1 Insertion of Sensitive Information into Log File (CWE-532) in some Command Centre Service installers could lead to Service Account… - CVE-2018-25374 Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vul
CVE-2018-25374High 7.5
CVE-2018-25374 CVSS:7.5 Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to… - CVE-2018-25368 Nord VPN 6.14.31 contains a denial of service vulnerability that allows unauthen
CVE-2018-25368High 7.5
CVE-2018-25368 CVSS:7.5 Nord VPN 6.14.31 contains a denial of service vulnerability that allows unauthenticated attackers to crash the application by… - CVE-2018-25365 PCViewer vt1000 contains a directory traversal vulnerability that allows unauthe
CVE-2018-25365High 7.5
CVE-2018-25365 CVSS:7.5 PCViewer vt1000 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by… - CVE-2026-9453 A vulnerability was detected in FoundDream miniclawd up to 2d65665046e2222eeea76
CVE-2026-9453High 7.3
CVE-2026-9453 CVSS:7.3 A vulnerability was detected in FoundDream miniclawd up to 2d65665046e2222eeea76cafc8570ed546a8c125. This affects the function which of… - CVE-2026-9452 A security vulnerability has been detected in FoundDream miniclawd up to 2d65665
CVE-2026-9452High 7.3
CVE-2026-9452 CVSS:7.3 A security vulnerability has been detected in FoundDream miniclawd up to 2d65665046e2222eeea76cafc8570ed546a8c125. Affected by this… - CVE-2026-9447 A vulnerability was found in SourceCodester Simple POS and Inventory System 1.0.
CVE-2026-9447High 7.3
CVE-2026-9447 CVSS:7.3 A vulnerability was found in SourceCodester Simple POS and Inventory System 1.0. The impacted element is an unknown function of the file… - CVE-2026-9422 A vulnerability was identified in KLiK SocialMediaWebsite 1.0. This issue affect
CVE-2026-9422High 7.3
CVE-2026-9422 CVSS:7.3 A vulnerability was identified in KLiK SocialMediaWebsite 1.0. This issue affects some unknown processing of the component HTTP POST… - CVE-2026-9421 A vulnerability was determined in KLiK SocialMediaWebsite 1.0. This vulnerabilit
CVE-2026-9421High 7.3
CVE-2026-9421 CVSS:7.3 A vulnerability was determined in KLiK SocialMediaWebsite 1.0. This vulnerability affects the function uniqid of the file upload.inc.php… - CVE-2018-25381 Joomla Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that a
CVE-2018-25381High 7.1
CVE-2018-25381 CVSS:7.1 Joomla Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL… - CVE-2018-25380 Joomla Component eXtroForms 2.1.5 contains an SQL injection vulnerability that a
CVE-2018-25380High 7.1
CVE-2018-25380 CVSS:7.1 Joomla Component eXtroForms 2.1.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL…
⚔️ Sploitus(120 条)
Unknown (120 条)
- XSS-PAYLOADS exploit
XSS-PAYLOADS exploit - indo-cpanel-exploit exploit
indo-cpanel-exploit exploit
…另有 118 条 Unknown 级漏洞(已省略)
🤖 漏洞情报自动汇总 · 2026-05-27 · 数据来源: NVD / GitHub Advisory / Sploitus / CISA-KEV