📊 2026-05-29 漏洞情报日报 · 200 条 · 高危 90
每日漏洞情报汇总 · 2026-05-29
📊 2026-05-29 漏洞情报日报
📋 共 200 条
🔥 高危/严重 90 条
💣 Exploit-DB-RSS 7 条
🐙 GitHub-Advisory 75 条 🔥32
🛡️ NVD-Latest 58 条 🔥58
⚔️ Sploitus 60 条
🤖 今日安全态势分析
🎯 今日重点关注
- CVE-2026-44632 / CVE-2026-46562 / CVE-2026-46621 (Yamcs 系列漏洞): 航天任务控制软件 Yamcs 存在三个严重远程代码执行漏洞,攻击者可利用 Janino 表达式引擎、Nashorn 脚本引擎及 Jython 引擎注入恶意代码,无需高权限即可实现 RCE,对卫星地面系统构成直接威胁。
- CVE-2026-7374 (KubeVirt virt-handler): 该漏洞 CVSS 9.9,允许拥有单个命名空间编辑权限的 OpenShift 用户利用不正确的符号链接验证逃逸至宿主机,实现容器逃逸,严重威胁虚拟化集群安全。
- CVE-2026-8760 (WordPress OTP 登录插件): CVSS 9.8,该漏洞绕过身份验证限制,攻击者可无限制尝试 OTP 登录,导致完全接管管理员账户,影响所有使用该插件的 WordPress 站点。
- CVE-2026-48687 / CVE-2026-48686 (FastNetMon): 网络监控工具 FastNetMon 社区版被曝两个高危漏洞:一个 OS 命令注入(通过 Juniper 插件日志函数),另一个是 BGP 协议解析器中的栈溢出,攻击者可直接远程触发 RCE,威胁网络基础设施。
- CVE-2026-45247 (Mirasvit 缓存插件): CVSS 9.8,Magento 2 的 Full Page Cache Warmer 插件中存在 PHP 反序列化漏洞,未认证攻击者可构造恶意序列化数据直接实现远程代码执行。
📈 威胁趋势
- 远程代码执行 (RCE): 今日漏洞以 RCE 为主,覆盖 Yamcs、KubeVirt、FastNetMon、WordPress 插件、Magento 插件、Totolink 路由器及 Perl 库,攻击面极其广泛,从企业关键任务系统到消费级设备无一幸免。
- 权限提升与身份认证绕过: OpenCTI 的组织管理员可通过 GraphQL API 跨组织提权;OpenBao 遗留接口允许跨租户撤销凭证;WordPress OTP 插件认证绕过漏洞,均导致严重的横向移动风险。
- 任意文件写入与路径遍历: compliance-trestle 工具的 Jinja 命令存在任意文件写入漏洞,可覆盖系统关键文件,危害数据完整性。
🛡️ 缓解建议
- 立即更新受损组件: 升级 Yamcs 至不受影响版本(关注官方补丁),更新 WordPress OTP 插件至 1.6 以上版本,更新 Mirasvit Cache Warmer 插件至 1.11.12 及以上,升级 HTTP::Daemon 至 6.17 以上。
- 加固 Kubernetes 虚拟化环境: 针对 CVE-2026-7374,及时应用 KubeVirt 安全更新,并限制自助命名空间内用户对 virt-handler 的访问权限,监控异常 Pod 创建行为。
- 审查网络设备与工具: 对 FastNetMon 进行隔离或升级,检查 Totolink 路由器是否可更新固件;在所有边界设备上启用严格输入验证,禁用不必要的 Jython/Janino 脚本引擎。
- 实施纵深防御措施: 启用 WAF 规则过滤反序列化攻击与命令注入载荷;在所有环境(特别是多租户环境)中禁用或审计遗留 API 路径(如 OpenBao 的 sys/revoke),最小化攻击面。
💣 Exploit-DB-RSS(7 条)
Unknown (7 条)
- [webapps] OpenCATS 0.9.7.4 - SQL Injection
# Exploit Title: OpenCATS 0.9.7.4 - SQL Injection # Exploit Author: Gabriel Rodrigues (TEXUGO) from HAKAI # Vendor Homepage: https://www.opencats.org #… - [local] Realtek rtl819x - Local Privilege
CVE-2026-36355
* Exploit Title: Realtek rtl819x - Local Privilege Escalation * Date: 2026-05-03 * Exploit Author: Daniil Gordeev * Vendor Homepage: http://www.realtek.com *…
…另有 5 条 Unknown 级漏洞(已省略)
🐙 GitHub-Advisory(75 条)
Critical (5 条)
- CVE-2026-44632 - Yamcs Vulnerable to Server-Side Code Injection (RCE) via Janino Expression Engin
CVE-2026-44632Critical
Summary A Server-Side Code Injection vulnerability exists in the Yamcs algorithm evaluation engine (`org.yamcs.algorithms.JavaExprAlgorithmExecutionFactory`).… - CVE-2026-45618 - LiquidJS is Vulnerable to Remote Code Execution
CVE-2026-45618Critical
Summary It is possible to execute arbitrary code with crafted templates Details <details> <summary> `1|valueOf` -> `this` when evaluating the filter </summary>… - CVE-2026-25879 - Langroid has Prompt to SQL Injection, Leading to RCE
CVE-2026-25879Critical
# Security Vulnerability Report: Prompt to SQL Injection leading to RCE in latest Langroid ## Affected Scope langroid < 0.63.0 ## Vulnerability Description… - CVE-2026-46562 - Yamcs Vulnerable to Remote Code Execution via Mission Database algorithm overrid
CVE-2026-46562Critical
# Remote Code Execution via Mission Database algorithm override ## Summary The Nashorn `ScriptEngine` used to evaluate user-supplied algorithm text in… - CVE-2026-46621 - Yamcs Vulnerable to Authenticated Remote Code Execution (RCE) via Jython Algorit
CVE-2026-46621Critical
Summary A Server-Side Code Injection vulnerability exists in the Yamcs script evaluation engine for Python algorithms. The application dynamically compiles and…
High (27 条)
- CVE-2026-45808 - OpenBao's cross-namespace lease revocation via legacy sys/revoke path bypasses A
CVE-2026-45808High
# Impact OpenBao's namespaces provide multi-tenant separation. A tenant who intentionally leaks lease identifiers can have their lease and underlying… - CVE-2026-46345 - compliance-trestle - jinja has an Arbitrary File Write via Path Traversal
CVE-2026-46345High
**Relevant Products/Components:** * `trestle/core/commands/author/jinja.py` * `trestle author jinja` --- ## Detailed Description: The `-o/--output` argument in… - CVE-2026-44730 - OpenCTI: Privilege escalation via graphQL API is abusable by organization admins
CVE-2026-44730High
Summary An organization admin can escalate their privileges by adding a user from a different organization with higher privileges, to their own organization.… - CVE-2026-46439 - compliance-trestle Vulnerable to Remote Code Execution via Recursive Server-Side
CVE-2026-46439High
A High severity Server-Side Template Injection (SSTI) vulnerability exists in the `trestle author jinja` command. The command recursively evaluates rendered… - CVE-2026-5394 - Pimcore Platform - SQL Injection in DataObject composite index handling during c
CVE-2026-5394High
## Description An authenticated administrative user who can import or save DataObject class definitions can inject attacker-controlled composite index metadata… - CVE-2026-42305 - Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows
CVE-2026-42305High
## Impact Arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows. Dulwich's path-element… - CVE-2026-42563 - Dulwich Vulnerable to Command Injection via Merge Driver Path
CVE-2026-42563High
## Summary Dulwich's `ProcessMergeDriver` substitutes the file path (from the git tree, controllable by an attacker via a malicious branch) into the merge… - CVE-2026-47179 - Arcane Has an Authenticated Arbitrary Host File Read via Docker Compose Include
CVE-2026-47179High
## Summary `ProjectService.GetProjectFileContent` returns the contents of any Docker Compose include directive declared in a project's compose file before any… - CVE-2026-44705 - tmp has Path Traversal via unsanitized prefix/postfix that enables directory esc
CVE-2026-44705High
Summary The tmp npm package contains a path traversal vulnerability that allows escaping the intended temporary directory when untrusted data flows into the… - CVE-2026-44739 - Pimcore Vulnerable to SQL Injection in Custom Reports Column Configuration
CVE-2026-44739High
Summary The columnConfigAction endpoint in the CustomReportsBundle is vulnerable to SQL injection. An attacker with the reports_config permission can supply a… - CVE-2026-44741 - Pimcore Admin Classic Bundle Vulnerable to SQL Injection in Translation Grid Dat
CVE-2026-44741High
# GM-369 ## Summary SQL injection in Pimcore's translation grid date filter — the user-supplied `property` field from the filter JSON is interpolated directly… - CVE-2026-44974 - @hapi/content header parser has a parameter smuggling issue that allows upload-f
CVE-2026-44974High
Impact The two parsers resolved duplicates inconsistently and silently: - `Content.disposition()` retained the last occurrence of each parameter. -… - CVE-2026-45063 - Symfony Vulnerable to Identity Spoofing via Unanchored DN Regex in X509Authentic
CVE-2026-45063High
Description `X509Authenticator` implements client-certificate (mTLS) authentication: the web server validates the client's certificate against a trusted CA,… - CVE-2026-45162 - Pimcore has Unsafe PHP Deserialization in Multiple Locations Without allowed_cla
CVE-2026-45162High
# GM-374 ## Summary Multiple locations in Pimcore v11 call PHP's `unserialize()` on data from database columns and filesystem files without the… - CVE-2026-45260 - Pimcore: Missing Authorization in WebDAV MOVE via unchecked asset move handling
CVE-2026-45260High
Summary Pimcore's WebDAV asset endpoint exposes a `MOVE` operation through `/asset/webdav{path}` without adding an authentication plugin in the WebDAV… - CVE-2026-45357 - LiquidJS has a memory and render limit bypass via unbounded width padding in `da
CVE-2026-45357High
## Summary The `date` filter's strftime implementation parses width specifiers like `%9999999d` and forwards the captured width unchecked into… - CVE-2026-45368 - Kirby CMS vulnerable to cross-site scripting (XSS) from links in KirbyTags and i
CVE-2026-45368High
TL;DR This vulnerability affects all Kirby sites that allow the use of the `(link: …)` KirbyTag, the `link:` parameter of the `(image: …)` KirbyTag, the… - CVE-2026-45617 - LiquidJS Vulnerable to ReDoS via Quadratic Backtracking in `strip_html` Filter R
CVE-2026-45617High
## Summary The built-in `strip_html` filter in liquidjs uses a regex containing four lazy-quantified alternatives. When the input contains many `<script`,… - CVE-2026-44726 - Deno's TLS retry copies stale upgrade hook, risking plaintext traffic
CVE-2026-44726High
## Summary A flaw in Deno's Node.js tls compatibility layer could cause a TLS client to transmit application data in plaintext after a connection retry. When… - CVE-2026-44982 - CrowdSec AppSec silently drops request body for chunked / HTTP-2 requests
CVE-2026-44982High
## Summary The CrowdSec AppSec component fails to read the HTTP request body for any request whose `Content-Length` is not positive — most notably HTTP/1.1… - CVE-2026-45067 - Symfony has Email Header / SMTP Command Injection via CRLF in Symfony\Component\
CVE-2026-45067High
Description `Symfony\Component\Mime\Address` is the value-object every Symfony Mailer address (to/cc/bcc/from/reply-to) flows through; its constructor is… - CVE-2026-45077 - Symfony has Unauthenticated PHP Object Deserialization in MonologBridge server:l
CVE-2026-45077High
Description `Symfony\Bridge\Monolog\Command\ServerLogCommand` (the `server:log` console command) is a development-time helper that opens a TCP listener and… - CVE-2026-45332 - Automad has Broken Access Control: Unauthenticated exposure of administrator bcr
CVE-2026-45332High
Summary A Broken Access Control vulnerability allows an unauthenticated attacker to retrieve the bcrypt password hash of every administrator account with a… - CVE-2026-45704 - Pimcore has a CustomReports Share Bypass
CVE-2026-45704High
Summary `CustomReports` uses inconsistent authorization between the report listing endpoint and the report detail endpoint. - The listing flow filters reports… - CVE-2026-47243 - Kata guest escape: runtime-rs guest-root to host-root escape via virtiofs
CVE-2026-47243High
Summary In the runtime-rs standalone virtio-fs path, verified here with QEMU (and verified with Cloud Hypervisor too), Kata Containers runs host `virtiofsd` as… - CVE-2026-47717 - FUXA's Unauthenticated Project Data Disclosure Exposes Server-Side Scripts and D
CVE-2026-47717High
Summary The GET /api/project endpoint exposes sensitive project configuration data to guest-context requests even when secureEnabled is enabled. Details File:… - CVE-2026-45725 - compliance-trestle Remote Fetching Mechanism has an Arbitrary File Write via Cac
CVE-2026-45725High
## Summary The compliance-trestle library's remote fetching cache mechanism (HTTPSFetcher and SFTPFetcher) constructs the local cache file path from the URL…
Medium (33 条)
- CVE-2026-22872 - Capsule TenantResource RawItems Cluster-Scoped Resource Creation Vulnerability
CVE-2026-22872Medium
# TenantResource RawItems Cluster-Scoped Resource Creation Vulnerability ## Summary The Capsule Controller runs with cluster-admin privileges. Although the… - CVE-2026-41178 - opentelemetry-go's baggage parsing no longer caps raw header length
CVE-2026-41178Medium
Summary https://github.com/open-telemetry/opentelemetry-go/pull/7880 removed raw-length rejection and it causes `Parse` to process arbitrarily large/invalid… - CVE-2026-45754 - Symfony's Mailjet Mailer Webhook Parser Never Verifies the Configured Secret — U
CVE-2026-45754Medium
Description The Mailjet mailer bridge and the LOX24 SMS notifier bridge both ship webhook request parsers used to authenticate and decode the event callbacks… - CVE-2026-45755 - Symfony's Mailtrap Mailer Webhook Parser Never Verifies the X-Mt-Signature HMAC
CVE-2026-45755Medium
Description The Mailtrap mailer bridge ships a webhook request parser used to authenticate and decode the event callbacks Mailtrap POSTs to an application's… - CVE-2026-45774 - compliance-trestle Profile Import has an Arbitrary File Read via trestle:// URI
CVE-2026-45774Medium
## Summary The compliance-trestle library's profile import mechanism resolves `trestle://` URIs and relative file paths by joining them with `trestle_root` and… - CVE-2026-46358 - OpenBao's Inline Auth Incorrectly Redacted Headers
CVE-2026-46358Medium
Impact OpenBao's inline auth functionality incorrectly redacted audit log entries, resulting in non-auth headers being removed and auth-related headers being… - CVE-2026-46380 - compliance-trestle Vulnerable to SSRF in Remote Fetching Subsystem
CVE-2026-46380Medium
A source code audit led to the discovery of three significant security vulnerabilities in the trestle/core/remote/cache.py module. **Finding 1 (Critical): SSRF… - CVE-2026-46405 - OpenBao's Kerberos Auth Method Accumulates Unaccessible Tokens
CVE-2026-46405Medium
Impact In OpenBao's Kerberos auth method on the `GET` handler, or when an `Authorization: Negotiate` header is supplied, the response is includes a…
…另有 25 条 Medium 级漏洞(已省略)
Low (10 条)
- CVE-2026-45753 - Symfony's HtmlSanitizer UrlAttributeSanitizer Omits action/formaction/poster/cit
CVE-2026-45753Low
Description `symfony/html-sanitizer` lets applications sanitise untrusted HTML. `UrlAttributeSanitizer` is the visitor responsible for validating URL-valued… - CVE-2026-30963 - Capsule Namespace Hijacking via subresource
CVE-2026-30963Low
Summary To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate update requests… - CVE-2026-45287 - opentelemetry-go's Schema ParseFile leaks file descriptors on each parse
CVE-2026-45287Low
Summary `go.opentelemetry.io/otel/schema/v1.0` and `go.opentelemetry.io/otel/schema/v1.1` leaks one file descriptor on each successful `ParseFile` call.…
…另有 7 条 Low 级漏洞(已省略)
🛡️ NVD-Latest(58 条)
Critical (7 条)
- CVE-2026-7374 A flaw was found in KubeVirt's virt-handler component. This vulnerability allows
CVE-2026-7374Critical 9.9
CVE-2026-7374 CVSS:9.9 A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions… - CVE-2026-8760 The Login with OTP plugin for WordPress is vulnerable to authentication bypass i
CVE-2026-8760Critical 9.8
CVE-2026-8760 CVSS:9.8 The Login with OTP plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.6. This is due to… - CVE-2026-48687 FastNetMon Community Edition through 1.2.9 contains an OS command injection vuln
CVE-2026-48687Critical 9.8
CVE-2026-48687 CVSS:9.8 FastNetMon Community Edition through 1.2.9 contains an OS command injection vulnerability in the Juniper router integration plugin. The… - CVE-2026-48686 FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflo
CVE-2026-48686Critical 9.8
CVE-2026-48686 CVSS:9.8 FastNetMon Community Edition through 1.2.9 contains a stack-based buffer overflow in the BGP NLRI (Network Layer Reachability… - CVE-2026-45247 Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a
CVE-2026-45247Critical 9.8
CVE-2026-45247 CVSS:9.8 Mirasvit Full Page Cache Warmer for Magento 2 before version 1.11.12 contains a PHP object injection vulnerability that allows… - CVE-2026-9543 A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected
CVE-2026-9543Critical 9.8
CVE-2026-9543 CVSS:9.8 A vulnerability has been found in Totolink N300RH 6.1c.1353_B20190305. Affected is the function setPasswordCfg of the file… - CVE-2026-8450 HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_f
CVE-2026-8450Critical 9.1
CVE-2026-8450 CVSS:9.1 HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file(). send_file() opens its string argument with Perl's…
High (51 条)
- CVE-2025-41669 The Web-based Management allows a remote low privileged Engineer user to install
CVE-2025-41669High 8.8
CVE-2025-41669 CVSS:8.8 The Web-based Management allows a remote low privileged Engineer user to install additional APPs on the device downloaded from the… - CVE-2026-8787 The Firebase Support & Chat Management plugin for WordPress is vulnerable to pri
CVE-2026-8787High 8.8
CVE-2026-8787 CVSS:8.8 The Firebase Support & Chat Management plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including,… - CVE-2026-9632 A flaw has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by
CVE-2026-9632High 8.8
CVE-2026-9632 CVSS:8.8 A flaw has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this issue is the function strcpy of the file… - CVE-2026-9631 A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affe
CVE-2026-9631High 8.8
CVE-2026-9631 CVSS:8.8 A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this vulnerability is the function strcpy of the… - CVE-2026-9628 A weakness has been identified in UTT HiPER 1200GW up to 2.5.3-170306. Affected
CVE-2026-9628High 8.8
CVE-2026-9628 CVSS:8.8 A weakness has been identified in UTT HiPER 1200GW up to 2.5.3-170306. Affected is an unknown function of the file… - CVE-2026-9627 A security flaw has been discovered in UTT HiPER 1200GW up to 2.5.3-170306. This
CVE-2026-9627High 8.8
CVE-2026-9627 CVSS:8.8 A security flaw has been discovered in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file… - CVE-2026-9207 Tanium addressed an unauthorized code execution vulnerability in Connect.
CVE-2026-9207High 8.8
CVE-2026-9207 CVSS:8.8 Tanium addressed an unauthorized code execution vulnerability in Connect. 产品: tanium connect, tanium connect - CVE-2026-46368 luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on f
CVE-2026-46368High 8.8
CVE-2026-46368 CVSS:8.8 luci-app-https-dns-proxy through 2025.12.29-5 — an optional LuCI web UI add-on for the https-dns-proxy package, distributed through the… - CVE-2026-40033 FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdi_Cache
CVE-2026-40033High 8.8
CVE-2026-40033 CVSS:8.8 FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdi_CacheToSurface that allows remote attackers to write… - CVE-2026-4480 A flaw was found in the Samba printing subsystem. Samba passes the client-contro
CVE-2026-4480High 8.5
CVE-2026-4480 CVSS:8.5 A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured… - CVE-2026-8994 The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass
CVE-2026-8994High 8.1
CVE-2026-8994 CVSS:8.1 The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.3.3. The… - CVE-2026-48692 FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 500
CVE-2026-48692High 8.1
CVE-2026-48692 CVSS:8.1 FastNetMon Community Edition through 1.2.9 exposes a gRPC API server on port 50052 with no authentication mechanism. The server is… - CVE-2026-43935 e107 is a content management system (CMS). Prior to 2.3.4, a Host Header Injecti
CVE-2026-43935High 8.1
CVE-2026-43935 CVSS:8.1 e107 is a content management system (CMS). Prior to 2.3.4, a Host Header Injection vulnerability in the password reset page allows… - CVE-2026-48132 The Security Gateway does not correctly validate a length value in certain IKE p
CVE-2026-48132High 8.1
CVE-2026-48132 CVSS:8.1 The Security Gateway does not correctly validate a length value in certain IKE packets when NAT-T is used (4500/UDP). As a result, a… - CVE-2026-48131 The VPN service may mishandle an unexpected IKE fragment value received on the I
CVE-2026-48131High 8.1
CVE-2026-48131 CVSS:8.1 The VPN service may mishandle an unexpected IKE fragment value received on the IKE port 500/UDP during the early stage of a connection… - CVE-2025-41670 A local user with low privileges may be able to influence the behavior of a priv
CVE-2025-41670High 7.8
CVE-2025-41670 CVSS:7.8 A local user with low privileges may be able to influence the behavior of a privileged system service by manipulating configuration or… - CVE-2026-24162 NVIDIA Transformers4Rec for Linux contains a vulnerability where an attacker cou
CVE-2026-24162High 7.8
CVE-2026-24162 CVSS:7.8 NVIDIA Transformers4Rec for Linux contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A… - CVE-2026-25112 A high-severity vulnerability in the deployment of Genetec RabbitMQ that allows
CVE-2026-25112High 7.8
CVE-2026-25112 CVSS:7.8 A high-severity vulnerability in the deployment of Genetec RabbitMQ that allows a privilege escalation attack. 产品: - CVE-2026-40034 gix-submodule before 0.82.0 incorrectly validates the update field in .gitmodule
CVE-2026-40034High 7.8
CVE-2026-40034 CVSS:7.8 gix-submodule before 0.82.0 incorrectly validates the update field in .gitmodules, allowing attackers to bypass the… - CVE-2026-25713 MediaArea MediaInfoLib ID3v2 parsing heap buffer overflow vulnerability
CVE-2026-25713High 7.8
CVE-2026-25713 CVSS:7.8 MediaArea MediaInfoLib ID3v2 parsing heap buffer overflow vulnerability 产品: - CVE-2026-2253 Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 an
CVE-2026-2253High 7.7
CVE-2026-2253 CVSS:7.7 Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent… - CVE-2026-45082 Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forger
CVE-2026-45082High 7.6
CVE-2026-45082 CVSS:7.6 Karakeep is a elf-hostable bookmark-everything app. A Server-Side Request Forgery (SSRF) protection bypass vulnerability was identified… - CVE-2026-40819 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection
CVE-2026-40819High 7.5
CVE-2026-40819 CVSS:7.5 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the sync_data24 task due to improper… - CVE-2026-40818 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection
CVE-2026-40818High 7.5
CVE-2026-40818 CVSS:7.5 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _mb24confi_getDevice function due… - CVE-2026-40817 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection
CVE-2026-40817High 7.5
CVE-2026-40817 CVSS:7.5 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAlarmProfiles function due to… - CVE-2026-40816 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection
CVE-2026-40816High 7.5
CVE-2026-40816 CVSS:7.5 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24alarm.php files… - CVE-2026-40815 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection
CVE-2026-40815High 7.5
CVE-2026-40815 CVSS:7.5 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _mb24api_getUserAccount function… - CVE-2026-40814 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection
CVE-2026-40814High 7.5
CVE-2026-40814 CVSS:7.5 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dataapi.php files… - CVE-2026-40813 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection
CVE-2026-40813High 7.5
CVE-2026-40813 CVSS:7.5 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getLiveValues functions tagid… - CVE-2026-40812 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection
CVE-2026-40812High 7.5
CVE-2026-40812 CVSS:7.5 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getLiveValues functions sn… - CVE-2026-40811 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection
CVE-2026-40811High 7.5
CVE-2026-40811 CVSS:7.5 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the ssoabstractservice due to improper… - CVE-2026-40810 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection
CVE-2026-40810High 7.5
CVE-2026-40810 CVSS:7.5 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the userinfo endpoint due to improper… - CVE-2026-9200 The Query Shortcode plugin for WordPress is vulnerable to Local File Inclusion i
CVE-2026-9200High 7.5
CVE-2026-9200 CVSS:7.5 The Query Shortcode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.2.1 via the… - CVE-2026-24212 NVIDIA Isaac Launchable for Linux contains a vulnerability where sensitive infor
CVE-2026-24212High 7.5
CVE-2026-24212 CVSS:7.5 NVIDIA Isaac Launchable for Linux contains a vulnerability where sensitive information is transmitted in clear text. A successful… - CVE-2026-48688 FastNetMon Community Edition through 1.2.9 contains multiple out-of-bounds reads
CVE-2026-48688High 7.5
CVE-2026-48688 CVSS:7.5 FastNetMon Community Edition through 1.2.9 contains multiple out-of-bounds reads in the BGP MP_REACH_NLRI IPv6 attribute decoder. The… - CVE-2026-48133 When the Identity Awareness blade is enabled with Browser-Based Authentication,
CVE-2026-48133High 7.5
CVE-2026-48133 CVSS:7.5 When the Identity Awareness blade is enabled with Browser-Based Authentication, an unauthenticated user may be able to read certain… - CVE-2025-11482 An Allocation of Resources Without Limits or Throttling vulnerability in the OPC
CVE-2025-11482High 7.5
CVE-2025-11482 CVSS:7.5 An Allocation of Resources Without Limits or Throttling vulnerability in the OPC-UA Server used in PPT30 Operating System versions… - CVE-2026-39661 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
CVE-2026-39661High 7.5
CVE-2026-39661 CVSS:7.5 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Magentech SW… - CVE-2026-49014 In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver all
CVE-2026-49014High 7.4
CVE-2026-49014 CVSS:7.4 In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow.… - CVE-2026-48962 IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::
CVE-2026-48962High 7.3
CVE-2026-48962 CVSS:7.3 IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob.… - CVE-2026-9606 A vulnerability has been found in itsourcecode Courier Management System 1.0. Im
CVE-2026-9606High 7.3
CVE-2026-9606 CVSS:7.3 A vulnerability has been found in itsourcecode Courier Management System 1.0. Impacted is an unknown function of the file… - CVE-2026-9605 A flaw has been found in GNU libredwg up to 0.13.4.8160. This issue affects the
CVE-2026-9605High 7.3
CVE-2026-9605 CVSS:7.3 A flaw has been found in GNU libredwg up to 0.13.4.8160. This issue affects the function bit_read_RC of the file bits.c of the component… - CVE-2026-9552 A security flaw has been discovered in Das Parking Management System 停车场管理系统 6.2
CVE-2026-9552High 7.3
CVE-2026-9552 CVSS:7.3 A security flaw has been discovered in Das Parking Management System 停车场管理系统 6.2.0. This vulnerability affects unknown code of the… - CVE-2026-9551 A vulnerability was identified in Das Parking Management System 停车场管理系统 6.2.0. T
CVE-2026-9551High 7.3
CVE-2026-9551 CVSS:7.3 A vulnerability was identified in Das Parking Management System 停车场管理系统 6.2.0. This affects the function xp_cmdshell of the file… - CVE-2026-9550 A vulnerability was determined in Acrel Electrical EEMS Enterprise Power Operati
CVE-2026-9550High 7.3
CVE-2026-9550 CVSS:7.3 A vulnerability was determined in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. Affected by… - CVE-2026-9544 A vulnerability was found in Shenzhen Sixun Software Sixun Shanghui Group Busine
CVE-2026-9544High 7.3
CVE-2026-9544 CVSS:7.3 A vulnerability was found in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 10. Affected by this vulnerability… - CVE-2026-3375 The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scri
CVE-2026-3375High 7.2
CVE-2026-3375 CVSS:7.2 The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the /wp-json/litespeed/v1/notify_ccss and… - CVE-2026-42785 OpenKM 6.3.12 contains a remote code execution vulnerability that allows authent
CVE-2026-42785High 7.2
CVE-2026-42785 CVSS:7.2 OpenKM 6.3.12 contains a remote code execution vulnerability that allows authenticated administrators to execute arbitrary… - CVE-2026-42425 OpenKM 6.3.12 contains an unrestricted SQL execution vulnerability that allows a
CVE-2026-42425High 7.2
CVE-2026-42425 CVSS:7.2 OpenKM 6.3.12 contains an unrestricted SQL execution vulnerability that allows authenticated administrative users to execute arbitrary… - CVE-2026-6268 The EventPress WordPress theme before 22.2 does not sanitize or escape the 'id'
CVE-2026-6268High 7.1
CVE-2026-6268 CVSS:7.1 The EventPress WordPress theme before 22.2 does not sanitize or escape the 'id' parameter in the… - CVE-2026-49000 An insecure password scheme refers to vulnerabilities arising from improper sele
CVE-2026-49000High 7.0
CVE-2026-49000 CVSS:7.0 An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key…
⚔️ Sploitus(60 条)
Unknown (60 条)
- Notepad-8.9.6-PoC exploit
Notepad-8.9.6-PoC exploit - Exploit for CVE-2026-8832 exploit
CVE-2026-8832
Exploit for CVE-2026-8832 exploit
…另有 58 条 Unknown 级漏洞(已省略)
🤖 漏洞情报自动汇总 · 2026-05-29 · 数据来源: NVD / GitHub Advisory / Sploitus / CISA-KEV