最新漏洞情报100
CVE & PoC Alerts in Real Time
Note Mark has Stored XSS via Unrestricted Asset Upload
Maddy Mail Server has an LDAP Filter Injection via Unsanitized Username
FITS GZIP decompression bomb in Pillow
Emissary has an OS Command Injection via Unvalidated IN_FILE_ENDING / OUT_FILE_ENDING in Executrix
External Secrets Operator has DNS-based secret exfiltration via getHostByName in External Secrets v2 template engine
simple-git Affected by Command Execution via Option-Parsing Bypass
Decidim has a cross-site scripting (XSS) in user name
Keras远程代码执行漏洞
Adobe Acrobat Reader 远程代码执行漏洞(CVE-2026-34621)
Daptin has Unauthenticated Path Traversal and Zip Slip
mathjs 允许对动态确定的对象属性进行不当控制的修改
Paperclip 通过导入授权绕过实现未经身份验证的远程代码执行 (RCE)
Juju: CloudSpec 方法导致云凭据泄露
gramps-webapi: 媒体存档导入中的 Zip Slip 路径穿越漏洞
n8n-mcp HTTP 传输层存在未授权会话终止与信息泄露漏洞
Arcane 模板获取端点存在未经身份验证的 SSRF 漏洞(带条件响应反射)
DotNetNuke.Core 通过上传 SVG 文件导致存储型跨站脚本 (XSS) 漏洞
basic-ftp: CRLF 注入保护不完整导致可通过凭据和 MKD 命令执行任意 FTP 命令
goshs has a file-based ACL authorization bypass in goshs state-changing routes
goshs is Missing Write Protection for Parametric Data Values
nimiq-blockchain is missing a wall-clock upper bound on block timestamps
ajenti.plugin.core has password bypass when 2FA is activated
Axios has Unrestricted Cloud Metadata Exfiltration via Header Injection Chain
Ech0: Scoped admin access tokens can bypass least-privilege controls on privileged endpoints, including backup export
PraisonAI Browser Server allows unauthenticated WebSocket clients to hijack connected extension sessions
PraisonAI has critical RCE via `type: job` workflow YAML
PraisonAI Vulnerable to RCE via Automatic tools.py Import
SiYuan: Publish Reader Path Traversal Delete via `removeUnusedAttributeView`
SiYuan: Publish Reader Can Arbitrarily Delete Attribute View Files via `/api/av/removeUnusedAttributeView`
Bugsink affected by authenticated arbitrary file write in artifactbundle/assemble
Saltcorn has an Unauthenticated Path Traversal in sync endpoints, allowing arbitrary file write and directory read
PraisonAI Vulnerable to Server-Side Request Forgery via Unvalidated webhook_url in Jobs API
PraisonAIAgents: SSRF via unvalidated URL in `web_crawl` httpx fallback
PraisonAI: Cross-Origin Agent Execution via Hardcoded Wildcard CORS and Missing Authentication on AGUI Endpoint
PraisonAI vulnerable to arbitrary file write via path traversal in `praisonai recipe unpack`
PraisonAI Vulnerable to Implicit Execution of Arbitrary Code via Automatic `tools.py` Loading
PraisonAI Vulnerable Untrusted Remote Template Code Execution
PraisonAI: Hardcoded `approval_mode="auto"` in Chainlit UI Overrides Administrator Configuration, Enabling Unapproved Shell Command Execution
PraisonAI Vulnerable to Code Injection and Protection Mechanism Failure
PraisonAIAgents: Environment Variable Secret Exfiltration via os.path.expandvars() Bypassing shell=False in Shell Tool
PraisonAI: Unauthenticated Allow-List Manipulation Bypasses Agent Tool Approval Safety Controls
PraisonAIAgents has SSRF and Local File Read via Unvalidated URLs in web_crawl Tool
PraisonAI: Unauthenticated WebSocket Endpoint Proxies to Paid OpenAI Realtime API Without Rate Limits
PraisonAI Vulnerable to Argument Injection into Cloud Run Environment Variables via Unsanitized Comma in gcloud --set-env-vars
PraisonAIAgents has an OS Command Injection via shell=True in Memory Hooks Executor (memory/hooks.py)
SiYuan Affected by Zero-Click NTLM Hash Theft and Blind SSRF via Mermaid Diagram Rendering
LXD: VM lowlevel restriction bypass via raw.apparmor and raw.qemu.conf
LXD: Importing a crafted backup leads to project restriction bypass
LXD: Update of type field in restricted TLS certificate allows privilege escalation to cluster admin
@sveltejs/adapter-node has a BODY_SIZE_LIMIT bypass
@vitejs/plugin-rsc has a Denial of Service with React Server Components
Next.js has a Denial of Service with Server Components
Vikunja vulnerable to Privilege Escalation via Project Reparenting
Helm's plugin verification fails open when .prov is missing, allowing unsigned plugin install
Helm has a path traversal in plugin metadata version enables arbitrary file write outside Helm plugin directory
Wasmtime with Winch compiler backend on aarch64 may allow a sandbox-escaping memory access
Vikunja has TOTP Two-Factor Authentication Bypass via OIDC Login Path
Apache ActiveMQ: 由于内存耗尽导致的拒绝服务漏洞
parisneo/lollms 社交功能存在存储型 XSS 漏洞
Spring Cloud Gateway SSL bundle 配置被静默绕过
OpenClaw Gateway: 通过 device.pair.approve 实现从 operator.pairing 到 operator.admin 的权限提升与 RCE
Axios SSRF漏洞
Parisneo /lollms漏洞
云帆在线考试培训系统存在弱口令
Langflow autologin 致 access_token 泄漏
泛微e-office /iWebOffice/Signature/SignatureDel.php SQL 注入漏洞
PyLoad /login 默认口令漏洞
Pentaho /pentaho/j_spring_security_check 默认口令漏洞
FreePBX /admin/config.php 默认口令漏洞
Owncast /api/admin/serverconfig 默认口令漏洞
Siemens SIMATIC HMI MiniWeb /FormLogin 默认口令漏洞
PowerJob /appInfo/assert 默认口令漏洞
泛微E-Cology9 /services/WorkPlanService SQL 注入漏洞
用友政务财务系统 /billdesigner/office/downloadTemplate 文件读取漏洞
Meshery /api/system/fileDownload 文件读取漏洞
Meshery /api/system/fileView 文件读取漏洞
Vite Dev Server /node_modules/.vite/deps 文件读取漏洞 (CVE-2026-39365)
深科特 LEAN MES 系统 /Handler/AutoComplete.ashx SQL 注入漏洞
万户 ezOFFICE /defaultroot/iWebOfficeSign/OfficeServer.jsp/../../platform/bpm/work_flow/operate/wf_relation.jsp SQL 注入漏洞
Stirling-PDF /api/v1/convert/markdown/pdf 服务器端请求伪造漏洞 (CVE-2025-55161)
Alfresco Content Services /alfresco/service/api/login 默认口令漏洞
Homebridge Config UI X /api/auth/login 默认口令漏洞
月子会所ERP管理云平台 /Page/ContractManager/ashx/Handler.ashx 文件上传漏洞
WordPress Elementor Page Builder 插件 / 文件读取漏洞
elecV2P /store 文件读取漏洞
elecV2P /rpc 代码执行漏洞
Ech0 /api/allusers 信息泄露漏洞(CVE-2026-33638)
Dolibarr /index.php 默认口令漏洞
ILIAS LMS /ilias.php 默认口令漏洞
用友U8 Cloud uapbd.refdef.query SQL 注入漏洞
Rundeck /j_security_check 默认口令漏洞
Marimo-team Marimo 远程代码执行漏洞
Apache Tomcat: CLIENT_CERT 身份验证在预期情况下未失败
bsv-sdk ARC 广播器将 INVALID/MALFORMED/ORPHAN 响应误认为广播成功
bsv-sdk and bsv-wallet persist unverified certifier signatures in acquire_certificate (direct and issuance paths)
Wasmtime: aarch64 Cranelift 编译错误导致沙箱逃逸
OpenClaw: `fetchWithSsrFGuard` 在跨域重定向时重放不安全的请求体
OpenClaw: 节点配对重连命令提权绕过 operator.admin 权限限制
MinIO S3 Select CSV 解析中的无限制内存分配导致拒绝服务 (DoS) 漏洞
Axios NO_PROXY 主机名规范化绕过导致 SSRF