📊 2026-06-13 漏洞情报日报 · 200 条 · 高危 94
每日漏洞情报汇总 · 2026-06-13
📊 2026-06-13 漏洞情报日报
📋 共 200 条
🔥 高危/严重 94 条
🚨 CISA-KEV 1 条
🐙 GitHub-Advisory 82 条 🔥37
🛡️ NVD-Latest 57 条 🔥57
⚔️ Sploitus 60 条
🤖 今日安全态势分析
🎯 今日重点关注
- CVE-2026-49261 (CVSS 10.0) - MariaDB Server:影响MariaDB 10.6至12.3多个系列版本。当启用
wsrep_notify_cmd配置时,攻击者可利用该漏洞实现远程代码执行,无需身份认证,属于极高的利用风险。 - CVE-2026-48039 (Critical) - Meta Ads MCP:针对
pipeboard-co/meta-ads-mcp项目的严重漏洞。未认证攻击者可通过HTTP MCP工具执行触发Meta访问令牌泄露,直接导致广告账户劫持和敏感数据外泄。 - CVE-2026-48062 (Critical) - CodeIgniter4:文件上传验证绕过漏洞。由于仅检查MIME类型推导的扩展名而非客户端文件名,攻击者可上传
shell.php等恶意脚本文件实现远程代码执行。 - CVE-2026-48150 (Critical) - Budibase:权限提升漏洞。工作区范围的构建者可通过
/api/public/v1/roles/assign接口利用中间件的认证缺陷,将自身权限升级为全局管理员。 - CVE-2025-6254 (CVSS 9.8) - Doctreat Core (WordPress插件):影响所有版本至1.6.8。由于注册函数未限制用户角色分配,未认证攻击者可利用该漏洞注册并接管管理员账户,实现完全站点控制。
📈 威胁趋势
- 远程代码执行 (RCE) / 代码注入:MariaDB
wsrep_notify_cmd、CodeIgniter4文件上传绕过、Apinizer表达式语言注入、Limatek LimRAD NAC文件上传等多起高危漏洞均指向RCE,攻击者可未授权获取服务器控制权,威胁度极高。 - 权限提升 / 身份认证绕过:Budibase与Doctreat Core漏洞表明,未严格校验用户作用域或角色注册机制可导致未授权管理员创建或权限升级。该类型漏洞在低代码平台和内容管理系统尤为突出。
- 信息泄露 / 内存安全:Meta Ads MCP的Token泄露、GeoServer明文密码写入文件以及多个Web应用的信息泄露漏洞,表明敏感凭据和系统配置保护仍存在弱点。
- 服务端请求伪造 (SSRF) 与SQL注入:Budibase OAuth2 SSRF、Rotaban与thaipalliative_lte的SQL注入漏洞频发,表明内网探测及数据窃取的风险依然存在,且攻击面覆盖全栈。
🛡️ 缓解建议
- 立即升级受影响软件:针对MariaDB(建议升级至修复版本,如10.6.27+)、CodeIgniter4、Rotaban及LimRAD NAC等已发布补丁的组件,应优先升级至最新稳定版本。对于Budibase与Meta Ads MCP,请关注官方GitHub仓库的修复分支并尽快更新。
- 强化上传与认证机制:立即审查Web应用(如Doctreat Core、CodeIgniter4)的文件上传逻辑,禁用基于MIME类型的扩展名判断,改为基于文件魔数及白名单验证;同时检查Budibase等平台的用户角色与中间件权限绑定逻辑,确保作用域隔离。
- 部署WAF与边界防护:针对Oracle PeopleTools SSRF、Apinizer表达式注入及通用SQL注入漏洞,建议在Web应用防火墙(WAF)中新增对应签名规则,并对内部API接口实施严格的输入过滤与黑/白名单校验(如Budibase的
fetchWithBlacklist)。 - 切断高危配置项并审计密码管理:检查所有MariaDB实例中是否启用了
wsrep_notify_cmd配置,若非业务必须应临时禁用;同时在GeoServer等系统中禁止明文密码的导出功能,并启用强密码策略与TLS加密存储。
🚨 CISA-KEV(1 条)
Unknown (1 条)
- CVE-2026-35273 - Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability
CVE-2026-35273
CVE-2026-35273 Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability 产品: Oracle PeopleSoft Enterprise…
🐙 GitHub-Advisory(82 条)
Critical (3 条)
- CVE-2026-48039 - Meta Ads MCP: Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access
CVE-2026-48039Critical 3.1
# Unauthenticated HTTP MCP Tool Execution Leaks Operator Meta Access Token | Field | Value | | ---------------- | ----- | | Repository |… - CVE-2026-48150 - Budibase: Workspace-scoped builder escalates to global admin via /api/public/v1/
CVE-2026-48150Critical
## Summary `/api/public/v1/roles/assign` is guarded by the `builderOrAdmin` middleware, which passes any user who is a builder for the app id in the… - CVE-2026-48062 - CodeIgniter4 has a validation bypass when uploading file extensions via `ext_in`
CVE-2026-48062Critical
Impact The `ext_in` upload validation rule checked the MIME-derived guessed extension instead of the client-provided filename extension. As a result, an…
High (34 条)
- GHSA-9wcp-79g5-5c3c - Appsmith Super User Creation Race Condition Allows Multiple Instance Administrat High 3.1
## Summary The `/api/v1/users/super` endpoint enforces a restriction that only one super user (Instance Administrator) can be created during initial setup.… - CVE-2026-53999 - Radius Controller May Delete a Container Resource via an Injected Deployment Ann
CVE-2026-53999High 3.1
# Radius Controller May Delete a Container Resource via an Injected Deployment Annotation (Multi-Tenant Installs) ## Summary A configuration-validation issue… - CVE-2026-48146 - Budibase: SSRF via OAuth2 Config Validation — Missing fetchWithBlacklist Protect
CVE-2026-48146High
Summary The OAuth2 token fetch function in `packages/server/src/sdk/workspace/oauth2/utils.ts` (line 59) uses raw `fetch(config.url)` with **no SSRF… - CVE-2025-52465 - GeoServer has an arbitrary file write vulnerability in its Master Password Dump
CVE-2025-52465High
Summary A vulnerability exists that allows an authenticated administrator with access to GeoServer's security system to pass arbitrary file names to the Master… - CVE-2026-48151 - Budibase: Webhook schema endpoint authorization bypass allows unauthenticated mu
CVE-2026-48151High
The webhook schema-building endpoint is registered under `builderRoutes`, but the generic authorization middleware skips authorization for all paths matching… - CVE-2026-48152 - Budibase: Basic app users can exfiltrate stored REST datasource auth by rewritin
CVE-2026-48152High
Summary Budibase stores external REST datasource credentials server-side and documents that database credentials are applied server-side and are not exposed in… - GHSA-j9gf-vw2f-9hrw - Appsmith: Configuration-dependent origin validation bypass in password reset and High
Summary A configuration-dependent origin validation bypass was identified in Appsmith’s password reset and email verification flows on current `release`. Both… - CVE-2026-49742 - TYPO3 CMS has Broken Access Control in its Media Module
CVE-2026-49742High
Problem Backend users with file download permissions were able to download files from the fallback storage of the file abstraction layer (FAL) via the Media… - CVE-2026-47346 - TYPO3 CMS has Broken Access Control in its Form Framework
CVE-2026-47346High
Problem Backend users with file write permissions were able to upload form definition files with mixed-case extensions (e.g., `.FORM.YAML`) to bypass the Form… - CVE-2026-49741 - TYPO3 CMS has Privilege Escalation & SQL Injection in its Form Framework
CVE-2026-49741High
Problem Backend users with write access to the `form_definition` database table were able to directly create, update, or delete form definition records via… - GHSA-36hh-v3qg-5jq4 - PyO3 has an Out-of-bounds Read in `nth` / `nth_back` for `PyList` and `PyTuple` High
PyO3 0.24.0 added optimized implementations of `Iterator::nth` and `DoubleEndedIterator::nth_back` for the `BoundListIterator` and `BoundTupleIterator` types.… - CVE-2026-47343 - TYPO3 CMS: Destructive Actions on File Mount Folders
CVE-2026-47343High
Problem Non-privileged backend users with file mount access were able to perform write operations (move, delete, rename) on folders representing the root of an… - CVE-2026-11607 - TYPO3 CMS has Broken Access Control in its Form Framework
CVE-2026-11607High
Problem Backend users with access to the Form Framework were able to use files not ending in `.form.yaml` as form definitions, which were processed without… - GHSA-gv7w-rqvm-qjhr - esbuild: Missing binary integrity verification in Deno module enables remote cod High
Summary The esbuild Deno module (`lib/deno/mod.ts`) downloads native binary executables from an npm registry and writes them to disk with executable… - CVE-2026-54097 - File Browser: Cross-user unauthorized share-link deletion via unbounded prefix m
CVE-2026-54097High
Summary A low-privileged authenticated user of filebrowser (with `create` + `delete` permissions in their own isolated scope) can silently destroy share-link… - CVE-2026-54096 - File Browser: Improper Access Control Occurs via Pre-Created Public Share for a
CVE-2026-54096High
Summary This is similar vulnrability of **`CVE-2026-0035`**, which was fixed in Android `MediaProvider` with **high** severity. In the original Java issue,… - CVE-2026-54092 - File Browser has a DoS Vulnerability via Public Login API
CVE-2026-54092High
Summary Unchecked passwords maximums allow for an arbitrarily large password to be passed into the login API. This spikes CPU and memory, and after testing,… - CVE-2026-54091 - File Browser has incorrect access control for public directory shares via rule p
CVE-2026-54091High
Summary File Browser's public share handlers rebase the share owner's filesystem root to the shared directory and then evaluate descendant paths against the… - CVE-2026-54090 - File Browser has a Command Execution Allowlist Bypass via Shell Metacharacter In
CVE-2026-54090High
> [!NOTE] > **This feature has been disabled by default for all installations from v2.33.8 onwards, including for existent installations**. To exploit this… - CVE-2026-47781 - PDM: Project-Controlled `.pdm-plugins` Content Executes Before CLI Parsing
CVE-2026-47781High
## Summary PDM automatically loads project-local plugin paths from `.pdm-plugins` during `Core` initialization. Because this path is added via… - CVE-2026-48006 - Netty's Lack of Lifecycle Cleanup Leads to Pooled ByteBuf Leak in RedisArrayAggr
CVE-2026-48006High
Impact The RedisArrayAggregator handler permanently leaks pooled direct-memory buffers when a Redis pipeline connection closes before a RESP array aggregate… - CVE-2026-48007 - Element Call reports full URLs of visited pages to analytics server
CVE-2026-48007High
Impact Element Call versions 0.5.17 through 0.19.3 report analytics data to a PostHog server, when configured to by a `posthog` key in config.json or by the… - CVE-2026-48020 - Traefik has a StripPrefix Route-Level Auth Bypass via Path Normalization
CVE-2026-48020High
## Summary There is a high severity vulnerability in Traefik's `StripPrefix` middleware that allows an unauthenticated attacker to bypass route-level… - CVE-2026-48054 - OpenZeppelin Contracts Wizard has Code Injection in Generated Hardhat and Foundr
CVE-2026-48054High
## Summary The OpenZeppelin Contracts Wizard generated Hardhat (`test/test.ts`) and Foundry (`test/<Name>.t.sol`) example test files that interpolated… - CVE-2026-48069 - @grpc/grpc-js: An incoming malformed compressed message can cause a client or se
CVE-2026-48069High
Impact An invalid incoming compressed message can cause a client or server process to crash. This affects all clients and servers that use @grpc/grpc-js… - CVE-2026-48068 - @grpc/grpc-js: A malformed request can cause a server crash
CVE-2026-48068High
Impact An invalid incoming HTTP/2 stream initiation can cause a server process to crash. This affects all servers created using @grpc/grpc-js. Patches The… - CVE-2026-48050 - Arc: Unauthenticated access to Go debug pprof endpoints leaks runtime state and
CVE-2026-48050High
Summary Arc registers Go's `net/http/pprof` handlers at `/debug/pprof/*` via `app.Use(pprof.New())` in `internal/api/server.go`, and `/debug/pprof` is added to… - CVE-2026-48059 - Netty HAProxy: Unbalanced Reference Count in Nested PP2_TYPE_SSL TLV Parsing Lea
CVE-2026-48059High
Impact The HAProxy PROXY protocol v2 codec in netty leaks native or heap memory on every connection when a client sends a syntactically valid header containing… - CVE-2026-48089 - DevGuard has improper authorization on public assets
CVE-2026-48089High
Impact On a DevGuard API instance with one or more **public assets**, any authenticated user — including users from a different organization with no membership… - CVE-2026-48099 - WsgiDAV encoded dot segments can escape filesystem share roots
CVE-2026-48099High
Impact WsgiDAV 4.3.3 can allow a WebDAV request path containing an encoded parent-directory segment to escape the configured filesystem share root in a… - CVE-2026-11401 - AWS Advanced Go Wrapper has Privilege Escalation in Aurora PostgreSQL instance
CVE-2026-11401High
Aurora PostgreSQL is a fully managed relational database engine that's compatible with PostgreSQL. An issue in Aurora PostgreSQL using the AWS Go Wrapper waa… - CVE-2026-48110 - Russh SSH message fields were decoded through allocation-first parsers before fi
CVE-2026-48110High
# SSH message fields were decoded through allocation-first parsers before field-specific bounds Summary Several `russh` client and server message handlers… - CVE-2025-27511 - GeoServer DB2 DataStore Extension has a JNDI Vulnerability via Store Connection
CVE-2025-27511High
## Summary Administrator can perform JNDI attack through specially crafted DB2 jdbc url leading to Remote Code Execution (RCE). ## Impact If GeoServer has DB2… - CVE-2026-48109 - MessagePack's LZ4 decompression may fail with AccessViolationException after de
CVE-2026-48109High
Impact A vulnerability exists in the optional LZ4 decompression path used by MessagePack compression modes `Lz4Block` and `Lz4BlockArray`. The decoder…
Medium (39 条)
- CVE-2026-28975 - NIOExtras: NIOHTTPRequestDecompressor ratio limit bypass via inflated Content-Le
CVE-2026-28975Medium
Impact When `NIOHTTPRequestDecompressor` is configured with `.ratio(N)`, the decompression limit is enforced using the `Content-Length` header value from the… - CVE-2026-48128 - Budibase: SSRF via User-Controlled queryId in Automation Execute Query Step
CVE-2026-48128Medium
Summary The executeQuery automation step in Budibase accepts a queryId from automation step inputs and passes it directly to the query execution controller… - CVE-2025-58175 - GeoServer has a Server-Side Request Forgery (SSRF) Vulnerability in its XML Enti
CVE-2025-58175Medium
Summary A GeoServer that uses `ENTITY_RESOLUTION_ALLOWLIST` may allow attacker to perform unauthenticated Server-Side Request Forgery (SSRF). Details This… - CVE-2026-48147 - Budibase: Unanchored Regex in `matchers.ts` Allows CSRF Bypass via Query String
CVE-2026-48147Medium
Summary The `buildMatcherRegex()` / `matches()` functions in `packages/backend-core/src/middleware/matchers.ts` share the same structural root cause as the… - CVE-2026-48148 - Budibase: Unvalidated VectorDB Host Parameter Enables SSRF
CVE-2026-48148Medium
Summary The VectorDB configuration endpoint in Budibase accepts a host parameter that undergoes no validation against internal IP ranges, reserved hostnames,… - CVE-2026-48154 - gorest InMemorySecret2FA race condition allows process crash via concurrent map
CVE-2026-48154Medium
## Vulnerability: CWE-362 — Concurrent Map Access Race Condition in InMemorySecret2FA **CWE:** CWE-362 (Concurrent Execution using Shared Resource with… - CVE-2026-48155 - pypdf: Possible large memory usage for large offsets for layout mode text
CVE-2026-48155Medium
Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in layout mode with large… - CVE-2026-48156 - pypdf: Possible long runtimes for zero-only width values in cross-reference stre
CVE-2026-48156Medium
Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with `/W [0 0 0]` values and…
…另有 31 条 Medium 级漏洞(已省略)
Low (6 条)
- CVE-2026-28898 - SwiftNIO HTTP/2: HTTP/2-to-HTTP/1 Request Smuggling via unvalidated :path pseudo
CVE-2026-28898Low
swift-nio-http2's HTTP/2-to-HTTP/1.1 codec (`HTTP2FramePayloadToHTTP1ServerCodec` / `HTTP2ToHTTP1ServerCodec`) did not validate pseudo-header values for… - GHSA-6vgg-xhvh-38ff - nebula-mesh: POST /api/v1/hosts/{id}/mobile-bundle response lacks Cache-Control: Low
`internal/api/mobile_bundle.go:62-66` sets only `Content-Type: application/yaml`. The Web-UI sibling at `internal/web/handlers.go:1316-1321` sets… - CVE-2026-49854 - Tornado has out-of-bounds memory access via C extension
CVE-2026-49854Low
Summary Tornado's optional native extension `tornado.speedups` implements `websocket_mask` without validating that the `mask` argument is exactly four bytes…
…另有 3 条 Low 级漏洞(已省略)
🛡️ NVD-Latest(57 条)
Critical (10 条)
- CVE-2026-49261 MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 th
CVE-2026-49261Critical 10.0
CVE-2026-49261 CVSS:10.0 MariaDB server is a community developed fork of MySQL server. Versions 10.6.1 through 10.6.26, 10.11.1 through 10.11.17, 11.4.1… - CVE-2026-11839 Unrestricted upload of file with dangerous type vulnerability in Başarsoft Infor
CVE-2026-11839Critical 9.9
CVE-2026-11839 CVSS:9.9 Unrestricted upload of file with dangerous type vulnerability in Başarsoft Information Technologies Inc. Rotaban allows Upload a Web… - CVE-2026-38581 SQL Injection vulnerability in damasac thaipalliative_lte through version 3.0 al
CVE-2026-38581Critical 9.8
CVE-2026-38581 CVSS:9.8 SQL Injection vulnerability in damasac thaipalliative_lte through version 3.0 allows remote attackers to execute arbitrary SQL commands… - CVE-2026-7852 Unrestricted upload of file with dangerous type vulnerability in Limatek System
CVE-2026-7852Critical 9.8
CVE-2026-7852 CVSS:9.8 Unrestricted upload of file with dangerous type vulnerability in Limatek System Inc. LimRAD NAC allows Remote Code Inclusion. This issue… - CVE-2026-11561 Improper neutralization of special elements used in an expression language state
CVE-2026-11561Critical 9.8
CVE-2026-11561 CVSS:9.8 Improper neutralization of special elements used in an expression language statement ('expression language injection') vulnerability in… - CVE-2026-35273 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleS
CVE-2026-35273Critical 9.8
CVE-2026-35273 CVSS:9.8 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management).… - CVE-2025-6254 The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in
CVE-2025-6254Critical 9.8
CVE-2025-6254 CVSS:9.8 The Doctreat Core plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.6.8. This is due to… - CVE-2026-45328 ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In vers
CVE-2026-45328Critical 9.3
CVE-2026-45328 CVSS:9.3 ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, the esp_tee component exposes… - CVE-2026-9648 The crypton-x509-validation Haskell library fails to enforce X.509 NameConstrain
CVE-2026-9648Critical 9.1
CVE-2026-9648 CVSS:9.1 The crypton-x509-validation Haskell library fails to enforce X.509 NameConstraints, allowing TLS clients to accept certificates whose… - CVE-2026-9067 The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not
CVE-2026-9067Critical 9.1
CVE-2026-9067 CVSS:9.1 The Schema & Structured Data for WP & AMP WordPress plugin before 1.60 does not check user capabilities on its frontend AJAX file-upload…
High (47 条)
- CVE-2025-24284 This issue was addressed with improved checks to prevent unauthorized actions. T
CVE-2025-24284High 8.8
CVE-2025-24284 CVSS:8.8 This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Sequoia 15.4. An app may be… - CVE-2026-7870 IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due
CVE-2026-7870High 8.8
CVE-2026-7870 CVSS:8.8 IBM i 7.6, 7.5, 7.4, and 7.3 could allow a user to gain elevated privileges due to an unqualified library call. A malicious actor could… - CVE-2026-8071 The Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6.79 does no
CVE-2026-8071High 8.8
CVE-2026-8071 CVSS:8.8 The Anti-Spam by CleanTalk. Spam protection WordPress plugin before 6.79 does not properly sanitize content within a custom shortcode… - CVE-2026-44494 Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to
CVE-2026-44494High 8.7
CVE-2026-44494 CVSS:8.7 Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.16.0, the Axios library is vulnerable to a… - CVE-2026-6552 GitLab has remediated an issue in GitLab EE affecting all versions from 15.5 bef
CVE-2026-6552High 8.7
CVE-2026-6552 CVSS:8.7 GitLab has remediated an issue in GitLab EE affecting all versions from 15.5 before 18.10.8, 18.11 before 18.11.5, and 19.0 before… - CVE-2026-10087 GitLab has remediated an issue in GitLab EE affecting all versions from 17.1 bef
CVE-2026-10087High 8.7
CVE-2026-10087 CVSS:8.7 GitLab has remediated an issue in GitLab EE affecting all versions from 17.1 before 18.10.8, 18.11 before 18.11.5, and 19.0 before… - CVE-2026-44492 Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.
CVE-2026-44492High 8.6
CVE-2026-44492 CVSS:8.6 Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios does not normalise IPv4-mapped IPv6… - CVE-2026-40999 When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addresses, Spri
CVE-2026-40999High 8.6
CVE-2026-40999 CVSS:8.6 When WS-Addressing is used with non-anonymous ReplyTo or FaultTo addresses, Spring WS may initiate outbound connections through… - CVE-2026-3326 The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a
CVE-2026-3326High 8.6
CVE-2026-3326 CVSS:8.6 The Xstore WordPress theme before 9.7.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX… - CVE-2026-24067 Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.sl
CVE-2026-24067High 8.4
CVE-2026-24067 CVSS:8.4 Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which… - CVE-2026-24066 Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.sl
CVE-2026-24066High 8.4
CVE-2026-24066 CVSS:8.4 Slate Digital Connect 1.37.0 for macOS installs a privileged helper tool, com.slatedigital.connect.privileged.helper.tool, which… - CVE-2026-49982 tmp is a temporary file and directory creator for node.js. In version 0.2.6, the
CVE-2026-49982High 8.2
CVE-2026-49982 CVSS:8.2 tmp is a temporary file and directory creator for node.js. In version 0.2.6, the _assertPath guard added to tmp rejects only string… - CVE-2026-40998 Jaxp13XPathTemplate evaluated XPath expressions for StreamSource and SAXSource i
CVE-2026-40998High 8.2
CVE-2026-40998 CVSS:8.2 Jaxp13XPathTemplate evaluated XPath expressions for StreamSource and SAXSource inputs using a code path that parsed attacker-controlled… - CVE-2026-40994 Wss4jSecurityInterceptor initialized its BSP (WS-I Basic Security Profile) compl
CVE-2026-40994High 8.2
CVE-2026-40994 CVSS:8.2 Wss4jSecurityInterceptor initialized its BSP (WS-I Basic Security Profile) compliance flag so that inbound validation disabled WSS4J… - CVE-2026-53777 Perry before 0.5.1159 contains a path traversal vulnerability that allows a mali
CVE-2026-53777High 8.1
CVE-2026-53777 CVSS:8.1 Perry before 0.5.1159 contains a path traversal vulnerability that allows a malicious build server to write arbitrary content to any… - CVE-2026-11816 Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the a
CVE-2026-11816High 8.1
CVE-2026-11816 CVSS:8.1 Keras versions prior to 3.14.0 are vulnerable to a path traversal issue in the archive extraction utilities located in… - CVE-2026-41700 Spring for GraphQL applications that have enabled the WebSocket transport are vu
CVE-2026-41700High 8.1
CVE-2026-41700 CVSS:8.1 Spring for GraphQL applications that have enabled the WebSocket transport are vulnerable to Cross-Site WebSocket Hijacking. An attacker… - CVE-2026-41699 Spring for GraphQL applications are vulnerable to Unsafe Deserialization when pr
CVE-2026-41699High 8.1
CVE-2026-41699 CVSS:8.1 Spring for GraphQL applications are vulnerable to Unsafe Deserialization when processing paginated GraphQL queries. An attacker can… - CVE-2026-10795 The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable
CVE-2026-10795High 8.1
CVE-2026-10795 CVSS:8.1 The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and… - CVE-2026-53673 BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in
CVE-2026-53673High 8.1
CVE-2026-53673 CVSS:8.1 BuddyPress 14.4.0 contains an insecure direct object reference vulnerability in the messages REST API that allows authenticated… - CVE-2025-31272 The issue was addressed with improved checks. This issue is fixed in macOS Sequo
CVE-2025-31272High 7.8
CVE-2025-31272 CVSS:7.8 The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to bypass launch constraint… - CVE-2026-10847 A local privilege escalation vulnerability exists in Check Point Identity Agent
CVE-2026-10847High 7.8
CVE-2026-10847 CVSS:7.8 A local privilege escalation vulnerability exists in Check Point Identity Agent Full for Windows OS. An authenticated local user may be… - CVE-2026-11774 An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server
CVE-2026-11774High 7.6
CVE-2026-11774 CVSS:7.6 An integer overflow flaw was found in the SASL I/O layer of 389 Directory Server (389-ds-base). In sasl_io_start_packet(), adding… - CVE-2025-46315 A permissions issue was addressed with additional restrictions. This issue is fi
CVE-2025-46315High 7.5
CVE-2025-46315 CVSS:7.5 A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to access… - CVE-2026-46697 Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5
CVE-2026-46697High 7.5
CVE-2026-46697 CVSS:7.5 Fediverse Embeds embeds fediverse posts on WordPress sites. Prior to version 1.5.8, Fediverse Embeds registered an unauthenticated REST… - CVE-2026-44496 Axios is a promise based HTTP client for the browser and Node.js. Axios versions
CVE-2026-44496High 7.5
CVE-2026-44496 CVSS:7.5 Axios is a promise based HTTP client for the browser and Node.js. Axios versions before 0.32.0 on the 0.x line and before 1.16.0 on the… - CVE-2026-44488 Axios is a promise based HTTP client for the browser and Node.js. Axios versions
CVE-2026-44488High 7.5
CVE-2026-44488 CVSS:7.5 Axios is a promise based HTTP client for the browser and Node.js. Axios versions 1.7.0 through 1.15.x did not enforce configured… - CVE-2026-44487 Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.
CVE-2026-44487High 7.5
CVE-2026-44487 CVSS:7.5 Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’s Node.js HTTP adapter may forward… - CVE-2026-44486 Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.
CVE-2026-44486High 7.5
CVE-2026-44486 CVSS:7.5 Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, Axios’ Node.js HTTP adapter can leak… - CVE-2026-7787 IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read o
CVE-2026-7787High 7.5
CVE-2026-7787 CVSS:7.5 IBM Langflow OSS 1.0.0 through 1.9.1 could allow an authenticated user to read or modify sensitive information by bypassing… - CVE-2026-7250 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10
CVE-2026-7250High 7.5
CVE-2026-7250 CVSS:7.5 GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.10.8, 18.11 before 18.11.5, and 19.0 before… - CVE-2026-5497 vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of
CVE-2026-5497High 7.5
CVE-2026-5497 CVSS:7.5 vLLM versions 0.8.0 and later are vulnerable to an Out-of-Memory (OOM) Denial of Service (DoS) attack due to unbounded frame count… - CVE-2026-41856 The Spring GraphQL annotation detection mechanism for @Controller data fetchers
CVE-2026-41856High 7.5
CVE-2026-41856 CVSS:7.5 The Spring GraphQL annotation detection mechanism for @Controller data fetchers may not correctly resolve annotations on methods within… - CVE-2025-71330 image-size through 2.0.2 contains a denial of service vulnerability that allows
CVE-2025-71330High 7.5
CVE-2025-71330 CVSS:7.5 image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event… - CVE-2025-71329 image-size through 2.0.2 contains a denial of service vulnerability that allows
CVE-2025-71329High 7.5
CVE-2025-71329 CVSS:7.5 image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event… - CVE-2026-3018 The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection v
CVE-2026-3018High 7.5
CVE-2026-3018 CVSS:7.5 The Newsletters plugin for WordPress is vulnerable to time-based SQL Injection via the ‘wpmlsubscriber_id’ parameter in all versions up… - CVE-2026-45541 ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In vers
CVE-2026-45541High 7.5
CVE-2026-45541 CVSS:7.5 ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a… - CVE-2026-48546 KanaDojo before 0.1.18 contains a sandbox escape vulnerability that allows an at
CVE-2026-48546High 7.3
CVE-2026-48546 CVSS:7.3 KanaDojo before 0.1.18 contains a sandbox escape vulnerability that allows an attacker to execute arbitrary code by exploiting the… - CVE-2026-8589 GitLab has remediated an issue in GitLab EE affecting all versions from 13.1.4 b
CVE-2026-8589High 7.3
CVE-2026-8589 CVSS:7.3 GitLab has remediated an issue in GitLab EE affecting all versions from 13.1.4 before 18.10.8, 18.11 before 18.11.5, and 19.0 before… - CVE-2026-11837 A local privilege escalation vulnerability was found in the ansible.posix author
CVE-2026-11837High 7.3
CVE-2026-11837 CVSS:7.3 A local privilege escalation vulnerability was found in the ansible.posix authorized_key module. The module's keyfile() function uses… - CVE-2023-33999 Improper neutralization of input during web page generation ('cross-site scripti
CVE-2023-33999High 7.1
CVE-2023-33999 CVSS:7.1 Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in WPVibes WP Mail Log allows… - CVE-2026-40987 A malicious or compromised FTP/SFTP/SMB server can write arbitrary files anywher
CVE-2026-40987High 7.1
CVE-2026-40987 CVSS:7.1 A malicious or compromised FTP/SFTP/SMB server can write arbitrary files anywhere on the client filesystem (outside the configured… - CVE-2026-49069 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripti
CVE-2026-49069High 7.1
CVE-2026-49069 CVSS:7.1 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM Portfolio allows Reflected… - CVE-2026-45542 ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In vers
CVE-2026-45542High 7.1
CVE-2026-45542 CVSS:7.1 ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a heap buffer… - CVE-2026-45329 ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In vers
CVE-2026-45329High 7.1
CVE-2026-45329 CVSS:7.1 ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service… - CVE-2026-53674 BuddyPress 14.4.0 contains a regular expression injection vulnerability in the a
CVE-2026-53674High 7.1
CVE-2026-53674 CVSS:7.1 BuddyPress 14.4.0 contains a regular expression injection vulnerability in the activity mention resolver that, when username… - CVE-2026-44495 Axios is a promise based HTTP client for the browser and Node.js. From 0.19.0 to
CVE-2026-44495High 7.0
CVE-2026-44495 CVSS:7.0 Axios is a promise based HTTP client for the browser and Node.js. From 0.19.0 to before 0.31.1 and 1.15.2, Axios contains…
⚔️ Sploitus(60 条)
Unknown (60 条)
- Exploit for Missing Authentication for Critical Function in Erlang Erlang\/Otp exploit
Exploit for Missing Authentication for Critical Function in Erlang Erlang\/Otp exploit - ember exploit
ember exploit
…另有 58 条 Unknown 级漏洞(已省略)
🤖 漏洞情报自动汇总 · 2026-06-13 · 数据来源: NVD / GitHub Advisory / Sploitus / CISA-KEV