最新预警列表

MEDIUM NVD Recent 2026-06-22

CVE-2026-11982:Grav 2.0.0-rc.9 with Admin2 2.0.0-rc.14 contains a stored cross-site scripting (XSS) vulnerability in the Admin2 Pages A

Grav 2.0.0-rc.9 with Admin2 2.0.0-rc.14 contains a stored cross-site scripting (XSS) vulnerability in the Admin2 Pages API save flow.

CRITICAL NVD Recent 2026-06-22

CVE-2026-38716:InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a co

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the Python application export function. This vulnerability allows remote attackers to execute arbitrar

CRITICAL NVD Recent 2026-06-22

CVE-2026-38717:InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a co

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the file upload function. The vulnerability allows remote attackers to execute arbitrary commands as r

CRITICAL NVD Recent 2026-06-22

CVE-2026-38715:InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a co

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the log viewing function. This vulnerability allows remote attackers to execute arbitrary commands as

CRITICAL NVD Recent 2026-06-22

CVE-2026-38714:InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a co

InHand Networks IR912 V1.0.0.r20042 and IR915 V1.0.0.r20042 (including earlier versions) were discovered to contain a command injection vulnerability in the Python configuration function. This vulnerability allows remote attackers to execute arbitrary com

CRITICAL CERT/CC VU 2026-06-22

VU#226679: Microsoft WinRE allows for bypass of UEFI/BIOS password enforcement

Overview Microsoft Windows Recovery Environment (WinRE) provides a mechanism for recovering and repairing Windows systems using an alternate boot environment. Under certain platform implementations, access to WinRE may allow an attacker to bypass firmware

HIGH NVD Recent 2026-06-22

CVE-2025-32436:AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agent

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, `AddAudioToVideoBlock` will download and store the video and audio in a temporary directory without deleting before

HIGH NVD Recent 2026-06-18

CVE-2025-32424:AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agent

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, ScreenshotWebPageBlock will store the captured screenshots in a temporary directory. `StepThroughItemsBlock` can be

HIGH NVD Recent 2026-06-18

CVE-2025-32422:AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agent

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, `StepThroughItemsBlock` can iterate all the contents in a list and send them to `FileStoreBlock` for downloading on

MEDIUM NVD Recent 2026-06-18

CVE-2026-12137:The SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager plugin for WordPress is

The SysBasics Customize My Account for WooCommerce – Dashboard, Endpoints, Avatar & Menu Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 4.3.6 due to insufficient i

MEDIUM NVD Recent 2026-06-18

CVE-2026-11776:The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to generic

The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to generic SQL Injection via the 'groupids' parameter in all versions up to, and including, 1.15.43 due to insufficient escaping on the user supp

MEDIUM NVD Recent 2026-06-18

CVE-2026-10623:The PressPrimer Quiz – AI Quiz Maker, Exam Builder & LMS Assessment Plugin plugin for WordPress is vulnerable to Insecur

The PressPrimer Quiz – AI Quiz Maker, Exam Builder & LMS Assessment Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.3.0 via the 'rule_id' parameter due to missing validation on a user c

HIGH NVD Recent 2026-06-18

CVE-2025-32437:AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agent

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, `MediaDurationBlock` will download and store the video in a temporary directory without deleting before all noded a

HIGH NVD Recent 2026-06-18

CVE-2025-32392:AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agent

AutoGPT is a workflow automation platform for creating, deploying, and managing continuous artificial intelligence agents. Prior to 0.6.63, AutoGPT's LoopVideoBLock allows users to input a video file and process the video, such as looping it 5 times or ex

MEDIUM NVD Recent 2026-06-18

CVE-2026-10687:Rejected reason: This CVE Record has been rejected by the Zephyr Project CNA. Subsequent analysis, confirmed with the fi

Rejected reason: This CVE Record has been rejected by the Zephyr Project CNA. Subsequent analysis, confirmed with the fix author, determined that the addressed defect does not apply to any released version of Zephyr: the affected code path exists only in

站内所有资源、漏洞预警、工具与专题内容仅面向企业授权自测、合规研究与安全运维使用。本站不提供可直接用于非法攻击的程序、载荷或黑产平台入口。