📊 2026-05-30 漏洞情报日报 · 200 条 · 高危 83
每日漏洞情报汇总 · 2026-05-30
📊 2026-05-30 漏洞情报日报
📋 共 200 条
🔥 高危/严重 83 条
🚨 CISA-KEV 1 条
💣 Exploit-DB-RSS 15 条
🐙 GitHub-Advisory 76 条 🔥36
🛡️ NVD-Latest 47 条 🔥47
⚔️ Sploitus 61 条
🤖 今日安全态势分析
🎯 今日重点关注
- CVE-2026-47392 (PraisonAI, 沙箱逃逸):通过
print.__self__获取 Python 内置模块builtins并提取__import__,可完全绕过子进程沙箱执行任意命令。无需认证即可利用。 - CVE-2026-47396 (PraisonAI, 未授权API):当
CALL_SERVER_TOKEN未配置时,其 Call Server 暴露的 Agent 控制 API 无认证机制,攻击者可远程枚举并调用所有 Agent 实例,直接操纵业务逻辑。 - CVE-2026-8760 (WordPress Login with OTP插件, 认证绕过):对 CVE-2024-11178 的修复不完整,存在速率限制绕过漏洞,攻击者可进行无限制的暴力破解,实现任意用户登录。CVSS 9.8。
- CVE-2026-8450 (Perl HTTP::Daemon, 命令注入):
send_file()函数使用 Perl 双参数open(),允许通过管道符前缀(如| cmd)注入操作系统命令。CVSS 9.1。 - CVE-2026-4408 (Samba, 命令注入):
check password script功能对%u参数过滤不足,远程攻击者可利用该配置执行任意命令,危及整个域控制器。CVSS 9.0。
📈 威胁趋势
- 远程代码执行 (RCE) / 命令注入 (8起):PraisonAI 沙箱逃逸、Perl HTTP::Daemon 命令注入、Samba 检查密码脚本命令注入、Comet Backup 签名模块注入、以及多个 WordPress 插件(Crawlomatic、GutenBee)的任意文件上传/RCE 漏洞,构成今日最高危类型。
- 认证绕过/权限提升 (5起):PraisonAI 系列漏洞(未授权API、未授权部署、A2A示例)与 WordPress Login with OTP 插件认证绕过、Frontend Admin 插件权限提升及授权绕过漏洞形成第二个明显趋势。
- 配置错误与缺失验证 (2起):Stigmem-node 存在因关闭认证导致的匿名访问,以及因未启用 mTLS 导致的联邦传输不安全问题。
- 信息泄露与IDOR (1起):PraisonAI Platform 存在跨工作空间的 IDOR 漏洞,导致成员权限越界访问其他工作空间资源。
🛡️ 缓解建议
- 立即更新与修复:优先将 PraisonAI 升级至修补 CVE-2026-47392、47391、47393、47396 及 47407 的最新版本;将 Perl HTTP::Daemon 升级至 6.17 以上;更新 WordPress OTP 插件、Crawlomatic、GutenBee 及 Frontend Admin 插件至最新版本。
- 强化身份验证与网络隔离:针对所有未强制配置的身份认证机制(如 PraisonAI 的
CALL_SERVER_TOKEN和 Stigmem-node 的认证),必须设置为强令牌;生产环境严禁将服务绑定到0.0.0.0,应使用反向代理并实施网络访问控制。 - 审计关键配置项:检查 Samba 服务器是否使用
check password script并确保%u等参数经过严格过滤;检查 Comet Backup 服务器的签名模块配置;为所有 Stigmem-node 的联邦通信强制启用 mTLS。 - 启用输入验证与最小权限原则:对所有用户可控的输入参数(尤其是文件路径、管道符、用户名)实施白名单过滤;定期审查审计日志中异常的 API 调用或权限变更操作。
🚨 CISA-KEV(1 条)
Unknown (1 条)
- CVE-2026-0257 - Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
CVE-2026-0257
CVE-2026-0257 Palo Alto Networks PAN-OS Authentication Bypass Vulnerability 产品: Palo Alto Networks PAN-OS 描述: Palo Alto Networks PAN-OS contains an…
💣 Exploit-DB-RSS(15 条)
Unknown (15 条)
- [dos] strongSwan 5.9.13 - DoS
CVE-2026-35333
# Exploit Title: strongSwan 5.9.13 - DoS # Date: 2026-05-13 # Exploit Author: Lukas Johannes Moeller # Vendor Homepage: https://www.strongswan.org/ # Software… - [remote] strongSwan 5.9.13 - libsimaka EAP-SIM/AKA heap buffer overflow
CVE-2026-35330
* Exploit Title: strongSwan 5.9.13 - heap buffer overflow * Date: 2026-05-13 * Exploit Author: Lukas Johannes Moeller * Vendor Homepage:…
…另有 13 条 Unknown 级漏洞(已省略)
🐙 GitHub-Advisory(76 条)
Critical (10 条)
- CVE-2026-47392 - PraisonAI vulnerable to sandbox escape via `print.__self__` builtins module leak
CVE-2026-47392Critical 3.1
## Summary `execute_code()` in `praisonaiagents/tools/python_tools.py` (v1.6.37, subprocess sandbox mode) can be fully bypassed using `print.__self__` to… - GHSA-fp6w-8wpg-74g5 - stigmem-node: Auth-disabled deployments may grant broad anonymous access outside Critical
Impact Stigmem nodes configured with authentication disabled could grant the anonymous identity broad read/write/federation capabilities if exposed outside a… - GHSA-jmfc-hfjq-pxcp - stigmem-node's federation insecure transport settings may allow non-loopback cle Critical
Impact Stigmem nodes with federation enabled could be configured to run without mTLS outside loopback-only local development. In affected deployments,… - GHSA-9vp8-3hmv-8fgh - stigmem-node's federation peer registration lacked explicit out-of-band approval Critical
Impact Federation peer registration accepted peer key material during registration without a separate administrator approval step based on an out-of-band… - CVE-2026-47396 - PraisonAI call server exposes unauthenticated agent listing, invocation, and del
CVE-2026-47396Critical
Summary PraisonAI's call server exposes a network-facing agent control API without authentication when `CALL_SERVER_TOKEN` is not configured. The affected… - CVE-2026-47393 - PraisonAI `deploy --type api` emits a Flask server with authentication disabled
CVE-2026-47393Critical
Summary CVE-2026-44338 (GHSA-6rmh-7xcm-cpxj) documents that PraisonAI ships a code-generator (`praisonai.deploy.api.generate_api_server_code`) that emits a… - CVE-2026-47391 - PraisonAI's unauthenticated A2A official example can reach real LLM-driven `eval
CVE-2026-47391Critical
## Summary The first-party PraisonAI A2A server example combines three behaviors into a remotely exploitable Critical chain: 1. The example exposes an A2A… - CVE-2026-47407 - PraisonAI Platform has a cross-workspace IDOR + member-role privilege escalation
CVE-2026-47407Critical
## Summary The Platform server exposes resources under `/api/v1/workspaces/{workspace_id}/...` and protects them with a… - CVE-2026-47410 - praisonai-platform: JWT signing key defaults to hardcoded "dev-secret-change-me"
CVE-2026-47410Critical
## Summary **Type:** Insecure default cryptographic key. The JWT signing secret defaults to the hardcoded literal `"dev-secret-change-me"` when… - CVE-2026-47416 - praisonai-platform: Any workspace member can promote themselves or others to own
CVE-2026-47416Critical
## Summary **Type:** Vertical privilege escalation. The `PATCH /workspaces/{workspace_id}/members/{user_id}` endpoint is gated by…
High (26 条)
- CVE-2026-47260 - Koel Vulnerable to SSRF via Podcast Episode Enclosure URLs
CVE-2026-47260High
## Summary Koel validates the podcast feed URL via the `SafeUrl` rule (DNS resolution + public IP check), but the individual episode `<enclosure url="...">`… - CVE-2026-47695 - CC-Tweaked has an SSRF Protection Bypass with NAT64
CVE-2026-47695High
Summary CC-Tweaked's HTTP API (`http.request`, `http.websocket`) blocks requests to private network ranges to prevent server-side request forgery (SSRF). This… - CVE-2026-47201 - authentik's XML Signature Wrapping in SAML Source ACS allows authentication as a
CVE-2026-47201High
Summary authentik's SAML Source ACS endpoint is vulnerable to XML Signature Wrapping when validating upstream SAML responses. An attacker with any account at… - CVE-2026-47211 - ouroboros-ai Vulnerable to Remote Code Execution via Untrusted Project-Directory
CVE-2026-47211High
Impact A Remote Code Execution (RCE) vulnerability was discovered in Ouroboros. If a user clones a malicious repository and runs Ouroboros commands within that… - CVE-2026-47231 - Admidio has IDOR in `documents-files.php` `mode=move_save` that lets any folder
CVE-2026-47231High
## Summary `modules/documents-files.php` gates state-changing modes by checking that the actor has `hasUploadRight()` on the URL parameter `folder_uuid`. The… - GHSA-xh5j-xjfq-qvvx - stigmem-node's federation peer token timestamp validation may reject valid peer High
Impact A mismatch in federation peer-token timestamp handling could cause valid peer tokens to be treated as expired. Impacted deployments are Stigmem nodes… - GHSA-9pc9-4crj-mhpj - stigmem-node's Postgres schema identifier handling required defensive quoting High
Impact Postgres backend schema identifiers were interpolated into SQL strings. In the reviewed code path the schema value is operator-controlled, but the… - GHSA-w7pm-9g55-mxfm - stigmem-node's unsigned plugin override could be enabled without a second explic High
Impact A single configuration flag could disable plugin signature enforcement. If an operator unintentionally carried that setting into an environment where… - CVE-2026-47266 - formie's unauthenticated front-end submission editing can overwrite existing sub
CVE-2026-47266High
Impact Unauthenticated users could modify existing submissions by posting a known or guessed submission ID to `formie/submissions/save-submission`. Patches… - CVE-2026-47398 - PraisonAI: Arbitrary code execution via unguarded `spec.loader.exec_module` in `
CVE-2026-47398High
<html><head></head><body><h2>Arbitrary code execution via ungated <code>spec.loader.exec_module</code> in <code>agents_generator.py</code> (v4.6.32 chokepoint… - CVE-2026-47394 - PraisonAI vulnerable to unauthenticated arbitrary file read via MCP workflow.sho
CVE-2026-47394High
## Summary The fix for GHSA-9mqq-jqxf-grvw / CVE-2026-44336 is incomplete. The original advisory description named four vulnerable handlers in… - CVE-2026-47397 - PraisonAI has an Arbitrary File Write in Python API
CVE-2026-47397High
# Bug Report: Arbitrary File Write in Python API ## Summary Hidden metadata in a webpage causes PraisonAI agents to write attacker-controlled content to… - CVE-2026-48169 - PraisonAI has Cross-Workspace IDOR and Privilege Escalation via Platform API
CVE-2026-48169High
Summary The PraisonAI Platform API has two authorization failures that together break workspace isolation. The service layer for issues and projects performs… - CVE-2026-47399 - PraisonAI Platform workspace-scoped routes allow cross-workspace object access b
CVE-2026-47399High
Summary PraisonAI Platform's workspace-scoped REST routes contain a systemic object-level authorization flaw that allows an authenticated user from one… - CVE-2026-47405 - PraisonAI Platform: Missing role checks let any workspace member become owner an
CVE-2026-47405High
Summary PraisonAI Platform has a broken workspace authorization check that allows any authenticated low-privilege workspace member to escalate their own role… - CVE-2026-47406 - praisonai-platform: IDOR in dependency endpoints allows cross-workspace issue li
CVE-2026-47406High
## Summary **Type:** Insecure Direct Object Reference. The dependency endpoints (`POST/GET /workspaces/{workspace_id}/issues/{issue_id}/dependencies` and… - CVE-2026-47414 - praisonai-platform: Label endpoints' unchecked label_id/issue_id enable cross-wo
CVE-2026-47414High
## Summary **Type:** Insecure Direct Object Reference. Five label endpoints — `PATCH /workspaces/{workspace_id}/labels/{label_id}`, `DELETE… - CVE-2026-47409 - praisonai-platform: Missing authorization on member removal enables full workspa
CVE-2026-47409High
## Summary **Type:** Authorization bypass enabling owner lockout. The `DELETE /workspaces/{workspace_id}/members/{user_id}` endpoint is gated only by… - CVE-2026-45808 - OpenBao's cross-namespace lease revocation via legacy sys/revoke path bypasses A
CVE-2026-45808High
# Impact OpenBao's namespaces provide multi-tenant separation. A tenant who intentionally leaks lease identifiers can have their lease and underlying… - CVE-2026-46345 - compliance-trestle - jinja has an Arbitrary File Write via Path Traversal
CVE-2026-46345High
**Relevant Products/Components:** * `trestle/core/commands/author/jinja.py` * `trestle author jinja` --- ## Detailed Description: The `-o/--output` argument in… - CVE-2026-44730 - OpenCTI: Privilege escalation via graphQL API is abusable by organization admins
CVE-2026-44730High
Summary An organization admin can escalate their privileges by adding a user from a different organization with higher privileges, to their own organization.… - CVE-2026-46439 - compliance-trestle Vulnerable to Remote Code Execution via Recursive Server-Side
CVE-2026-46439High
A High severity Server-Side Template Injection (SSTI) vulnerability exists in the `trestle author jinja` command. The command recursively evaluates rendered… - CVE-2026-5394 - Pimcore Platform - SQL Injection in DataObject composite index handling during c
CVE-2026-5394High
## Description An authenticated administrative user who can import or save DataObject class definitions can inject attacker-controlled composite index metadata… - CVE-2026-42305 - Dulwich has an arbitrary file write via NTFS-hostile tree entries on Windows
CVE-2026-42305High
## Impact Arbitrary file write leading to remote code execution when cloning or checking out a malicious Git repository on Windows. Dulwich's path-element… - CVE-2026-42563 - Dulwich Vulnerable to Command Injection via Merge Driver Path
CVE-2026-42563High
## Summary Dulwich's `ProcessMergeDriver` substitutes the file path (from the git tree, controllable by an attacker via a malicious branch) into the merge… - CVE-2026-47179 - Arcane Has an Authenticated Arbitrary Host File Read via Docker Compose Include
CVE-2026-47179High
## Summary `ProjectService.GetProjectFileContent` returns the contents of any Docker Compose include directive declared in a project's compose file before any…
Medium (34 条)
- CVE-2026-47121 - Sparkle: Binary delta apply intermediate-symlink traversal in malicious .delta
CVE-2026-47121Medium
## Summary Binary delta apply intermediate-symlink traversal in malicious .delta `Autoupdate/SUBinaryDeltaApply.m` enforces `relativePath.pathComponents… - CVE-2026-47122 - Sparkle's AppInstaller post-stage-1 XPC listener accepts unvalidated connections
CVE-2026-47122Medium
## Summary AppInstaller post-stage-1 XPC listener accepts unvalidated connections, allowing spoofed appcast item data injection. ## Details… - GHSA-qjvr-435c-5fjh - Nerdbank.MessagePack has a memory amplification DoS in collection deserializatio
CVE-2026-21452CVE-2024-48924Medium
Nerdbank.MessagePack deserializers for many collection-shaped types trusted the element count declared in MessagePack array and map headers when allocating… - GHSA-92vj-hp7m-gwcj - Nerdbank.MessagePack has Inefficient CPU Computation Medium
Impact Applications that call `OptionalConverters.WithExpandoObjectConverter` and deserialize untrusted data are open to a vulnerability by which an attacker… - CVE-2026-47180 - zeroconf has unbounded recursion in DNS compression-pointer decoder that allows
CVE-2026-47180Medium
Impact `DNSIncoming._decode_labels_at_offset` recurses once per DNS-name compression pointer (RFC 1035 §4.1.4). Pointer cycles and label counts were capped,… - CVE-2026-47183 - zeroconf: Unbounded exception-dedup state retains packet buffers via traceback f
CVE-2026-47183Medium
Impact `DNSIncoming._log_exception_debug` and the four `QuietLogger` exception-dedup methods stored an unbounded `_seen_logs` dict keyed by… - CVE-2026-47184 - zeroconf has unbounded DNS record cache that allows LAN-local memory exhaustion
CVE-2026-47184Medium
Impact `DNSCache._async_add` inserted every response record into `cache`, `_expirations`, `_expire_heap`, and `service_cache` with no cap on entry count. The… - CVE-2026-47212 - Symfony: Twilio SMS Notifier allows unauthenticated webhook injection due to mis
CVE-2026-47212Medium
Description The Twilio SMS notifier bridge ships a webhook request parser used to authenticate and decode the status callbacks Twilio POSTs to an application's…
…另有 26 条 Medium 级漏洞(已省略)
Low (6 条)
- CVE-2026-47203 - Authelia Missing Username Canonicalization in Basic Auth (LDAP)
CVE-2026-47203Low 4.0
Impact **CVSSv4 Baseline Score:** Moderate 6.3 **CVSSv4 Weighted Score:** Low 2.9 The full CVSSv4 Vector for this vulnerability is: >… - CVE-2026-45753 - Symfony's HtmlSanitizer UrlAttributeSanitizer Omits action/formaction/poster/cit
CVE-2026-45753Low
Description `symfony/html-sanitizer` lets applications sanitise untrusted HTML. `UrlAttributeSanitizer` is the visitor responsible for validating URL-valued… - CVE-2026-30963 - Capsule Namespace Hijacking via subresource
CVE-2026-30963Low
Summary To defend against namespace hijacking achieved through update/patch operations on namespaces, Capsule uses a webhook to validate update requests…
…另有 3 条 Low 级漏洞(已省略)
🛡️ NVD-Latest(47 条)
Critical (4 条)
- CVE-2026-8760 The Login with OTP plugin for WordPress is vulnerable to authentication bypass i
CVE-2026-8760Critical 9.8
CVE-2026-8760 CVSS:9.8 The Login with OTP plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.6. This is due to… - CVE-2026-8450 HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_f
CVE-2026-8450Critical 9.1
CVE-2026-8450 CVSS:9.1 HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file(). send_file() opens its string argument with Perl's… - CVE-2026-4408 A flaw was found in Samba. A remote attacker can exploit a misconfiguration in S
CVE-2026-4408Critical 9.0
CVE-2026-4408 CVSS:9.0 A flaw was found in Samba. A remote attacker can exploit a misconfiguration in Samba file servers and classic domain controllers that… - CVE-2026-32999 Insufficient character filtering in backup agent signing module on Comet Backup
CVE-2026-32999Critical 9.0
CVE-2026-32999 CVSS:9.0 Insufficient character filtering in backup agent signing module on Comet Backup server allows authenticated tenant administrator to…
High (43 条)
- CVE-2026-6226 The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthent
CVE-2026-6226High 8.8
CVE-2026-6226 CVSS:8.8 The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthenticated privilege escalation in versions up to and… - CVE-2026-9227 The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary
CVE-2026-9227High 8.8
CVE-2026-9227 CVSS:8.8 The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 2.20.1… - CVE-2026-9009 The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnera
CVE-2026-9009High 8.8
CVE-2026-9009 CVSS:8.8 The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and… - CVE-2026-7802 The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to authoriza
CVE-2026-7802High 8.8
CVE-2026-7802 CVSS:8.8 The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including,… - CVE-2026-8915 Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflo
CVE-2026-8915High 8.8
CVE-2026-8915 CVSS:8.8 Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot:… - CVE-2025-41669 The Web-based Management allows a remote low privileged Engineer user to install
CVE-2025-41669High 8.8
CVE-2025-41669 CVSS:8.8 The Web-based Management allows a remote low privileged Engineer user to install additional APPs on the device downloaded from the… - CVE-2026-8787 The Firebase Support & Chat Management plugin for WordPress is vulnerable to pri
CVE-2026-8787High 8.8
CVE-2026-8787 CVSS:8.8 The Firebase Support & Chat Management plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including,… - CVE-2026-9632 A flaw has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by
CVE-2026-9632High 8.8
CVE-2026-9632 CVSS:8.8 A flaw has been found in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this issue is the function strcpy of the file… - CVE-2026-9631 A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affe
CVE-2026-9631High 8.8
CVE-2026-9631 CVSS:8.8 A vulnerability was detected in UTT HiPER 1250GW up to 3.2.7-210907-180535. Affected by this vulnerability is the function strcpy of the… - CVE-2026-9628 A weakness has been identified in UTT HiPER 1200GW up to 2.5.3-170306. Affected
CVE-2026-9628High 8.8
CVE-2026-9628 CVSS:8.8 A weakness has been identified in UTT HiPER 1200GW up to 2.5.3-170306. Affected is an unknown function of the file… - CVE-2026-9627 A security flaw has been discovered in UTT HiPER 1200GW up to 2.5.3-170306. This
CVE-2026-9627High 8.8
CVE-2026-9627 CVSS:8.8 A security flaw has been discovered in UTT HiPER 1200GW up to 2.5.3-170306. This impacts the function strcpy of the file… - CVE-2026-9207 Tanium addressed an unauthorized code execution vulnerability in Connect.
CVE-2026-9207High 8.8
CVE-2026-9207 CVSS:8.8 Tanium addressed an unauthorized code execution vulnerability in Connect. 产品: tanium connect, tanium connect - CVE-2026-7862 The Eupago Gateway For Woocommerce WordPress plugin before 4.7.2 does not proper
CVE-2026-7862High 8.6
CVE-2026-7862 CVSS:8.6 The Eupago Gateway For Woocommerce WordPress plugin before 4.7.2 does not properly restrict access to its refund request handler,… - CVE-2026-6455 The WP Contact Form 7 DB Handler plugin for WordPress is vulnerable to Cross-Sit
CVE-2026-6455High 8.1
CVE-2026-6455 CVSS:8.1 The WP Contact Form 7 DB Handler plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Deletion via… - CVE-2026-8994 The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass
CVE-2026-8994High 8.1
CVE-2026-8994 CVSS:8.1 The Login with NEAR plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 0.3.3. The… - CVE-2025-41670 A local user with low privileges may be able to influence the behavior of a priv
CVE-2025-41670High 7.8
CVE-2025-41670 CVSS:7.8 A local user with low privileges may be able to influence the behavior of a privileged system service by manipulating configuration or… - CVE-2026-9804 A flaw was found in KubeVirt's virt-exportserver component. An attacker with spe
CVE-2026-9804High 7.7
CVE-2026-9804 CVSS:7.7 A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-level access can exploit a path… - CVE-2026-2253 Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 an
CVE-2026-2253High 7.7
CVE-2026-2253 CVSS:7.7 Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.7 and 11.0.0.0, including 9.3.x and 8.3.x, does not prevent… - CVE-2026-7797 The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin p
CVE-2026-7797High 7.5
CVE-2026-7797 CVSS:7.5 The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to time-based blind… - CVE-2026-32995 The Rocket.Chat DDP method autoTranslate.translateMessage in versions <8.5.0, <8
CVE-2026-32995High 7.5
CVE-2026-32995 CVSS:7.5 The Rocket.Chat DDP method autoTranslate.translateMessage in versions <8.5.0, <8.4.2, <8.3.4, <8.2.4, <8.1.5, <8.0.5, <7.13.8, and… - CVE-2026-40819 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection
CVE-2026-40819High 7.5
CVE-2026-40819 CVSS:7.5 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the sync_data24 task due to improper… - CVE-2026-40818 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection
CVE-2026-40818High 7.5
CVE-2026-40818 CVSS:7.5 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _mb24confi_getDevice function due… - CVE-2026-40817 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection
CVE-2026-40817High 7.5
CVE-2026-40817 CVSS:7.5 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getAlarmProfiles function due to… - CVE-2026-40816 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection
CVE-2026-40816High 7.5
CVE-2026-40816 CVSS:7.5 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the mb24alarm.php files… - CVE-2026-40815 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection
CVE-2026-40815High 7.5
CVE-2026-40815 CVSS:7.5 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the _mb24api_getUserAccount function… - CVE-2026-40814 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection
CVE-2026-40814High 7.5
CVE-2026-40814 CVSS:7.5 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the dataapi.php files… - CVE-2026-40813 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection
CVE-2026-40813High 7.5
CVE-2026-40813 CVSS:7.5 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getLiveValues functions tagid… - CVE-2026-40812 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection
CVE-2026-40812High 7.5
CVE-2026-40812 CVSS:7.5 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getLiveValues functions sn… - CVE-2026-40811 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection
CVE-2026-40811High 7.5
CVE-2026-40811 CVSS:7.5 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the ssoabstractservice due to improper… - CVE-2026-40810 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection
CVE-2026-40810High 7.5
CVE-2026-40810 CVSS:7.5 An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the userinfo endpoint due to improper… - CVE-2026-9200 The Query Shortcode plugin for WordPress is vulnerable to Local File Inclusion i
CVE-2026-9200High 7.5
CVE-2026-9200 CVSS:7.5 The Query Shortcode plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 0.2.1 via the… - CVE-2026-49014 In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver all
CVE-2026-49014High 7.4
CVE-2026-49014 CVSS:7.4 In GDAL 3.1.0 through 3.13.0, scanForGeometryContainers in the netCDF driver allows code execution via a stack-based buffer overflow.… - CVE-2026-9795 A flaw was found in Keycloak's Fine-Grained Admin Permissions (FGAPv2) feature.
CVE-2026-9795High 7.3
CVE-2026-9795 CVSS:7.3 A flaw was found in Keycloak's Fine-Grained Admin Permissions (FGAPv2) feature. An administrator with limited client management… - CVE-2026-48962 IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::
CVE-2026-48962High 7.3
CVE-2026-48962 CVSS:7.3 IO::Compress versions before 2.220 for Perl can execute arbitrary code in File::GlobMapper via an attacker-controlled output glob.… - CVE-2026-9606 A vulnerability has been found in itsourcecode Courier Management System 1.0. Im
CVE-2026-9606High 7.3
CVE-2026-9606 CVSS:7.3 A vulnerability has been found in itsourcecode Courier Management System 1.0. Impacted is an unknown function of the file… - CVE-2026-9605 A flaw has been found in GNU libredwg up to 0.13.4.8160. This issue affects the
CVE-2026-9605High 7.3
CVE-2026-9605 CVSS:7.3 A flaw has been found in GNU libredwg up to 0.13.4.8160. This issue affects the function bit_read_RC of the file bits.c of the component… - CVE-2026-7634 The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site S
CVE-2026-7634High 7.2
CVE-2026-7634 CVSS:7.2 The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'User-Agent' header in all versions up… - CVE-2026-7052 The HT Contact Form – Drag & Drop Form Builder for WordPress plugin for WordPres
CVE-2026-7052High 7.2
CVE-2026-7052 CVSS:7.2 The HT Contact Form – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the… - CVE-2026-2374 The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to Stored Cros
CVE-2026-2374High 7.2
CVE-2026-2374 CVSS:7.2 The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `$_SERVER['PHP_SELF']`… - CVE-2026-3375 The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scri
CVE-2026-3375High 7.2
CVE-2026-3375 CVSS:7.2 The LiteSpeed Cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the /wp-json/litespeed/v1/notify_ccss and… - CVE-2026-6268 The EventPress WordPress theme before 22.2 does not sanitize or escape the 'id'
CVE-2026-6268High 7.1
CVE-2026-6268 CVSS:7.1 The EventPress WordPress theme before 22.2 does not sanitize or escape the 'id' parameter in the… - CVE-2026-44604 A command injection vulnerability was discovered in the `rpmuncompress` utility
CVE-2026-44604High 7.0
CVE-2026-44604 CVSS:7.0 A command injection vulnerability was discovered in the `rpmuncompress` utility of RPM. When extracting certain archive formats (ZIP,… - CVE-2026-49000 An insecure password scheme refers to vulnerabilities arising from improper sele
CVE-2026-49000High 7.0
CVE-2026-49000 CVSS:7.0 An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key…
⚔️ Sploitus(61 条)
Unknown (61 条)
- NileBank-Vulnerable-App exploit
NileBank-Vulnerable-App exploit - xss-tester-payloads- exploit
xss-tester-payloads- exploit
…另有 59 条 Unknown 级漏洞(已省略)
🤖 漏洞情报自动汇总 · 2026-05-30 · 数据来源: NVD / GitHub Advisory / Sploitus / CISA-KEV