📊 2026-06-03 漏洞情报日报 · 200 条 · 高危 101
每日漏洞情报汇总 · 2026-06-03
📊 2026-06-03 漏洞情报日报
📋 共 200 条
🔥 高危/严重 101 条
🚨 CISA-KEV 3 条
💣 Exploit-DB-RSS 2 条
🐙 GitHub-Advisory 13 条 🔥10
🛡️ NVD-Latest 91 条 🔥91
⚔️ Sploitus 91 条
🤖 今日安全态势分析
🎯 今日重点关注
- CVE-2026-47429 (Vitest UI Server 任意文件读取执行): 影响 Vitest UI 服务器,攻击者可利用暴露在网络中的服务,在 Windows 系统上读取并执行任意文件,危害极高。
- CVE-2026-47428 (Vitest Browser Mode XSS): Vitest 浏览器模式未对
otelCarrier查询参数进行过滤,直接插入内联脚本,攻击者可构造恶意链接实现跨站脚本攻击。 - CVE-2026-47413 (praisonai-platform 权限提升): 平台存在接口授权缺陷,任意工作区成员可通过 POST 请求将任意用户添加为所有者,导致权限被恶意提升。
- CVE-2026-7858 (Teamwork Cloud 反序列化漏洞): 影响多个版本的 No Magic Teamwork Cloud,未经身份验证的远程代码执行攻击,CVSS 9.8,极其危险。
📈 威胁趋势
- 远程代码执行 (RCE) / 代码注入: 领域极为活跃,包括 Vitest UI 的任意文件执行、Teamwork Cloud 的反序列化、Apache Airflow 文档中危险的模板注入示例,以及 Delta Sql 的任意文件上传均属此类。
- 权限提升 / 访问控制绕过: praisonai-platform 出现多处严重缺陷,包括通过 IDOR 越权操作项目、评论以及工作区成员提权,显示协作类SaaS平台正面临严峻的横向移动风险。
- 信息泄露 / 凭证泄露: Apache Airflow 的 KubernetesExecutor 将 JWT 令牌暴露在 Pod 规约的命令行参数中,以及 Nezha 监控系统的结果伪造,均可能导致敏感信息泄露。
- XSS 与输入验证: DOMPurify 库的
selectedcontent绕过以及 Apache ActiveMQ 中的代码注入,表明经典的 Web 安全漏洞仍在持续演化。
🛡️ 缓解建议
- 隔离与认证: 立即检查 Vitest UI 服务器是否暴露在公网,并启用网络隔离或强认证。对
@agenticmail/mcp暴露的 HTTP 接口添加身份验证层。 - 紧急升级与打补丁: 针对 CVE-2026-47413、CVE-2026-47417 等 praisonai-platform 缺陷,联系厂商获取修复版本。将 Apache ActiveMQ 升级至 5.19.7 或 6.2.6 以上。
- 限制与审查配置: 审计并收紧 Apache Airflow 的 KubernetesExecutor 配置,避免令牌以命令行形式暴露。检查 Teamwork Cloud 的反序列化输入过滤机制。
- 强化输入验证: 针对 DOMPurify 库,考虑禁止默认启用
selectedcontent。对于所有暴露的 API 端点,严格执行参数校验并实施最小权限原则。
🚨 CISA-KEV(3 条)
Unknown (3 条)
- CVE-2025-48595 - Android Framework Integer Overflow Vulnerability
CVE-2025-48595
CVE-2025-48595 Android Framework Integer Overflow Vulnerability 产品: Android Framework 描述: Android Framework contains an integer overflow vulnerability that… - CVE-2022-0492 - Linux Kernel Improper Authentication Vulnerability
CVE-2022-0492
CVE-2022-0492 Linux Kernel Improper Authentication Vulnerability 产品: Linux Kernel 描述: Linux Kernel contains an improper authentication vulnerability which…
…另有 1 条 Unknown 级漏洞(已省略)
💣 Exploit-DB-RSS(2 条)
Unknown (2 条)
- [webapps] WordPress OrderConvo 14 - Path Traversal
CVE-2025-10162
# Exploit Title: WordPress OrderConvo 14 - Path Traversal # Date: 05-31-2026 # Exploit Author: Diamorphine # Vendor Homepage: https://www.najeebmedia.com/ #… - [webapps] Drupal Core 10.5.5 - Error-Based SQL Injection
CVE-2026-9082
# Exploit Title: Drupal Core 10.5.5 - Error-Based SQL Injection # Google Dork: N/A # Date: 2026-05-31 # Exploit Author: cardosource # Vendor Homepage:…
🐙 GitHub-Advisory(13 条)
Critical (3 条)
- CVE-2026-47429 - When Vitest UI server is listening, arbitrary file can be read and executed
CVE-2026-47429Critical
Summary Arbitrary file can be read on Windows when Vitest UI server is listening, especially when exposed to the network. Impact Only users that match either… - CVE-2026-47428 - Vitest browser mode serves unsanitized otelCarrier query parameter as inline scr
CVE-2026-47428Critical
## Summary Vitest browser mode served `/__vitest_test__/` with the `otelCarrier` query parameter inserted directly into an inline module script. Because this… - CVE-2026-47413 - praisonai-platform: Any workspace member can add arbitrary user as owner via POS
CVE-2026-47413Critical
## Summary **Type:** Privilege escalation / cross-tenant member injection. The `POST /workspaces/{workspace_id}/members` endpoint is gated only by…
High (7 条)
- GHSA-63gr-g7jc-v8rg - @agenticmail/mcp Missing Authentication for Critical Function High
# AgenticMail MCP HTTP authorization bypass ## Summary `@agenticmail/mcp` exposes a Streamable HTTP transport when started with `--http` or `MCP_HTTP=1`. In… - CVE-2026-48119 - Nezha's authenticated agents can forge service-monitor results for other users'
CVE-2026-48119High
#### Summary Nezha accepts service-monitor `TaskResult` messages from an authenticated agent based only on whether the reported service ID exists. The… - CVE-2026-47423 - DOMPurify XSS via selectedcontent re-clone
CVE-2026-47423High
Summary DOMPurify 3.4.4 allows `selectedcontent` by default, allowing a chain in which browsers "re-clone" an XSS payload after sanitization, effectively… - CVE-2026-47418 - praisonai-platform: Project endpoints accept any project_id without workspace ow
CVE-2026-47418High
## Summary **Type:** Insecure Direct Object Reference. The project CRUD endpoints (`GET / PATCH / DELETE /workspaces/{workspace_id}/projects/{project_id}` and… - CVE-2026-47417 - praisonai-platform: Comment endpoints accept any issue_id without workspace owne
CVE-2026-47417High
## Summary **Type:** Insecure Direct Object Reference. The comment endpoints (`POST /workspaces/{workspace_id}/issues/{issue_id}/comments` and `GET… - CVE-2026-47415 - praisonai-platform: Issue endpoints accept any issue_id without workspace owners
CVE-2026-47415High
## Summary **Type:** Insecure Direct Object Reference. The issue CRUD endpoints (`GET / PATCH / DELETE /workspaces/{workspace_id}/issues/{issue_id}`) gate… - CVE-2026-47412 - praisonai-platform: Any workspace member can delete the entire workspace via DEL
CVE-2026-47412High
## Summary **Type:** Authorization bypass enabling destructive action. The `DELETE /workspaces/{workspace_id}` endpoint is gated only by…
Medium (2 条)
- CVE-2026-47425 - rattler has an entry-point path traversal in noarch:python install (arbitrary fi
CVE-2026-47425Medium
## Summary `EntryPoint::FromStr` in `rattler_conda_types` performs only `.trim()` on the `command` field before the linker joins it onto the install prefix and… - CVE-2026-47411 - praisonai-platform: Any workspace member can rewrite workspace name, description
CVE-2026-47411Medium
## Summary **Type:** Authorization bypass enabling workspace metadata + settings tampering. The `PATCH /workspaces/{workspace_id}` endpoint is gated only by…
Low (1 条)
- CVE-2026-47191 - kas checks out SHA-like git branches as valid commits
CVE-2026-47191Low
Impact When relying solely on a git commit ID (SHA-1 or SHA-256) to qualify if a checkout of a repository is equivalent to the state validated while adding its…
🛡️ NVD-Latest(91 条)
Critical (5 条)
- CVE-2026-7858 A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from
CVE-2026-7858Critical 9.8
CVE-2026-7858 CVSS:9.8 A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x… - CVE-2026-10187 A vulnerability was detected in Totolink N300RH 6.1c.1353_B20190305. Affected by
CVE-2026-10187Critical 9.8
CVE-2026-10187 CVSS:9.8 A vulnerability was detected in Totolink N300RH 6.1c.1353_B20190305. Affected by this issue is the function setWiFiBasicConfig of the… - CVE-2018-25412 Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unau
CVE-2018-25412Critical 9.8
CVE-2018-25412 CVSS:9.8 Delta Sql 1.8.2 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by… - CVE-2026-42252 Apache Airflow's official documentation at `core-concepts/dag-run.html` ("Passin
CVE-2026-42252Critical 9.1
CVE-2026-42252 CVSS:9.1 Apache Airflow's official documentation at `core-concepts/dag-run.html` ("Passing Parameters when triggering Dags") showed a verbatim… - CVE-2026-48188 An improper Input Validation vulnerability in OTRS or ((OTRS)) Community Edition
CVE-2026-48188Critical 9.1
CVE-2026-48188 CVSS:9.1 An improper Input Validation vulnerability in OTRS or ((OTRS)) Community Edition database layer module allows an unauthenticated SQL…
High (86 条)
- CVE-2026-49298 A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker po
CVE-2026-49298High 8.8
CVE-2026-49298 CVSS:8.8 A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API to be… - CVE-2026-49157 Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affe
CVE-2026-49157High 8.8
CVE-2026-49157 CVSS:8.8 Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before… - CVE-2026-45505 Improper Input Validation, Improper Control of Generation of Code ('Code Injecti
CVE-2026-45505High 8.8
CVE-2026-45505 CVSS:8.8 Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache… - CVE-2026-42359 A bug in Apache Airflow's XCom PATCH endpoint `PATCH /api/v2/xcomEntries/{key}`
CVE-2026-42359High 8.8
CVE-2026-42359 CVSS:8.8 A bug in Apache Airflow's XCom PATCH endpoint `PATCH /api/v2/xcomEntries/{key}` allowed an authenticated UI/API user with XCom write… - CVE-2026-10206 A vulnerability was detected in D-Link DI-8400 up to 16.07.26A1. This affects an
CVE-2026-10206High 8.8
CVE-2026-10206 CVSS:8.8 A vulnerability was detected in D-Link DI-8400 up to 16.07.26A1. This affects an unknown function of the file /dbsrv.asp. Performing a… - CVE-2026-10192 A vulnerability was identified in Tenda W12 3.0.0.7(4763). The affected element
CVE-2026-10192High 8.8
CVE-2026-10192 CVSS:8.8 A vulnerability was identified in Tenda W12 3.0.0.7(4763). The affected element is the function set_local_time_0 of the file… - CVE-2026-10191 A vulnerability was determined in Tenda W12 3.0.0.7(4763). Impacted is the funct
CVE-2026-10191High 8.8
CVE-2026-10191 CVSS:8.8 A vulnerability was determined in Tenda W12 3.0.0.7(4763). Impacted is the function cgiWifiMacFilterSet of the file /bin/httpd. This… - CVE-2026-10189 A vulnerability has been found in Tenda W12 3.0.0.7(4763). This vulnerability af
CVE-2026-10189High 8.8
CVE-2026-10189 CVSS:8.8 A vulnerability has been found in Tenda W12 3.0.0.7(4763). This vulnerability affects the function cgiSysTimeInfoSet of the file… - CVE-2026-10188 A flaw has been found in Tenda W12 3.0.0.7(4763). This affects the function cgis
CVE-2026-10188High 8.8
CVE-2026-10188 CVSS:8.8 A flaw has been found in Tenda W12 3.0.0.7(4763). This affects the function cgistaKickOff of the file /bin/httpd. Executing a… - CVE-2026-10183 A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20. This affects the
CVE-2026-10183High 8.8
CVE-2026-10183 CVSS:8.8 A vulnerability was identified in TRENDnet TEW-432BRP 3.10B20. This affects the function formWlanSetup of the file… - CVE-2026-10181 A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. The affected element i
CVE-2026-10181High 8.8
CVE-2026-10181 CVSS:8.8 A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSysCmd of the file… - CVE-2026-10179 A flaw has been found in TRENDnet TEW-432BRP 3.10B20. This issue affects the fun
CVE-2026-10179High 8.8
CVE-2026-10179 CVSS:8.8 A flaw has been found in TRENDnet TEW-432BRP 3.10B20. This issue affects the function formSetWlanEncrypt of the file… - CVE-2026-10165 A vulnerability was identified in Edimax BR-6478AC 1.23. The impacted element is
CVE-2026-10165High 8.8
CVE-2026-10165 CVSS:8.8 A vulnerability was identified in Edimax BR-6478AC 1.23. The impacted element is the function formWanTcpipSetup of the file… - CVE-2026-10164 A vulnerability was found in Edimax BR-6478AC 1.23. Impacted is the function for
CVE-2026-10164High 8.8
CVE-2026-10164 CVSS:8.8 A vulnerability was found in Edimax BR-6478AC 1.23. Impacted is the function formUSBFolder of the file /goform/formUSBFolder of the… - CVE-2026-10163 A vulnerability has been found in Edimax BR-6478AC 1.23. This issue affects the
CVE-2026-10163High 8.8
CVE-2026-10163 CVSS:8.8 A vulnerability has been found in Edimax BR-6478AC 1.23. This issue affects the function formUSBAccount of the file… - CVE-2026-10162 A flaw has been found in TRENDnet TEW-432BRP 3.10B20. This vulnerability affects
CVE-2026-10162High 8.8
CVE-2026-10162 CVSS:8.8 A flaw has been found in TRENDnet TEW-432BRP 3.10B20. This vulnerability affects the function formSetPassword of the file… - CVE-2026-10161 A vulnerability was detected in TRENDnet TEW-432BRP 3.10B20. This affects the fu
CVE-2026-10161High 8.8
CVE-2026-10161 CVSS:8.8 A vulnerability was detected in TRENDnet TEW-432BRP 3.10B20. This affects the function formResetStatistic of the file… - CVE-2026-10160 A security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Affec
CVE-2026-10160High 8.8
CVE-2026-10160 CVSS:8.8 A security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Affected by this issue is the function formSetEnableWizard… - CVE-2026-10159 A weakness has been identified in TRENDnet TEW-432BRP 3.10B20. Affected by this
CVE-2026-10159High 8.8
CVE-2026-10159 CVSS:8.8 A weakness has been identified in TRENDnet TEW-432BRP 3.10B20. Affected by this vulnerability is the function formSysLog of the file… - CVE-2026-10158 A security flaw has been discovered in TRENDnet TEW-432BRP 3.10B20. Affected is
CVE-2026-10158High 8.8
CVE-2026-10158 CVSS:8.8 A security flaw has been discovered in TRENDnet TEW-432BRP 3.10B20. Affected is the function formPortFw of the file /goform/formPortFw.… - CVE-2026-10126 A security flaw has been discovered in Edimax BR-6478AC 1.23. Affected by this i
CVE-2026-10126High 8.8
CVE-2026-10126 CVSS:8.8 A security flaw has been discovered in Edimax BR-6478AC 1.23. Affected by this issue is the function formQoS of the file… - CVE-2026-10125 A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulner
CVE-2026-10125High 8.8
CVE-2026-10125 CVSS:8.8 A vulnerability was identified in Edimax BR-6478AC 1.23. Affected by this vulnerability is the function formPPPoESetup of the file… - CVE-2026-10124 A vulnerability was determined in Shibby Tomato up to 1.28. Affected is the func
CVE-2026-10124High 8.8
CVE-2026-10124 CVSS:8.8 A vulnerability was determined in Shibby Tomato up to 1.28. Affected is the function rip_zebra_read_ipv4 of the file /usr/sbin/ripd of… - CVE-2026-10123 A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. This impacts the funct
CVE-2026-10123High 8.8
CVE-2026-10123 CVSS:8.8 A vulnerability was found in TRENDnet TEW-432BRP 3.10B20. This impacts the function formSetDomainFilter of the file… - CVE-2026-10122 A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This affects the
CVE-2026-10122High 8.8
CVE-2026-10122 CVSS:8.8 A vulnerability has been found in TRENDnet TEW-432BRP 3.10B20. This affects the function formSetProtocolFilter of the file… - CVE-2026-10121 A flaw has been found in TRENDnet TEW-432BRP 3.10B20. The impacted element is th
CVE-2026-10121High 8.8
CVE-2026-10121 CVSS:8.8 A flaw has been found in TRENDnet TEW-432BRP 3.10B20. The impacted element is the function formSetUrlFilter of the file… - CVE-2018-25409 SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authen
CVE-2018-25409High 8.8
CVE-2018-25409 CVSS:8.8 SIM-PKH 2.4.1 contains an arbitrary file upload vulnerability that allows authenticated attackers to upload malicious files by… - CVE-2026-10120 A vulnerability was detected in TRENDnet TEW-432BRP 3.10B20. The affected elemen
CVE-2026-10120High 8.8
CVE-2026-10120 CVSS:8.8 A vulnerability was detected in TRENDnet TEW-432BRP 3.10B20. The affected element is the function formSetFirewallRule of the file… - CVE-2026-10119 A security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Impac
CVE-2026-10119High 8.8
CVE-2026-10119 CVSS:8.8 A security vulnerability has been detected in TRENDnet TEW-432BRP 3.10B20. Impacted is the function formSetMACFilter of the file… - CVE-2026-7465 The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for W
CVE-2026-7465High 8.8
CVE-2026-7465 CVSS:8.8 The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Remote Code Execution in all… - CVE-2026-9024 A Stored Cross-site Scripting (XSS) vulnerability affecting Process Experience S
CVE-2026-9024High 8.7
CVE-2026-9024 CVSS:8.7 A Stored Cross-site Scripting (XSS) vulnerability affecting Process Experience Studio in DELMIA Service Process Engineer from Release… - CVE-2026-49489 OpenCATS through 0.9.7.4 contains a sql injection vulnerability in the sortDirec
CVE-2026-49489High 8.5
CVE-2026-49489 CVSS:8.5 OpenCATS through 0.9.7.4 contains a sql injection vulnerability in the sortDirection parameter of the DataGrid component that allows… - CVE-2018-25425 Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticate
CVE-2018-25425High 8.2
CVE-2018-25425 CVSS:8.2 Yot CMS 3.3.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by… - CVE-2018-25424 Gate Pass Management System 2.1 contains an SQL injection vulnerability that all
CVE-2018-25424High 8.2
CVE-2018-25424 CVSS:8.2 Gate Pass Management System 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication… - CVE-2018-25422 MOGG web simulator Script contains an SQL injection vulnerability that allows un
CVE-2018-25422High 8.2
CVE-2018-25422 CVSS:8.2 MOGG web simulator Script contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL… - CVE-2018-25420 AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthen
CVE-2018-25420High 8.2
CVE-2018-25420 CVSS:8.2 AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by… - CVE-2018-25419 AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthen
CVE-2018-25419High 8.2
CVE-2018-25419 CVSS:8.2 AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by… - CVE-2018-25418 AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthen
CVE-2018-25418High 8.2
CVE-2018-25418 CVSS:8.2 AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by… - CVE-2018-25417 AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthen
CVE-2018-25417High 8.2
CVE-2018-25417 CVSS:8.2 AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by… - CVE-2018-25416 AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthen
CVE-2018-25416High 8.2
CVE-2018-25416 CVSS:8.2 AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by… - CVE-2018-25415 AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthen
CVE-2018-25415High 8.2
CVE-2018-25415 CVSS:8.2 AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by… - CVE-2018-25414 AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthen
CVE-2018-25414High 8.2
CVE-2018-25414 CVSS:8.2 AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by… - CVE-2018-25413 AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthen
CVE-2018-25413High 8.2
CVE-2018-25413 CVSS:8.2 AiOPMSD Final 1.0.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by… - CVE-2018-25411 MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that al
CVE-2018-25411High 8.2
CVE-2018-25411 CVSS:8.2 MGB OpenSource Guestbook 0.7.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL… - CVE-2018-25407 eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow
CVE-2018-25407High 8.2
CVE-2018-25407 CVSS:8.2 eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL… - CVE-2018-25406 eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow
CVE-2018-25406High 8.2
CVE-2018-25406 CVSS:8.2 eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL… - CVE-2018-25405 eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow
CVE-2018-25405High 8.2
CVE-2018-25405 CVSS:8.2 eNdonesia Portal 8.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL… - CVE-2026-44825 Hardcoded credentials in the Basic Authentication setup tool (bin/solr auth enab
CVE-2026-44825High 8.1
CVE-2026-44825 CVSS:8.1 Hardcoded credentials in the Basic Authentication setup tool (bin/solr auth enable) in Apache Solr versions 9.4.0 through 9.10.1 and… - CVE-2026-42588 Improper Input Validation, Improper Control of Generation of Code ('Code Injecti
CVE-2026-42588High 8.1
CVE-2026-42588 CVSS:8.1 Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache… - CVE-2026-8796 Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via
CVE-2026-8796High 8.1
CVE-2026-8796 CVSS:8.1 Sereal::Decoder versions before 5.005 for Perl allow heap out-of-bounds read via crafted input. In Perl/Decoder/srl_decoder.c,… - CVE-2026-49490 OpenCATS from version 0.9.1a contains an SQL injection vulnerability in DataGrid
CVE-2026-49490High 8.1
CVE-2026-49490 CVSS:8.1 OpenCATS from version 0.9.1a contains an SQL injection vulnerability in DataGrid filter handling that allows authenticated attackers to… - CVE-2026-20452 In wlan AP driver, there is a possible memory corruption due to a heap buffer ov
CVE-2026-20452High 8.0
CVE-2026-20452 CVSS:8.0 In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote (proximal/adjacent)… - CVE-2026-32325 Privilege chaining issue exists in ServerView Agents for Windows V11.60.04 and e
CVE-2026-32325High 7.8
CVE-2026-32325 CVSS:7.8 Privilege chaining issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local… - CVE-2026-27788 Incorrect permission assignment for critical resource issue exists in ServerView
CVE-2026-27788High 7.8
CVE-2026-27788 CVSS:7.8 Incorrect permission assignment for critical resource issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this… - CVE-2026-20455 In geniezone, there is a possible out of bounds write due to a missing bounds ch
CVE-2026-20455High 7.8
CVE-2026-20455 CVSS:7.8 In geniezone, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege… - CVE-2026-49361 Apache Fluss versions prior to 0.9.1 configure the Netty LengthFieldBasedFrameDe
CVE-2026-49361High 7.5
CVE-2026-49361 CVSS:7.5 Apache Fluss versions prior to 0.9.1 configure the Netty LengthFieldBasedFrameDecoder with Integer.MAX_VALUE as the maximum frame… - CVE-2026-41084 A bug in Apache Airflow's bulk Task Instances API (`PATCH/DELETE /api/v2/dags/{d
CVE-2026-41084High 7.5
CVE-2026-41084 CVSS:7.5 A bug in Apache Airflow's bulk Task Instances API (`PATCH/DELETE /api/v2/dags/{dag_id}/dagRuns/{dag_run_id}/taskInstances`) evaluated… - CVE-2018-25426 WinMTR 0.91 contains a denial of service vulnerability that allows attackers to
CVE-2018-25426High 7.5
CVE-2018-25426 CVSS:7.5 WinMTR 0.91 contains a denial of service vulnerability that allows attackers to crash the application by sending a malformed payload… - CVE-2018-25408 The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/
CVE-2018-25408High 7.5
CVE-2018-25408 CVSS:7.5 The Open ISES Project 3.30A contains a path traversal vulnerability in the ajax/download.php endpoint that allows unauthenticated… - CVE-2026-9757 The GEO my WP plugin for WordPress is vulnerable to SQL Injection via the 'swlat
CVE-2026-9757High 7.5
CVE-2026-9757 CVSS:7.5 The GEO my WP plugin for WordPress is vulnerable to SQL Injection via the 'swlatlng' and 'nelatlng' parameters in all versions up to,… - CVE-2026-7459 The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPres
CVE-2026-7459High 7.5
CVE-2026-7459 CVSS:7.5 The Simple History – Track, Log, and Audit WordPress Changes plugin for WordPress is vulnerable to authenticated (Subscriber+) account… - CVE-2026-10250 A security flaw has been discovered in itsourcecode Online Blood Bank Management
CVE-2026-10250High 7.3
CVE-2026-10250 CVSS:7.3 A security flaw has been discovered in itsourcecode Online Blood Bank Management System 1.0. The affected element is an unknown… - CVE-2026-10249 A vulnerability was identified in itsourcecode Online Blood Bank Management Syst
CVE-2026-10249High 7.3
CVE-2026-10249 CVSS:7.3 A vulnerability was identified in itsourcecode Online Blood Bank Management System 1.0. Impacted is an unknown function of the file… - CVE-2026-45360 Apache Airflow's scheduler-side deadline-reference decoder (`SerializedCustomRef
CVE-2026-45360High 7.3
CVE-2026-45360 CVSS:7.3 Apache Airflow's scheduler-side deadline-reference decoder (`SerializedCustomReference.deserialize_reference`) imported and dispatched… - CVE-2026-10243 A security vulnerability has been detected in code-projects Smart Parking System
CVE-2026-10243High 7.3
CVE-2026-10243 CVSS:7.3 A security vulnerability has been detected in code-projects Smart Parking System 1.0. Affected is an unknown function of the component… - CVE-2026-10236 A vulnerability has been found in SourceCodester Water Billing Management System
CVE-2026-10236High 7.3
CVE-2026-10236 CVSS:7.3 A vulnerability has been found in SourceCodester Water Billing Management System 1.0. This issue affects some unknown processing of the… - CVE-2026-10227 A vulnerability has been found in raisulislamg4 student_management_system_by_php
CVE-2026-10227High 7.3
CVE-2026-10227 CVSS:7.3 A vulnerability has been found in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. The… - CVE-2026-10226 A flaw has been found in raisulislamg4 student_management_system_by_php up to 31
CVE-2026-10226High 7.3
CVE-2026-10226 CVSS:7.3 A flaw has been found in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. Impacted is an… - CVE-2026-10225 A vulnerability was detected in raisulislamg4 student_management_system_by_php u
CVE-2026-10225High 7.3
CVE-2026-10225 CVSS:7.3 A vulnerability was detected in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. This… - CVE-2026-10221 A vulnerability was identified in NousResearch hermes-agent up to 0.12.0. Affect
CVE-2026-10221High 7.3
CVE-2026-10221 CVSS:7.3 A vulnerability was identified in NousResearch hermes-agent up to 0.12.0. Affected by this vulnerability is the function… - CVE-2026-10220 A vulnerability was determined in NousResearch hermes-agent up to 2026.4.30. Aff
CVE-2026-10220High 7.3
CVE-2026-10220 CVSS:7.3 A vulnerability was determined in NousResearch hermes-agent up to 2026.4.30. Affected is the function _serve_plugin_skill/skill_view of… - CVE-2026-10219 A vulnerability was found in nextlevelbuilder GoClaw up to 3.11.3. This impacts
CVE-2026-10219High 7.3
CVE-2026-10219 CVSS:7.3 A vulnerability was found in nextlevelbuilder GoClaw up to 3.11.3. This impacts the function FsBridge.WriteFile of the file… - CVE-2026-10214 A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This i
CVE-2026-10214High 7.3
CVE-2026-10214 CVSS:7.3 A weakness has been identified in zhayujie chatgpt-on-wechat up to 2.0.8. This issue affects the function _get_safety_warning of the… - CVE-2026-10208 A flaw has been found in code-projects Online Hospital Management System 1.php.
CVE-2026-10208High 7.3
CVE-2026-10208 CVSS:7.3 A flaw has been found in code-projects Online Hospital Management System 1.php. This impacts the function login_user of the file… - CVE-2026-10186 A security vulnerability has been detected in code-projects Online Hospital Mana
CVE-2026-10186High 7.3
CVE-2026-10186 CVSS:7.3 A security vulnerability has been detected in code-projects Online Hospital Management System 1.0. Affected by this vulnerability is an… - CVE-2026-10185 A weakness has been identified in SourceCodester Hospitals Patient Records Manag
CVE-2026-10185High 7.3
CVE-2026-10185 CVSS:7.3 A weakness has been identified in SourceCodester Hospitals Patient Records Management System 1.0. Affected is an unknown function of… - CVE-2026-10184 A security flaw has been discovered in SourceCodester Hospitals Patient Records
CVE-2026-10184High 7.3
CVE-2026-10184 CVSS:7.3 A security flaw has been discovered in SourceCodester Hospitals Patient Records Management System 1.0. This impacts an unknown function… - CVE-2026-10178 A vulnerability was detected in code-projects Online Music Site 1.0. This vulner
CVE-2026-10178High 7.3
CVE-2026-10178 CVSS:7.3 A vulnerability was detected in code-projects Online Music Site 1.0. This vulnerability affects unknown code of the file… - CVE-2026-10167 A weakness has been identified in OUSL-GROUP-BrinaryBrains School Student Manage
CVE-2026-10167High 7.3
CVE-2026-10167 CVSS:7.3 A weakness has been identified in OUSL-GROUP-BrinaryBrains School Student Management System up to… - CVE-2026-10157 A vulnerability was identified in Open5GS up to 2.7.6. This impacts an unknown f
CVE-2026-10157High 7.3
CVE-2026-10157 CVSS:7.3 A vulnerability was identified in Open5GS up to 2.7.6. This impacts an unknown function of the file src/amf/ngap-handler.c of the… - CVE-2026-10111 A flaw has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. This impacts a
CVE-2026-10111High 7.3
CVE-2026-10111 CVSS:7.3 A flaw has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM 1.0. This impacts an unknown function of the component Login Page.… - CVE-2026-10110 A vulnerability was detected in code-projects Student Details Management System
CVE-2026-10110High 7.3
CVE-2026-10110 CVSS:7.3 A vulnerability was detected in code-projects Student Details Management System 1.0. This affects an unknown function of the file… - CVE-2026-40961 A bug in the login redirect route in Apache Airflow allowed authenticated users
CVE-2026-40961High 7.2
CVE-2026-40961 CVSS:7.2 A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the `is_safe_url` check,… - CVE-2026-48827 Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path v
CVE-2026-48827High 7.1
CVE-2026-48827 CVSS:7.1 Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload-pack, git-receive-pack, and… - CVE-2026-48209 An improper neutralization of user-controllable input in OTRS or ((OTRS)) Commun
CVE-2026-48209High 7.1
CVE-2026-48209 CVSS:7.1 An improper neutralization of user-controllable input in OTRS or ((OTRS)) Community Edition ticket handling allows authenticated… - CVE-2018-25410 SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated
CVE-2018-25410High 7.1
CVE-2018-25410 CVSS:7.1 SIM-PKH 2.4.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting…
⚔️ Sploitus(91 条)
Unknown (91 条)
- Linux-privesc-PoC exploit
Linux-privesc-PoC exploit - System-Exploitation-Compromising exploit
System-Exploitation-Compromising exploit
…另有 89 条 Unknown 级漏洞(已省略)
🤖 漏洞情报自动汇总 · 2026-06-03 · 数据来源: NVD / GitHub Advisory / Sploitus / CISA-KEV