📊 2026-06-04 漏洞情报日报 · 200 条 · 高危 93
每日漏洞情报汇总 · 2026-06-04
📊 2026-06-04 漏洞情报日报
📋 共 200 条
🔥 高危/严重 93 条
🚨 CISA-KEV 3 条
💣 Exploit-DB-RSS 2 条
🐙 GitHub-Advisory 39 条 🔥27
🛡️ NVD-Latest 66 条 🔥66
⚔️ Sploitus 90 条
🤖 今日安全态势分析
🎯 今日重点关注
- CVE-2026-44180/CVE-2026-44181/CVE-2026-44182 (Jupyter Enterprise Gateway) — 三个严重漏洞组合:可绕过禁止UIG/GID限制以root权限启动内核;Kubernetes Manifest渲染时存在Jinja2模板注入(SSTI)及YAML注入,攻击者可远程执行代码、篡改容器安全上下文,导致集群级权限控制失效。
- CVE-2026-7312 (Progress Sitefinity) — CVSS 10.0,凭证保护不足漏洞,影响多个版本系列。攻击者可远程窃取或伪造凭证,可能导致未授权访问及数据泄露。
- CVE-2026-47428/CVE-2026-47429 (Vitest UI) — 浏览器模式下将未经处理的`otelCarrier`参数直接插入内联脚本,导致XSS或代码执行;Windows环境下任意文件读取,若服务暴露于网络,危害极大。
- CVE-2026-47413 (praisonai-platform) — 权限提升漏洞,任意工作区成员可通过API将任意用户添加为所有者,突破权限边界,获全权操作。
- CVE-2026-8206 (Kirki WordPress Plugin) — CVSS 9.8,权限提升/账户接管漏洞,插件接受任意`user_id`参数,导致攻击者可直接接管管理员账户。
📈 威胁趋势
- 远程代码执行与注入(RCE/注入) — 模板注入(SSTI)、命令注入、SQL注入等高危注入类漏洞集中爆发,如Jupyter Gateway(SSTI+YAML注入)、Airflow文档误例、OTRS SQL注入、WP Job Portal盲注,覆盖数据层和运维层。
- 权限提升与身份认证绕过 — 包括凭证保护不足(Sitefinity CVSS 10.0)、访问控制缺陷(Sitefinity CVSS 9.8)、成员注入(praisonai)、账户接管(Kirki)、权限分配错误(Masteriyo LMS),均为攻击者横向或垂直突破的关键入口。
- 反序列化与供应链攻击 — Teamwork Cloud反序列化漏洞(CVSS 9.8)及Docling ZIP解压漏洞(Zip Slip),后者通过模型下载点发起供应链攻击,威胁软件供应链完整性。
🛡️ 缓解建议
- 立即升级所有受影响组件:重点关注Jupyter Enterprise Gateway(尽快升级至修复版本)、Progress Sitefinity(升级至15.4.8630+)、Vitest(禁用UI服务网络暴露)及WordPress插件(Kirki、Masteriyo LMS等)。
- 核查并加固Jupyter Gateway的Kubernetes Manifest渲染安全:禁止将用户可控环境变量直接传入Jinja2模板,启用严格的输入白名单过滤,并避免默认允许“禁止UID/GID”被绕过。
- 限制并审计API端点访问:立即审查praisonai的`POST /workspaces/{id}/members`端点,实施拥有者角色验证后才可添加成员;对WordPress插件增加`user_id`与当前会话的强绑定检查。
- 实施纵深防御:对任何涉及模板渲染、参数传递至系统命令或脚本的功能,执行输入净化与输出编码;关闭不必要的网络暴露(如Vitest UI);保持依赖及模型下载源的完整性与签验证。
🚨 CISA-KEV(3 条)
Unknown (3 条)
- CVE-2026-45247 - Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability
CVE-2026-45247
CVE-2026-45247 Mirasvit Full Page Cache Warmer Deserialization of Untrusted Data Vulnerability 产品: Mirasvit Mirasvit Full Page Cache Warmer 描述: Mirasvit Full… - CVE-2025-48595 - Android Framework Integer Overflow Vulnerability
CVE-2025-48595
CVE-2025-48595 Android Framework Integer Overflow Vulnerability 产品: Android Framework 描述: Android Framework contains an integer overflow vulnerability that…
…另有 1 条 Unknown 级漏洞(已省略)
💣 Exploit-DB-RSS(2 条)
Unknown (2 条)
- [webapps] WordPress OrderConvo 14 - Path Traversal
CVE-2025-10162
# Exploit Title: WordPress OrderConvo 14 - Path Traversal # Date: 05-31-2026 # Exploit Author: Diamorphine # Vendor Homepage: https://www.najeebmedia.com/ #… - [webapps] Drupal Core 10.5.5 - Error-Based SQL Injection
CVE-2026-9082
# Exploit Title: Drupal Core 10.5.5 - Error-Based SQL Injection # Google Dork: N/A # Date: 2026-05-31 # Exploit Author: cardosource # Vendor Homepage:…
🐙 GitHub-Advisory(39 条)
Critical (6 条)
- CVE-2026-44180 - Jupyter Enterprise Gateway: ContainerProcessProxy._enforce_prohibited_ids Bypass
CVE-2026-44180Critical
Summary Jupyter Enterprise Gateway has a prohibited UID and GID feature that by default prevents launching kernels with UID or GID 0 (root). This can be… - CVE-2026-44181 - Jupyter Enterprise Gateway: Jinja2 Template Server Side Template Injection resul
CVE-2026-44181Critical
Summary The environment variables (`KERNEL_XXX`) used during the rendering of the Kubernetes manifest are vulnerable to Server Side Template Injection (SSTI).… - CVE-2026-44182 - Jupyter Enterprise Gateway: Kubernetes Manifest Injection in Jinja2 Template Ren
CVE-2026-44182Critical
Summary The environment variables used during the rendering of the Kubernetes manifest allow YAML injection, enabling attackers to overwrite existing keys like… - CVE-2026-47429 - When Vitest UI server is listening, arbitrary file can be read and executed
CVE-2026-47429Critical
Summary Arbitrary file can be read on Windows when Vitest UI server is listening, especially when exposed to the network. Impact Only users that match either… - CVE-2026-47428 - Vitest browser mode serves unsanitized otelCarrier query parameter as inline scr
CVE-2026-47428Critical
## Summary Vitest browser mode served `/__vitest_test__/` with the `otelCarrier` query parameter inserted directly into an inline module script. Because this… - CVE-2026-47413 - praisonai-platform: Any workspace member can add arbitrary user as owner via POS
CVE-2026-47413Critical
## Summary **Type:** Privilege escalation / cross-tenant member injection. The `POST /workspaces/{workspace_id}/members` endpoint is gated only by…
High (21 条)
- CVE-2024-52011 - launch-editor vulnerable to command injection via the crafted request on Windows
CVE-2024-52011High
Summary Due to the insufficient sanitization of the `file` argument in the `launchEditor`, an attacker can execute arbitrary commands on Windows by supplying a… - CVE-2026-44017 - Docling: Unsafe Zip Extraction in EasyOCR Model Download
CVE-2026-44017High
Impact In versions `< 2.91.0`, The EasyOCR model download functionality extracted ZIP archives without validating member paths, enabling Zip Slip attacks. If… - CVE-2026-33245 - React Router vulnerable to XSS in unstable RSC redirect handling via javascript:
CVE-2026-33245High
When using React Router v7's unstable RSC APIs, there exists a potential client-side XSS issue in the RSC redirect handling if redirects are coming from… - CVE-2026-41234 - Froxlor: BIND Zone File Injection via TXT Record Content
CVE-2026-41234High
## Summary The `DomainZones.add` API endpoint does not sanitize newline characters in TXT record content. An authenticated customer with DNS editing enabled… - CVE-2026-42211 - React Router's vendored turbo-stream v2 allows arbitrary constructor invocation
CVE-2026-42211High
When using React Router v7 in [Framework Mode](https://reactrouter.com/start/modes#framework), there exists a combination of steps that could potentially allow… - CVE-2026-42342 - React Router vulnerable to DoS via unbounded path expansion in __manifest endpoi
CVE-2026-42342High
There exists a potential DOS attack vector in React Router Framework Mode applications (as well as Remix v2.10.0 - 2.17.4). Certain requests can be crafted to… - CVE-2026-44016 - Docling: Unsafe Playwright-based HTML Rendering
CVE-2026-44016High
Impact In versions `>= 2.82.0, < 2.91.0`, if the HTML backend was explicitly configured for rendering (rendering option by default deactivated), then the… - CVE-2026-44020 - Docling: Unsafe XML Entity Expansion in USPTO Patent Backend
CVE-2026-44020High
Impact The USPTO patent XML parser used the standard `xml.sax.parseString()` without protection against XML External Entity (XXE) attacks. An attacker could… - CVE-2026-47214 - Docling: Unsafe URI and Path Handling in HTML Backend
CVE-2026-47214High
Impact The HTML backend did not perform sufficient validation during resource handling: - Accepted `file://` URIs enabling local file system access when… - CVE-2026-44019 - Docling Core: Insufficient validation of image reference URIs
CVE-2026-44019High
Impact In versions `>= 2.5.0, < 2.74.1`, `docling-core` could allow local `file://` image references and accepted inline `data:` content without a… - CVE-2026-44023 - Docling Core: Unsafe remote filename resolution
CVE-2026-44023High
Impact In versions `>= 1.5.0, < 2.74.1`, `docling-core` did not sufficiently restrict remote request destinations and could resolve a server-provided… - CVE-2026-49144 - browserstack-runner has an unauthenticated arbitrary file read via path traversa
CVE-2026-49144High
## Summary The HTTP server in browserstack-runner serves files from the project directory via the `_default` handler. This handler uses… - CVE-2026-49143 - browserstack-runner vulnerable to Remote Code Execution via vm sandbox escape in
CVE-2026-49143High
Summary The HTTP handler `/_log` in `lib/server.js` (lines 491–515) of browserstack-runner passes unauthenticated user-supplied data to `vm.runInNewContext()`… - GHSA-f9rx-7wf7-jr36 - Froxlor's API Authentication bypasses 2FA Authentication
CVE-2023-3173High
## Summary Froxlor's API authentication (`FroxlorRPC::validateAuth`) does not enforce Two-Factor Authentication. When a user (admin or customer) enables 2FA on… - GHSA-63gr-g7jc-v8rg - @agenticmail/mcp Missing Authentication for Critical Function High
# AgenticMail MCP HTTP authorization bypass ## Summary `@agenticmail/mcp` exposes a Streamable HTTP transport when started with `--http` or `MCP_HTTP=1`. In… - CVE-2026-48119 - Nezha's authenticated agents can forge service-monitor results for other users'
CVE-2026-48119High
#### Summary Nezha accepts service-monitor `TaskResult` messages from an authenticated agent based only on whether the reported service ID exists. The… - CVE-2026-47423 - DOMPurify XSS via selectedcontent re-clone
CVE-2026-47423High
Summary DOMPurify 3.4.4 allows `selectedcontent` by default, allowing a chain in which browsers "re-clone" an XSS payload after sanitization, effectively… - CVE-2026-47418 - praisonai-platform: Project endpoints accept any project_id without workspace ow
CVE-2026-47418High
## Summary **Type:** Insecure Direct Object Reference. The project CRUD endpoints (`GET / PATCH / DELETE /workspaces/{workspace_id}/projects/{project_id}` and… - CVE-2026-47417 - praisonai-platform: Comment endpoints accept any issue_id without workspace owne
CVE-2026-47417High
## Summary **Type:** Insecure Direct Object Reference. The comment endpoints (`POST /workspaces/{workspace_id}/issues/{issue_id}/comments` and `GET… - CVE-2026-47415 - praisonai-platform: Issue endpoints accept any issue_id without workspace owners
CVE-2026-47415High
## Summary **Type:** Insecure Direct Object Reference. The issue CRUD endpoints (`GET / PATCH / DELETE /workspaces/{workspace_id}/issues/{issue_id}`) gate… - CVE-2026-47412 - praisonai-platform: Any workspace member can delete the entire workspace via DEL
CVE-2026-47412High
## Summary **Type:** Authorization bypass enabling destructive action. The `DELETE /workspaces/{workspace_id}` endpoint is gated only by…
Medium (11 条)
- CVE-2022-31114 - backpack/crud is vulnerable to Cross-Site Scripting (XSS)
CVE-2022-31114Medium
Impact It’s a “*moderate*” vulnerability… but being an admin panel, take this seriously. It’s difficult… but an attacker could conduct a targeted phishing… - CVE-2026-33244 - React Router has stored XSS via unescaped Location header in prerendered redirec
CVE-2026-33244Medium
When using React Router v7 [Framework Mode](https://reactrouter.com/start/modes#framework) with [Pre-rendering](https://reactrouter.com/how-to/pre-rendering)… - CVE-2026-34993 - AIOHTTP is Vulnerable to Deserialization of Untrusted Data
CVE-2026-34993Medium
Summary Using ``CookieJar.load()`` with untrusted input may allow arbitrary code execution. Impact Most applications using this function will be doing so with… - CVE-2026-40181 - React Router's same-origin redirect with path starting // causes open redirect v
CVE-2026-40181Medium
Certain URLs passed to the `redirect` function can trigger an open redirect to an external domain depending on the level of validation done by the application… - CVE-2026-40898 - quic-go: HTTP/3 QPACK Trailer Expansion Memory Exhaustion
CVE-2026-40898Medium
## Summary An attacker can cause excessive memory allocation in quic-go's HTTP/3 client and server implementations by sending a QPACK-encoded HEADERS frame… - CVE-2026-43980 - malla: Stored XSS via Meshtastic node names in multiple frontend pages
CVE-2026-43980Medium
Node names (long_name, short_name) received via MQTT are stored in SQLite without sanitization and rendered into the DOM without escaping. Any participant on a… - CVE-2026-44018 - Docling: Unsafe Archive Extraction and XML Parsing in METS-GBS Backend
CVE-2026-44018Medium
Impact The METS-GBS backend's XML parsing and the input document format detection lacked security controls, enabling: - XML External Entity (XXE) attacks to… - CVE-2026-44022 - Docling: Potential Path Traversal via LaTeX \includegraphics and \input Commands
CVE-2026-44022Medium
Impact The LaTeX backend's handling of `\includegraphics`, `\input`, and `\include` commands lacked path containment validation. Attackers could craft…
…另有 3 条 Medium 级漏洞(已省略)
Low (1 条)
- CVE-2026-47191 - kas checks out SHA-like git branches as valid commits
CVE-2026-47191Low
Impact When relying solely on a git commit ID (SHA-1 or SHA-256) to qualify if a checkout of a repository is equivalent to the state validated while adding its…
🛡️ NVD-Latest(66 条)
Critical (8 条)
- CVE-2026-7312 CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefi
CVE-2026-7312Critical 10.0
CVE-2026-7312 CVSS:10.0 CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15.0.8200… - CVE-2026-7198 CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.862
CVE-2026-7198Critical 9.8
CVE-2026-7198 CVSS:9.8 CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.8623 before 15.4.8630 allows a remote unauthenticated… - CVE-2025-53209 Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allo
CVE-2025-53209Critical 9.8
CVE-2025-53209 CVSS:9.8 Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo… - CVE-2026-8206 The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordP
CVE-2026-8206Critical 9.8
CVE-2026-8206 CVSS:9.8 The Kirki – Freeform Page Builder, Website Builder & Customizer plugin for WordPress is vulnerable to privilege escalation via account… - CVE-2026-7858 A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from
CVE-2026-7858Critical 9.8
CVE-2026-7858 CVSS:9.8 A Deserialization of Untrusted Data vulnerability affecting Teamwork Cloud from No Magic Release 2022x through No Magic Release 2026x… - CVE-2026-42684 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
CVE-2026-42684Critical 9.3
CVE-2026-42684 CVSS:9.3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ahmad WP Job Portal allows Blind… - CVE-2026-42252 Apache Airflow's official documentation at `core-concepts/dag-run.html` ("Passin
CVE-2026-42252Critical 9.1
CVE-2026-42252 CVSS:9.1 Apache Airflow's official documentation at `core-concepts/dag-run.html` ("Passing Parameters when triggering Dags") showed a verbatim… - CVE-2026-48188 An improper Input Validation vulnerability in OTRS or ((OTRS)) Community Edition
CVE-2026-48188Critical 9.1
CVE-2026-48188 CVSS:9.1 An improper Input Validation vulnerability in OTRS or ((OTRS)) Community Edition database layer module allows an unauthenticated SQL…
High (58 条)
- CVE-2026-30652 A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi end
CVE-2026-30652High 8.8
CVE-2026-30652 CVSS:8.8 A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi endpoint of the admin interface of Vivotek FD8136 cameras… - CVE-2026-30650 A post-authentication remote buffer overflow vulnerability exists in the /cgi-bi
CVE-2026-30650High 8.8
CVE-2026-30650 CVSS:8.8 A post-authentication remote buffer overflow vulnerability exists in the /cgi-bin/admin/eventtask.cgi endpoint of the admin interface… - CVE-2026-10591 Insufficient access control restrictions in the file write tool in Amazon Kiro I
CVE-2026-10591High 8.8
CVE-2026-10591 CVSS:8.8 Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote… - CVE-2026-7201 CWE-639: Authorization Bypass Through User-Controlled Key in web services in Pro
CVE-2026-7201High 8.8
CVE-2026-7201 CVSS:8.8 CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity 15.2.x before 15.2.8441, 15.3.x before… - CVE-2026-7195 CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x
CVE-2026-7195High 8.8
CVE-2026-7195 CVSS:8.8 CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before… - CVE-2025-53345 Missing Authorization vulnerability leading to code execution after installing m
CVE-2025-53345High 8.8
CVE-2025-53345 CVSS:8.8 Missing Authorization vulnerability leading to code execution after installing malicious vulnerable plugin in ThimPress Thim Core. This… - CVE-2026-1784 The Route OpenShift resource allows to define routes to make pods reachable at a
CVE-2026-1784High 8.8
CVE-2026-1784 CVSS:8.8 The Route OpenShift resource allows to define routes to make pods reachable at a subdomain through HAProxy. It was found that the checks… - CVE-2026-49298 A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker po
CVE-2026-49298High 8.8
CVE-2026-49298 CVSS:8.8 A bug in Apache Airflow's KubernetesExecutor caused JWT tokens used by worker pods to authenticate against the Execution API to be… - CVE-2026-49157 Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affe
CVE-2026-49157High 8.8
CVE-2026-49157 CVSS:8.8 Incorrect Default Permissions vulnerability in Apache ActiveMQ. This issue affects Apache ActiveMQ: before 5.19.7, from 6.0.0 before… - CVE-2026-45505 Improper Input Validation, Improper Control of Generation of Code ('Code Injecti
CVE-2026-45505High 8.8
CVE-2026-45505 CVSS:8.8 Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache… - CVE-2026-42359 A bug in Apache Airflow's XCom PATCH endpoint `PATCH /api/v2/xcomEntries/{key}`
CVE-2026-42359High 8.8
CVE-2026-42359 CVSS:8.8 A bug in Apache Airflow's XCom PATCH endpoint `PATCH /api/v2/xcomEntries/{key}` allowed an authenticated UI/API user with XCom write… - CVE-2026-7313 CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefi
CVE-2026-7313High 8.7
CVE-2026-7313 CVSS:8.7 CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 8.0.5700 to 13.3.7652 allows a remote… - CVE-2026-9024 A Stored Cross-site Scripting (XSS) vulnerability affecting Process Experience S
CVE-2026-9024High 8.7
CVE-2026-9024 CVSS:8.7 A Stored Cross-site Scripting (XSS) vulnerability affecting Process Experience Studio in DELMIA Service Process Engineer from Release… - CVE-2019-25719 Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors
CVE-2019-25719High 8.6
CVE-2019-25719 CVSS:8.6 Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors running software versions VG4.1.1, VG4.0.3, and lower… - CVE-2026-10622 Improper Authentication in REST API in Collibra Agent, allows a remote unauthent
CVE-2026-10622High 8.2
CVE-2026-10622 CVSS:8.2 Improper Authentication in REST API in Collibra Agent, allows a remote unauthenticated attacker to access privileged functionality via… - CVE-2026-39555 Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Ob
CVE-2026-39555High 8.1
CVE-2026-39555 CVSS:8.1 Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection. This issue affects Askka: from n/a… - CVE-2026-39553 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
CVE-2026-39553High 8.1
CVE-2026-39553 CVSS:8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes… - CVE-2026-39552 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
CVE-2026-39552High 8.1
CVE-2026-39552 CVSS:8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Code Supply… - CVE-2025-69369 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
CVE-2025-69369High 8.1
CVE-2025-69369 CVSS:8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes… - CVE-2025-68886 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
CVE-2025-68886High 8.1
CVE-2025-68886 CVSS:8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in androThemes… - CVE-2025-58897 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
CVE-2025-58897High 8.1
CVE-2025-58897 CVSS:8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes… - CVE-2025-58707 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
CVE-2025-58707High 8.1
CVE-2025-58707 CVSS:8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes… - CVE-2026-39551 Deserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Ob
CVE-2026-39551High 8.1
CVE-2026-39551 CVSS:8.1 Deserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Object Injection. This issue affects Töbel: from n/a… - CVE-2026-39550 Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows
CVE-2026-39550High 8.1
CVE-2026-39550 CVSS:8.1 Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows Object Injection. This issue affects Aperitif: from… - CVE-2025-58705 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
CVE-2025-58705High 8.1
CVE-2025-58705 CVSS:8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes… - CVE-2025-53440 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
CVE-2025-53440High 8.1
CVE-2025-53440 CVSS:8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes… - CVE-2026-5422 A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an
CVE-2026-5422High 8.1
CVE-2026-5422 CVSS:8.1 A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the… - CVE-2026-44825 Hardcoded credentials in the Basic Authentication setup tool (bin/solr auth enab
CVE-2026-44825High 8.1
CVE-2026-44825 CVSS:8.1 Hardcoded credentials in the Basic Authentication setup tool (bin/solr auth enable) in Apache Solr versions 9.4.0 through 9.10.1 and… - CVE-2026-42588 Improper Input Validation, Improper Control of Generation of Code ('Code Injecti
CVE-2026-42588High 8.1
CVE-2026-42588 CVSS:8.1 Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ Broker, Apache… - CVE-2026-20452 In wlan AP driver, there is a possible memory corruption due to a heap buffer ov
CVE-2026-20452High 8.0
CVE-2026-20452 CVSS:8.0 In wlan AP driver, there is a possible memory corruption due to a heap buffer overflow. This could lead to remote (proximal/adjacent)… - CVE-2026-32325 Privilege chaining issue exists in ServerView Agents for Windows V11.60.04 and e
CVE-2026-32325High 7.8
CVE-2026-32325 CVSS:7.8 Privilege chaining issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local… - CVE-2026-27788 Incorrect permission assignment for critical resource issue exists in ServerView
CVE-2026-27788High 7.8
CVE-2026-27788 CVSS:7.8 Incorrect permission assignment for critical resource issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this… - CVE-2026-20455 In geniezone, there is a possible out of bounds write due to a missing bounds ch
CVE-2026-20455High 7.8
CVE-2026-20455 CVSS:7.8 In geniezone, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege… - CVE-2026-10621 Path traversal in restore handler in Collibra Agent, allows an attacker to write
CVE-2026-10621High 7.5
CVE-2026-10621 CVSS:7.5 Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra… - CVE-2026-42670 Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star
CVE-2026-42670High 7.5
CVE-2026-42670 CVSS:7.5 Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly… - CVE-2026-42669 Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly
CVE-2026-42669High 7.5
CVE-2026-42669 CVSS:7.5 Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels. This issue… - CVE-2025-58024 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
CVE-2025-58024High 7.5
CVE-2025-58024 CVSS:7.5 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in UnboundStudio… - CVE-2026-3514 In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability e
CVE-2026-3514High 7.5
CVE-2026-3514 CVSS:7.5 In version 3.6.19 of prefecthq/prefect, an authentication bypass vulnerability exists due to the improper handling of URL path… - CVE-2026-8293 The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce th
CVE-2026-8293High 7.5
CVE-2026-8293 CVSS:7.5 The Really Simple Security WordPress plugin before 9.5.10.1 does not enforce the second-factor challenge in two of its two-factor… - CVE-2026-49361 Apache Fluss versions prior to 0.9.1 configure the Netty LengthFieldBasedFrameDe
CVE-2026-49361High 7.5
CVE-2026-49361 CVSS:7.5 Apache Fluss versions prior to 0.9.1 configure the Netty LengthFieldBasedFrameDecoder with Integer.MAX_VALUE as the maximum frame… - CVE-2026-41084 A bug in Apache Airflow's bulk Task Instances API (`PATCH/DELETE /api/v2/dags/{d
CVE-2026-41084High 7.5
CVE-2026-41084 CVSS:7.5 A bug in Apache Airflow's bulk Task Instances API (`PATCH/DELETE /api/v2/dags/{dag_id}/dagRuns/{dag_run_id}/taskInstances`) evaluated… - CVE-2026-10629 SIP signaling stack in Verizon IMS (unspecified version) implements SIP signalin
CVE-2026-10629High 7.4
CVE-2026-10629 CVSS:7.4 SIP signaling stack in Verizon IMS (unspecified version) implements SIP signaling without IPsec integrity protection (missing… - CVE-2026-30649 Buffer Overflow vulnerability in VIVOTEK INC FD8136-VVTK-0300a allows a remote a
CVE-2026-30649High 7.3
CVE-2026-30649 CVSS:7.3 Buffer Overflow vulnerability in VIVOTEK INC FD8136-VVTK-0300a allows a remote attacker to execute arbitrary code via the… - CVE-2026-10250 A security flaw has been discovered in itsourcecode Online Blood Bank Management
CVE-2026-10250High 7.3
CVE-2026-10250 CVSS:7.3 A security flaw has been discovered in itsourcecode Online Blood Bank Management System 1.0. The affected element is an unknown… - CVE-2026-10249 A vulnerability was identified in itsourcecode Online Blood Bank Management Syst
CVE-2026-10249High 7.3
CVE-2026-10249 CVSS:7.3 A vulnerability was identified in itsourcecode Online Blood Bank Management System 1.0. Impacted is an unknown function of the file… - CVE-2026-45360 Apache Airflow's scheduler-side deadline-reference decoder (`SerializedCustomRef
CVE-2026-45360High 7.3
CVE-2026-45360 CVSS:7.3 Apache Airflow's scheduler-side deadline-reference decoder (`SerializedCustomReference.deserialize_reference`) imported and dispatched… - CVE-2026-10243 A security vulnerability has been detected in code-projects Smart Parking System
CVE-2026-10243High 7.3
CVE-2026-10243 CVSS:7.3 A security vulnerability has been detected in code-projects Smart Parking System 1.0. Affected is an unknown function of the component… - CVE-2026-10236 A vulnerability has been found in SourceCodester Water Billing Management System
CVE-2026-10236High 7.3
CVE-2026-10236 CVSS:7.3 A vulnerability has been found in SourceCodester Water Billing Management System 1.0. This issue affects some unknown processing of the… - CVE-2026-10227 A vulnerability has been found in raisulislamg4 student_management_system_by_php
CVE-2026-10227High 7.3
CVE-2026-10227 CVSS:7.3 A vulnerability has been found in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. The… - CVE-2026-10226 A flaw has been found in raisulislamg4 student_management_system_by_php up to 31
CVE-2026-10226High 7.3
CVE-2026-10226 CVSS:7.3 A flaw has been found in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. Impacted is an… - CVE-2026-10225 A vulnerability was detected in raisulislamg4 student_management_system_by_php u
CVE-2026-10225High 7.3
CVE-2026-10225 CVSS:7.3 A vulnerability was detected in raisulislamg4 student_management_system_by_php up to 310d950e09013d5133c6b9210aff9444382d16d1. This… - CVE-2026-10221 A vulnerability was identified in NousResearch hermes-agent up to 0.12.0. Affect
CVE-2026-10221High 7.3
CVE-2026-10221 CVSS:7.3 A vulnerability was identified in NousResearch hermes-agent up to 0.12.0. Affected by this vulnerability is the function… - CVE-2026-10220 A vulnerability was determined in NousResearch hermes-agent up to 2026.4.30. Aff
CVE-2026-10220High 7.3
CVE-2026-10220 CVSS:7.3 A vulnerability was determined in NousResearch hermes-agent up to 2026.4.30. Affected is the function _serve_plugin_skill/skill_view of… - CVE-2026-40961 A bug in the login redirect route in Apache Airflow allowed authenticated users
CVE-2026-40961High 7.2
CVE-2026-40961 CVSS:7.2 A bug in the login redirect route in Apache Airflow allowed authenticated users to craft URLs that bypassed the `is_safe_url` check,… - CVE-2026-42685 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
CVE-2026-42685High 7.1
CVE-2026-42685 CVSS:7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmad WP Job Portal allows… - CVE-2025-52759 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
CVE-2025-52759High 7.1
CVE-2025-52759 CVSS:7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UnboundStudio Accordion FAQ… - CVE-2026-48827 Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path v
CVE-2026-48827High 7.1
CVE-2026-48827 CVSS:7.1 Path traversal vulnerability in Apache MINA SSHD bundle sshd-git. Lack of path validation in git-upload-pack, git-receive-pack, and… - CVE-2026-48209 An improper neutralization of user-controllable input in OTRS or ((OTRS)) Commun
CVE-2026-48209High 7.1
CVE-2026-48209 CVSS:7.1 An improper neutralization of user-controllable input in OTRS or ((OTRS)) Community Edition ticket handling allows authenticated…
⚔️ Sploitus(90 条)
Unknown (90 条)
- Exploit for CVE-2026-2256 exploit
CVE-2026-2256
Exploit for CVE-2026-2256 exploit - Exploit for CVE-2026-42945 exploit
CVE-2026-42945
Exploit for CVE-2026-42945 exploit
…另有 88 条 Unknown 级漏洞(已省略)
🤖 漏洞情报自动汇总 · 2026-06-04 · 数据来源: NVD / GitHub Advisory / Sploitus / CISA-KEV