📊 2026-05-28 漏洞情报日报 · 200 条 · 高危 90
每日漏洞情报汇总 · 2026-05-28
📊 2026-05-28 漏洞情报日报
📋 共 200 条
🔥 高危/严重 90 条
🚨 CISA-KEV 3 条
💣 Exploit-DB-RSS 13 条
🐙 GitHub-Advisory 70 条 🔥36
🛡️ NVD-Latest 54 条 🔥54
⚔️ Sploitus 60 条
🤖 今日安全态势分析
🎯 今日重点关注
- CVE-2026-44632 / CVE-2026-46562 / CVE-2026-46621 (Yamcs):航天任务控制系统Yamcs出现三枚严重RCE漏洞,攻击者可通过Janino、Nashorn及Jython引擎注入恶意算法文本实现远程代码执行,无需认证即可完全控制受控系统,属于“一键击穿”级别威胁。
- CVE-2026-23734 / CVE-2026-33137 (XWiki Platform):XWiki曝出两枚严重漏洞:路径遍历可读取任意配置文件(如WEB-INF/xwiki.cfg),另一缺陷允许未授权用户通过REST接口导入XAR包创建/篡改文档,造成全线沦陷。
- CVE-2026-7374 (KubeVirt) (CVSS 9.9):KubeVirt的virt-handler组件存在符号链接验证缺陷,拥有单个命名空间编辑权限的OpenShift用户可越权逃逸至宿主机,直接威胁云原生基础设施安全。
- CVE-2026-48687 / CVE-2026-48686 (FastNetMon) (CVSS 9.8):网络流量监控系统FastNetMon同时爆出OS命令注入和BGP协议栈缓冲区溢出漏洞,前者允许远程命令执行,后者可在处理恶意BGP NLRI时发生栈溢出,威胁骨干网安全。
- CVE-2026-45247 (Mirasvit Full Page Cache Warmer) (CVSS 9.8):Magento 2插件PHP对象注入漏洞,未授权攻击者通过构造恶意序列化数据即可实现远程代码执行,影响大量电商站点。
📈 威胁趋势
- 远程代码执行 (RCE):今日RCE类漏洞占比超70%,覆盖Yamcs、LiquidJS、Magento插件、FastNetMon及Totolink路由器等多个领域,输入验证缺失与动态编译引擎滥用是主因。
- 权限提升/越权访问:KubeVirt符号链接绕过、XWiki未授权XAR导入构成越权与逃逸威胁,严重影响容器化及企业内容平台安全性。
- 信息泄露:XWiki路径遍历与Archive::Tar恶意符号链接均可导致敏感配置或文件外泄,威胁数据资产安全。
- 缓冲区溢出:Perl正则表达式编译堆溢出、FastNetMon BGP栈溢出表明底层语言与协议解析仍是高危土壤,32位平台与流量监控设备首当其冲。
🛡️ 缓解建议
- 立即升级受影响组件:Yamcs、XWiki、FastNetMon、LiquidJS、Langroid及Magento插件均已发布修复版本,请参照官方公告紧急更新;KubeVirt用户应升级到修复符号链接验证的补丁版本。
- 隔离高风险入口:对外网关闭Yamcs算法编辑API、XWiki REST/wikis接口及Mirasvit未认证端点;路由器管理界面限制仅内网访问,避免暴露于公网。
- 实施深度防御:采用Web应用防火墙(WAF)拦截XSS、SQL注入及序列化攻击流量;在Perl 32位环境、FastNetMon BGP监听器上启用沙箱或运行态监控,以检测异常进程行为。
- 审计容器权限:针对KubeVirt环境严格审查命名空间编辑权限分配,确保virt-handler实例运行于受限上下文,并启用OpenShift安全上下文约束(SCC)限制符号链接创建。
🚨 CISA-KEV(3 条)
Unknown (3 条)
- CVE-2026-8398 - Daemon Tools Lite Embedded Malicious Code Vulnerability
CVE-2026-8398
CVE-2026-8398 Daemon Tools Lite Embedded Malicious Code Vulnerability 产品: Daemon Daemon Tools Lite 描述: Daemon Tools contains an unspecified vulnerability that… - CVE-2026-45321 - TanStack Unspecified Vulnerability
CVE-2026-45321
CVE-2026-45321 TanStack Unspecified Vulnerability 产品: TanStack TanStack 描述: TanStack contains an unspecified vulnerability that allowed malicious versions of…
…另有 1 条 Unknown 级漏洞(已省略)
💣 Exploit-DB-RSS(13 条)
Unknown (13 条)
- [webapps] OpenCATS 0.9.7.4 - SQL Injection
# Exploit Title: OpenCATS 0.9.7.4 - SQL Injection # Exploit Author: Gabriel Rodrigues (TEXUGO) from HAKAI # Vendor Homepage: https://www.opencats.org #… - [local] Realtek rtl819x - Local Privilege
CVE-2026-36355
* Exploit Title: Realtek rtl819x - Local Privilege Escalation * Date: 2026-05-03 * Exploit Author: Daniil Gordeev * Vendor Homepage: http://www.realtek.com *…
…另有 11 条 Unknown 级漏洞(已省略)
🐙 GitHub-Advisory(70 条)
Critical (7 条)
- CVE-2026-44632 - Yamcs Vulnerable to Server-Side Code Injection (RCE) via Janino Expression Engin
CVE-2026-44632Critical
Summary A Server-Side Code Injection vulnerability exists in the Yamcs algorithm evaluation engine (`org.yamcs.algorithms.JavaExprAlgorithmExecutionFactory`).… - CVE-2026-45618 - LiquidJS is Vulnerable to Remote Code Execution
CVE-2026-45618Critical
Summary It is possible to execute arbitrary code with crafted templates Details <details> <summary> `1|valueOf` -> `this` when evaluating the filter </summary>… - CVE-2026-25879 - Langroid has Prompt to SQL Injection, Leading to RCE
CVE-2026-25879Critical
# Security Vulnerability Report: Prompt to SQL Injection leading to RCE in latest Langroid ## Affected Scope langroid < 0.63.0 ## Vulnerability Description… - CVE-2026-46562 - Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm overrid
CVE-2026-46562Critical
# Remote Code Execution via Mission Database algorithm override ## Summary The Nashorn `ScriptEngine` used to evaluate user-supplied algorithm text in… - CVE-2026-46621 - Yamcs Vulnerable to Authenticated Remote Code Execution (RCE) via Jython Algorit
CVE-2026-46621Critical
Summary A Server-Side Code Injection vulnerability exists in the Yamcs script evaluation engine for Python algorithms. The application dynamically compiles and… - CVE-2026-23734 - XWiki Platform has path traversal via resources parameter in ssx and jsx endpoin
CVE-2026-23734Critical
Impact It's possible to get access and read configuration files by using URLs such as… - CVE-2026-33137 - XWiki Platform has an Unauthenticated XAR Import via REST /wikis/{wikiName}
CVE-2026-33137Critical
Impact `POST /wikis/{wikiName}` executes a XAR import without performing any authentication or authorization checks, allowing an unauthenticated attacker to…
High (29 条)
- CVE-2026-28445 - Typebot has Stored XSS via Rating Block Custom Icon that Bypasses isUnsafe Sandb
CVE-2026-28445High 3.1
## Summary The rating block's custom icon feature accepts arbitrary HTML/SVG via the `customIcon.svg` field and renders it using Solid's `innerHTML` directive… - CVE-2026-43945 - FUXA Vulnerable to Pre-auth RCE via Path Manipulation & Configuration Injection
CVE-2026-43945High 3.1
**Pre-auth** RCE in FUXA via Logic Bypass Summary A Critical vulnerability chain exists in FUXA (v.1.3.0-2706) that allows an unauthenticated remote attacker… - CVE-2026-44705 - tmp has Path Traversal via unsanitized prefix/postfix that enables directory esc
CVE-2026-44705High
Summary The tmp npm package contains a path traversal vulnerability that allows escaping the intended temporary directory when untrusted data flows into the… - CVE-2026-44739 - Pimcore Vulnerable to SQL Injection in Custom Reports Column Configuration
CVE-2026-44739High
Summary The columnConfigAction endpoint in the CustomReportsBundle is vulnerable to SQL injection. An attacker with the reports_config permission can supply a… - CVE-2026-44741 - Pimcore Admin Classic Bundle Vulnerable to SQL Injection in Translation Grid Dat
CVE-2026-44741High
# GM-369 ## Summary SQL injection in Pimcore's translation grid date filter — the user-supplied `property` field from the filter JSON is interpolated directly… - CVE-2026-44974 - @hapi/content header parser has a parameter smuggling issue that allows upload-f
CVE-2026-44974High
Impact The two parsers resolved duplicates inconsistently and silently: - `Content.disposition()` retained the last occurrence of each parameter. -… - CVE-2026-45063 - Symfony Vulnerable to Identity Spoofing via Unanchored DN Regex in X509Authentic
CVE-2026-45063High
Description `X509Authenticator` implements client-certificate (mTLS) authentication: the web server validates the client's certificate against a trusted CA,… - CVE-2026-45162 - Pimcore has Unsafe PHP Deserialization in Multiple Locations Without allowed_cla
CVE-2026-45162High
# GM-374 ## Summary Multiple locations in Pimcore v11 call PHP's `unserialize()` on data from database columns and filesystem files without the… - CVE-2026-45260 - Pimcore: Missing Authorization in WebDAV MOVE via unchecked asset move handling
CVE-2026-45260High
Summary Pimcore's WebDAV asset endpoint exposes a `MOVE` operation through `/asset/webdav{path}` without adding an authentication plugin in the WebDAV… - CVE-2026-45357 - LiquidJS has a memory and render limit bypass via unbounded width padding in `da
CVE-2026-45357High
## Summary The `date` filter's strftime implementation parses width specifiers like `%9999999d` and forwards the captured width unchecked into… - CVE-2026-45368 - Kirby CMS vulnerable to cross-site scripting (XSS) from links in KirbyTags and i
CVE-2026-45368High
TL;DR This vulnerability affects all Kirby sites that allow the use of the `(link: …)` KirbyTag, the `link:` parameter of the `(image: …)` KirbyTag, the… - CVE-2026-45617 - LiquidJS Vulnerable to ReDoS via Quadratic Backtracking in `strip_html` Filter R
CVE-2026-45617High
## Summary The built-in `strip_html` filter in liquidjs uses a regex containing four lazy-quantified alternatives. When the input contains many `<script`,… - CVE-2026-44726 - Deno's TLS retry copies stale upgrade hook, risking plaintext traffic
CVE-2026-44726High
## Summary A flaw in Deno's Node.js tls compatibility layer could cause a TLS client to transmit application data in plaintext after a connection retry. When… - CVE-2026-44982 - CrowdSec AppSec silently drops request body for chunked / HTTP-2 requests
CVE-2026-44982High
## Summary The CrowdSec AppSec component fails to read the HTTP request body for any request whose `Content-Length` is not positive — most notably HTTP/1.1… - CVE-2026-45067 - Symfony has Email Header / SMTP Command Injection via CRLF in Symfony\Component\
CVE-2026-45067High
Description `Symfony\Component\Mime\Address` is the value-object every Symfony Mailer address (to/cc/bcc/from/reply-to) flows through; its constructor is… - CVE-2026-45077 - Symfony has Unauthenticated PHP Object Deserialization in MonologBridge server:l
CVE-2026-45077High
Description `Symfony\Bridge\Monolog\Command\ServerLogCommand` (the `server:log` console command) is a development-time helper that opens a TCP listener and… - CVE-2026-45332 - Automad has Broken Access Control: Unauthenticated exposure of administrator bcr
CVE-2026-45332High
Summary A Broken Access Control vulnerability allows an unauthenticated attacker to retrieve the bcrypt password hash of every administrator account with a… - CVE-2026-45704 - Pimcore has a CustomReports Share Bypass
CVE-2026-45704High
Summary `CustomReports` uses inconsistent authorization between the report listing endpoint and the report detail endpoint. - The listing flow filters reports… - CVE-2026-47243 - Kata guest escape: runtime-rs guest-root to host-root escape via virtiofs
CVE-2026-47243High
Summary In the runtime-rs standalone virtio-fs path, verified here with QEMU (and verified with Cloud Hypervisor too), Kata Containers runs host `virtiofsd` as… - CVE-2026-47717 - FUXA's Unauthenticated Project Data Disclosure Exposes Server-Side Scripts and D
CVE-2026-47717High
Summary The GET /api/project endpoint exposes sensitive project configuration data to guest-context requests even when secureEnabled is enabled. Details File:… - CVE-2026-45725 - compliance-trestle Remote Fetching Mechanism has an Arbitrary File Write via Cac
CVE-2026-45725High
## Summary The compliance-trestle library's remote fetching cache mechanism (HTTPSFetcher and SFTPFetcher) constructs the local cache file path from the URL… - CVE-2026-48048 - XWiki Platform's Livetable results still allow reconstructing password hashes us
CVE-2026-48048High
Impact XWiki discovered that the patch for GHSA-5cf8-vrr8-8hjm was insufficient and with slightly modified parameters to the `LiveTableResults`, it is still… - CVE-2026-42089 - yeoman-environment Vulnerable to Arbitrary Package Installation without User Con
CVE-2026-42089High
Impact `yeoman-environment` versions `>= 2.9.0` and `< 6.0.1` install missing local generator packages from caller-supplied package names without user… - CVE-2026-42462 - Fedify has an LD-Signature Bypass via JSON-LD Named-Graph Restructuring
CVE-2026-42462High
Summary An attacker can make use of JSON-LD features to restructure a JSON-LD document that would change how Fedify interprets it without changing its Linked… - CVE-2026-43946 - FUXA has an unauthenticated arbitrary tag value disclosure via /api/getTagValue
CVE-2026-43946High
Summary An authorization bypass in the /api/getTagValue endpoint allows unauthenticated access to tag values when the referenced script does not exist. Details… - CVE-2026-43947 - FUXA Vulnerable to Unauthenticated Remote Code Execution via Script Test Mode Au
CVE-2026-43947High
Summary An unauthenticated Remote Code Execution vulnerability exists in FUXA when `secureEnabled` is set to `true`. The `POST /api/runscript` endpoint checks… - CVE-2026-44174 - Kirby CMS has an Arbitrary Method Call via REST API Search and Collection Query
CVE-2026-44174High
TL;DR This vulnerability affects all Kirby sites that might have potential attackers in the group of authenticated Panel users. **This vulnerability is of high… - CVE-2026-44175 - Kirby CMS vulnerable to cross-site scripting (XSS) from list field content in th
CVE-2026-44175High
TL;DR This vulnerability affects all Kirby sites that use the list field or list block, when content is authored by users who may not be fully trusted. The… - CVE-2026-44177 - Kirby CMS has pre-authentication path traversal and PHP file inclusion during us
CVE-2026-44177High
TL;DR This vulnerability affects all Kirby sites on Kirby 5.3.0-5.4.0 and is independent from setup conditions and authentication. **This vulnerability is of…
Medium (28 条)
- CVE-2026-44587 - CarrierWave has a denylisted_content_type bypass via Unescaped Regex Metacharact
CVE-2026-44587Medium
Summary CarrierWave's content_type_denylist check fails to escape regex metacharacters in string entries, causing the denylist to silently not match the… - CVE-2026-44595 - Yamcs vulnerable to unauthorized user enumeration via IAM API endpoints
CVE-2026-44595Medium
Summary The IAM API endpoints (`listUsers`, `getUser`, `listGroups`, and `getGroup`) in `yamcs-core` do not enforce the required… - CVE-2026-44596 - Yamcs has No Rate Limiting on Authentication Endpoint
CVE-2026-44596Medium
Summary The authentication endpoint `POST /auth/token` in `yamcs-core` lacks any form of rate limiting, account lockout, or failed attempt throttling. As a… - CVE-2026-44644 - LiquidJS's strip_html filter bypass via newline characters in HTML tags enables
CVE-2026-44644Medium
## Summary The `strip_html` filter in liquidjs is intended to remove HTML tags from a string before rendering, and is widely used as an XSS sanitizer. The… - CVE-2026-44645 - LiquidJS has a renderLimit DoS guard bypass via empty `{% for %}` body
CVE-2026-44645Medium
## Summary The `renderLimit` option — documented in `docs/source/tutorials/dos.md` as the mechanism that "mitigates this by limiting the time consumed by each… - CVE-2026-44646 - LiquidJS's `{% render %}` tag silently bypasses per-render `ownPropertyOnly:true
CVE-2026-44646Medium
## Summary `Context.spawn()` in liquidjs creates a child `Context` for the `{% render %}` tag but does not propagate the parent context's resolved… - CVE-2026-44979 - @hapi/wreck leaks sensitive `Proxy-Authorization` header across cross-hostname r
CVE-2026-44979Medium
Impact When `@hapi/wreck` follows a 3xx redirect to a different hostname, only the `Authorization` and `Cookie` headers are stripped. The standard credential… - CVE-2026-45065 - Symfony has a UrlGenerator Route-Requirement Bypass via Unanchored Regex Alterna
CVE-2026-45065Medium
Description Symfony routes can declare a requirements regex per path parameter, e.g. a route `/{_locale}/blog` with `requirements: { _locale: 'en|fr|de' }`.…
…另有 20 条 Medium 级漏洞(已省略)
Low (6 条)
- CVE-2026-45071 - Symfony has XXE (Local File Disclosure) in DomCrawler::addXmlContent() via valid
CVE-2026-45071Low
Description `symfony/dom-crawler` provides the `Crawler` class for navigating HTML/XML documents with CSS/XPath selectors; `symfony/browser-kit`'s… - CVE-2026-45072 - Symfony Vulnerable to stored XSS in WebProfiler CodeExtension::fileExcerpt() — U
CVE-2026-45072Low
Description Symfony's profiler, a development only debug UI, renders source-code excerpts on several pages using Twig's custom `file_excerpt` filter. This… - CVE-2026-45133 - Symfony hardened the parser when handling untrusted input
CVE-2026-45133Low
Description `Symfony\Component\Yaml\Parser` is the entry point for parsing YAML strings into PHP values via `Yaml::parse()`. When the parser is exposed to…
…另有 3 条 Low 级漏洞(已省略)
🛡️ NVD-Latest(54 条)
Critical (7 条)
- CVE-2026-7374 A flaw was found in KubeVirt's virt-handler component. This vulnerability allows
CVE-2026-7374Critical 9.9
CVE-2026-7374 CVSS:9.9 A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions… - CVE-2026-48687 FastNetMon Community Edition through 1.2.9 contains an OS command injection vuln
CVE-2026-48687Critical 9.8
CVE-2026-48687 CVSS:9.8 FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The… - CVE-2026-48686 FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflo
CVE-2026-48686Critical 9.8
CVE-2026-48686 CVSS:9.8 FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI (Network Layer Reachability… - CVE-2026-45247 Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a
CVE-2026-45247Critical 9.8
CVE-2026-45247 CVSS:9.8 Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows… - CVE-2026-9543 A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected
CVE-2026-9543Critical 9.8
CVE-2026-9543 CVSS:9.8 A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setPasswordCfg of the file… - CVE-2026-8376 Perl versions through 5.43.10 have a heap buffer overflow when compiling regular
CVE-2026-8376Critical 9.8
CVE-2026-8376 CVSS:9.8 Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit… - CVE-2026-42496 Archive::Tar versions before 3.08 for Perl extract symlinks with attacker contro
CVE-2026-42496Critical 9.1
CVE-2026-42496 CVSS:9.1 Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory.…
High (47 条)
- CVE-2026-46368 luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on f
CVE-2026-46368High 8.8
CVE-2026-46368 CVSS:8.8 luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the… - CVE-2026-40033 FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdi_Cache
CVE-2026-40033High 8.8
CVE-2026-40033 CVSS:8.8 FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdi_CacheToSurface that allows remote attackers to write… - CVE-2026-4480 A flaw was found in the Samba printing subsystem. Samba passes the client-contro
CVE-2026-4480High 8.5
CVE-2026-4480 CVSS:8.5 A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured… - CVE-2018-25377 Flash Slideshow Maker Professional 5.20 contains a buffer overflow vulnerability
CVE-2018-25377High 8.4
CVE-2018-25377 CVSS:8.4 Flash Slideshow Maker Professional 5.20 contains a buffer overflow vulnerability in the registration dialog that allows local attackers… - CVE-2018-25376 Socusoft 3GP Photo Slideshow 8.05 contains a buffer overflow vulnerability in th
CVE-2018-25376High 8.4
CVE-2018-25376 CVSS:8.4 Socusoft 3GP Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to… - CVE-2018-25375 SocuSoft iPod Photo Slideshow 8.05 contains a buffer overflow vulnerability in t
CVE-2018-25375High 8.4
CVE-2018-25375 CVSS:8.4 SocuSoft iPod Photo Slideshow 8.05 contains a buffer overflow vulnerability in the registration dialog that allows local attackers to… - CVE-2018-25373 SocuSoft DVD Photo Slideshow Professional 8.07 contains a stack-based buffer ove
CVE-2018-25373High 8.4
CVE-2018-25373 CVSS:8.4 SocuSoft DVD Photo Slideshow Professional 8.07 contains a stack-based buffer overflow vulnerability in the registration name field that… - CVE-2018-25379 Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in
CVE-2018-25379High 8.2
CVE-2018-25379 CVSS:8.2 Collectric CMU 1.0 contains a boolean-based blind SQL injection vulnerability in the lang parameter that allows unauthenticated… - CVE-2018-25372 MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability tha
CVE-2018-25372High 8.2
CVE-2018-25372 CVSS:8.2 MedDream PACS Server Premium 6.7.1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary… - CVE-2026-48692 FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 500
CVE-2026-48692High 8.1
CVE-2026-48692 CVSS:8.1 FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 50052 with no authentication mechanism. The server is… - CVE-2026-43935 e107 is a content management system (CMS). Prior to 2.3.4, a Host Header Injecti
CVE-2026-43935High 8.1
CVE-2026-43935 CVSS:8.1 e107 is a content management system (CMS). Prior to 2.3.4, a Host Header Injection vulnerability in the password reset page allows… - CVE-2026-48132 The Security Gateway does not correctly validate a length value in certain IKE p
CVE-2026-48132High 8.1
CVE-2026-48132 CVSS:8.1 The Security Gateway does not correctly validate a length value in certain IKE packets when NAT-T is used (4500/UDP). As a result, a… - CVE-2026-48131 The VPN service may mishandle an unexpected IKE fragment value received on the I
CVE-2026-48131High 8.1
CVE-2026-48131 CVSS:8.1 The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection… - CVE-2026-8046 The affected products insufficiently verify authorization when deleting user acc
CVE-2026-8046High 8.1
CVE-2026-8046 CVSS:8.1 The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can… - CVE-2026-24162 NVIDIA Transformers4Rec for Linux contains a vulnerability where an attacker cou
CVE-2026-24162High 7.8
CVE-2026-24162 CVSS:7.8 NVIDIA Transformers4Rec for Linux contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A… - CVE-2026-25112 A high-severity vulnerability in the deployment of Genetec RabbitMQ that allows
CVE-2026-25112High 7.8
CVE-2026-25112 CVSS:7.8 A high-severity vulnerability in the deployment of Genetec RabbitMQ that allows a privilege escalation attack. 产品: - CVE-2026-40034 gix-submodule before 0.82.0 incorrectly validates the update field in .gitmodule
CVE-2026-40034High 7.8
CVE-2026-40034 CVSS:7.8 gix-submodule before 0.82.0 incorrectly validates the update field in .gitmodules, allowing attackers to bypass the… - CVE-2026-25713 MediaArea MediaInfoLib ID3v2 parsing heap buffer overflow vulnerability
CVE-2026-25713High 7.8
CVE-2026-25713 CVSS:7.8 MediaArea MediaInfoLib ID3v2 parsing heap buffer overflow vulnerability 产品: - CVE-2026-25104 MediaArea MediaInfoLib LXF parsing heap-based buffer overflow vulnerability
CVE-2026-25104High 7.8
CVE-2026-25104 CVSS:7.8 MediaArea MediaInfoLib LXF parsing heap-based buffer overflow vulnerability 产品: - CVE-2026-44469 The affected product extracts installation files to a temporary directory with i
CVE-2026-44469High 7.8
CVE-2026-44469 CVSS:7.8 The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative… - CVE-2026-44468 The affected product creates a directory with insecure default permissions durin
CVE-2026-44468High 7.8
CVE-2026-44468 CVSS:7.8 The affected product creates a directory with insecure default permissions during administrative installation. This allows a… - CVE-2026-45082 Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forger
CVE-2026-45082High 7.6
CVE-2026-45082 CVSS:7.6 Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery (SSRF) protection bypass vulnerability was identified… - CVE-2026-24212 NVIDIA Isaac Launchable for Linux contains a vulnerability where sensitive infor
CVE-2026-24212High 7.5
CVE-2026-24212 CVSS:7.5 NVIDIA Isaac Launchable for Linux contains a vulnerability where sensitive information is transmitted in clear text. A successful… - CVE-2026-48688 FastNetMon Community Edition through 1.2.9 contains multiple out-of-bounds reads
CVE-2026-48688High 7.5
CVE-2026-48688 CVSS:7.5 FastNetMon Community Edition through 1.2.9 contains multiple out-of-bounds reads in the BGP MP_REACH_NLRI IPv6 attribute decoder. The… - CVE-2026-48133 When the Identity Awareness blade is enabled with Browser-Based Authentication,
CVE-2026-48133High 7.5
CVE-2026-48133 CVSS:7.5 When the Identity Awareness blade is enabled with Browser-Based Authentication, an unauthenticated user may be able to read certain… - CVE-2025-11482 An Allocation of Resources Without Limits or Throttling vulnerability in the OPC
CVE-2025-11482High 7.5
CVE-2025-11482 CVSS:7.5 An Allocation of Resources Without Limits or Throttling vulnerability in the OPC-UA Server used in PPT30 Operating System versions… - CVE-2026-39661 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
CVE-2026-39661High 7.5
CVE-2026-39661 CVSS:7.5 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Magentech SW… - CVE-2026-8047 The affected products perform improper length checking when parsing incoming HTT
CVE-2026-8047High 7.5
CVE-2026-8047 CVSS:7.5 The affected products perform improper length checking when parsing incoming HTTP requests, resulting in a size-limited out-of-bounds… - CVE-2026-9496 Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service (
CVE-2026-9496High 7.5
CVE-2026-9496 CVSS:7.5 Versions of the package pacote from 11.2.7 are vulnerable to Denial of Service (DoS) via the addGitSha function. An attacker can exploit… - CVE-2026-9538 Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker
CVE-2026-9538High 7.5
CVE-2026-9538 CVSS:7.5 Archive::Tar versions before 3.10 for Perl allow memory exhaustion via attacker controlled entry size field in tar header. _read_tar()… - CVE-2026-42497 Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker control
CVE-2026-42497High 7.5
CVE-2026-42497 CVSS:7.5 Archive::Tar versions before 3.08 for Perl extract hardlinks to attacker controlled paths outside the extraction directory.… - CVE-2018-25374 Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vul
CVE-2018-25374High 7.5
CVE-2018-25374 CVSS:7.5 Softneta MedDream PACS Server Premium 6.7.1.1 contains a directory traversal vulnerability that allows unauthenticated attackers to… - CVE-2026-9552 A security flaw has been discovered in Das Parking Management System 停车场管理系统 6.2
CVE-2026-9552High 7.3
CVE-2026-9552 CVSS:7.3 A security flaw has been discovered in Das Parking Management System 停车场管理系统 6.2.0. This vulnerability affects unknown code of the… - CVE-2026-9551 A vulnerability was identified in Das Parking Management System 停车场管理系统 6.2.0. T
CVE-2026-9551High 7.3
CVE-2026-9551 CVSS:7.3 A vulnerability was identified in Das Parking Management System 停车场管理系统 6.2.0. This affects the function xp_cmdshell of the file… - CVE-2026-9550 A vulnerability was determined in Acrel Electrical EEMS Enterprise Power Operati
CVE-2026-9550High 7.3
CVE-2026-9550 CVSS:7.3 A vulnerability was determined in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. Affected by… - CVE-2026-9544 A vulnerability was found in Shenzhen Sixun Software Sixun Shanghui Group Busine
CVE-2026-9544High 7.3
CVE-2026-9544 CVSS:7.3 A vulnerability was found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 10. Affected by this vulnerability… - CVE-2026-9495 Versions of the package @koa/router from 14.0.0 and before 15.0.0 are vulnerable
CVE-2026-9495High 7.3
CVE-2026-9495 CVSS:7.3 Versions of the package @koa/router from 14.0.0 and before 15.0.0 are vulnerable to Access Control Bypass due to the middleware being… - CVE-2026-9528 A vulnerability was identified in itsourcecode Electronic Judging System 1.0. Im
CVE-2026-9528High 7.3
CVE-2026-9528 CVSS:7.3 A vulnerability was identified in itsourcecode Electronic Judging System 1.0. Impacted is an unknown function of the file… - CVE-2026-9526 A vulnerability was found in itsourcecode Electronic Judging System 1.0. This vu
CVE-2026-9526High 7.3
CVE-2026-9526 CVSS:7.3 A vulnerability was found in itsourcecode Electronic Judging System 1.0. This vulnerability affects unknown code of the file… - CVE-2026-9525 A vulnerability has been found in itsourcecode Electronic Judging System 1.0. Th
CVE-2026-9525High 7.3
CVE-2026-9525 CVSS:7.3 A vulnerability has been found in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file… - CVE-2026-9523 A vulnerability was detected in Acrel Electrical EEMS Enterprise Power Operation
CVE-2026-9523High 7.3
CVE-2026-9523 CVSS:7.3 A vulnerability was detected in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 3000WEBV2. Affected by… - CVE-2026-9521 A security vulnerability has been detected in fraillt bitsery up to 5.2.4. Affec
CVE-2026-9521High 7.3
CVE-2026-9521 CVSS:7.3 A security vulnerability has been detected in fraillt bitsery up to 5.2.4. Affected is the function loadFromSharedState in the library… - CVE-2026-9517 A vulnerability was determined in hemant6488 CodeIgniter-StudentManagementSystem
CVE-2026-9517High 7.3
CVE-2026-9517 CVSS:7.3 A vulnerability was determined in hemant6488 CodeIgniter-StudentManagementSystem. The affected element is an unknown function of the… - CVE-2026-42785 OpenKM 6.3.12 contains a remote code execution vulnerability that allows authent
CVE-2026-42785High 7.2
CVE-2026-42785 CVSS:7.2 OpenKM 6.3.12 contains a remote code execution vulnerability that allows authenticated administrators to execute arbitrary… - CVE-2026-42425 OpenKM 6.3.12 contains an unrestricted SQL execution vulnerability that allows a
CVE-2026-42425High 7.2
CVE-2026-42425 CVSS:7.2 OpenKM 6.3.12 contains an unrestricted SQL execution vulnerability that allows authenticated administrative users to execute arbitrary… - CVE-2018-25381 Joomla Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that a
CVE-2018-25381High 7.1
CVE-2018-25381 CVSS:7.1 Joomla Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL… - CVE-2018-25380 Joomla Component eXtroForms 2.1.5 contains an SQL injection vulnerability that a
CVE-2018-25380High 7.1
CVE-2018-25380 CVSS:7.1 Joomla Component eXtroForms 2.1.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL…
⚔️ Sploitus(60 条)
Unknown (60 条)
- poc-ccweb-unauth-rce exploit
poc-ccweb-unauth-rce exploit - poc-wondercms-360-xss exploit
poc-wondercms-360-xss exploit
…另有 58 条 Unknown 级漏洞(已省略)
🤖 漏洞情报自动汇总 · 2026-05-28 · 数据来源: NVD / GitHub Advisory / Sploitus / CISA-KEV