CVE-2026-27976
8.8HIGH
Zed, a code editor, has an extension installer allows tar/gzip downloads. Prior to version 0.224.4, the tar extractor (`async_tar::Archive::unpack`) creates symlinks from the archive without validatio...
2/26/2026CWE-61
安全数据库
漏洞
数据库
CVE、Exploit-DB漏洞利用和CISA KEV目录的综合数据库。每日更新。
CVE
2K+
漏洞利用
2K+
KEV
1K+
每日
实时
严重 & 已被利用
CRITICAL
CVE-2025-62878
A malicious user can manipulate the parameters.pathPattern to create PersistentVolumes in arbitrary ...
CRITICAL
CVE-2026-27641
Flask-Reuploaded provides file uploads for Flask. A critical path traversal and extension bypass vul...
CRITICAL
CVE-2026-27637
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version ...
CRITICAL
CVE-2026-27597
Enclave is a secure JavaScript sandbox designed for safe AI agent code execution. Prior to version 2...
CRITICAL
CVE-2026-27822
RustFS is a distributed object storage system built in Rust. Prior to version 1.0.0-alpha.83, a Stor...
最新CVE
CVE-2026-27967
7.1HIGH
Zed, a code editor, has a symlink escape vulnerability in versions prior to 0.225.9 in Agent file tools (`read_file`, `edit_file`). It allows reading and writing files **outside the project directory*...
2/26/2026CWE-59
CVE-2026-27933
6.8MEDIUM
Manyfold is an open source, self-hosted web application for managing a collection of 3d models, particularly focused on 3d printing. Versions prior to 0.133.0 are vulnerable to session hijack via cook...
2/26/2026CWE-613
CVE-2026-27821
NONE
GPAC is an open-source multimedia framework. In versions up to and including 26.02.0, a stack buffer overflow occurs during NHML file parsing in `src/filters/dmx_nhml.c`. The value of the xmlHeaderEnd...
2/26/2026CWE-121
CVE-2026-27818
NONE
TerriaJS-Server is a NodeJS Express server for TerriaJS, a library for building web-based geospatial data explorers. A validation bug in versions prior to 4.0.3 allows an attacker to proxy domains not...
2/26/2026CWE-20, CWE-918
CVE-2026-27812
NONE
Sub2API is an AI API gateway platform designed to distribute and manage API quotas from AI product subscriptions. A vulnerability in versions prior to 0.1.85 is a Password Reset Poisoning (Host Header...
2/26/2026CWE-116
最新漏洞利用
EDB-52465
webappsmultiple
WordPress Quiz Maker 6.7.0.56 - SQL Injection
CVE-2025-10042
Rahul Sreenivasan12/25/2025
EDB-52463
webappsmultiple
FreeBSD rtsold 15.x - Remote Code Execution via DNSSL
CVE-2025-14558
Lukas Johannes Möller12/25/2025
EDB-52464
webappsmultiple
Chained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie
CVE-2025-10493
0xsabre12/25/2025
EDB-52462
webappsmultiple
Summar Employee Portal 3.98.0 - Authenticated SQL Injection
CVE-2025-40677
Peter Gabaldon12/16/2025
EDB-52461
webappsmultiple
esm-dev 136 - Path Traversal
CVE-2025-59342
Byte Reaper12/16/2025
EDB-52460
webappsphp
Pluck 4.7.7-dev2 - PHP Code Execution
CVE-2018-11736
CodeSecLab12/8/2025
CISA KEV目录
| CVE ID | 厂商 | 产品 | 添加日期 | 勒索软件 |
|---|---|---|---|---|
| CVE-2026-20805 | Microsoft | Windows | 2026-01-13 | - |
| CVE-2025-8110 | Gogs | Gogs | 2026-01-12 | - |
| CVE-2025-37164 | Hewlett Packard Enterprise (HPE) | OneView | 2026-01-07 | - |
| CVE-2009-0556 | Microsoft | Office | 2026-01-07 | - |
| CVE-2025-14847 | MongoDB | MongoDB and MongoDB Server | 2025-12-29 | - |
数据来源
本数据库仅供教育和授权安全研究目的使用。