Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

state:in-the-wild — CVE vulnerabilities tagged 396

396 CVE security advisories tagged "state:in-the-wild" with AI Chinese analysis, CVSS, references and POCs.

The tag "state:in-the-wild" signifies that a disclosed vulnerability has been actively exploited by attackers in real-world environments, rather than remaining theoretical or limited to controlled laboratory testing. This classification is critical because it indicates an immediate and tangible threat to public infrastructure, demanding urgent mitigation strategies from administrators and developers. Typically, these vulnerabilities involve remote code execution, authentication bypasses, or critical logic flaws that allow adversaries to compromise systems without physical access. The presence of this tag implies that exploit code is likely circulating in the wild, increasing the risk of widespread data breaches, service disruptions, or lateral movement within networks. Consequently, organizations must prioritize patching these specific CVEs to prevent active intrusion, as the window between disclosure and exploitation has effectively closed, leaving systems exposed to sophisticated threat actors seeking immediate gain.

CVE IDTitleCVSSSeverityPublished
CVE-2026-44742 Postorius<=1.3.13弹出窗口存储型XSS漏洞 — PostoriusCWE-79 7.2 High2026-05-07
CVE-2026-23866 WhatsApp消息处理漏洞可触发自定义URL处理 — WhatsApp for Android 4.3 Medium2026-05-01
CVE-2026-23863 WhatsApp Windows <2.3000.1032附件伪造漏洞 — WhatsApp Desktop for Windows 6.5 Medium2026-05-01
CVE-2026-26331 yt-dlp: Arbitrary Command Injection when using the `--netrc-cmd` option — yt-dlpCWE-78 8.8 High2026-02-24
CVE-2026-25815 Fortinet FortiOS 安全漏洞 — FortiOSCWE-1394 3.2 Low2026-02-05
CVE-2026-25137 NixOs Odoo database and filestore publicly accessible with default odoo configuration — nixpkgsCWE-552 9.1 Critical2026-02-02
CVE-2025-70974 Fastjson 安全漏洞 — FastjsonCWE-829 10.0 Critical2026-01-09
CVE-2025-66644 Array Networks ArrayOS AG 操作系统命令注入漏洞 — ArrayOS AGCWE-78 7.2 High2025-12-05
CVE-2025-55179 Facebook WhatsApp 安全漏洞 — WhatsApp Business for iOS 5.4 Medium2025-11-18
CVE-2023-7325 Mingyu Operations and Maintenance Audit and Risk Control System xmlrpc.sock SSRF — Mingyu Operations and Maintenance Audit and Risk Control SystemCWE-306 9.8AICriticalAI2025-10-30
CVE-2021-4461 Seeyon Zhiyuan OA Web Application System < 7.0 SP1 Authentication Bypass — Zhiyuan OA Web Application SystemCWE-306 5.3AIMediumAI2025-10-30
CVE-2025-43027 Genetec Security Center 安全漏洞 — Genetec Security CenterCWE-284 9.8 Critical2025-10-30
CVE-2016-15048 AMTT HiBOS Command Injection RCE via server_ping.php — Hotel Broadband Operation System (HiBOS)CWE-78 9.8AICriticalAI2025-10-22
CVE-2023-53691 Hikvision CSMP iSecure Center 安全漏洞 — CSMP iSecure CenterCWE-24 8.3 High2025-10-22
CVE-2024-58274 Hikvision CSMP iSecure Center 安全漏洞 — CSMP iSecure CenterCWE-78 8.3 High2025-10-22
CVE-2018-25118 GeoVision Command Injection RCE via /PictureCatch.cgi — GV-BX1500CWE-78 9.8AICriticalAI2025-10-20
CVE-2023-7305 SmartBI RMIServlet Unrestricted File Upload RCE — SmartBICWE-434 10.0AICriticalAI2025-10-15
CVE-2011-10033 WordPress Plugin is-human <= v1.4.2 Eval Injection RCE — is-human WordPress PluginCWE-95 9.8AICriticalAI2025-10-15
CVE-2018-25117 VestaCP Debian Installer Malicious Backdoor Supply Chain Compromise — Control Panel (CP)CWE-506 8.8AIHighAI2025-10-15
CVE-2024-13991 Huijietong Cloud Video Platform fileDownload Arbitrary File Read — Cloud Video PlatformCWE-22 7.5AIHighAI2025-10-15
CVE-2025-59530 quic-go has Client Crash Due to Premature HANDSHAKE_DONE Frame — quic-goCWE-617 7.5 High2025-10-10
CVE-2017-20203 NetSarang v5.0 Malicious Backdoor Supply Chain Compromise — Xmanager EnterpriseCWE-506 10.0AICriticalAI2025-10-09
CVE-2025-11371 Gladinet CentreStack and TrioFox Local File Inclusion Flaw — CentreStack and TrioFox 7.5AIHighAI2025-10-09
CVE-2025-42701 CrowdStrike Falcon Sensor for Windows Race Condition — Falcon sensor for WindowsCWE-367 5.6 Medium2025-10-08
CVE-2025-42706 CrowdStrike Falcon Sensor for Windows Logic Error — Falcon sensor for WindowsCWE-346 6.5 Medium2025-10-08
CVE-2022-4980 General Bytes Crypto Application Server (CAS) Unauthenticated Creation of Admin Account via Default-installation/First-admin Page — Crypto Application Server (CAS)CWE-306 9.8 -2025-09-19
CVE-2025-8088 Path traversal vulnerability in WinRAR — WinRARCWE-35 8.4 -2025-08-08
CVE-2023-44976 Hangzhou Shunwang Rentdrv2 安全漏洞 — Rentdrv2CWE-782 3.2 Low2025-08-01
CVE-2014-125123 Kloxo < 6.1.12 Unauthenticated SQL Injection RCE — KloxoCWE-89 9.8AICriticalAI2025-07-31
CVE-2025-53770 Microsoft SharePoint Server Remote Code Execution Vulnerability — Microsoft SharePoint Enterprise Server 2016CWE-502 9.8 Critical2025-07-20

Vulnerabilities classified as state:in-the-wild represent 396 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.