{ "count": 50, "generated_at": "2026-05-09T09:19:14.451965", "items": [ { "cve_id": "CVE-2026-41142", "cvss": 8.8, "cwe_id": "CWE-190", "preview": "# CVE-2026-41142 \u6f0f\u6d1e\u5206\u6790\uff1aOpenEXR \u4e2d ImageChannel::resize \u7684\u6574\u6570\u6ea2\u51fa\n\n## 1. \u6f0f\u6d1e\u5206\u6790\n/no_think\n\n### \u6458\u8981\n**CVE-2026-41142** \u662f AcademySoftwareFoundation/openexr \u5e93\u4e2d\u7684\u4e00\u4e2a\u9ad8\u5371\u6f0f\u6d1e\u3002\u5b83\u6d89\u53ca `OpenEXRUtil` \u516c\u5171 API \u4e2d `ImageChannel::resize` \u65b9\u6cd5\u91cc\u7684\u6574\u6570\u6ea2\u51fa\u3002\u8be5\u6ea2\u51fa\u5bfc\u81f4\u57fa\u4e8e\u5806\u7684\u7f13\u51b2\u533a\u8d8a\u754c\u8bfb/\u5199\uff0c\u56e0\u4e3a\u6574\u6570\u6ea2\u51fa\u5bfc\u81f4\u50cf\u7d20\u7f13\u51b2\u533a\u7684\u8ba1\u7b97\u5927\u5c0f\u4e0d\u6b63\u786e\uff0c\u4ece\u800c\u4f7f\u540e\u7eed\u5206\u914d\u7684\u5927\u5c0f\u5c0f\u4e8e\u9884\u671f\uff0c\u800c\u4ee3\u7801\u5374\u7ee7\u7eed\u5199\u5165\u56fe\u50cf\u7684\u903b", "product": "openexr", "severity": "High", "title": "OpenEXR \u56fe\u50cf\u901a\u9053\u8c03\u6574\u6574\u6570\u6ea2\u51fa\u5bfc\u81f4\u5806\u8d8a\u754c\u5199", "title_en": "OpenEXR is Vulnerable to Integer overflow in ImageChannel::resize leads to heap OOB write via OpenEXRUtil public API", "updated_at": "2026-05-09T17:18:36", "url": "https://cve-dev.imfht.com/detail/CVE-2026-41142", "vendor": "AcademySoftwareFoundation" }, { "cve_id": "CVE-2026-41422", "cvss": 8.3, "cwe_id": "CWE-89", "preview": "# CVE-2026-41422: Daptin Aggregate API \u4e2d\u7684 SQL \u6ce8\u5165\u6f0f\u6d1e\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u5b58\u5728\u4e8e Daptin headless CMS \u7684 `/aggregate/:typename` \u7aef\u70b9\u4e2d\u3002\u5728 0.11.4 \u7248\u672c\u4e4b\u524d\uff0c\u670d\u52a1\u5668\u63a5\u53d7\u6765\u81ea\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7528\u6237\u7684 `column` \u548c `group` \u67e5\u8be2\u53c2\u6570\u3002\u8fd9\u4e9b\u53c2\u6570\u672a\u7ecf\u4efb\u4f55\u9a8c\u8bc1\u6216\u6e05\u7406\u5c31\u76f4\u63a5\u4f20\u9012\u7ed9\u4e86 `goqu.L()`\uff08goqu \u5e93\u4e2d\u7684\u539f\u59cb SQL \u5b57\u9762\u91cf\u6784\u5efa\u5668\uff09\u3002\n\n`goqu.L()` \u5c06\u5176\u8f93\u5165\u89c6\u4e3a\u539f\u59cb SQL\uff0c\u4ece\u800c\u7ed5\u8fc7\u4e86\u6240\u6709\u53c2\u6570\u5316\u548c\u6a21\u5f0f\u9a8c\u8bc1\u3002\u8fd9\u5141", "product": "daptin", "severity": "High", "title": "Daptin aggregate API SQL\u6ce8\u5165\u6f0f\u6d1e", "title_en": "Daptin vulnerable to SQL injection via unvalidated goqu.L() calls in aggregate API", "updated_at": "2026-05-09T17:18:08", "url": "https://cve-dev.imfht.com/detail/CVE-2026-41422", "vendor": "daptin" }, { "cve_id": "CVE-2026-33938", "cvss": 8.1, "cwe_id": "CWE-94", "preview": "# CVE-2026-33938 \u5206\u6790\u62a5\u544a\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\nHandlebars.js\uff08\u7248\u672c 4.0.0 \u81f3 4.7.8\uff09\u4e2d\u7684\u6f0f\u6d1e\u6e90\u4e8e\u6a21\u677f\u6570\u636e\u4e0a\u4e0b\u6587\u7684\u53ef\u53d8\u6027\u3002\u5177\u4f53\u6765\u8bf4\uff0c\u7279\u6b8a\u53d8\u91cf `@partial-block` \u5b58\u50a8\u5728\u6a21\u677f\u6570\u636e\u4e0a\u4e0b\u6587\u4e2d\u3002\n\n\u901a\u5e38\uff0c`@partial-block` \u7528\u4e8e\u8c03\u7528\u4f20\u9012\u7ed9\u90e8\u5206\u6a21\u677f\u7684\u5185\u5bb9\u3002\u7136\u800c\uff0c\u7531\u4e8e\u5b83\u5b58\u50a8\u5728\u4e0a\u4e0b\u6587\u5bf9\u8c61\u4e2d\uff0c\u5b83\u53ef\u4ee5\u88ab\u8f85\u52a9\u51fd\u6570\uff08helpers\uff09\u8986\u76d6\u3002\u5982\u679c\u67d0\u4e2a\u8f85\u52a9\u51fd\u6570\u63a5\u53d7\u6765\u81ea\u4e0a\u4e0b\u6587\u7684\u4efb\u610f\u5bf9\u8c61\uff08\u8be5\u5bf9\u8c61\u53ef\u80fd\u53d7\u5230\u4e0d\u53ef\u4fe1\u8f93\u5165\u7684\u5f71\u54cd\uff09\uff0c\u5e76\u5c06\u7cbe\u5fc3\u6784\u9020\u7684 Handlebars AST \u5199\u5165 `@partial-bloc", "product": "handlebars.js", "severity": "High", "title": "Handlebars.js \u5b89\u5168\u6f0f\u6d1e", "title_en": "Handlebars.js has JavaScript Injection via AST Type Confusion by tampering @partial-block", "updated_at": "2026-05-09T17:12:11", "url": "https://cve-dev.imfht.com/detail/CVE-2026-33938", "vendor": "handlebars-lang" }, { "cve_id": "CVE-2026-33939", "cvss": 7.5, "cwe_id": "CWE-754", "preview": "# CVE-2026-33939 \u5206\u6790\uff1aHandlebars.js \u56e0\u7578\u5f62\u88c5\u9970\u5668\u8bed\u6cd5\u5bfc\u81f4\u7684\u670d\u52a1\u62d2\u7edd\u6f0f\u6d1e\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u5b58\u5728\u4e8e\u5305\u542b\u88c5\u9970\u5668\u8bed\u6cd5\uff08\u4f8b\u5982 `{{*decoratorName}}`\uff09\u7684 Handlebars \u6a21\u677f\u7684\u8fd0\u884c\u65f6\u6267\u884c\u8fc7\u7a0b\u4e2d\u3002\u5f53\u7f16\u8bd1\u6a21\u677f\u65f6\uff0cHandlebars \u4f1a\u751f\u6210\u5c1d\u8bd5\u8c03\u7528\u88c5\u9970\u5668\u7684\u4ee3\u7801\u3002\n\n\u5728 4.0.0 \u5230 4.7.8 \u7248\u672c\u4e2d\uff0c\u5982\u679c\u6a21\u677f\u5305\u542b\u5bf9\u672a\u5728 Handlebars \u5b9e\u4f8b\u4e2d\u6ce8\u518c\u7684\u88c5\u9970\u5668\u7684\u5f15\u7528\uff08\u4f8b\u5982 `{{*n}}`\uff0c\u5176\u4e2d `n` \u4e0d\u662f\u5df2\u6ce8\u518c\u7684\u88c5\u9970\u5668\uff09\uff0c\u67e5\u627e\u673a\u5236\u5c06\u8fd4\u56de `undefined`\u3002\n\n\u5173\u952e\u7f3a\u9677\u4f4d\u4e8e", "product": "handlebars.js", "severity": "High", "title": "handlebars \u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e", "title_en": "Handlebars.js has Denial of Service via Malformed Decorator Syntax in Template Compilation", "updated_at": "2026-05-09T17:12:08", "url": "https://cve-dev.imfht.com/detail/CVE-2026-33939", "vendor": "handlebars-lang" }, { "cve_id": "CVE-2026-41670", "cvss": 8.2, "cwe_id": "CWE-20", "preview": "# CVE-2026-41670 \u5206\u6790\uff1aAdmidio SAML ACS URL \u91cd\u5b9a\u5411\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u5b58\u5728\u4e8e Admidio SSO \u6a21\u5757\u4e2d\u7684 SAML \u8eab\u4efd\u63d0\u4f9b\u5546\uff08IdP\uff09\u5b9e\u73b0\u4e2d\u3002\u5177\u4f53\u800c\u8a00\uff0c\u5728\u5904\u7406 SAML `AuthnRequest` \u65f6\uff0cIdP \u76f4\u63a5\u4ece\u8bf7\u6c42\u8d1f\u8f7d\u4e2d\u63d0\u53d6 `AssertionConsumerServiceURL`\u3002\u5e94\u7528\u7a0b\u5e8f\u672a\u5c06\u8be5 URL \u4e0e\u6570\u636e\u5e93\u4e2d\u4e3a\u8be5\u7279\u5b9a\u670d\u52a1\u63d0\u4f9b\u5546\uff08SP\uff09\u5ba2\u6237\u7aef\u6ce8\u518c\u7684 `smc_acs_url` \u8fdb\u884c\u9a8c\u8bc1\uff0c\u800c\u662f\u76f2\u76ee\u4f7f\u7528\u8bf7\u6c42\u4e2d\u63d0\u4f9b\u7684\u503c\u6765\u53d1\u9001\u5df2\u7b7e\u540d\u7684 SAML \u54cd\u5e94\u3002\n\n\u8fd9\u4f7f\u5f97\u653b\u51fb\u8005\u80fd\u591f\u5229\u7528", "product": "admidio", "severity": "High", "title": "Admidio SAML\u54cd\u5e94\u53d1\u9001\u5230\u672a\u9a8c\u8bc1\u7684ACS URL\u6f0f\u6d1e", "title_en": "Admidio: SAML Response Sent to Unvalidated Assertion Consumer Service URL from AuthnRequest", "updated_at": "2026-05-09T16:36:09", "url": "https://cve-dev.imfht.com/detail/CVE-2026-41670", "vendor": "Admidio" }, { "cve_id": "CVE-2026-33937", "cvss": 9.8, "cwe_id": "CWE-843", "preview": "# CVE-2026-33937 \u5206\u6790\uff1a\u901a\u8fc7 AST \u7c7b\u578b\u6df7\u6dc6\u5728 Handlebars.js \u4e2d\u8fdb\u884c JavaScript \u6ce8\u5165\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u5b58\u5728\u4e8e `lib/handlebars/compiler/compiler.js` \u4e2d\u7684 `NumberLiteral` \u5904\u7406\u7a0b\u5e8f\uff08\u7b2c 317 \u884c\uff09\u3002\u5f53\u4f7f\u7528\u9884\u89e3\u6790\u7684 AST \u5bf9\u8c61\uff08\u800c\u4e0d\u662f\u6a21\u677f\u5b57\u7b26\u4e32\uff09\u8c03\u7528 `Handlebars.compile()` \u65f6\uff0c\u7f16\u8bd1\u5668\u4f1a\u76f4\u63a5\u5904\u7406 AST \u8282\u70b9\u3002\n\n\u5bf9\u4e8e `NumberLiteral` \u8282\u70b9\uff0c\u7f16\u8bd1\u5668\u4f1a\u5c06 `value` \u5b57\u6bb5\u539f\u6837\u76f4\u63a5\u8f93\u51fa\u5230\u751f\u6210\u7684", "product": "handlebars.js", "severity": "Critical", "title": "handlebars \u5b89\u5168\u6f0f\u6d1e", "title_en": "Handlebars.js has JavaScript Injection via AST Type Confusion", "updated_at": "2026-05-09T16:36:04", "url": "https://cve-dev.imfht.com/detail/CVE-2026-33937", "vendor": "handlebars-lang" }, { "cve_id": "CVE-2026-33896", "cvss": 7.4, "cwe_id": "CWE-295", "preview": "# CVE-2026-33896 \u5206\u6790\uff1anode-forge \u7684 basicConstraints \u7ed5\u8fc7\u6f0f\u6d1e\n\n## \u6f0f\u6d1e\u5206\u6790\n/no_think\n\n\n\n### Root Cause\nThe vulnerability lies in the `pki.verifyCertificateChain()` function in `lib/x509.js`. Specifically, the logic for verifying that a certificate in the chain is authorized to act as a Cert", "product": "forge", "severity": "High", "title": "Digital Bazaar Forge \u4fe1\u4efb\u7ba1\u7406\u95ee\u9898\u6f0f\u6d1e", "title_en": "Forge has a basicConstraints bypass in its certificate chain verification (RFC 5280 violation)", "updated_at": "2026-05-09T16:28:42", "url": "https://cve-dev.imfht.com/detail/CVE-2026-33896", "vendor": "digitalbazaar" }, { "cve_id": "CVE-2026-33906", "cvss": 7.2, "cwe_id": "CWE-269", "preview": "# CVE-2026-33906\uff1aElla Core \u901a\u8fc7\u6570\u636e\u5e93\u6062\u590d\u5b9e\u73b0\u6743\u9650\u63d0\u5347\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u6e90\u4e8e Ella Core\uff081.7.0 \u4e4b\u524d\u7684\u7248\u672c\uff09\u5728\u6570\u636e\u5e93\u6062\u590d\u529f\u80fd\u4e2d\u8bbf\u95ee\u63a7\u5236\u68c0\u67e5\u4e0d\u8db3\u4ee5\u53ca\u7f3a\u4e4f\u8f93\u5165\u9a8c\u8bc1\u3002\n\n1. **\u6743\u9650\u914d\u7f6e\u9519\u8bef**\uff1a`NetworkManager` \u89d2\u8272\u88ab\u8d4b\u4e88\u4e86\u6267\u884c\u6570\u636e\u5e93\u5907\u4efd\u548c\u6062\u590d\u64cd\u4f5c\u7684\u6743\u9650\u3002\u8be5\u89d2\u8272\u672c\u5e94\u7528\u4e8e\u7f51\u7edc\u914d\u7f6e\u548c\u76d1\u63a7\uff0c\u800c\u975e\u7cfb\u7edf\u7ba1\u7406\u3002\n2. **\u7f3a\u5c11\u5b8c\u6574\u6027\u9a8c\u8bc1**\uff1a\u6062\u590d\u7aef\u70b9\uff08`/api/v1/database/restore` \u6216\u7c7b\u4f3c\u7aef\u70b9\uff09\u63a5\u53d7\u7528\u6237\u4e0a\u4f20\u7684\u4efb\u4f55\u6587\u4ef6\uff0c\u5e76\u76f2\u76ee\u66ff\u6362\u751f\u4ea7\u73af\u5883\u7684 SQLite \u6570\u636e\u5e93", "product": "core", "severity": "High", "title": "Ella Core \u5b89\u5168\u6f0f\u6d1e", "title_en": "Ella Core has Privilege Escalation via Database Restore by NetworkManager role", "updated_at": "2026-05-09T16:28:39", "url": "https://cve-dev.imfht.com/detail/CVE-2026-33906", "vendor": "ellanetworks" }, { "cve_id": "CVE-2026-33895", "cvss": 7.5, "cwe_id": "CWE-347", "preview": "# CVE-2026-33895 \u5206\u6790\uff1aNode-Forge \u4e2d\u7684 Ed25519 \u7b7e\u540d\u4f2a\u9020\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u4f4d\u4e8e `lib/ed25519.js` \u4e2d\u7684 Ed25519 \u7b7e\u540d\u9a8c\u8bc1\u5b9e\u73b0\u4e2d\u3002\u5177\u4f53\u800c\u8a00\uff0c`crypto_sign_open` \u51fd\u6570\uff08\u5c01\u88c5\u4e86\u5e95\u5c42\u7684 `crypto_sign_open` \u539f\u751f\u8c03\u7528\uff09\u672a\u9a8c\u8bc1\u7b7e\u540d\u7684\u6807\u91cf\u5206\u91cf `S` \u662f\u5426\u4e25\u683c\u5c0f\u4e8e\u7fa4\u9636 `L`\u3002\n\n\u6839\u636e RFC 8032\uff0cEd25519 \u7b7e\u540d\u7531\u4e24\u4e2a 32 \u5b57\u8282\u7684\u5206\u91cf\u7ec4\u6210\uff1a`R`\uff08\u4e00\u4e2a\u70b9\uff09\u548c `S`\uff08\u4e00\u4e2a\u6807\u91cf\uff09\u3002\u6807\u91cf `S` \u5fc5\u987b\u5bf9\u7fa4\u9636 `L`\uff08\u5176\u4e2d `L` \u662f\u751f\u6210", "product": "forge", "severity": "High", "title": "Digital Bazaar Forge \u6570\u636e\u4f2a\u9020\u95ee\u9898\u6f0f\u6d1e", "title_en": "Forge has signature forgery in Ed25519 due to missing S > L check", "updated_at": "2026-05-09T16:23:43", "url": "https://cve-dev.imfht.com/detail/CVE-2026-33895", "vendor": "digitalbazaar" }, { "cve_id": "CVE-2026-33891", "cvss": 7.5, "cwe_id": "CWE-835", "preview": "# CVE-2026-33891 \u5206\u6790\uff1aBigInteger.modInverse() \u4e2d\u7684\u65e0\u9650\u5faa\u73af\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u5b58\u5728\u4e8e\u6346\u7ed1\u7684 `jsbn.js` \u5e93\uff08`lib/jsbn.js`\uff09\u4e2d\u7684 `BigInteger.modInverse()` \u51fd\u6570\u5185\u3002\u8be5\u51fd\u6570\u5b9e\u73b0\u4e86\u6269\u5c55\u6b27\u51e0\u91cc\u5f97\u7b97\u6cd5\u4ee5\u8ba1\u7b97\u6a21\u4e58\u9006\u5143\u3002\n\n\u5728 1.4.0 \u4e4b\u524d\u7684\u7248\u672c\u4e2d\uff0c\u8be5\u51fd\u6570\u672a\u80fd\u5145\u5206\u5904\u7406\u8f93\u5165 BigInteger\uff08`this`\uff09\u4e3a\u96f6\u7684\u60c5\u51b5\u3002\u867d\u7136\u7b97\u6cd5\u8bd5\u56fe\u5904\u7406\u8fb9\u7f18\u60c5\u51b5\uff0c\u4f46\u7279\u5b9a\u7684\u903b\u8f91\u6d41\u5141\u8bb8\u5728\u5185\u90e8\u72b6\u6001\u53d8\u91cf\uff08`u` \u548c `v`\uff09\u672a\u6309\u9884\u671f\u5f52\u96f6\uff0c\u6216\u8005\u5bf9 `m.signum", "product": "forge", "severity": "High", "title": "Digital Bazaar Forge \u5b89\u5168\u6f0f\u6d1e", "title_en": "Forge has Denial of Service via Infinite Loop in BigInteger.modInverse() with Zero Input", "updated_at": "2026-05-09T16:23:33", "url": "https://cve-dev.imfht.com/detail/CVE-2026-33891", "vendor": "digitalbazaar" }, { "cve_id": "CVE-2026-7414", "cvss": 9.8, "cwe_id": "CWE-798", "preview": "# CVE-2026-7414\uff1aYarbo \u673a\u5668\u4eba\u56fa\u4ef6\u4e2d\u7684\u786c\u7f16\u7801\u51ed\u636e\n\n## \u6267\u884c\u6458\u8981\n\n**\u4e25\u91cd\u7a0b\u5ea6\uff1a** \u4e25\u91cd\n**\u6f0f\u6d1e\uff1a** \u786c\u7f16\u7801\u7ba1\u7406\u51ed\u636e\u548c\u6301\u4e45\u540e\u95e8\n**\u53d7\u5f71\u54cd\u4ea7\u54c1\uff1a** Yarbo \u673a\u5668\u4eba\u56fa\u4ef6 (< v2.3.9)\n**\u63cf\u8ff0\uff1a** Yarbo \u673a\u5668\u4eba\u56fa\u4ef6 v2.3.9 \u53ca\u66f4\u65e9\u7248\u672c\u5305\u542b\u591a\u4e2a\u76f4\u63a5\u5d4c\u5165\u56fa\u4ef6\u955c\u50cf\u548c Greengrass \u7ec4\u4ef6\u4e2d\u7684\u786c\u7f16\u7801\u51ed\u636e\u3002\u8fd9\u4e9b\u51ed\u636e\u901a\u8fc7 SSH \u63d0\u4f9b\u6301\u4e45\u4e14\u8de8\u6574\u4e2a\u8bbe\u5907\u7fa4\u7ec4\u7684 root \u8bbf\u95ee\u6743\u9650\uff0c\u5141\u8bb8\u672a\u7ecf\u6388\u6743\u5730\u63a7\u5236 MQTT \u547d\u4ee4\u4e0e\u63a7\u5236\u57fa\u7840\u8bbe\u65bd\uff0c\u5e76\u8bbf\u95ee FRP \u96a7\u9053\u670d\u52a1\u3002\u5173\u952e\u7684\u662f\uff0c\u4e00\u4e2a\u540e\u53f0\u670d\u52a1 (`credential_up", "product": "Firmware", "severity": "Critical", "title": "Yarbo\u673a\u5668\u4eba\u56fa\u4ef6\u786c\u7f16\u7801\u51ed\u8bc1\u6f0f\u6d1e", "title_en": "Hardcoded credentials in Yarbo robot firmware", "updated_at": "2026-05-09T16:16:45", "url": "https://cve-dev.imfht.com/detail/CVE-2026-7414", "vendor": "Yarbo" }, { "cve_id": "CVE-2026-7415", "cvss": 9.8, "cwe_id": "CWE-306", "preview": "# CVE-2026-7415 \u5206\u6790\uff1aYarbo \u673a\u5668\u4eba\u56fa\u4ef6\u4e2d\u672a\u914d\u7f6e\u8bfb\u5199 ACL \u7684\u5f00\u653e MQTT \u7f16\u6392\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u6e90\u4e8e Yarbo \u673a\u5668\u4eba\u6240\u4f7f\u7528\u7684 MQTT \u4ee3\u7406\u57fa\u7840\u8bbe\u65bd\uff08EMQX Cloud \u548c\u817e\u8baf TDMQ\uff09\u7684\u914d\u7f6e\u3002\u867d\u7136\u56fa\u4ef6\u672c\u8eab\u5e76\u4e0d\u6258\u7ba1\u672c\u5730 MQTT \u4ee3\u7406\uff0c\u4f46**\u8f66\u961f\u7ea7\u522b\u7684 MQTT \u914d\u7f6e**\u7f3a\u5c11\u57fa\u4e8e\u4e3b\u9898\u7684\u8bbf\u95ee\u63a7\u5236\u5217\u8868\uff08ACL\uff09\uff0c\u5e76\u4e14\u4f9d\u8d56\u4e8e\u5355\u4e00\u3001\u786c\u7f16\u7801\u7684\u8f66\u961f\u8303\u56f4\u51ed\u636e\u96c6\u7528\u4e8e\u6240\u6709\u5185\u90e8\u901a\u4fe1\u3002\n\n\u5177\u4f53\u8868\u73b0\u4e3a\uff1a\n1. **\u786c\u7f16\u7801\u7684\u5171\u4eab\u51ed\u636e**\uff1a\u56fa\u4ef6\u5728\u591a\u4e2a\u6587\u4ef6\uff08`device_ops_node.py`\u3001`debug_cont", "product": "Firmware", "severity": "Critical", "title": "Yarbo\u673a\u5668\u4eba\u56fa\u4ef6MQTT\u7f16\u6392\u7f3a\u4e4f\u8bfb\u5199ACL\u63a7\u5236\u6f0f\u6d1e", "title_en": "Open MQTT orchestration without read/write ACLs in Yarbo robot firmware", "updated_at": "2026-05-09T16:16:43", "url": "https://cve-dev.imfht.com/detail/CVE-2026-7415", "vendor": "Yarbo" }, { "cve_id": "CVE-2026-32241", "cvss": 7.5, "cwe_id": "CWE-77", "preview": "# CVE-2026-32241: Flannel \u6269\u5c55\u540e\u7aef\u547d\u4ee4\u6ce8\u5165\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6458\u8981\nFlannel 0.28.2 \u4e4b\u524d\u7684\u7248\u672c\u5728\u5b9e\u9a8c\u6027 **Extension backend** \u4e2d\u5b58\u5728\u4e00\u4e2a\u4e25\u91cd\u7684\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u6b64\u6f0f\u6d1e\u5141\u8bb8\u5177\u5907\u8bbe\u7f6e Kubernetes Node \u6ce8\u91ca\uff08\u7279\u522b\u662f `flannel.alpha.coreos.com/backend-data`\uff09\u80fd\u529b\u7684\u653b\u51fb\u8005\uff0c\u5728\u8fd0\u884c Flannel \u7684\u6bcf\u4e2a\u8282\u70b9\u4e0a\u4ee5 root \u6743\u9650\u5b9e\u73b0\u4efb\u610f\u547d\u4ee4\u6267\u884c\u3002\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u6e90\u4e8e Extension backend \u5904\u7406\u6765\u81ea Kubernetes", "product": "flannel", "severity": "High", "title": "flannel \u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e", "title_en": "Flannel vulnerable to cross-node remote code execution via extension backend BackendData injection", "updated_at": "2026-05-09T16:11:07", "url": "https://cve-dev.imfht.com/detail/CVE-2026-32241", "vendor": "flannel-io" }, { "cve_id": "CVE-2026-4908", "cvss": 7.3, "cwe_id": "CWE-89", "preview": "# CVE-2026-4908: Simple Laundry System modstaffinfo.php \u4e2d\u7684 SQL \u6ce8\u5165\u6f0f\u6d1e\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u4f4d\u4e8e `code-projects` \u5f00\u53d1\u7684 **Simple Laundry System 1.0** \u7684 `modstaffinfo.php` \u6587\u4ef6\u4e2d\uff0c\u662f\u4e00\u4e2a\u5178\u578b\u7684**\u76f2 SQL \u6ce8\u5165**\u6f0f\u6d1e\u3002\n\n\u6839\u672c\u539f\u56e0\u662f `userid` \u53c2\u6570\u5728\u672a\u7ecf\u8fc7\u9002\u5f53\u6e05\u7406\u6216\u53c2\u6570\u5316\u7684\u60c5\u51b5\u4e0b\u88ab\u76f4\u63a5\u62fc\u63a5\u5230 SQL \u67e5\u8be2\u8bed\u53e5\u4e2d\u3002\u5e94\u7528\u7a0b\u5e8f\u53ef\u80fd\u6839\u636e\u63d0\u4f9b\u7684 ID \u68c0\u7d22\u5458\u5de5\u4fe1\u606f\u4ee5\u663e\u793a\u6216\u66f4\u65b0\u8be6\u7ec6\u4fe1\u606f\u3002\u7531\u4e8e\u8f93\u5165\u672a\u8fdb\u884c", "product": "Simple Laundry System", "severity": "High", "title": "Code-Projects Simple Laundry System SQL\u6ce8\u5165\u6f0f\u6d1e", "title_en": "code-projects Simple Laundry System Parameter modstaffinfo.php sql injection", "updated_at": "2026-05-09T16:11:02", "url": "https://cve-dev.imfht.com/detail/CVE-2026-4908", "vendor": "code-projects" }, { "cve_id": "CVE-2026-33757", "cvss": 9.6, "cwe_id": "CWE-384", "preview": "# CVE-2026-33757 \u6f0f\u6d1e\u5206\u6790\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u5b58\u5728\u4e8e OpenBao \u7684 OIDC\uff08OpenID Connect\uff09\u8ba4\u8bc1\u5b9e\u73b0\u4e2d\uff0c\u7279\u522b\u662f\u5f53 `callback_mode` \u8bbe\u7f6e\u4e3a `direct` \u65f6\u3002\u5728 2.5.2 \u4e4b\u524d\u7684\u7248\u672c\u4e2d\uff0c\u7cfb\u7edf\u5728 `direct` \u6a21\u5f0f\u4e0b\u7684 OIDC \u56de\u8c03\u9636\u6bb5\u4e0d\u5f3a\u5236\u8981\u6c42\u7528\u6237\u786e\u8ba4\u6b65\u9aa4\u3002\n\n\u5728 `direct` \u56de\u8c03\u6a21\u5f0f\u4e0b\uff0cOpenBao \u670d\u52a1\u5668\u5145\u5f53 OIDC \u63d0\u4f9b\u8005\u7684\u56de\u8c03\u7aef\u70b9\u3002\u5f53\u7528\u6237\u901a\u8fc7 OIDC \u63d0\u4f9b\u7a0b\u5e8f\u8fdb\u884c\u8ba4\u8bc1\u65f6\uff0c\u63d0\u4f9b\u7a0b\u5e8f\u5c06\u91cd\u5b9a\u5411\u5230 OpenBao \u7684 API \u7aef\u70b9\u3002OpenBao \u968f\u540e\u4ea4", "product": "openbao", "severity": "Critical", "title": "OpenBao \u6388\u6743\u95ee\u9898\u6f0f\u6d1e", "title_en": "OpenBao lacks user confirmation for OIDC direct callback mode", "updated_at": "2026-05-09T16:06:55", "url": "https://cve-dev.imfht.com/detail/CVE-2026-33757", "vendor": "openbao" }, { "cve_id": "CVE-2026-4953", "cvss": 7.3, "cwe_id": "CWE-918", "preview": "# CVE-2026-4953 \u6f0f\u6d1e\u5206\u6790\uff1amingSoft MCMS \u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u662f\u4e00\u4e2a\u4f4d\u4e8e `net/mingsoft/cms/action` \u5305\u4e2d `BaseAction.java` \u6587\u4ef6\u7684 `catchImage` \u65b9\u6cd5\u4e2d\u7684\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\uff08SSRF\uff09\u6f0f\u6d1e\u3002`catchImage` \u51fd\u6570\u65e8\u5728\u4ece\u5916\u90e8 URL \u83b7\u53d6\u56fe\u50cf\u5e76\u5c06\u5176\u5b58\u50a8\u5728\u672c\u5730\u3002\u7136\u800c\uff0c\u5b83\u672a\u80fd\u9a8c\u8bc1\u6216\u901a\u8fc7 `catchimage` \u53c2\u6570\u63d0\u4f9b\u7684\u8f93\u5165 URL \u8fdb\u884c\u6d88\u6bd2\u3002\n\n\u653b\u51fb\u8005\u53ef\u4ee5\u63d0\u4f9b\u6307\u5411\u5185\u90e8\u670d\u52a1\u7684\u6076\u610f URL\uff08\u4f8b\u5982 `http://127.0.0.1", "product": "MCMS", "severity": "High", "title": "MingSoft MCMS \u5b89\u5168\u6f0f\u6d1e", "title_en": "mingSoft MCMS Editor Endpoint BaseAction.java catchImage server-side request forgery", "updated_at": "2026-05-09T16:06:54", "url": "https://cve-dev.imfht.com/detail/CVE-2026-4953", "vendor": "mingSoft" }, { "cve_id": "CVE-2026-33718", "cvss": 7.6, "cwe_id": "CWE-78", "preview": "# CVE-2026-33718: OpenHands Git Diff Handler \u4e2d\u7684\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6982\u8981\nOpenHands \u662f\u4e00\u6b3e\u7531 AI \u9a71\u52a8\u7684\u5f00\u53d1\u8f6f\u4ef6\uff0c\u5176 `get_git_diff()` \u65b9\u6cd5\u4e2d\u5b58\u5728\u4e00\u4e2a\u9ad8\u5371\uff08HIGH severity\uff09\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u5229\u7528 Git diff \u5904\u7406\u7a0b\u5e8f\u4e2d\u4f20\u9012\u7ed9 shell \u547d\u4ee4\u7684\u672a sanitization \u8f93\u5165\uff0c\u5728\u4ee3\u7406\u6c99\u7bb1\uff08agent sandbox\uff09\u4e2d\u6267\u884c\u4efb\u610f\u547d\u4ee4\u3002\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u5b58\u5728\u4e8e `openhands/runtime/utils/git_dif", "product": "OpenHands", "severity": "High", "title": "OpenHands \u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e", "title_en": "OpenHands is Vulnerable to Command Injection through its Git Diff Handler", "updated_at": "2026-05-09T16:00:55", "url": "https://cve-dev.imfht.com/detail/CVE-2026-33718", "vendor": "OpenHands" }, { "cve_id": "CVE-2026-33747", "cvss": 8.4, "cwe_id": "CWE-22", "preview": "# CVE-2026-33747 \u5206\u6790\uff1aBuildKit \u6587\u4ef6\u9003\u9038\u6f0f\u6d1e\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n`moby/buildkit`\uff08v0.28.1 \u4e4b\u524d\u7248\u672c\uff09\u4e2d\u7684\u6f0f\u6d1e\u6e90\u4e8e\u5728\u5904\u7406\u7531\u81ea\u5b9a\u4e49 BuildKit \u524d\u7aef\u53d1\u8d77\u7684\u6587\u4ef6\u64cd\u4f5c\u65f6\uff0c\u8def\u5f84\u9a8c\u8bc1\u4e0d\u8db3\u3002\u5f53\u7528\u6237\u901a\u8fc7 `#syntax` \u6216 `--build-arg BUILDKIT_SYNTAX` \u6307\u5b9a\u81ea\u5b9a\u4e49\u524d\u7aef\u65f6\uff0c\u524d\u7aef\u5bf9\u6784\u5efa\u8fc7\u7a0b\u62e5\u6709\u5f88\u5927\u7684\u63a7\u5236\u6743\u3002\n\n\u6838\u5fc3\u95ee\u9898\u5728\u4e8e `llb`\uff08Low-Level Builder\uff09\u72b6\u6001\u7ba1\u7406\u548c `FileOp` \u6267\u884c\u903b\u8f91\u3002\u5177\u4f53\u6765\u8bf4\uff0c\u5f53\u524d\u7aef\u6307\u793a BuildKit \u5199\u5165\u6587\u4ef6\u65f6\uff0c\u76ee\u6807\u8def", "product": "buildkit", "severity": "High", "title": "BuildKit \u8def\u5f84\u904d\u5386\u6f0f\u6d1e", "title_en": "BuildKit vulnerable to malicious frontend causing file escape outside of storage root", "updated_at": "2026-05-09T16:00:55", "url": "https://cve-dev.imfht.com/detail/CVE-2026-33747", "vendor": "moby" }, { "cve_id": "CVE-2026-34352", "cvss": 8.5, "cwe_id": "CWE-732", "preview": "# CVE-2026-34352 \u6f0f\u6d1e\u5206\u6790\uff1aTigerVNC x0vncserver Image.cxx\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u4f4d\u4e8e `unix/x0vncserver/Image.cxx` \u4e2d\uff0c\u5177\u4f53\u5728 `ShmImage::Init` \u65b9\u6cd5\uff08\u7b2c 270-272 \u884c\uff09\u3002\n\n\u5f53 `x0vncserver` \u5c1d\u8bd5\u4f7f\u7528 X11 \u5171\u4eab\u5185\u5b58\uff08XShm\uff09\u8fdb\u884c\u6027\u80fd\u4f18\u5316\u65f6\uff0c\u5b83\u4f1a\u4f7f\u7528 `shmget()` \u521b\u5efa\u4e00\u4e2a System V \u5171\u4eab\u5185\u5b58\u6bb5\u3002\u4ee3\u7801\u5411 `shmget()` \u4f20\u9012\u4e86\u6a21\u5f0f `0600`\uff1a\n\n```cpp\nshminfo->shmid =", "product": "TigerVNC", "severity": "High", "title": "TigerVNC \u5b89\u5168\u6f0f\u6d1e", "title_en": null, "updated_at": "2026-05-09T15:55:48", "url": "https://cve-dev.imfht.com/detail/CVE-2026-34352", "vendor": "TigerVNC" }, { "cve_id": "CVE-2026-27893", "cvss": 8.8, "cwe_id": "CWE-693", "preview": "# CVE-2026-27893: vLLM \u786c\u7f16\u7801 `trust_remote_code=True` \u7ed5\u8fc7\u6f0f\u6d1e\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u5728 vLLM 0.10.1 \u5230 0.17.x \u7248\u672c\u4e2d\uff0c\u7279\u5b9a\u591a\u6a21\u6001\u6a21\u578b\uff08`NemotronVL` \u548c `KimiK25`\uff09\u7684\u6a21\u578b\u52a0\u8f7d\u903b\u8f91\u5728\u5b9e\u4f8b\u5316\u5b50\u7ec4\u4ef6\uff08\u5982\u89c6\u89c9\u7f16\u7801\u5668\u6216\u81ea\u5b9a\u4e49\u914d\u7f6e\u52a0\u8f7d\u5668\uff09\u65f6\uff0c\u786c\u7f16\u7801\u4e86 `trust_remote_code=True`\u3002\n\n\u901a\u5e38\u60c5\u51b5\u4e0b\uff0cvLLM \u4f1a\u5c0a\u91cd\u7528\u6237\u8bbe\u7f6e\u7684 `--trust-remote-code=False` \u6807\u5fd7\uff08\u6216 API \u4e2d\u7684 `trust_remote_code`", "product": "vllm", "severity": "High", "title": "vLLM \u5b89\u5168\u6f0f\u6d1e", "title_en": "vLLM's hardcoded trust_remote_code=True in NemotronVL and KimiK25 bypasses user security opt-out", "updated_at": "2026-05-09T15:55:40", "url": "https://cve-dev.imfht.com/detail/CVE-2026-27893", "vendor": "vllm-project" }, { "cve_id": "CVE-2026-33671", "cvss": 7.5, "cwe_id": "CWE-1333", "preview": "# CVE-2026-33671: picomatch \u4e2d\u901a\u8fc7 Extglob \u91cf\u8bcd\u5f15\u53d1\u7684 ReDoS\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u5b58\u5728\u4e8e `picomatch` \u5e93\u7684 `lib/parse.js` \u4e2d\u3002\u5177\u4f53\u6765\u8bf4\uff0c\u51fd\u6570 `analyzeRepeatedExtglob`\uff08\u7b2c 260-317 \u884c\uff09\u53ca\u5176\u8f85\u52a9\u51fd\u6570 `getStarExtglobSequenceOutput`\uff08\u7b2c 230-258 \u884c\uff09\u65e8\u5728\u68c0\u6d4b\u53ef\u80fd\u5bfc\u81f4\u707e\u96be\u6027\u56de\u6eaf\u7684\u201c\u9ad8\u98ce\u9669\u201d\u6a21\u5f0f\u3002\n\n\u7136\u800c\uff0c\u5176\u68c0\u6d4b\u903b\u8f91\u5b58\u5728\u7f3a\u9677\u3002\u5b83\u8bd5\u56fe\u901a\u8fc7\u68c0\u67e5\u5206\u652f\u662f\u5426\u5171\u4eab\u91cd\u590d\u7684\u5b57\u7b26\u524d\u7f00\uff0c\u6765\u8bc6\u522b extglob \u91cf\u8bcd\uff08\u5982 ", "product": "picomatch", "severity": "High", "title": "Picomatch \u5b89\u5168\u6f0f\u6d1e", "title_en": "Picomatch has a ReDoS vulnerability via extglob quantifiers", "updated_at": "2026-05-09T15:51:53", "url": "https://cve-dev.imfht.com/detail/CVE-2026-33671", "vendor": "micromatch" }, { "cve_id": "CVE-2026-33631", "cvss": 8.7, "cwe_id": "CWE-862", "preview": "# CVE-2026-33631 \u5206\u6790\uff1aClearanceKit opfilter \u7b56\u7565\u7ed5\u8fc7\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u6e90\u4e8e ClearanceKit \u7684 `opfilter` \u7cfb\u7edf\u6269\u5c55\u4e2d Endpoint Security (ES) \u4e8b\u4ef6\u8ba2\u9605\u7684\u4e0d\u5b8c\u6574\u5b9e\u73b0\u3002\u5728\u4fee\u590d\u524d\u7684\u7248\u672c\uff084.1 \u5206\u652f\u53ca\u66f4\u65e9\u7248\u672c\uff09\u4e2d\uff0c`ESInboundAdapter` \u4ec5\u8ba2\u9605\u5e76\u5904\u7406 `ES_EVENT_TYPE_AUTH_OPEN` \u4e8b\u4ef6\u3002\n\n\u867d\u7136 `AUTH_OPEN` \u8986\u76d6\u4e86\u6807\u51c6\u7684\u6587\u4ef6\u6253\u5f00\u64cd\u4f5c\uff0c\u4f46 macOS \u63d0\u4f9b\u4e86\u5176\u4ed6\u4e03\u79cd\u9700\u8981\u8eab\u4efd\u9a8c\u8bc1\u6216\u901a\u77e5\u7684\u6587\u4ef6\u64cd\u4f5c\u4e8b\u4ef6\u7c7b\u578b\uff1a\n", "product": "clearancekit", "severity": "High", "title": "ClearanceKit \u5b89\u5168\u6f0f\u6d1e", "title_en": "ClearanceKit: opfilter policy bypass via non-open file operations", "updated_at": "2026-05-09T15:51:52", "url": "https://cve-dev.imfht.com/detail/CVE-2026-33631", "vendor": "craigjbass" }, { "cve_id": "CVE-2026-33661", "cvss": 8.6, "cwe_id": "CWE-290", "preview": "# CVE-2026-33661\uff1a\u5fae\u4fe1\u652f\u4ed8\u56de\u8c03\u7b7e\u540d\u9a8c\u8bc1\u7ed5\u8fc7\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u5b58\u5728\u4e8e `yansongda/pay` \u5e93\u4e2d\uff0c\u5177\u4f53\u4f4d\u4e8e\u5fae\u4fe1\u652f\u4ed8\u96c6\u6210\u903b\u8f91\u5185\u3002`verify_wechat_sign()` \u51fd\u6570\uff08\u6216\u5176\u5e95\u5c42\u7684\u7b7e\u540d\u9a8c\u8bc1\u63d2\u4ef6\uff09\u5b58\u5728\u903b\u8f91\u7f3a\u9677\uff1a\u5f53 HTTP \u8bf7\u6c42\u7684 `Host` \u5934\u4e3a `localhost` \u65f6\uff0c\u5b83\u4f1a\u65e0\u6761\u4ef6\u8df3\u8fc7\u7b7e\u540d\u9a8c\u8bc1\u3002\n\n\u8fd9\u662f\u4e00\u79cd\u5371\u9669\u7684\u201c\u5f00\u53d1\u6a21\u5f0f\u201d\u7ed5\u8fc7\u673a\u5236\uff0c\u672c\u610f\u53ef\u80fd\u662f\u4e3a\u4e86\u7b80\u5316\u672c\u5730\u6d4b\u8bd5\uff0c\u4f46\u672a\u7ecf\u9002\u5f53\u7684\u4fdd\u62a4\u63aa\u65bd\u4fbf\u9057\u7559\u5728\u4e86\u751f\u4ea7\u4ee3\u7801\u4e2d\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u5411\u652f\u4ed8\u7aef\u70b9\u53d1\u9001\u5e26\u6709 `Host: localhost` \u5934\u90e8\u7684\u6076\u610f\u56de\u8c03\u8bf7\u6c42", "product": "pay", "severity": "High", "title": "pay \u5b89\u5168\u6f0f\u6d1e", "title_en": "WeChat Pay callback signature verification bypassed when Host header is localhost", "updated_at": "2026-05-09T15:46:43", "url": "https://cve-dev.imfht.com/detail/CVE-2026-33661", "vendor": "yansongda" }, { "cve_id": "CVE-2026-33645", "cvss": 7.1, "cwe_id": "CWE-22", "preview": "# CVE-2026-33645: Fireshare \u8def\u5f84\u904d\u5386\u5bfc\u81f4\u4efb\u610f\u6587\u4ef6\u5199\u5165\u6f0f\u6d1e\n\n## \u6f0f\u6d1e\u5206\u6790\n\n**\u4e25\u91cd\u7a0b\u5ea6\uff1a** \u9ad8\u5371\n**\u53d7\u5f71\u54cd\u7684\u7ec4\u4ef6\uff1a** `app/server/fireshare/api.py`\n**\u53d7\u5f71\u54cd\u7684\u7248\u672c\uff1a** 1.5.1\uff08\u53ca\u66f4\u65e9\u7248\u672c\uff09\n**\u4fee\u590d\u7248\u672c\uff1a** 1.5.2\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u5b58\u5728\u4e8e `/api/uploadChunked` \u7aef\u70b9\uff08\u4ee5\u53ca\u6f5c\u5728\u7684 `/api/uploadChunked/public`\uff09\u3002\u5728\u6613\u53d7\u653b\u51fb\u7684\u7248\u672c\uff081.5.1\uff09\u4e2d\uff0c\u7528\u6237\u5728 multipart \u8868\u5355\u6570\u636e\u4e2d\u63d0\u4f9b\u7684 `checkSum` \u5b57\u6bb5\u88ab\u76f4", "product": "fireshare", "severity": "High", "title": "Fireshare \u5b89\u5168\u6f0f\u6d1e", "title_en": "Fireshare has Path Traversal Arbitrary File Write in `/api/uploadChunked`", "updated_at": "2026-05-09T15:46:41", "url": "https://cve-dev.imfht.com/detail/CVE-2026-33645", "vendor": "ShaneIsrael" }, { "cve_id": "CVE-2026-33496", "cvss": 8.1, "cwe_id": "CWE-1289", "preview": "# CVE-2026-33496: Ory Oathkeeper \u56e0\u7f13\u5b58\u952e\u6df7\u6dc6\u5bfc\u81f4\u7684\u8ba4\u8bc1\u7ed5\u8fc7\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u6f0f\u6d1e\u5b58\u5728\u4e8e Ory Oathkeeper \u4e2d\u7684 `oauth2_introspection` \u8ba4\u8bc1\u5668\u4e2d\u3002\u8be5\u8ba4\u8bc1\u5668\u4f7f\u7528\u5171\u4eab\u7f13\u5b58 (`tokenCache`) \u6765\u5b58\u50a8\u4ee4\u724c\u9a8c\u8bc1\u7684\u7ed3\u679c\uff0c\u4ee5\u63d0\u9ad8\u6027\u80fd\u3002\u7136\u800c\uff0c\u7f13\u5b58\u952e\u751f\u6210\u51fd\u6570 `tokenCacheKey` \u4ec5\u4f7f\u7528 **\u4ee4\u724c\u5b57\u7b26\u4e32 (token string)** \u4f5c\u4e3a\u952e\uff0c\u5ffd\u7565\u4e86\u7528\u4e8e\u9a8c\u8bc1\u4ee4\u724c\u7684 **\u9a8c\u8bc1 URL (`IntrospectionURL`)**\u3002\n\n\u5728\u591a\u79df\u6237\u6216\u591a\u63d0\u4f9b\u5546\u914d\u7f6e\u4e2d\uff0cO", "product": "oathkeeper", "severity": "High", "title": "Ory Oathkeeper \u5b89\u5168\u6f0f\u6d1e", "title_en": "Ory Oathkeeper has an authentication bypass by cache key confusion", "updated_at": "2026-05-09T15:42:56", "url": "https://cve-dev.imfht.com/detail/CVE-2026-33496", "vendor": "ory" }, { "cve_id": "CVE-2026-33530", "cvss": 7.7, "cwe_id": "CWE-202", "preview": "# CVE-2026-33530: InvenTree ORM \u8fc7\u6ee4\u5668\u6ce8\u5165\u5206\u6790\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u5b58\u5728\u4e8e InvenTree \u7684\u6279\u91cf\u6570\u636e\u64cd\u4f5c API \u7aef\u70b9\uff08\u4f8b\u5982 `/api/part/`\u3001`/api/stock/`\u3001`/api/order/`\uff09\u4e2d\u3002\u8fd9\u4e9b\u7aef\u70b9\u63a5\u53d7\u6765\u81ea HTTP \u8bf7\u6c42\u7684 `filters` \u53c2\u6570\u3002\u8be5\u53c2\u6570\u672a\u7ecf\u4efb\u4f55\u5b57\u6bb5\u767d\u540d\u5355\u6216\u9a8c\u8bc1\uff0c\u76f4\u63a5\u4f20\u9012\u7ed9\u4e86 Django \u7684 ORM `queryset.filter(**filters)`\u3002\n\n\u7531\u4e8e Django \u7684 ORM \u652f\u6301\u4f7f\u7528\u53cc\u4e0b\u5212\u7ebf\uff08`__`\uff09\u67e5\u627e\u8bed\u6cd5\u6765\u904d\u5386\u5173\u7cfb\uff08\u4f8b\u5982 `f", "product": "InvenTree", "severity": "High", "title": "InvenTree \u5b89\u5168\u6f0f\u6d1e", "title_en": "InvenTree Vulnerable to ORM Filter Injection", "updated_at": "2026-05-09T15:42:47", "url": "https://cve-dev.imfht.com/detail/CVE-2026-33530", "vendor": "inventree" }, { "cve_id": "CVE-2026-42284", "cvss": 8.1, "cwe_id": "CWE-88", "preview": "# CVE-2026-42284: GitPython \u901a\u8fc7 `multi_options` \u7ed5\u8fc7\u4e0d\u5b89\u5168\u9009\u9879\u68c0\u67e5\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u6f0f\u6d1e\u4f4d\u4e8e `git/repo/base.py` \u4e2d\u7684 `_clone` \u65b9\u6cd5\u3002\u4ee3\u7801\u5728\u5c06\u9009\u9879\u89e3\u6790\u4e3a\u5355\u72ec\u7684\u53c2\u6570**\u4e4b\u524d**\uff0c\u5bf9 `multi_options` \u6267\u884c\u4e86\u5b89\u5168\u68c0\u67e5\u3002\n\n1. **\u9a8c\u8bc1\u6b65\u9aa4\uff08\u7b2c 1390 \u884c\uff09\uff1a** `Git.check_unsafe_options(options=multi_options, ...)` \u68c0\u67e5\u5217\u8868\u4e2d\u7684\u539f\u59cb\u5b57\u7b26\u4e32\u662f\u5426\u5305\u542b\u4e0d\u5b89\u5168\u7684\u5173\u952e\u5b57\uff08\u4f8b\u5982 `--config`\uff09", "product": "GitPython", "severity": "High", "title": "GitPython \u4e0d\u5b89\u5168\u9009\u9879\u68c0\u67e5\u5bfc\u81f4\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e", "title_en": "GitPython: Unsafe option check validates multi_options before shlex.split transforms it", "updated_at": "2026-05-09T15:39:04", "url": "https://cve-dev.imfht.com/detail/CVE-2026-42284", "vendor": "gitpython-developers" }, { "cve_id": "CVE-2026-44244", "cvss": 7.8, "cwe_id": "CWE-94", "preview": "# CVE-2026-44244 \u5206\u6790\uff1aGitPython \u6362\u884c\u7b26\u6ce8\u5165\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\n\n## \u6f0f\u6d1e\u5206\u6790\n\n**\u4e25\u91cd\u7a0b\u5ea6\uff1a** \u9ad8\n**\u53d7\u5f71\u54cd\u7ec4\u4ef6\uff1a** `gitpython-developers/GitPython` (\u65e9\u4e8e v3.1.49 \u7248\u672c)\n**\u6613\u53d7\u653b\u51fb\u51fd\u6570\uff1a** `GitConfigParser.set_value()` / `config_writer().set_value()`\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u6e90\u4e8e `GitConfigParser.set_value()` \u4e2d\u8f93\u5165\u9a8c\u8bc1\u4e0d\u5f53\u3002\u5f53\u7528\u6237\u8bbe\u7f6e\u914d\u7f6e\u503c\u65f6\uff0c\u5e93\u672a\u5bf9\u6362\u884c\u7b26\uff08`\\n`\uff09\u8fdb\u884c\u6e05\u7406\uff0c\u4fbf", "product": "GitPython", "severity": "High", "title": "GitPython config_writer()\u6362\u884c\u7b26\u6ce8\u5165\u81f4\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e", "title_en": "GitPython: Newline injection in config_writer().set_value() enables RCE via core.hooksPath", "updated_at": "2026-05-09T15:39:03", "url": "https://cve-dev.imfht.com/detail/CVE-2026-44244", "vendor": "gitpython-developers" }, { "cve_id": "CVE-2026-8083", "cvss": 7.3, "cwe_id": "CWE-89", "preview": "# CVE-2026-8083 \u6f0f\u6d1e\u5206\u6790\n\n## \u6f0f\u6d1e\u6982\u8ff0\n\n- **CVE ID**: CVE-2026-8083\n- **\u4e25\u91cd\u7a0b\u5ea6**: HIGH\n- **\u53d7\u5f71\u54cd\u8f6f\u4ef6**: SourceCodester Pharmacy Sales and Inventory System v1.0\n- **\u6f0f\u6d1e\u7ec4\u4ef6**: `/ajax.php`\uff08\u7279\u522b\u662f `save_user` \u64cd\u4f5c\uff09\n- **\u6f0f\u6d1e\u7c7b\u578b**: SQL\u6ce8\u5165 (SQLi)\n- **\u653b\u51fb\u5411\u91cf**: \u8fdc\u7a0b\n- **CWE**: CWE-89\uff08SQL\u547d\u4ee4\u4e2d\u7279\u6b8a\u5143\u7d20\u672a\u6b63\u786e\u4e2d\u548c\uff09\n\n## \u6839\u672c\u539f\u56e0\u5206\u6790\n\n\u8be5\u6f0f\u6d1e\u5b58", "product": "Pharmacy Sales and Inventory System", "severity": "High", "title": "SourceCodester Pharmacy \u9500\u552e\u5e93\u5b58\u7cfb\u7edf sql\u6ce8\u5165\u6f0f\u6d1e", "title_en": "SourceCodester Pharmacy Sales and Inventory System ajax.php save_user sql injection", "updated_at": "2026-05-09T15:33:10", "url": "https://cve-dev.imfht.com/detail/CVE-2026-8083", "vendor": "SourceCodester" }, { "cve_id": "CVE-2026-42215", "cvss": 8.8, "cwe_id": "CWE-78", "preview": "# CVE-2026-42215: \u901a\u8fc7 Git \u9009\u9879\u7ed5\u8fc7\u5b9e\u73b0 GitPython \u547d\u4ee4\u6ce8\u5165\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u5b58\u5728\u4e8e `GitPython` \u5e93\uff08\u7248\u672c 3.1.30 \u81f3 3.1.46\uff09\u4e2d\u3002\u8be5\u5e93\u5b9e\u73b0\u4e86\u4e00\u9879\u5b89\u5168\u68c0\u67e5\uff0c\u65e8\u5728\u963b\u6b62\u5371\u9669\u7684 Git \u547d\u4ee4\u884c\u9009\u9879\uff08\u4f8b\u5982 `--upload-pack`\u3001`--receive-pack`\u3001`--upload-archive` \u7b49\uff09\uff0c\u4ee5\u9884\u9632\u547d\u4ee4\u6ce8\u5165\u3002\n\n\u7136\u800c\uff0c\u8be5\u68c0\u67e5\u7684\u5b9e\u73b0\u5b58\u5728\u7f3a\u9677\u3002\u68c0\u67e5\u662f\u5728\u4f20\u9012\u7ed9 Git \u53ef\u6267\u884c\u6587\u4ef6\u7684\u539f\u59cb\u547d\u4ee4\u884c\u53c2\u6570\uff08kwargs\uff09\u4e0a\u6267\u884c\u7684\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u901a\u8fc7\u76f4\u63a5\u5411 `Repo.clone", "product": "GitPython", "severity": "High", "title": "GitPython Git\u9009\u9879\u7ed5\u8fc7\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e", "title_en": "GitPython: Command injection via Git options bypass", "updated_at": "2026-05-09T15:33:06", "url": "https://cve-dev.imfht.com/detail/CVE-2026-42215", "vendor": "gitpython-developers" }, { "cve_id": "CVE-2026-42214", "cvss": 7.8, "cwe_id": "CWE-94", "preview": "# CVE-2026-42214\uff1aNotepadNext \u4e2d `detectLanguageFromExtension` \u5b58\u5728\u7684\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6458\u8981\nNotepadNext \u662f\u4e00\u4e2a\u8de8\u5e73\u53f0\u7684\u6587\u672c\u7f16\u8f91\u5668\uff0c\u65e8\u5728\u91cd\u65b0\u5b9e\u73b0 Notepad++ \u7684\u529f\u80fd\uff0c\u5176\u5305\u542b\u4e00\u4e2a**\u4ee3\u7801\u6ce8\u5165**\u6f0f\u6d1e\uff08CVE-2026-42214\uff09\u3002\u5728 0.14 \u7248\u672c\u4e4b\u524d\uff0c`detectLanguageFromExtension` \u51fd\u6570\u901a\u8fc7\u5c06\u6587\u6863\u7684\u6587\u4ef6\u6269\u5c55\u540d\u76f4\u63a5\u63d2\u503c\u5230 Lua \u5b57\u7b26\u4e32\u4e2d\u6765\u6784\u9020 Lua \u811a\u672c\u3002\u8be5\u5b57\u7b26\u4e32\u968f\u540e\u5728\u4e00\u4e2a\u62e5\u6709\u7cfb\u7edf\u5e93\uff08`os`\u3001`io`\u3001`package`", "product": "NotepadNext", "severity": "High", "title": "NotepadNext \u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e", "title_en": "Improper Control of Generation of Code ('Code Injection') in dail8859/NotepadNext", "updated_at": "2026-05-09T15:29:19", "url": "https://cve-dev.imfht.com/detail/CVE-2026-42214", "vendor": "dail8859" }, { "cve_id": "CVE-2026-41906", "cvss": 7.1, "cwe_id": "CWE-639", "preview": "# CVE-2026-41906 \u5206\u6790\uff1aFreeScout \u8de8\u90ae\u7bb1\u6388\u6743\u7ed5\u8fc7\u6f0f\u6d1e\u2014\u2014\u4f1a\u8bdd\u66f4\u6539\u5ba2\u6237\u529f\u80fd\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u4f4d\u4e8e `app/Http/Controllers/ConversationsController.php` \u6587\u4ef6\u4e2d\u7684 `conversation_change_customer` \u52a8\u4f5c\u4e2d\u3002\u867d\u7136\u524d\u7aef UI \u4f1a\u6839\u636e\u5f53\u524d\u90ae\u7bb1\u7684\u4f5c\u7528\u57df\u6b63\u786e\u8fc7\u6ee4\u5ba2\u6237\uff08\u9632\u6b62\u4ee3\u7406\u5728\u641c\u7d22\u4e0b\u62c9\u83dc\u5355\u4e2d\u770b\u5230\u6765\u81ea\u5176\u4ed6\u90ae\u7bb1\u7684\u5ba2\u6237\uff09\uff0c\u4f46\u540e\u7aef API \u7aef\u70b9 (`conversation_change_customer`) \u672a\u80fd\u9a8c\u8bc1\u8bf7\u6c42\u4e2d\u63d0\u4f9b\u7684 `custome", "product": "freescout", "severity": "High", "title": "FreeScout \u8de8\u90ae\u7bb1\u6388\u6743\u7ed5\u8fc7\u6f0f\u6d1e", "title_en": "FreeScout: Conversation Change-Customer Cross-Mailbox Authorization Bypass", "updated_at": "2026-05-09T15:29:17", "url": "https://cve-dev.imfht.com/detail/CVE-2026-41906", "vendor": "freescout-help-desk" }, { "cve_id": "CVE-2026-42239", "cvss": 8.1, "cwe_id": "CWE-1004", "preview": "# CVE-2026-42239\uff1aBudibase \u8ba4\u8bc1\u4f1a\u8bdd Cookie XSS \u6f0f\u6d1e\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u4f4d\u4e8e `packages/backend-core/src/utils/utils.ts` \u6587\u4ef6\u4e2d\u7684 `setCookie` \u51fd\u6570\u3002\u8be5\u51fd\u6570\u8d1f\u8d23\u8bbe\u7f6e\u8eab\u4efd\u9a8c\u8bc1 Cookie\uff0c\u7279\u522b\u662f\u5305\u542b JWT \u4f1a\u8bdd\u4ee4\u724c\u7684 `budibase:auth` Cookie\u3002\n\n`setCookie` \u51fd\u6570\u786c\u7f16\u7801\u4e86 Cookie \u914d\u7f6e\uff0c\u5176\u4e2d `httpOnly: false`\uff08\u7b2c 218 \u884c\uff09\u3002\u6b64\u5916\uff0c\u5b83\u672a\u8bbe\u7f6e `secure` \u6807\u5fd7\uff08\u610f\u5473\u7740 Cook", "product": "budibase", "severity": "High", "title": "Budibase \u4f1a\u8bddCookie\u672a\u8bbeHttpOnly\u5bfc\u81f4XSS\u53ef\u63a5\u7ba1\u8d26\u6237", "title_en": "Budibase auth session cookies are set with httpOnly:false \u2014 any XSS can lead to full account takeover", "updated_at": "2026-05-09T00:06:01", "url": "https://cve-dev.imfht.com/detail/CVE-2026-42239", "vendor": "Budibase" }, { "cve_id": "CVE-2026-41905", "cvss": 7.7, "cwe_id": "CWE-918", "preview": "# CVE-2026-41905: FreeScout \u4e2d\u901a\u8fc7 Helper::sanitizeRemoteUrl \u5b9e\u73b0\u7684 SSRF\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u5b58\u5728\u4e8e `app/Misc/Helper.php` \u6587\u4ef6\u4e2d\u7684 `sanitizeRemoteUrl` \u51fd\u6570\u4e2d\u3002\u6b64\u51fd\u6570\u65e8\u5728\u901a\u8fc7\u6839\u636e\u5141\u8bb8\u7684\u4e3b\u673a\u767d\u540d\u5355\u548c\u53d7\u9650\u5185\u90e8 IP\uff08\u4f8b\u5982\u4e91\u5143\u6570\u636e\u7aef\u70b9 `169.254.169.254`\u3001RFC1918 \u8303\u56f4\u7b49\uff09\u7684\u9ed1\u540d\u5355\u6765\u9a8c\u8bc1 URL\uff0c\u4ece\u800c\u9632\u6b62\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\uff08SSRF\uff09\u3002\n\n\u7136\u800c\uff0c\u5176\u5173\u4e8e HTTP \u91cd\u5b9a\u5411\u7684\u903b\u8f91\u5b58\u5728\u4e00\u4e2a\u5173\u952e\u7f3a\u9677\uff1a\n1. **\u521d\u59cb\u68c0\u67e5", "product": "freescout", "severity": "High", "title": "FreeScout Helper::sanitizeRemoteUrl SSRF\u6f0f\u6d1e", "title_en": "FreeScout vulnerable to SSRF via Helper::sanitizeRemoteUrl: redirect destination not re-validated, allowing internal HTTP / cloud-metadata access", "updated_at": "2026-05-08T20:42:54", "url": "https://cve-dev.imfht.com/detail/CVE-2026-41905", "vendor": "freescout-help-desk" }, { "cve_id": "CVE-2026-7413", "cvss": 7.2, "cwe_id": "CWE-912", "preview": "# CVE-2026-7413: Yarbo \u673a\u5668\u4eba\u4e2d\u6301\u4e45\u7684\u672a\u8bb0\u5f55\u540e\u95e8\u8bbf\u95ee\n\n## \u6267\u884c\u6458\u8981\n\n\u5728 Yarbo \u81ea\u4e3b\u5272\u8349\u673a\u548c\u5439\u96ea\u673a\uff08\u56fa\u4ef6\u7248\u672c < 2.3.9\uff09\u4e2d\u53d1\u73b0\u4e86\u4e00\u4e2a\u5173\u952e\u5b89\u5168\u6f0f\u6d1e\uff08CVE-2026-7413\uff09\u3002\u8be5\u6f0f\u6d1e\u7531\u4e00\u4e2a\u6301\u4e45\u7684\u3001\u672a\u8bb0\u5f55\u7684 SSH \u540e\u95e8\u7ec4\u6210\uff0c\u8be5\u540e\u95e8\u901a\u8fc7 FRP\uff08Fast Reverse Proxy\uff0c\u5feb\u901f\u53cd\u5411\u4ee3\u7406\uff09NAT \u96a7\u9053\u5efa\u7acb\u3002\u6b64\u96a7\u9053\u63d0\u4f9b\u5bf9\u673a\u5668\u4eba root shell \u7684\u8fdc\u7a0b\u3001\u65e0\u9700\u8ba4\u8bc1\u8bbf\u95ee\uff0c\u80fd\u591f\u62b5\u5fa1\u51fa\u5382\u91cd\u7f6e\uff0c\u5e76\u786c\u7f16\u7801\u5728\u56fa\u4ef6\u4e2d\u3002\u8be5\u96a7\u9053\u672a\u52a0\u5bc6\uff08TLS \u5df2\u7981\u7528\uff09\uff0c\u4f9d\u9760\u5171\u4eab\u4ee4\u724c\u8fdb\u884c\u6ce8\u518c\uff0c\u4f46\u4e00\u65e6\u96a7\u9053\u5efa\u7acb\uff0c\u5b9e\u9645\u7684 SSH \u4f1a\u8bdd\u65e0\u9700\u8eab\u4efd\u9a8c\u8bc1\u3002\n\n", "product": "Firmware", "severity": "High", "title": "Yarbo\u673a\u5668\u4eba\u6301\u4e45\u672a\u8bb0\u5f55\u540e\u95e8\u8bbf\u95ee\u6f0f\u6d1e", "title_en": "Persistent undocumented backdoor access in Yarbo robot", "updated_at": "2026-05-08T20:40:27", "url": "https://cve-dev.imfht.com/detail/CVE-2026-7413", "vendor": "Yarbo" }, { "cve_id": "CVE-2026-41904", "cvss": 7.6, "cwe_id": "CWE-79", "preview": "# CVE-2026-41904\uff1aFreeScout \u90ae\u7bb1\u81ea\u52a8\u56de\u590d\u4e2d\u7684\u5b58\u50a8\u578b XSS \u6f0f\u6d1e\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6458\u8981\nFreeScout 1.8.217 \u4e4b\u524d\u7684\u7248\u672c\u5728\u90ae\u7bb1\u81ea\u52a8\u56de\u590d\u529f\u80fd\u4e2d\u5b58\u5728\u5b58\u50a8\u578b\u8de8\u7ad9\u811a\u672c\uff08XSS\uff09\u6f0f\u6d1e\u3002\u62e5\u6709 `updateAutoReply` \u6743\u9650\u7684\u653b\u51fb\u8005\u53ef\u4ee5\u5c06\u6076\u610f JavaScript \u8f7d\u8377\u6ce8\u5165\u5230\u81ea\u52a8\u56de\u590d\u6d88\u606f\u4e2d\u3002\u8fd9\u4e9b\u8f7d\u8377\u5728\u53d1\u9001\u7ed9\u5ba2\u6237\u7684 HTML \u90ae\u4ef6\u4e2d\u672a\u7ecf\u8f6c\u4e49\u5730\u88ab\u6e32\u67d3\uff0c\u4ece\u800c\u5728\u5ba2\u6237\u7684\u7f51\u9875\u90ae\u4ef6\u5ba2\u6237\u7aef\u4e0a\u4e0b\u6587\u4e2d\u6267\u884c\u3002\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u8f93\u5165\u9a8c\u8bc1\u548c\u8f93\u51fa\u6e32\u67d3\u6d41\u7a0b\u4e2d\u7684\u4e24\u4e2a\u4e3b\u8981\u95ee\u9898\uff1a\n\n1. **\u65e0\u6548\u7684\u8f93\u5165\u6e05\u7406 (`Mailbox", "product": "freescout", "severity": "High", "title": "FreeScout \u90ae\u7bb1\u81ea\u52a8\u56de\u590d\u5b58\u50a8\u578bXSS\u6f0f\u6d1e", "title_en": "FreeScout Stored XSS vulnerability in mailbox auto-reply: payload reaches every customer's email client (no CSP), bypassing strip_tags validator with mixed text+HTML content", "updated_at": "2026-05-08T20:40:27", "url": "https://cve-dev.imfht.com/detail/CVE-2026-41904", "vendor": "freescout-help-desk" }, { "cve_id": "CVE-2026-33152", "cvss": 9.1, "cwe_id": "CWE-307", "preview": "# CVE-2026-33152: Tandoor Recipes \u57fa\u672c\u8ba4\u8bc1\u672a\u9650\u5236\u66b4\u529b\u7834\u89e3\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u6e90\u4e8e `recipes/settings.py` \u4e2d Django REST Framework (DRF) \u8ba4\u8bc1\u8bbe\u7f6e\u7684\u914d\u7f6e\u4e0d\u5f53\u3002\n\n1. **API \u8ba4\u8bc1\u7f3a\u5c11\u901f\u7387\u9650\u5236**\uff1a\u5e94\u7528\u7a0b\u5e8f\u9488\u5bf9\u57fa\u4e8e HTML \u7684\u767b\u5f55\u6d41\u7a0b\u914d\u7f6e\u4e86 `django-allauth` \u7684\u901f\u7387\u9650\u5236\uff08`ACCOUNT_RATE_LIMITS`\uff0c\u5177\u4f53\u4e3a `login: 5/m/ip`\uff09\u3002\u7136\u800c\uff0c\u8fd9\u4e9b\u9650\u5236\u4e0d\u9002\u7528\u4e8e DRF API \u7aef\u70b9\u3002\n2. **\u542f\u7528 Basi", "product": "recipes", "severity": "Critical", "title": "Tandoor Recipes \u5b89\u5168\u6f0f\u6d1e", "title_en": "Tandoor Recipes Vulnerable to Unrestricted Brute-Force via BasicAuthentication", "updated_at": "2026-05-08T15:37:18", "url": "https://cve-dev.imfht.com/detail/CVE-2026-33152", "vendor": "TandoorRecipes" }, { "cve_id": "CVE-2026-41902", "cvss": 9.1, "cwe_id": "CWE-613", "preview": "# CVE-2026-41902: FreeScout \u7528\u6237\u9080\u8bf7\u54c8\u5e0c\u6c38\u4e0d\u8fc7\u671f\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6982\u8ff0\nFreeScout \u662f\u4e00\u4e2a\u57fa\u4e8e Laravel \u6784\u5efa\u7684\u514d\u8d39\u5e2e\u52a9\u53f0\u548c\u5171\u4eab\u90ae\u7bb1\u5e94\u7528\u7a0b\u5e8f\uff0c\u5176\u4e2d\u5b58\u5728\u4e00\u4e2a\u4e25\u91cd\u6f0f\u6d1e\uff08CVE-2026-41902\uff09\uff0c\u7528\u6237\u9080\u8bf7\u54c8\u5e0c\u503c\uff08`invite_hash`\uff09\u6c38\u4e0d\u8fc7\u671f\u3002\u8fd9\u4f7f\u5f97\u90a3\u4e9b\u901a\u8fc7\u7535\u5b50\u90ae\u4ef6\u8f6c\u53d1\u3001\u65e5\u5fd7\u6cc4\u9732\u6216\u5176\u4ed6\u6cc4\u9732\u9014\u5f84\u83b7\u53d6\u6709\u6548\u9080\u8bf7\u94fe\u63a5\u7684\u653b\u51fb\u8005\uff0c\u80fd\u591f\u6c38\u4e45\u63a5\u7ba1\u5173\u8054\u7684\u7528\u6237\u8d26\u6237\uff0c\u65e0\u8bba\u8ddd\u79bb\u9080\u8bf7\u53d1\u51fa\u7ecf\u8fc7\u4e86\u591a\u957f\u65f6\u95f4\u3002\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u6e90\u4e8e `users` \u8868\u4e2d\u5b58\u50a8\u7684 `invite_hash` \u7f3a\u4e4f\u8fc7\u671f\u673a\u5236\u3002\u5f53\u9080\u8bf7\u7528\u6237\u65f6\uff0c\u4f1a", "product": "freescout", "severity": "Critical", "title": "FreeScout \u9080\u8bf7\u94fe\u63a5\u6c38\u4e0d\u8fc7\u671f\u81f4\u672a\u6388\u6743\u63a5\u7ba1\u8d26\u6237", "title_en": "FreeScout's user invitation hash never expires: permanent unauthenticated account takeover if invite link leaks", "updated_at": "2026-05-08T15:33:49", "url": "https://cve-dev.imfht.com/detail/CVE-2026-41902", "vendor": "freescout-help-desk" }, { "cve_id": "CVE-2026-33506", "cvss": 8.8, "cwe_id": "CWE-87", "preview": "# CVE-2026-33506: Ory Polis \u767b\u5f55\u9875\u9762\u7684\u57fa\u4e8e DOM \u7684 XSS \u6f0f\u6d1e\n\n## \u6f0f\u6d1e\u5206\u6790\n\n**\u4e25\u91cd\u6027:** \u9ad8\n**\u53d7\u5f71\u54cd\u7ec4\u4ef6:** Ory Polis\uff08\u539f BoxyHQ Jackson\uff09\n**\u53d7\u5f71\u54cd\u7248\u672c:** 26.2.0 \u4e4b\u524d\n**\u4fee\u590d\u7248\u672c:** 26.2.0\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u662f\u4e00\u4e2a\u57fa\u4e8e DOM \u7684\u8de8\u7ad9\u811a\u672c (XSS) \u7f3a\u9677\uff0c\u4f4d\u4e8e Ory Polis \u7684 Next.js \u524d\u7aef\u4e2d\u3002\u5728\u767b\u5f55\u6d41\u7a0b\u671f\u95f4\uff0c\u5e94\u7528\u7a0b\u5e8f\u63a5\u53d7\u6765\u81ea URL \u7684 `callbackUrl` \u67e5\u8be2\u53c2\u6570\u3002\u8be5\u53c2\u6570\u76f4\u63a5\u4ece URL \u8bfb\u53d6\uff0c\u5e76\u901a\u8fc7 `router.", "product": "polis", "severity": "High", "title": "Ory polis \u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e", "title_en": "DOM-Based XSS in Ory Polis Login Page", "updated_at": "2026-05-08T01:58:29", "url": "https://cve-dev.imfht.com/detail/CVE-2026-33506", "vendor": "ory" }, { "cve_id": "CVE-2026-41936", "cvss": 8.1, "cwe_id": "CWE-611", "preview": "# CVE-2026-41936 \u6f0f\u6d1e\u5206\u6790\uff1aVvveb CMS XXE \u6ce8\u5165\n\n## \u6267\u884c\u6458\u8981\nVvveb CMS 1.0.8.2 \u4e4b\u524d\u7684\u7248\u672c\u5728 `system/import/xml.php` \u6587\u4ef6\u4e2d\u5b58\u5728\u4e00\u4e2a\u9ad8\u5371 XML \u5916\u90e8\u5b9e\u4f53\uff08XXE\uff09\u6ce8\u5165\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u5141\u8bb8\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684 `site_admin` \u7528\u6237\u901a\u8fc7\u64cd\u7eb5 XML \u5bfc\u5165\u529f\u80fd\uff0c\u8bfb\u53d6\u670d\u52a1\u5668\u4e0a\u7684\u4efb\u610f\u6587\u4ef6\uff08\u901a\u8fc7 `file://` \u5b9e\u4f53\uff09\u6216\u6267\u884c PHP \u4ee3\u7801\u5305\u88c5\u5668\uff08\u901a\u8fc7 `php://filter` \u5b9e\u4f53\uff09\u3002\u89e3\u6790\u540e\u7684\u5b9e\u4f53\u503c\u968f\u540e\u4f1a\u6301\u4e45\u5316\u5230\u5e94\u7528\u7a0b\u5e8f\u6570\u636e\u5e93\u4e2d\uff0c\u4ece\u800c\u53ef\u80fd\u5bfc\u81f4\u6743\u9650\u63d0\u5347\uff08\u4f8b\u5982\uff0c\u8986\u76d6\u7ba1\u7406\u5458\u5bc6\u7801\u54c8\u5e0c\uff09\u6216\u6570", "product": "Vvveb", "severity": "High", "title": "Vvveb <1.0.8.2 XML\u5916\u90e8\u5b9e\u4f53\u6ce8\u5165\u6f0f\u6d1e", "title_en": "Vvveb < 1.0.8.2 XML External Entity Injection via Import", "updated_at": "2026-05-08T01:27:41", "url": "https://cve-dev.imfht.com/detail/CVE-2026-41936", "vendor": "givanz" }, { "cve_id": "CVE-2026-44331", "cvss": 8.1, "cwe_id": "CWE-89", "preview": "# CVE-2026-44331 \u6f0f\u6d1e\u5206\u6790\n\n## \u6f0f\u6d1e\u6982\u8ff0\n\n**CVE ID:** CVE-2026-44331 \n**\u4e25\u91cd\u7a0b\u5ea6:** HIGH \n**\u53d7\u5f71\u54cd\u8f6f\u4ef6:** ProFTPD < 1.3.9a (\u5177\u4f53\u6307 commit 7666224 \u4e4b\u524d) \n**\u53d7\u5f71\u54cd\u7ec4\u4ef6:** `contrib/mod_wrap2_sql.c` \n**\u51fd\u6570:** `sqltab_fetch_clients_cb()`\n\n## \u6839\u672c\u539f\u56e0\u5206\u6790\n\n\u8be5\u6f0f\u6d1e\u662f\u4f4d\u4e8e ProFTPD \u7684 `mod_wrap2_sql` \u6a21\u5757\u4e2d\u7684 **SQL \u6ce8\u5165** \u7f3a\u9677\u3002\u5177\u4f53\u800c\u8a00\uff0c\u5b83\u5b58\u5728\u4e8e", "product": "ProFTPD", "severity": "High", "title": "ProFTPD 1.3.9a\u4e4b\u524d\u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e", "title_en": null, "updated_at": "2026-05-08T01:21:51", "url": "https://cve-dev.imfht.com/detail/CVE-2026-44331", "vendor": "ProFTPD" }, { "cve_id": "CVE-2026-7875", "cvss": 8.8, "cwe_id": "CWE-22", "preview": "# CVE-2026-7875 \u6f0f\u6d1e\u5206\u6790\uff1aNanoClaw \u4e3b\u673a/\u5bb9\u5668\u6587\u4ef6\u7cfb\u7edf\u8fb9\u754c\u6f0f\u6d1e\n\n## \u6267\u884c\u6458\u8981\n\n**\u6f0f\u6d1e\uff1a** \u901a\u8fc7\u51fa\u7ad9\u9644\u4ef6\u5904\u7406\u5bfc\u81f4\u7684 NanoClaw \u4e3b\u673a/\u5bb9\u5668\u6587\u4ef6\u7cfb\u7edf\u8fb9\u754c\u6f0f\u6d1e\n**\u4e25\u91cd\u7a0b\u5ea6\uff1a** \u9ad8\u5371\n**\u53d7\u5f71\u54cd\u7ec4\u4ef6\uff1a** Qwibit/NanoClaw\n**\u63cf\u8ff0\uff1a** \u51fa\u7ad9\u9644\u4ef6\u5904\u7406\u548c\u53d1\u4ef6\u7bb1\u6e05\u7406\u903b\u8f91\u4e2d\u7684\u6f0f\u6d1e\uff0c\u4f7f\u5f97\u88ab\u653b\u9677\u6216\u901a\u8fc7\u63d0\u793a\u6ce8\u5165\uff08prompt-injection\uff09\u7684\u5bb9\u5668\u80fd\u591f\u9003\u8131\u9884\u671f\u7684\u6c99\u7bb1\u8fb9\u754c\u3002\u901a\u8fc7\u64cd\u7eb5 `messages_out.id` \u548c `content.files` \u7684\u503c\uff0c\u6216\u5728\u53d1\u4ef6\u7bb1\u76ee\u5f55\u4e2d\u521b\u5efa\u7b26\u53f7\u94fe\u63a5\uff0c\u653b\u51fb\u8005\u53ef\u4ee5\u89e6\u53d1\u5bf9\u4efb\u610f\u6587\u4ef6", "product": "NanoClaw", "severity": "High", "title": "NanoClaw\u4e3b\u673a/\u5bb9\u5668\u8fb9\u754c\u6f0f\u6d1e\uff1a\u51fa\u7ad9\u9644\u4ef6\u5904\u7406", "title_en": "NanoClaw Host/Container Filesystem Boundary Vulnerability via Outbound Attachment Handling", "updated_at": "2026-05-08T01:13:27", "url": "https://cve-dev.imfht.com/detail/CVE-2026-7875", "vendor": "Qwibit" }, { "cve_id": "CVE-2026-41934", "cvss": 8.8, "cwe_id": "CWE-184", "preview": "# CVE-2026-41934 \u5206\u6790\uff1aVvveb CMS \u901a\u8fc7\u4ee3\u7801\u7f16\u8f91\u5668\u5b9e\u73b0\u5df2\u8ba4\u8bc1\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c (RCE)\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6982\u8ff0\nVvveb CMS 1.0.8.2 \u4e4b\u524d\u7684\u7248\u672c\u5728\u7ba1\u7406\u5458\u4ee3\u7801\u7f16\u8f91\u5668\u4e2d\u5b58\u5728\u4e00\u4e2a\u4e25\u91cd\u7684\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c (RCE) \u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7f16\u8f91\u5668\u63a5\u53e3\u5728\u4fdd\u5b58\u6587\u4ef6\u65f6\u7f3a\u4e4f\u5bf9\u6587\u4ef6\u6269\u5c55\u540d\u7684\u5145\u5206\u9a8c\u8bc1\u3002\u62e5\u6709\u4f4e\u6743\u9650\uff08\u7f16\u8f91\u5668\u3001\u4f5c\u8005\u3001\u8d21\u732e\u8005\u6216\u7ad9\u70b9\u7ba1\u7406\u5458\uff09\u7684\u5df2\u8ba4\u8bc1\u7528\u6237\u53ef\u4ee5\u5229\u7528\u6b64\u6f0f\u6d1e\u4e0a\u4f20\u6076\u610f\u7684 `.htaccess` \u6587\u4ef6\u3002\n\n### \u6839\u672c\u539f\u56e0\n`Editor` \u63a7\u5236\u5668 (`admin/controller/editor/editor.php`) \u5141\u8bb8", "product": "Vvveb", "severity": "High", "title": "Vvveb CMS <1.0.8.2 \u8ba4\u8bc1\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e", "title_en": "Vvveb < 1.0.8.2 Authenticated RCE via Code Editor", "updated_at": "2026-05-08T01:07:41", "url": "https://cve-dev.imfht.com/detail/CVE-2026-41934", "vendor": "givanz" }, { "cve_id": "CVE-2026-41938", "cvss": 8.8, "cwe_id": "CWE-434", "preview": "# CVE-2026-41938 \u6f0f\u6d1e\u5206\u6790\n\n## \u6f0f\u6d1e\u6982\u8ff0\n- **CVE ID**: CVE-2026-41938\n- **\u53d7\u5f71\u54cd\u8f6f\u4ef6**: Vvveb CMS\n- **\u53d7\u5f71\u54cd\u7248\u672c**: < 1.0.8.2\n- **\u4e25\u91cd\u7a0b\u5ea6**: HIGH\uff08\u9ad8\uff09\n- **\u7c7b\u578b**: \u4e0d\u53d7\u9650\u5236\u7684\u6587\u4ef6\u4e0a\u4f20\u5bfc\u81f4\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\uff08RCE\uff09\n\n## \u6839\u672c\u539f\u56e0\u5206\u6790\n\n\u8be5\u6f0f\u6d1e\u5b58\u5728\u4e8e Vvveb CMS \u7684\u5a92\u4f53\u4e0a\u4f20\u5904\u7406\u7a0b\u5e8f\u4e2d\u3002\u6838\u5fc3\u95ee\u9898\u5728\u4e8e\u5904\u7406\u6587\u4ef6\u4e0a\u4f20\u65f6\u7f3a\u4e4f\u4e25\u683c\u7684\u6269\u5c55\u540d\u9a8c\u8bc1\u3002\u5177\u4f53\u8868\u73b0\u4e3a\uff1a\n\n1. **\u901a\u8fc7 .htaccess \u7ed5\u8fc7\u6269\u5c55\u540d\u9650\u5236**: \u5e94\u7528\u7a0b\u5e8f\u5141\u8bb8\u5177\u6709\u5a92\u4f53\u4e0a\u4f20\u6743\u9650\u7684\u8ba4\u8bc1\u7528\u6237\u4e0a", "product": "Vvveb", "severity": "High", "title": "Vvveb <1.0.8.2 \u5a92\u4f53\u4e0a\u4f20\u5904\u7406\u5668\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e", "title_en": "Vvveb < 1.0.8.2 RCE via Media Upload Handler", "updated_at": "2026-05-08T01:02:01", "url": "https://cve-dev.imfht.com/detail/CVE-2026-41938", "vendor": "givanz" }, { "cve_id": "CVE-2026-33940", "cvss": 8.1, "cwe_id": "CWE-94", "preview": "# CVE-2026-33940: \u901a\u8fc7 AST \u7c7b\u578b\u6df7\u6dc6\u5728 Handlebars.js \u4e2d\u8fdb\u884c JavaScript \u6ce8\u5165\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u5b58\u5728\u4e8e `lib/handlebars/runtime.js` \u4e2d\u7684 `resolvePartial` \u548c `invokePartial` \u51fd\u6570\u4e2d\u3002\u5177\u4f53\u800c\u8a00\uff0c`resolvePartial` \u4e2d\u7684\u903b\u8f91\u5728\u5c06 `partial` \u53c2\u6570\u4f5c\u4e3a\u52a8\u6001\u503c\uff08\u4f8b\u5982\u6765\u81ea\u4e0a\u4e0b\u6587\u53d8\u91cf\uff09\u4f20\u9012\u65f6\uff0c\u672a\u80fd\u6b63\u786e\u9a8c\u8bc1\u5176\u7c7b\u578b\u3002\n\n\u5728 4.0.0 \u81f3 4.7.8 \u7248\u672c\u4e2d\uff1a\n1. `resolvePartial` \u68c0\u67e5 `if ", "product": "handlebars.js", "severity": "High", "title": "handlebars \u5b89\u5168\u6f0f\u6d1e", "title_en": "Handlebars.js has JavaScript Injection via AST Type Confusion when passing an object as dynamic partial", "updated_at": "2026-05-08T00:36:50", "url": "https://cve-dev.imfht.com/detail/CVE-2026-33940", "vendor": "handlebars-lang" }, { "cve_id": "CVE-2026-33941", "cvss": 8.3, "cwe_id": "CWE-79", "preview": "# CVE-2026-33941 \u5206\u6790\uff1aHandlebars.js CLI \u9884\u7f16\u8bd1\u5668 JavaScript \u6ce8\u5165\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u5b58\u5728\u4e8e `lib/precompiler.js` \u4e2d\u7684 `cli` \u51fd\u6570\u5185\u3002\u9884\u7f16\u8bd1\u5668\u7528\u4e8e\u751f\u6210\u7528\u4e8e\u6253\u5305 Handlebars \u6a21\u677f\u7684 JavaScript \u4ee3\u7801\u3002\u5b83\u76f4\u63a5\u5c06\u7528\u6237\u53ef\u63a7\u7684\u8f93\u5165\u2014\u2014\u5177\u4f53\u4e3a `opts.namespace`\u3001`opts.commonjs`\u3001`opts.handlebarPath` \u548c `template.name`\u2014\u2014\u62fc\u63a5\u5230\u751f\u6210\u7684 JavaScript \u5b57\u7b26\u4e32\u4e2d\uff0c\u4e14\u672a\u8fdb\u884c\u8f6c\u4e49\u6216\u6e05", "product": "handlebars.js", "severity": "High", "title": "Handlebars.js \u5b89\u5168\u6f0f\u6d1e", "title_en": "Handlebars.js has JavaScript Injection in CLI Precompiler via Unescaped Names and Options", "updated_at": "2026-05-08T00:34:56", "url": "https://cve-dev.imfht.com/detail/CVE-2026-33941", "vendor": "handlebars-lang" }, { "cve_id": "CVE-2026-34226", "cvss": 7.5, "cwe_id": "CWE-201", "preview": "# CVE-2026-34226 \u5206\u6790\u62a5\u544a\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\nHappy DOM\uff0820.8.9 \u4e4b\u524d\u7684\u7248\u672c\uff09\u4e2d\u7684\u6f0f\u6d1e\u6e90\u4e8e\u5bf9 `fetch` API \u7684 `credentials` \u9009\u9879\u7684\u9519\u8bef\u5b9e\u73b0\u3002\u5f53\u8c03\u7528 `fetch(..., { credentials: \"include\" })` \u65f6\uff0c\u89c4\u8303\u8981\u6c42\u5c06\u5173\u8054\u5230**\u76ee\u6807 URL \u7684\u6e90\uff08origin\uff09**\u7684 cookie \u5305\u542b\u5728\u8bf7\u6c42\u4e2d\u3002\u7136\u800c\uff0cHappy DOM \u9519\u8bef\u5730\u9644\u52a0\u4e86\u6765\u81ea**\u5f53\u524d\u9875\u9762\u6e90\uff08`window.location.origin`\uff09**\u7684 cookie\u3002\n\n\u8fd9\u79cd\u884c\u4e3a\u8fdd\u53cd\u4e86\u901a\u8fc7 `fe", "product": "happy-dom", "severity": "High", "title": "happy-dom \u5b89\u5168\u6f0f\u6d1e", "title_en": "Happy DOM's fetch credentials include uses page-origin cookies instead of target-origin cookies", "updated_at": "2026-05-08T00:28:03", "url": "https://cve-dev.imfht.com/detail/CVE-2026-34226", "vendor": "capricorn86" }, { "cve_id": "CVE-2026-33943", "cvss": 8.8, "cwe_id": "CWE-94", "preview": "# CVE-2026-33943\uff1aHappy DOM ECMAScriptModuleCompiler \u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6982\u8ff0\n`Happy DOM`\uff08\u7248\u672c 15.10.0 \u81f3 20.8.7\uff09\u4e2d\u7684 `ECMAScriptModuleCompiler` \u7c7b\u5b58\u5728\u4e00\u4e2a\u5173\u952e\u7684\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\uff08RCE\uff09\u6f0f\u6d1e\u3002\u8be5\u7f16\u8bd1\u5668\u7528\u4e8e\u5904\u7406 ES \u6a21\u5757\u811a\u672c\u4ee5\u89e3\u6790\u5bfc\u5165\u548c\u5bfc\u51fa\u3002\u5b83\u4f7f\u7528\u6b63\u5219\u8868\u8fbe\u5f0f\u6765\u89e3\u6790 `export { ... }` \u58f0\u660e\u3002\u82b1\u62ec\u53f7\u5185\u7684\u5185\u5bb9\u672a\u7ecf\u9002\u5f53\u6e05\u7406\u5c31\u88ab\u76f4\u63a5\u63d2\u5165\u5230\u751f\u6210\u7684 JavaScript \u4ee3\u7801\u4e2d\uff0c\u4f5c\u4e3a\u53ef\u6267\u884c\u8868\u8fbe\u5f0f\u8fdb\u884c\u5904\u7406\u3002\n\n\u5177\u4f53\u6765\u8bf4\uff0c\u6e05\u7406\u8fc7\u6ee4", "product": "happy-dom", "severity": "High", "title": "happy-dom \u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e", "title_en": "Happy DOM ECMAScriptModuleCompiler: unsanitized export names are interpolated as executable code", "updated_at": "2026-05-08T00:26:31", "url": "https://cve-dev.imfht.com/detail/CVE-2026-33943", "vendor": "capricorn86" }, { "cve_id": "CVE-2026-41505", "cvss": 8.7, "cwe_id": "CWE-338", "preview": "# CVE-2026-41505: RELATE \u4e2d\u53ef\u9884\u6d4b\u7684\u4ee4\u724c\u751f\u6210\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6458\u8981\nRELATE \u57fa\u4e8e Web \u7684\u6559\u5b66\u8f6f\u4ef6\u5305\u5b58\u5728\u4e00\u4e2a\u9ad8\u4e25\u91cd\u6027\u6f0f\u6d1e\uff08CVE-2026-41505\uff09\uff0c\u4e0e\u53ef\u9884\u6d4b\u7684\u4ee4\u724c\u751f\u6210\u6709\u5173\u3002\u5177\u4f53\u6765\u8bf4\uff0c\u5728\u63d0\u4ea4 `2f68e16` \u4e4b\u524d\uff0c`course/auth.py` \u4e2d\u7684 `make_sign_in_key()` \u51fd\u6570\u548c `course/exam.py` \u4e2d\u7684 `gen_ticket_code()` \u51fd\u6570\u4f7f\u7528\u4e86\u5bc6\u7801\u5b66\u4e0a\u8106\u5f31\u7684\u968f\u673a\u6570\u751f\u6210\u5668\u3002\u8fd9\u4f7f\u653b\u51fb\u8005\u80fd\u591f\u9884\u6d4b\u8ba4\u8bc1\u5bc6\u94a5\u548c\u8003\u8bd5\u7968\u8bc1\u4ee3\u7801\uff0c\u53ef\u80fd\u5bfc\u81f4\u672a\u7ecf\u6388\u6743\u8bbf\u95ee\u8bfe\u7a0b\u6216\u5728\u8003\u8bd5\u671f\u95f4\u5192\u5145\u5b66\u751f", "product": "relate", "severity": "High", "title": "exam.py/auth.py\u53ef\u9884\u6d4b\u4ee4\u724c\u751f\u6210\u6f0f\u6d1e", "title_en": "RELATE: Predictable Token Generation in auth.py and exam.py", "updated_at": "2026-05-08T00:22:43", "url": "https://cve-dev.imfht.com/detail/CVE-2026-41505", "vendor": "inducer" }, { "cve_id": "CVE-2026-33979", "cvss": 8.2, "cwe_id": "CWE-183", "preview": "# CVE-2026-33979: Express XSS Sanitizer \u914d\u7f6e\u7ed5\u8fc7\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6458\u8981\n`express-xss-sanitizer` \u5e93\uff082.0.2 \u4e4b\u524d\u7684\u7248\u672c\uff09\u5b58\u5728\u4e00\u4e2a\u903b\u8f91\u7f3a\u9677\uff0c\u5373\u9650\u5236\u6027 sanitization \u914d\u7f6e\uff08\u7279\u522b\u662f\u7528\u4e8e `allowedTags` \u6216 `allowedAttributes` \u7684\u7a7a\u6570\u7ec4\uff09\u4f1a\u88ab\u9759\u9ed8\u5ffd\u7565\u3002\u8be5\u5e93\u6ca1\u6709\u6267\u884c\u4e25\u683c\u7684\u201c\u767d\u540d\u5355\u201d\u7b56\u7565\uff08\u5373\u4ec5\u5141\u8bb8\u6307\u5b9a\u7684\u6807\u7b7e/\u5c5e\u6027\uff09\uff0c\u800c\u662f\u56de\u9000\u5230\u5bbd\u5bb9\u7684\u9ed8\u8ba4\u884c\u4e3a\uff0c\u5141\u8bb8\u6f5c\u5728\u7684\u6076\u610f HTML \u6807\u7b7e\u548c\u5c5e\u6027\u901a\u8fc7\u3002\u8fd9\u7834\u574f\u4e86\u4e25\u683c sanitization \u914d\u7f6e\u7684\u76ee\u7684\uff0c\u4f7f\u5e94\u7528\u7a0b\u5e8f", "product": "express-xss-sanitizer", "severity": "High", "title": "Express XSS Sanitizer \u5b89\u5168\u6f0f\u6d1e", "title_en": "Express XSS Sanitizer: allowedTags/allowedAttributes bypass leads to permissive sanitization (XSS risk)", "updated_at": "2026-05-08T00:19:55", "url": "https://cve-dev.imfht.com/detail/CVE-2026-33979", "vendor": "AhmedAdelFahim" } ] }