MITRE ATT&CK CVE list for this attack path. Use risk scores and timeline to decide what to patch first and what to track next.
| CVE | 描述 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|
| CVE-2026-11401 | An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rds_superuser, via a crafted function created by the actor that runs when that user connects to the cluster through the affected wrapper. To remediate this issue, users should upgrade to the AWS Advanced Go Wrapper release 2026-05-26 | 8.6 | 無 | 2026-06-05 | 2026-06-05 |
| CVE-2026-11400 | An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rds_superuser, via a crafted function created by the actor that runs when that user connects to the cluster through an affected wrapper. To remediate this issue, users should upgrade to AWS Advanced JDBC Wrapper version 4.0.1. | 8.6 | 無 | 2026-06-05 | 2026-06-05 |
| CVE-2026-46392 | HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0 of HAX CMS PHP, the `saveFile` endpoint validates upload extensions case-insensitively and writes the filename to disk verbatim, but the `.htaccess` rule that forces `Content-Disposition: attachment` on HTML files is case-sensitive. An HTML file uploaded with an uppercase extension (`.HTML`, `.Html`, `.HTM`) is still served as `text/html` but the forced-download header never applies, so the browser rende | 8.7 | 無 | 2026-06-05 | 2026-06-05 |
| CVE-2026-2379 | On affected platforms with hardware IPSec support running Arista EOS with certain IPsec features enabled, EOS may exhibit unexpected behavior in specific cases. Physical interface flaps and certain agent restarts can cause IPsec tunnel re-establishment with existing Security Associations, resulting in sequence number mismatches between tunnel endpoints potentially causing unstable communication. | 8.2 | 無 | 2026-06-05 | 2026-06-05 |
| CVE-2026-41567 | Moby is an open source container framework. In versions prior to 29.5.1 and in moby/moby v2 prior to v2.0.0-beta.14, when a compressed archive is uploaded to a container via `PUT /containers/{id}/archive` or piped through `docker cp -`, the daemon resolves decompression binaries (such as `xz` or `unpigz`) from the container's filesystem rather than the host's due to incorrect ordering of operations. A malicious container image containing a trojanized decompression binary can achieve arbitrary co | 7.2 | 0.01% | 2026-06-05 | 2026-06-05 |
| CVE-2026-11236 | Insufficient policy enforcement in Web Bluetooth in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Low) | 8.3 | 0.03% | 2026-06-04 | 2026-06-05 |
| CVE-2026-11175 | Incorrect security UI in Messages in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | 8.8 | 0.03% | 2026-06-04 | 2026-06-05 |
| CVE-2026-11172 | Incorrect security UI in Contact Picker in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | 8.8 | 0.03% | 2026-06-04 | 2026-06-05 |
| CVE-2026-11092 | Insufficient policy enforcement in DevTools in Google Chrome prior to 149.0.7827.53 allowed an attacker who convinced a user to install a malicious extension to perform privilege escalation via a crafted Chrome Extension. (Chromium security severity: Medium) | 8.8 | 0.01% | 2026-06-04 | 2026-06-05 |
| CVE-2026-10940 | Race in Codecs in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | 8.3 | 0.06% | 2026-06-04 | 2026-06-05 |
| CVE-2026-11322 | Hermes WebUI prior to v0.51.221 contains a path traversal vulnerability that allows attackers to escape the workspace boundary by supplying symlinks that resolve to files or directories outside the designated workspace root. Attackers can exploit the workspace file and listing APIs, which resolve symlink targets without enforcing that the final path remains within the workspace, to read external host files accessible to the server process and disclose sensitive data such as SSH keys, cloud crede | 7.1 | 0.04% | 2026-06-04 | 2026-06-05 |
| CVE-2026-41236 | Froxlor is open source server administration software. Version 2.3.6 contains a symlink-following flaw in the root-owned SSH key synchronization path used for customer FTP users. The provisioning code appends public keys to `~/.ssh/authorized_keys` under a customer-controlled home directory without verifying that the target path is not a symbolic link. If an attacker controls a shell-enabled customer account and can modify files inside the assigned home directory, the attacker can replace `~/.ss | 8.8 | 0.06% | 2026-06-04 | 2026-06-05 |
| CVE-2026-49942 | Net::CIDR::Set versions through 0.20 for Perl did not validate network masks. The mask portion of a network mask could contain Unicode digits such as the Arabic-Indic One (U+0661), or non-digits, which were ignored. This could allow network masks to accept larger networks. Leading zeros were also accepted, but treated as decimal instead of octal. This could lead to confusion about what networks are acceptable. | 7.3 | 0.05% | 2026-06-04 | 2026-06-04 |
| CVE-2026-49941 | Net::CIDR::Set versions through 0.20 for Perl did not validate IP addresses. The add method called the _encode method to parse addresses. If the addresses did not look like netmasks or network ranges, then they were assumed to single IP addresses and passed back to itself as a 32-bit or 128-bit netmask. If the argument was not a well-formed IP address, then this would lead to indefinite recursion. An attacker could use this to cause a denial of service. | 7.5 | 0.04% | 2026-06-04 | 2026-06-04 |
| CVE-2026-10840 | A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the cluster, any authenticated user can disrupt workload scheduling, tamper with scheduling priorities, delete other tenants' Workload objects, or induce cert-manager to overwrite TLS Secrets including the defa | 9.6 | 0.02% | 2026-06-04 | 2026-06-04 |
| CVE-2025-52612 | HCL iControl was affected by Export CSV - CSV Injection vulnerability. It is vulnerable to a reflected cross-site scripting vulnerability. This was caused by an insufficient sanitation of input parameters. . | 7.1 | 0.04% | 2026-06-04 | 2026-06-04 |
| CVE-2026-50211 | Leftover engineering diagnostics and factory-level diagnostic software remain exposed on retail builds, giving malicious apps write privileges to internal NVRAM registers. | 8.8 | 0.04% | 2026-06-04 | 2026-06-04 |
| CVE-2026-50209 | Broadcast events allow malicious software to rewrite the device's default Mobile Device Management (MDM) endpoint address, shifting administrative ownership to an external attacker. | 9.3 | 0.01% | 2026-06-04 | 2026-06-04 |
| CVE-2026-50033 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227. | 7.3 | 0.01% | 2026-06-03 | 2026-06-04 |
| CVE-2026-44682 | Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.15051.93227. | 7.3 | 0.01% | 2026-06-03 | 2026-06-04 |