浏览 331,757+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-42307 | Vim: OS Command Injection in netrw | vim | vim | Medium | 4.4 | 2026-05-08 22:38:54 | Deep Dive |
| CVE-2026-42350 | Kargo: Open Redirect in UI OIDC Login Flow via redirectTo Query Parameter | akuity | kargo | - | - | 2026-05-08 22:35:30 | Deep Dive |
| CVE-2026-42352 | pygeoapi 0.23.x: Unauthenticated SSRF via OGC API - Processes Subscriber | geopython | pygeoapi | High | 8.6 | 2026-05-08 22:31:50 | Deep Dive |
| CVE-2026-42351 | pygeoapi: Path Traversal in STAC FileSystemProvider | geopython | pygeoapi | High | 7.5 | 2026-05-08 22:31:18 | Deep Dive |
| CVE-2026-42556 | Postiz stored XSS in public preview page | gitroomhq | postiz-app | High | 8.9 | 2026-05-08 22:28:33 | Deep Dive |
| CVE-2026-42346 | Postiz: TOCTOU DNS rebinding bypasses all SSRF URL validation paths | gitroomhq | postiz-app | Medium | 6.5 | 2026-05-08 22:26:51 | Deep Dive |
| CVE-2026-42298 | Postiz: Arbitrary Code Execution and Token Exfiltration in pr-docker-build.yml via untrusted Dockerfile.dev | gitroomhq | postiz-app | Critical | 10.0 | 2026-05-08 22:24:10 | Deep Dive |
| CVE-2026-42339 | New API: SSRF Filter Bypass via 0.0.0.0 | QuantumNous | new-api | - | - | 2026-05-08 22:21:54 | Deep Dive |
| CVE-2026-41432 | New API: Stripe Webhook Signature Bypass via Empty Secret Enables Unlimited Quota Fraud | QuantumNous | new-api | High | 7.1 | 2026-05-08 22:21:32 | Deep Dive |
| CVE-2026-44286 | FastGPT: SSRF Vulnerability in Laf Workflow Node via Missing Internal Address Validation | labring | FastGPT | - | - | 2026-05-08 22:17:18 | Deep Dive |
| CVE-2026-44284 | FastGPT: Stored MCP tool URL SSRF in FastGPT workflow execution | labring | FastGPT | Medium | 6.3 | 2026-05-08 22:12:40 | Deep Dive |
| CVE-2026-42345 | FastGPT: Cloud metadata endpoint SSRF protection bypass via port specification, IPv6 mapping, hex/decimal IP encoding, and trailing dot | labring | FastGPT | High | 7.7 | 2026-05-08 22:11:10 | Deep Dive |
| CVE-2026-42344 | FastGPT: DNS rebinding TOCTOU bypass in isInternalAddress allows SSRF on all protected endpoints | labring | FastGPT | Medium | 6.3 | 2026-05-08 22:10:01 | Deep Dive |
| CVE-2026-42343 | FastGPT: Uncontrolled Resource Consumption leading to Sandbox Exhaustion | labring | FastGPT | - | - | 2026-05-08 22:09:03 | Deep Dive |
| CVE-2026-42302 | FastGPT: Unauthenticated Remote Code Execution (RCE) via code-server Misconfiguration in agent-sandbox | labring | FastGPT | Critical | 9.8 | 2026-05-08 22:05:49 | Deep Dive |
| CVE-2026-42224 | ipl/web is vulnerable to reflected XSS by malformed search requests | Icinga | ipl-web | High | 7.6 | 2026-05-08 22:02:52 | Deep Dive |
| CVE-2026-41520 | Cillium exposes sensitive information included in the cilium-bugtool debug archive | cilium | cilium | High | 7.9 | 2026-05-08 22:01:08 | Deep Dive |
| CVE-2026-44987 | SysReptor: Privilege Escalation from User Admin to Superuser | Syslifters | sysreptor | Low | 3.8 | 2026-05-08 21:59:12 | Deep Dive |
| CVE-2026-42291 | SysReptor: Read-write access to personal notes by sharing-link creation with no authorization in SysReptor Professional | Syslifters | sysreptor | Medium | 6.8 | 2026-05-08 21:57:51 | Deep Dive |
| CVE-2026-42206 | Roadiz OpenID Connect nonce generated but never validated — ID token replay attack | roadiz | core-bundle-dev-app | - | - | 2026-05-08 21:54:33 | Deep Dive |