📊 2026-06-11 漏洞情报日报 · 200 条 · 高危 110
每日漏洞情报汇总 · 2026-06-11
📊 2026-06-11 漏洞情报日报
📋 共 200 条
🔥 高危/严重 110 条
🚨 CISA-KEV 3 条
🐙 GitHub-Advisory 66 条 🔥39
🛡️ NVD-Latest 71 条 🔥71
⚔️ Sploitus 60 条
🤖 今日安全态势分析
🎯 今日重点关注
- CVE-2026-44748(SAP NetWeaver ABAP,CVSS 9.9): 认证用户可通过伪造XML签名实施中间人攻击,突破权限限制。攻击者仅需普通权限即可利用,影响面极广。
- CVE-2026-27671(SAP Kernel,CVSS 9.8): 未授权攻击者可发送特制RFC请求,利用协议验证逻辑缺陷直接控制服务器。无需认证,此为最高危的远程利用漏洞。
- CVE-2026-8467(PhoenixStorybook,未授权RCE): 未认证用户通过WebSocket提交恶意HEEx模板属性值即可在服务器执行任意代码。开发者测试框架暴露到公网是主要风险。
- CVE-2026-11697等6个Chrome漏洞(CVSS 9.6): 均为沙箱逃逸漏洞(UAF/整数溢出),攻击者只需用户访问恶意页面即可逃出Chrome沙箱,获得浏览器进程权限。
- CVE-2026-48030(Pheditor,OS命令注入): 认证用户通过向终端处理器的'dir'参数注入shell元字符执行任意系统命令。该漏洞绕过终端命令白名单,后果严重。
📈 威胁趋势
- 远程代码执行(RCE)与命令注入: 仍是今日漏洞核心类型。包括PhoenixStorybook模板注入、Pheditor OS命令注入、anyquery AppleScript注入等。攻击面从传统Web入口向开发者工具、测试框架、桌面插件扩散。
- 沙箱逃逸与权限提升: 今日集中爆发6个Chrome通用沙箱逃逸漏洞(均为CVSS 9.6),结合SAP XML签名伪造(9.9)和未授权RFC攻击(9.8),攻击者可先突破浏览器沙箱,再利用SAP漏洞横向提权。
- 认证与授权绕过: 包含硬编码JWT密钥(CVE-2026-48031)、消息伪造(Baileys)、REST API缺少所有者检查(nebula-mesh)和PHP补丁绕过(PHPSpreadsheet),显示“信任但验证不足”仍是普遍弱点。
- 供应链与数据篡改: 针对开发框架的漏洞(shell-quote,Baileys)会污染整个下游;SAP XML签名攻击直接破坏数据完整性,具备高破坏力。
🛡️ 缓解建议
- 立即修补SAP NetWeaver与Chrome: 优先部署SAP安全补丁,确保ABAP平台和Kernel升级至最新。立即升级Chrome至149.0.7827.103及以上版本,并强制执行。
- 加固开发与测试框架: 禁止将PhoenixStorybook、go-base、任何开发阶段的管理面板暴露在公网。生产环境需彻底移除或通过反向代理严格限制访问白名单。
- 实施纵深防御与监控: 对Pheditor等终端类应用实施输入白名单而非黑名单;对所有JWT密钥进行轮换,使用密钥管理服务(KMS)替换硬编码密钥;启用Web应用防火墙检测RFC/SOAP恶意请求。
- 审查供应链组件: 检查是否使用受影响版本的shell-quote(需更新至安全版本)、go-base(替换JWT密钥)、anyquery(升级至>0.4.4)、PHPSpreadsheet(应用完整修复)。定期执行软件物料清单(SBOM)扫描。
🚨 CISA-KEV(3 条)
Unknown (3 条)
- CVE-2026-20245 - Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability
CVE-2026-20245
CVE-2026-20245 Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability 产品: Cisco Catalyst SD-WAN Manager 描述: Cisco Catalyst SD-WAN… - CVE-2026-7473 - Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability
CVE-2026-7473
CVE-2026-7473 Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability 产品: Arista Extensible Operating System 描述: Arista…
…另有 1 条 Unknown 级漏洞(已省略)
🐙 GitHub-Advisory(66 条)
Critical (8 条)
- CVE-2026-48031 - Go Restful API Boilerplate: Hardcoded JWT Secret "random" Allows Token Forgery
CVE-2026-48031Critical
## Vulnerability: CWE-798 — Hardcoded JWT Secret + Broken Mitigation Affected Component - `github.com/dhax/go-base` — Go REST API boilerplate… - CVE-2026-48063 - Baileys has message upsert / hist sync spoofing and app state corruption when us
CVE-2026-48063Critical
Impact Any baileys session under the latest version (< 7.0.0-rc12, and < 6.7.22) can be sent a malicious payload via the placeholderResendMessage and trigger a… - CVE-2026-9277 - shell-quote quote() does not escape newlines in object .op values
CVE-2026-9277Critical
Summary `shell-quote`'s `quote()` function did not validate object-token inputs against the operator model used by `parse()`. The `.op` field was… - CVE-2026-8467 - PhoenixStorybook: Unauthenticated remote code execution via HEEx template inject
CVE-2026-8467Critical
Summary An unsafe HEEx template generation vulnerability allows any unauthenticated user to execute arbitrary code on the server. The phoenix_storybook… - CVE-2026-48030 - Pheditor: OS Command Injection in terminal handler via unsanitized 'dir' paramet
CVE-2026-48030Critical
Summary An OS Command Injection vulnerability in the terminal action handler allows any authenticated user to execute arbitrary OS commands by injecting shell… - CVE-2026-45034 - PHPSpreadsheet has a patch bypass for CVE-2026-34084
CVE-2026-45034Critical
## Summary CVE-2026-34084 was patched by the helper `File::prohibitWrappers`. The helper calls `parse_url($filename, PHP_URL_SCHEME)` and then checks… - CVE-2026-47252 - Anyquery: AppleScript/JXA Code Injection via Unescaped URL in macOS Chrome Plugi
CVE-2026-47252Critical
# AppleScript/JXA Code Injection via Unescaped URL in macOS Chrome Plugin | Field | Value | | ---------------- | ----- | | Repository |… - CVE-2026-47724 - nebula-mesh: API endpoints lack ownership checks, enabling cross-operator privil
CVE-2026-47724Critical
The `/api/v1/*` route surface trusts the bearer token alone for authorisation on most endpoints. The codebase itself admits this at…
High (31 条)
- CVE-2026-48032 - @hulumi/policies bypasses IAM-role policy checks when the role trusts multiple O
CVE-2026-48032High
**Affected:** `@hulumi/policies` `< 1.4.0` — **Fixed in:** `1.4.0` — **Severity:** High — **CWE-697 (Incorrect Comparison)** #### Summary AWS IAM trust… - CVE-2026-48033 - @hulumi/policies bypasses policy packs with a forged Pulumi-URN logical name
CVE-2026-48033High
**Affected:** `@hulumi/policies` `< 1.4.0` — **Fixed in:** `1.4.0` — **Severity:** High — **CWE-693 (Protection Mechanism Failure)** #### Summary Pulumi gives… - CVE-2026-48034 - @hulumi/policies has a HULUMI-H5 bypass via decoy sibling resources targeting a
CVE-2026-48034High
**Affected:** `@hulumi/policies` `< 1.4.0` — **Fixed in:** `1.4.0` — **Severity:** High — **CWE-284 (Improper Access Control)** #### Summary HULUMI-H1 forbids… - CVE-2026-48035 - @hulumi/baseline: AccountFoundation audit-delivery S3 bucket could be silently w
CVE-2026-48035High
**Affected:** `@hulumi/baseline` `< 1.4.0` — **Fixed in:** `1.4.0` — **Severity:** High — **CWE-1059 (Insufficient Technical Documentation / Behavioral… - CVE-2026-48036 - @hulumi/drift: Drift classifier fails open on adapter errors and over-promotes M
CVE-2026-48036High
**Affected:** `@hulumi/drift` `< 1.4.0` — **Fixed in:** `1.4.0` — **Severity:** Medium — **CWE-755 (Improper Handling of Exceptional Conditions)** #### Summary… - CVE-2026-49396 - Nezha has cross-site GET request that can trigger stored cron commands on a vict
CVE-2026-49396High
Summary The dashboard exposes the cron manual-trigger action as an authenticated `GET /api/v1/cron/:id/manual` endpoint. Dashboard JWTs are sent in the… - CVE-2025-53114 - Acknowledgement extension out of memory
CVE-2025-53114High
Impact Bad clients that always send a fixed batch value while the server is using the acknowledgement extension can cause the unacknowledged message queue to… - CVE-2026-47253 - Anyquery has Path Traversal through `clear_plugin_cache`, Allowing Arbitrary Dir
CVE-2026-47253High
# Path Traversal in `clear_plugin_cache` Allows Arbitrary Directory Deletion | Field | Value | | ---------------- | ----- | | Repository |… - CVE-2026-47701 - OpenTelemetry Operator for Kubernetes's ServiceMonitor bearerTokenFile reads arb
CVE-2026-47701High
## Affected Repository: github.com/open-telemetry/opentelemetry-operator Component: cmd/otel-allocator (TargetAllocator) Companion: Prometheus Operator API… - CVE-2026-48060 - Litestar has HTML Injection Through its CSRF Token
CVE-2026-48060High
# Overview Litestar instances which use a template engine in conjunction with CSRF protection are vulnerable to HTML Injection which can be escalated to Cross… - CVE-2026-47764 - PDM wheel installation leads to Path Traversal via overridden write_to_fs
CVE-2026-47764High
InstallDestination.write_to_fs() in src/pdm/installers/installers.py overrides the base class to add symlink/hardlink support but replaces the safe… - CVE-2026-47737 - Puma PROXY Protocol v1 Accepts Repeated Protocol Headers on Persistent Connectio
CVE-2026-47737High
Impact Puma is vulnerable to source IP spoofing when `set_remote_address proxy_protocol: :v1` is enabled and persistent connections are used. PROXY protocol v1… - CVE-2026-8469 - PhoenixStorybook: Unbounded atom creation from LiveView event params (atom-table
CVE-2026-8469High
Summary An attacker who can deliver `psb-assign`, `psb-toggle`, `psb-set-theme`, `upper-tab-navigation`, `lower-tab-navigation`, `playground-change`, or… - GHSA-7qjx-gp9h-65qj - Dex: Token-exchange endpoint is missing AllowedConnectors enforcement High
## Summary `server/handlers.go::handleTokenExchange` (lines 1804-1893) does not call `isConnectorAllowed(client.AllowedConnectors, connID)` before issuing… - CVE-2026-44249 - Netty has an IPv6 Subnet Filter Bypass via Incorrect Comparator Masking
CVE-2026-44249High
Summary An attacker can bypass IPv6 subnet rules due to an incorrect masking operation in IpSubnetFilterRule.compareTo(). Valid public IP addresses can bypass… - CVE-2026-44250 - Netty: Memory Exhaustion in RedisArrayAggregator due to Deeply Nested Arrays
CVE-2026-44250High
Summary An attacker can cause DoS by sending a crafted Redis payload with deeply nested arrays. This forces the server to allocate a massive number of state… - CVE-2026-44890 - Netty has Unbounded Direct Memory Consumption in its RedisDecoder
CVE-2026-44890High
Summary An attacker can cause DoS by sending crafted Redis payloads across multiple connections without `\r\n`. This exhausts the server's direct memory pool… - CVE-2026-44892 - Netty has a Vulnerable Default Configuration Which Leads to Denial of Service vi
CVE-2026-44892High
Summary The default configuration of the `Http3ConnectionHandler` in the Netty HTTP/3 codec lacks an enforced maximum header size limit. When a peer does not… - CVE-2026-44893 - Netty: HAProxy SSL TLV parsing leaks retained slice on invalid TLV length
CVE-2026-44893High
When decoding a PP2_TYPE_SSL TLV, HAProxyMessage.readNextTLV() first calls `header.retainedSlice(header.readerIndex(), length)` and only then reads the 1-byte… - CVE-2026-44894 - Netty's Default QUIC token handler accepts any client-supplied token
CVE-2026-44894High
NoQuicTokenHandler is the tokenHandler used when the application does not set one. Its writeToken() returns false (server will not send Retry — acceptable),… - CVE-2026-45416 - Netty: SNI handler pre-allocates up to 16 MiB from nine attacker bytes
CVE-2026-45416High
SslClientHelloHandler.decode() reads the 24-bit TLS handshake length and, when the ClientHello does not fit in the first record, eagerly allocates… - CVE-2026-45674 - Netty Vulnerable to DNS Cache Poisoning via Missing Bailiwick Checks in CNAME Re
CVE-2026-45674High
Summary Netty's DnsResolveContext fails to validate the origin (bailiwick) of CNAME records in DNS responses. Details In… - CVE-2026-46340 - Netty: SCTP reassembly nests buffers without bound
CVE-2026-46340High
For each non-complete SctpMessage fragment the handler does `fragments.put(streamId, Unpooled.wrappedBuffer(frag, byteBuf))`, wrapping the previous accumulator… - CVE-2026-47691 - Netty has Insufficient Bailiwick Validation for NS Records
CVE-2026-47691High
Summary Netty's `DnsResolveContext` insufficiently validates the bailiwick of NS records, enabling DNS Cache Poisoning. An attacker controlling an… - CVE-2026-47719 - FUXA: Unauthenticated SSRF via Socket.IO DEVICE_WEBAPI_REQUEST and DEVICE_PROPER
CVE-2026-47719High
## Summary An unauthenticated attacker (Alice) connects to FUXA's Socket.IO endpoint and emits a `device-webapi-request` event whose `property.address` field… - CVE-2026-47722 - nebula-mesh: Host advanced overrides allow YAML injection into agent config.yml
CVE-2026-47722High
`internal/configgen/generator.go:86,108,119` interpolates the operator-supplied `ListenHost` and `TunDevice` fields raw into a `text/template` that produces… - CVE-2026-47723 - nebula-mesh: Web UI and API responses lack security headers (CSP, X-Frame-Option
CVE-2026-47723High
None of the response paths in `internal/web/` or `internal/api/` set the standard browser-security headers. `grep` for `Content-Security-Policy`,… - CVE-2026-47725 - nebula-mesh's web UI lacks CSRF tokens on /ui/* mutating endpoints
CVE-2026-47725High
Every `/ui/*` POST / PUT / PATCH / DELETE route processes the request as soon as the session cookie validates. `SameSite=Lax` on the session cookie prevents… - CVE-2026-47726 - nebula-mesh: GET /api/v1/audit-log discloses all entries to any operator
CVE-2026-47726High
`internal/api/audit.go:12` — `handleGetAuditLog` does no admin check. The route is bearer-auth gated only; any operator API key returns the full audit log via… - CVE-2026-47735 - Arc has an authenticated arbitrary local-file read via DuckDB I/O functions that
CVE-2026-47735High
Summary Arc's user-SQL validator (`internal/api/query.go:ValidateSQLRequest`) blocked only `read_parquet(` and `arc_partition_agg(` via regex denylist. The… - CVE-2026-47736 - Puma PROXY Protocol v1 Parser Allows Remote Memory Exhaustion
CVE-2026-47736High
Impact [PROXY protocol support for Puma](https://github.com/puma/puma/issues/2651) was added in version 5.5.0. When PROXY protocol v1 support is enabled, Puma…
Medium (23 条)
- CVE-2026-49397 - Nezha's private services (`EnableShowInService: false`) are enumerable via per-s
CVE-2026-49397Medium 3.1
# Private services (`EnableShowInService: false`) are enumerable via per-server endpoints, leaking name and timing data **CWE**: CWE-285 (Improper… - CVE-2026-47720 - FUXA has SQL Injection in its TDengine DAQ connector via backslash bypass of esc
CVE-2026-47720Medium 3.1
## Summary The TDengine DAQ storage connector's `escapeTdString` at `server/runtime/storage/tdengine/index.js:10` doubles single quotes but does not escape… - CVE-2026-47721 - FUXA's scheduler API missing admin check enables operator-to-admin escalation vi
CVE-2026-47721Medium 3.1
## Summary An authorization issue in the Scheduler API allowed authenticated non-admin users to create or modify scheduled actions that should be restricted to… - CVE-2026-48037 - @hulumi/baseline: AccountFoundation reuse paths silently downgrade GuardDuty / S
CVE-2026-48037Medium
**Affected:** `@hulumi/baseline` `< 1.4.0` — **Fixed in:** `1.4.0` — **Severity:** Medium — **CWE-693 (Protection Mechanism Failure)** #### Summary… - CVE-2026-47155 - vLLM's Artifact Pin Decay allows pinned deployments to load unpinned code, weigh
CVE-2026-47155Medium
Summary vLLM's revision pinning controls do not consistently apply to all artifacts loaded for a model. A deployment that supplies `--revision` or… - CVE-2026-48025 - nebula-mesh: Decrypted CA private key persists in heap after signing
CVE-2026-48025Medium
`internal/pki/resolver.go:36-64` constructs a `CAManager` with the plaintext `ed25519.PrivateKey` after unwrapping via the master key;… - CVE-2026-48058 - nebula-mesh: Session and OIDC state cookies lack the Secure attribute
CVE-2026-48058Medium
`internal/web/session.go` and `internal/web/oidc.go` set `HttpOnly` and `SameSite=Lax` on every cookie but never `Secure`. A single plaintext request to the… - CVE-2026-48061 - Litestar: AllowedHostsMiddleware bypasses host validation via client-controlled
CVE-2026-48061Medium
Summary `AllowedHostsMiddleware` trusts the `X-Forwarded-Host` header as a fallback when the `Host` header is absent. Since `X-Forwarded-Host` is a…
…另有 15 条 Medium 级漏洞(已省略)
Low (4 条)
- CVE-2026-48051 - Papra HTTP redirect bypass can lead to SSRF via webhook delivery system
CVE-2026-48051Low
Summary Papra's webhook delivery system contains an SSRF protection bypass that allows any authenticated organisation member to cause the server to make HTTP… - CVE-2026-47241 - Net::IMAP: Denial of Service via incomplete raw argument validation
CVE-2026-47241Low
Summary Several Net::IMAP commands accept a raw string argument which is only validated to prevent CRLF injection and then sent verbatim. If this string is… - CVE-2026-47068 - PhoenixStorybook has cross-session PubSub topic injection via URL parameter
CVE-2026-47068Low
Summary The storybook iframe LiveView accepts a PubSub topic from the URL query string and broadcasts its own pid onto that topic with no check that the topic…
…另有 1 条 Low 级漏洞(已省略)
🛡️ NVD-Latest(71 条)
Critical (10 条)
- CVE-2026-44748 SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated
CVE-2026-44748Critical 9.9
CVE-2026-44748 CVSS:9.9 SAP NetWeaver Application Server ABAP and ABAP Platform allows an authenticated attacker with normal privileges to obtain a valid… - CVE-2026-27671 Due to improper RFC protocol validation in the SAP Kernel used by the Applicatio
CVE-2026-27671Critical 9.8
CVE-2026-27671 CVSS:9.8 Due to improper RFC protocol validation in the SAP Kernel used by the Application Server ABAP of SAP NetWeaver and ABAP Platform, an… - CVE-2026-11697 Insufficient validation of untrusted input in UI in Google Chrome prior to 149.0
CVE-2026-11697Critical 9.6
CVE-2026-11697 CVSS:9.6 Insufficient validation of untrusted input in UI in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially… - CVE-2026-11671 Use after free in Navigation in Google Chrome prior to 149.0.7827.103 allowed a
CVE-2026-11671Critical 9.6
CVE-2026-11671 CVSS:9.6 Use after free in Navigation in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape… - CVE-2026-11659 Integer overflow in UI in Google Chrome on Linux prior to 149.0.7827.103 allowed
CVE-2026-11659Critical 9.6
CVE-2026-11659 CVSS:9.6 Integer overflow in UI in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox… - CVE-2026-11654 Use after free in CameraCapture in Google Chrome on Mac prior to 149.0.7827.103
CVE-2026-11654Critical 9.6
CVE-2026-11654 CVSS:9.6 Use after free in CameraCapture in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially perform a… - CVE-2026-11651 Use after free in Network in Google Chrome prior to 149.0.7827.103 allowed a rem
CVE-2026-11651Critical 9.6
CVE-2026-11651 CVSS:9.6 Use after free in Network in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox… - CVE-2026-11638 Use after free in Printing in Google Chrome prior to 149.0.7827.103 allowed a re
CVE-2026-11638Critical 9.6
CVE-2026-11638 CVSS:9.6 Use after free in Printing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape… - CVE-2026-11634 Use after free in Gamepad in Google Chrome on Windows prior to 149.0.7827.103 al
CVE-2026-11634Critical 9.6
CVE-2026-11634 CVSS:9.6 Use after free in Gamepad in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to potentially perform a… - CVE-2026-40128 SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated
CVE-2026-40128Critical 9.0
CVE-2026-40128 CVSS:9.0 SAP NetWeaver Application Server Java (Web Container) allows an unauthenticated attacker to craft a malicious HTTP logon request that…
High (61 条)
- CVE-2026-11699 Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allo
CVE-2026-11699High 8.8
CVE-2026-11699 CVSS:8.8 Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap… - CVE-2026-11698 Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allo
CVE-2026-11698High 8.8
CVE-2026-11698 CVSS:8.8 Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap… - CVE-2026-11688 Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.103 all
CVE-2026-11688High 8.8
CVE-2026-11688 CVSS:8.8 Inappropriate implementation in SVG in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside… - CVE-2026-11687 Use after free in Dawn in Google Chrome on Mac prior to 149.0.7827.103 allowed a
CVE-2026-11687High 8.8
CVE-2026-11687 CVSS:8.8 Use after free in Dawn in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption… - CVE-2026-11683 Use after free in WebCodecs in Google Chrome prior to 149.0.7827.103 allowed a r
CVE-2026-11683High 8.8
CVE-2026-11683 CVSS:8.8 Use after free in WebCodecs in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a… - CVE-2026-11681 Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.103 allowe
CVE-2026-11681High 8.8
CVE-2026-11681 CVSS:8.8 Use after free in Ozone in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap… - CVE-2026-11680 Use after free in Media in Google Chrome on Windows prior to 149.0.7827.103 allo
CVE-2026-11680High 8.8
CVE-2026-11680 CVSS:8.8 Use after free in Media in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside… - CVE-2026-11674 Use after free in Guest View in Google Chrome prior to 149.0.7827.103 allowed a
CVE-2026-11674High 8.8
CVE-2026-11674 CVSS:8.8 Use after free in Guest View in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a… - CVE-2026-11673 Use after free in InterestGroups in Google Chrome prior to 149.0.7827.103 allowe
CVE-2026-11673High 8.8
CVE-2026-11673 CVSS:8.8 Use after free in InterestGroups in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a… - CVE-2026-11670 Use after free in PDF in Google Chrome prior to 149.0.7827.103 allowed a remote
CVE-2026-11670High 8.8
CVE-2026-11670 CVSS:8.8 Use after free in PDF in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via… - CVE-2026-11664 Use after free in Payments in Google Chrome prior to 149.0.7827.103 allowed a re
CVE-2026-11664High 8.8
CVE-2026-11664 CVSS:8.8 Use after free in Payments in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption… - CVE-2026-11662 Type Confusion in Bindings in Google Chrome prior to 149.0.7827.103 allowed a re
CVE-2026-11662High 8.8
CVE-2026-11662 CVSS:8.8 Type Confusion in Bindings in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a… - CVE-2026-11657 Use after free in Payments in Google Chrome on Mac prior to 149.0.7827.103 allow
CVE-2026-11657High 8.8
CVE-2026-11657 CVSS:8.8 Use after free in Payments in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a… - CVE-2026-11650 Use after free in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote a
CVE-2026-11650High 8.8
CVE-2026-11650 CVSS:8.8 Use after free in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via… - CVE-2026-11649 Use after free in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote a
CVE-2026-11649High 8.8
CVE-2026-11649 CVSS:8.8 Use after free in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via… - CVE-2026-11648 Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.103
CVE-2026-11648High 8.8
CVE-2026-11648 CVSS:8.8 Use after free in FullScreen in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap… - CVE-2026-11646 Use after free in ViewTransitions in Google Chrome prior to 149.0.7827.103 allow
CVE-2026-11646High 8.8
CVE-2026-11646 CVSS:8.8 Use after free in ViewTransitions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a… - CVE-2026-11645 Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allo
CVE-2026-11645High 8.8
CVE-2026-11645 CVSS:8.8 Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside… - CVE-2026-11637 Use after free in Views in Google Chrome on Mac prior to 149.0.7827.103 allowed
CVE-2026-11637High 8.8
CVE-2026-11637 CVSS:8.8 Use after free in Views in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a… - CVE-2026-11633 Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allo
CVE-2026-11633High 8.8
CVE-2026-11633 CVSS:8.8 Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a… - CVE-2026-11630 Use after free in File Input in Google Chrome prior to 149.0.7827.103 allowed a
CVE-2026-11630High 8.8
CVE-2026-11630 CVSS:8.8 Use after free in File Input in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption… - CVE-2026-11629 Use after free in Ozone in Google Chrome prior to 149.0.7827.103 allowed a remot
CVE-2026-11629High 8.8
CVE-2026-11629 CVSS:8.8 Use after free in Ozone in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially exploit heap corruption via a… - CVE-2026-11528 A vulnerability was found in Tenda AC18 15.03.05.05. The affected element is the
CVE-2026-11528High 8.8
CVE-2026-11528 CVSS:8.8 A vulnerability was found in Tenda AC18 15.03.05.05. The affected element is the function sub_45304 of the file /goform/getRebootStatus… - CVE-2026-11524 A vulnerability has been found in Tenda W20E 15.11.0.6. Impacted is the function
CVE-2026-11524High 8.8
CVE-2026-11524 CVSS:8.8 A vulnerability has been found in Tenda W20E 15.11.0.6. Impacted is the function modifyWifiFilterRules of the file… - CVE-2026-11523 A flaw has been found in Tenda W20E 15.11.0.6. This issue affects the function f
CVE-2026-11523High 8.8
CVE-2026-11523 CVSS:8.8 A flaw has been found in Tenda W20E 15.11.0.6. This issue affects the function formPortalAuth of the file /goform/PortalAuth of the… - CVE-2026-11522 A vulnerability was detected in Tenda W20E 15.11.0.6. This vulnerability affects
CVE-2026-11522High 8.8
CVE-2026-11522 CVSS:8.8 A vulnerability was detected in Tenda W20E 15.11.0.6. This vulnerability affects the function formSetPortMirror of the file… - CVE-2026-11700 Use after free in Tracing in Google Chrome prior to 149.0.7827.103 allowed a rem
CVE-2026-11700High 8.3
CVE-2026-11700 CVSS:8.3 Use after free in Tracing in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process… - CVE-2026-11692 Use after free in Read Anything in Google Chrome prior to 149.0.7827.103 allowed
CVE-2026-11692High 8.3
CVE-2026-11692 CVSS:8.3 Use after free in Read Anything in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer… - CVE-2026-11682 Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7
CVE-2026-11682High 8.3
CVE-2026-11682 CVSS:8.3 Inappropriate implementation in Views in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker who had compromised… - CVE-2026-11679 Use after free in Codecs in Google Chrome on Windows prior to 149.0.7827.103 all
CVE-2026-11679High 8.3
CVE-2026-11679 CVSS:8.3 Use after free in Codecs in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer… - CVE-2026-11677 Race in Network in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote
CVE-2026-11677High 8.3
CVE-2026-11677 CVSS:8.3 Race in Network in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the network process to… - CVE-2026-11676 Insufficient validation of untrusted input in Dawn in Google Chrome on Linux and
CVE-2026-11676High 8.3
CVE-2026-11676 CVSS:8.3 Insufficient validation of untrusted input in Dawn in Google Chrome on Linux and ChromeOS prior to 149.0.7827.103 allowed a remote… - CVE-2026-11672 Heap buffer overflow in GPU in Google Chrome on Android prior to 149.0.7827.103
CVE-2026-11672High 8.3
CVE-2026-11672 CVSS:8.3 Heap buffer overflow in GPU in Google Chrome on Android prior to 149.0.7827.103 allowed a remote attacker who had compromised the… - CVE-2026-11663 Use after free in Skia in Google Chrome prior to 149.0.7827.103 allowed a remote
CVE-2026-11663High 8.3
CVE-2026-11663 CVSS:8.3 Use after free in Skia in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to… - CVE-2026-11661 Use after free in Views in Google Chrome on Windows prior to 149.0.7827.103 allo
CVE-2026-11661High 8.3
CVE-2026-11661 CVSS:8.3 Use after free in Views in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer… - CVE-2026-11660 Insufficient validation of untrusted input in New Tab Page in Google Chrome prio
CVE-2026-11660High 8.3
CVE-2026-11660 CVSS:8.3 Insufficient validation of untrusted input in New Tab Page in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had… - CVE-2026-11656 Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.103 allowed
CVE-2026-11656High 8.3
CVE-2026-11656 CVSS:8.3 Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.103 allowed an attacker who convinced a user to install a… - CVE-2026-11655 Integer overflow in Media in Google Chrome on Mac prior to 149.0.7827.103 allowe
CVE-2026-11655High 8.3
CVE-2026-11655 CVSS:8.3 Integer overflow in Media in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer… - CVE-2026-11652 Use after free in Extensions in Google Chrome prior to 149.0.7827.103 allowed a
CVE-2026-11652High 8.3
CVE-2026-11652 CVSS:8.3 Use after free in Extensions in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer… - CVE-2026-11647 Use after free in Printing in Google Chrome on Android prior to 149.0.7827.103 a
CVE-2026-11647High 8.3
CVE-2026-11647 CVSS:8.3 Use after free in Printing in Google Chrome on Android prior to 149.0.7827.103 allowed a remote attacker who had compromised the… - CVE-2026-11642 Use after free in Web Apps in Google Chrome prior to 149.0.7827.103 allowed a re
CVE-2026-11642High 8.3
CVE-2026-11642 CVSS:8.3 Use after free in Web Apps in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process… - CVE-2026-11640 Integer overflow in libyuv in Google Chrome prior to 149.0.7827.103 allowed a re
CVE-2026-11640High 8.3
CVE-2026-11640 CVSS:8.3 Integer overflow in libyuv in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process… - CVE-2026-11635 Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allo
CVE-2026-11635High 8.3
CVE-2026-11635 CVSS:8.3 Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer… - CVE-2026-11631 Use after free in Aura in Google Chrome on Windows prior to 149.0.7827.103 allow
CVE-2026-11631High 8.3
CVE-2026-11631 CVSS:8.3 Use after free in Aura in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer… - CVE-2026-11693 Inappropriate implementation in Plugins in Google Chrome prior to 149.0.7827.103
CVE-2026-11693High 8.1
CVE-2026-11693 CVSS:8.1 Inappropriate implementation in Plugins in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the… - CVE-2026-11689 Insufficient policy enforcement in Passwords in Google Chrome prior to 149.0.782
CVE-2026-11689High 8.1
CVE-2026-11689 CVSS:8.1 Insufficient policy enforcement in Passwords in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the… - CVE-2026-11643 Use after free in Proxy in Google Chrome prior to 149.0.7827.103 allowed a remot
CVE-2026-11643High 8.1
CVE-2026-11643 CVSS:8.1 Use after free in Proxy in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via malicious… - CVE-2026-8795 A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifa
CVE-2026-8795High 7.8
CVE-2026-8795 CVSS:7.8 A YAML injection vulnerability exists in the Windows.Collectors.Remapping artifact of Rapid7 Velociraptor before version 0.76.6. The… - CVE-2026-11694 Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.103 allowed
CVE-2026-11694High 7.5
CVE-2026-11694 CVSS:7.5 Use after free in ServiceWorker in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer… - CVE-2026-11690 Out of bounds read and write in Media in Google Chrome on Mac prior to 149.0.782
CVE-2026-11690High 7.5
CVE-2026-11690 CVSS:7.5 Out of bounds read and write in Media in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the… - CVE-2026-11667 Out of bounds read in WebRTC in Google Chrome prior to 149.0.7827.103 allowed a
CVE-2026-11667High 7.5
CVE-2026-11667 CVSS:7.5 Out of bounds read in WebRTC in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the GPU process to… - CVE-2026-11644 Use after free in Views in Google Chrome on Linux prior to 149.0.7827.103 allowe
CVE-2026-11644High 7.5
CVE-2026-11644 CVSS:7.5 Use after free in Views in Google Chrome on Linux prior to 149.0.7827.103 allowed an attacker who convinced a user to install a… - CVE-2026-11641 Use after free in Bluetooth in Google Chrome on Windows prior to 149.0.7827.103
CVE-2026-11641High 7.5
CVE-2026-11641 CVSS:7.5 Use after free in Bluetooth in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who convinced a user to… - CVE-2026-11639 Use after free in Compositing in Google Chrome on Mac prior to 149.0.7827.103 al
CVE-2026-11639High 7.5
CVE-2026-11639 CVSS:7.5 Use after free in Compositing in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code via a… - CVE-2026-11636 Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.103 a
CVE-2026-11636High 7.5
CVE-2026-11636 CVSS:7.5 Use after free in Autofill in Google Chrome on Windows prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage… - CVE-2026-11632 Use after free in TabStrip in Google Chrome prior to 149.0.7827.103 allowed a re
CVE-2026-11632High 7.5
CVE-2026-11632 CVSS:7.5 Use after free in TabStrip in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who convinced a user to engage in… - CVE-2026-22164 Software installed and run as a non-privileged user may conduct improper GPU sys
CVE-2026-22164High 7.5
CVE-2026-22164 CVSS:7.5 Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory. By creating… - CVE-2026-36789 Shenzhen Tenda Technology Co., Ltd Tenda AC1206 v15.03.06.23 was discovered to c
CVE-2026-36789High 7.5
CVE-2026-36789 CVSS:7.5 Shenzhen Tenda Technology Co., Ltd Tenda AC1206 v15.03.06.23 was discovered to contain multiple stack overflows in the… - CVE-2026-11618 A vulnerability was determined in DTStack Taier up to 1.4.0. The affected elemen
CVE-2026-11618High 7.3
CVE-2026-11618 CVSS:7.3 A vulnerability was determined in DTStack Taier up to 1.4.0. The affected element is the function preHandle of the file… - CVE-2026-7556 The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cros
CVE-2026-7556High 7.2
CVE-2026-7556 CVSS:7.2 The FV Flowplayer Video Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the comment text in all versions up… - CVE-2026-44751 Application server ABAP does not perform necessary authorization checks for an a
CVE-2026-44751High 7.1
CVE-2026-44751 CVSS:7.1 Application server ABAP does not perform necessary authorization checks for an authenticated user allowing an attacker to execute a…
⚔️ Sploitus(60 条)
Unknown (60 条)
- ollama-silent-patches exploit
ollama-silent-patches exploit - Exploit for Deserialization of Untrusted Data in Mirasvit Full_Page_Cache_Warmer exploit
Exploit for Deserialization of Untrusted Data in Mirasvit Full_Page_Cache_Warmer exploit
…另有 58 条 Unknown 级漏洞(已省略)
🤖 漏洞情报自动汇总 · 2026-06-11 · 数据来源: NVD / GitHub Advisory / Sploitus / CISA-KEV