CVE-2026-22730
8.8HIGH
A critical SQL injection vulnerability in Spring AI's MariaDBFilterExpressionConverter allows attackers to bypass metadata-based access controls and execute arbitrary SQL commands. The vulnerability ...
3/18/2026
安全数据库
漏洞
数据库
CVE、Exploit-DB漏洞利用和CISA KEV目录的综合数据库。每日更新。
CVE
3K+
漏洞利用
2K+
KEV
54
每日
实时
严重 & 已被利用
CRITICAL
CVE-2026-4312
GCB/FCB Audit Software developed by DrangSoft has a Missing Authentication vulnerability, allowing u...
CRITICAL
CVE-2026-3826
IFTOP developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated rem...
CRITICAL
CVE-2026-27842
Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypa...
CRITICAL
CVE-2026-24448
Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker...
CRITICAL
CVE-2023-27573
netbox-docker before 2.5.0 has a superuser account with default credentials (admin password for the ...
最新CVE
CVE-2026-22729
8.6HIGH
A JSONPath injection vulnerability in Spring AI's AbstractFilterExpressionConverter allows authenticated users to bypass metadata-based access controls through crafted filter expressions. User-control...
3/18/2026
CVE-2026-22323
7.1HIGH
A CSRF vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to trick authenticated users into sending unauthorized POST requests to the device by lur...
3/18/2026CWE-352
CVE-2026-22322
7.1HIGH
A stored cross‑site scripting (XSS) vulnerability in the Link Aggregation configuration interface allows an unauthenticated remote attacker to create a trunk entry containing malicious HTML/JavaScript...
3/18/2026CWE-79
CVE-2026-22321
5.3MEDIUM
A stack-based buffer overflow in the device's Telnet/SSH CLI login routine occurs when a unauthenticated attacker send an oversized or unexpected username input. An overflow condition crashes the thre...
3/18/2026CWE-121
CVE-2026-22320
6.5MEDIUM
A stack-based buffer overflow in the CLI's TFTP file‑transfer command handling allows a low-privileged attacker with Telnet/SSH access to trigger memory corruption by supplying unexpected or oversized...
3/18/2026CWE-121
最新漏洞利用
EDB-52465
webappsmultiple
WordPress Quiz Maker 6.7.0.56 - SQL Injection
CVE-2025-10042
Rahul Sreenivasan12/25/2025
EDB-52463
webappsmultiple
FreeBSD rtsold 15.x - Remote Code Execution via DNSSL
CVE-2025-14558
Lukas Johannes Möller12/25/2025
EDB-52464
webappsmultiple
Chained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie
CVE-2025-10493
0xsabre12/25/2025
EDB-52462
webappsmultiple
Summar Employee Portal 3.98.0 - Authenticated SQL Injection
CVE-2025-40677
Peter Gabaldon12/16/2025
EDB-52461
webappsmultiple
esm-dev 136 - Path Traversal
CVE-2025-59342
Byte Reaper12/16/2025
EDB-52460
webappsphp
Pluck 4.7.7-dev2 - PHP Code Execution
CVE-2018-11736
CodeSecLab12/8/2025
CISA KEV目录
| CVE ID | 厂商 | 产品 | 添加日期 | 勒索软件 |
|---|---|---|---|---|
| CVE-2025-47813 | Wing FTP Server | Wing FTP Server | 2026-03-16 | - |
| CVE-2026-3909 | Skia | 2026-03-13 | - | |
| CVE-2026-3910 | Chromium V8 | 2026-03-13 | - | |
| CVE-2025-68613 | n8n | n8n | 2026-03-11 | - |
| CVE-2026-1603 | Ivanti | Endpoint Manager (EPM) | 2026-03-09 | - |
数据来源
本数据库仅供教育和授权安全研究目的使用。