CISA 已知遭利用漏洞

本看板同步 CISA 官方「已遭利用漏洞目录」,聚焦真实在野利用的活跃威胁,支持按 CVE、厂商或产品检索,快速核对资产风险,以实际威胁而非仅理论分数驱动修复优先级。

KEV 漏洞新增趋势(近 24 个月)

显示 1201637 条记录
«« 第一页 « 上一页 第 1 / 82 页 下一页 »
CVE 漏洞名称 厂商 / 产品 收录日期 截止日期 摘要
CVE-2026-56291 Balbooa Forms Unrestricted Upload of File with Dangerous Type Vulnerability Balbooa / Forms 2026-07-10 2026-07-13 The Joomla extension Balbooa Forms is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
CVE-2026-48939 iCagenda Unrestricted Upload of File with Dangerous Type Vulnerability iCagenda / iCagenda 2026-07-10 2026-07-13 A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP code upload and execution.
CVE-2026-56290 Joomlack Page Builder Improper Access Control Vulnerability Joomlack / Page Builder 2026-07-07 2026-07-10 The Joomla extension Page Builder CK is vulnerable to an unauthenticated arbitrary file upload that allows uploading executable files and leads to full RCE.
CVE-2026-55255 Langflow Authorization Bypass Through User-Controlled Key Vulnerability Langflow / Langflow 2026-07-07 2026-07-10 Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to 1.9.1, an Insecure Direct Object Reference (IDOR) vulnerability in /api/v1/responses endpoint allows an authenticated attacker to execute any flow belonging to another user by specifying the v…
CVE-2026-48908 JoomShaper SP Page Builder Unrestricted Upload of File with Dangerous Type Vulnerability JoomShaper / SP Page Builder 2026-07-07 2026-07-10 A vulnerability in SP Page Builder for Joomla allows unauthenticated users to upload arbitrary files, ultimately resulting in the upload and execution of PHP code.
CVE-2026-48282 Adobe ColdFusion Path Traversal Vulnerability Adobe / ColdFusion 2026-07-07 2026-07-10 ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary code execution in the context of the current user. Exploitation of this issue does not requ…
CVE-2026-45659 Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability Microsoft / SharePoint Server 2026-07-01 2026-07-04 Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
CVE-2026-48558 SimpleHelp Authentication Bypass Vulnerability SimpleHelp / SimpleHelp 2026-06-29 2026-07-02 SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication flow. When OIDC authentication is configured, identity tokens submitted during login are accepted without verifying their cryptographic sign…
CVE-2026-20230 Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability Cisco / Unified Communications Manager 2026-06-25 2026-06-28 A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected devi…
CVE-2026-12569 PTC Windchill and FlexPLM Improper Input Validation Vulnerability PTC / Windchill and FlexPLM 2026-06-25 2026-06-28 A critical remote code execution (RCE) vulnerability has been reported in PTC Windchill PDMlink and PTC FlexPLM. The vulnerability may be exploited through the deserialization of untrusted data.  * This advisory also applies to all CPS versions * The identified vulnerability…
CVE-2026-34910 Ubiquiti UniFi OS Improper Input Validation Vulnerability Ubiquiti / UniFi OS 2026-06-23 2026-06-26 A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.
CVE-2026-34909 Ubiquiti UniFi OS Path Traversal Vulnerability Ubiquiti / UniFi OS 2026-06-23 2026-06-26 A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an underlying account.
CVE-2026-34908 Ubiquiti UniFi OS Improper Access Control Vulnerability Ubiquiti / UniFi OS 2026-06-23 2026-06-26 A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.
CVE-2025-67038 Lantronix EDS5000 Code Injection Vulnerability Lantronix / EDS5000 2026-06-23 2026-06-26 An issue was discovered in Lantronix EDS5000 2.1.0.0R3. The HTTP RPC module executes a shell command to write logs when user's authantication fails. The username is directly concatenated with the command without any sanitization. This allow attackers to inject arbitrary OS comman…
CVE-2026-20253 Splunk Enterprise Missing Authentication for Critical Function Vulnerability Splunk / Enterprise 2026-06-18 2026-06-21 In Splunk Enterprise 10.2 versions below 10.2.4 and 10 versions below 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint. The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authenticat…
CVE-2026-48907 Widget Factory Joomla Content Editor Improper Access Control Vulnerability Widget Factory / Joomla Content Editor 2026-06-16 2026-06-19 A vulnerability in the JCE editor extension for Joomla allows the creation of new editor profiles for unauthenticated users, ultimately resulting in PHP code upload and execution.
CVE-2026-54420 LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability LiteSpeed / cPanel Plugin 2026-06-15 2026-06-18 LiteSpeed cPanel plugin before 2.4.8 (as distributed in LiteSpeed WHM PlugIn before 5.3.2.0) mishandles symlinks provided by a user with FTP or web shell access on a shared hosting server running CloudLinux/CageFS, as exploited in the wild in May 2026.
CVE-2026-20262 Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability Cisco / Catalyst SD-WAN Manager 2026-06-15 2026-06-29 A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does n…
CVE-2026-35273 Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability Oracle / PeopleSoft Enterprise PeopleTools 2026-06-12 2026-06-15 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP t…
CVE-2026-10520 Ivanti Sentry OS Command Injection Vulnerability Ivanti / Sentry 2026-06-11 2026-06-14 An OS Command Injection vulnerability in Ivanti Sentry before the R10.5.2, R10.6.2 and R10.7.1 versions allows a remote unauthenticated user to achieve root-level remote code execution
«« 第一页 « 上一页 第 1 / 82 页 下一页 »
cvelogic Threat Intelligence