最新预警列表

MEDIUM CISA KEV 2026-06-18

CVE-2026-20253:Splunk Splunk Enterprise Missing Authentication for Critical Function Vulnerability

Splunk Enterprise contains a missing authentication for critical function vulnerability which could allow an unauthenticated user to create or truncate arbitrary files through a PostgreSQL sidecar service endpoint.

CRITICAL CERT/CC VU 2026-06-17

VU#380058: SignalRGB kernel driver contains improper access control and IOCTL vulnerabilities

Overview The SignalRGB kernel driver, SignalIo.sys, contains two vulnerabilities involving improper access control and unsafe memory handling. The device object is created with an overly permissive Discretionary Access Control List (DACL) that allows user

CRITICAL CERT/CC VU 2026-06-17

VU#616257: Microsoft-signed UEFI shim bootloaders vulnerable to Secure Boot bypass

Overview Microsoft-signed UEFI bootloaders of the open-source shim project, primarily from version 0.9 and earlier, were identified as vulnerable to Secure Boot bypass. To mitigate this risk, the affected bootloaders will be added to the Microsoft UEFI Fo

MEDIUM NVD Recent 2026-06-17

CVE-2026-9271:Vulnerability Title

Vulnerability Title

LOW NVD Recent 2026-06-17

CVE-2026-9269:The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not sanitise and escape some o

The Secure Copy Content Protection and Content Locking WordPress plugin before 5.1.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfil

CRITICAL NVD Recent 2026-06-17

CVE-2026-49875:Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the necessary

Apache CXF's EndpointReferenceUtils and W3CMultiSchemaFactory classes construct a SAXParserFactory without the necessary JAXP hardening configurations, enabling out-of-band (OOB) external entity resolution. Users are recommended to upgrade to versions 4.

MEDIUM NVD Recent 2026-06-17

CVE-2026-48914:A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of

A flaw was found in QEMU's virtio-blk device. The issue arises because the device does not properly validate the size of input descriptors before writing data. A malicious guest with high privileges could exploit this vulnerability by submitting a malform

MEDIUM NVD Recent 2026-06-17

CVE-2026-12058:The connection confirmation pop-up of a specific feature in the PcSuite can be bypassed.

The connection confirmation pop-up of a specific feature in the PcSuite can be bypassed.

MEDIUM NVD Recent 2026-06-17

CVE-2026-12060:Heptabase developed by Hepta Platforms has a Exposed Dangerous Method or Function vulnerability, allowing unauthenticate

Heptabase developed by Hepta Platforms has a Exposed Dangerous Method or Function vulnerability, allowing unauthenticated remote attackers to leverage social engineering techniques to trick a victim into opening or loading a malicious webpage within the H

HIGH NVD Recent 2026-06-17

CVE-2026-12059:The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated

The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized sc

MEDIUM NVD Recent 2026-06-17

CVE-2026-11847:The  iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Path Traversal vulnerability, allowi

The  iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Path Traversal vulnerability, allowing authenticated remote attackers to exploit this vulnerability to create directories in unintended system paths.

HIGH NVD Recent 2026-06-17

CVE-2026-11846:The  iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has an Arbitrary File Deletion vulnerabilit

The  iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has an Arbitrary File Deletion vulnerability, allowing authenticated remote attackers to exploit this vulnerability to delete arbitrary system files or directories,  resulting in

HIGH NVD Recent 2026-06-17

CVE-2026-11845:The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a OS Command Injection vulnerability, al

The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a OS Command Injection vulnerability, allowing privileged remote attackers to inject arbitrary OS commands and execute them on the device.

MEDIUM NVD Recent 2026-06-17

CVE-2026-11844:The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Arbitrary File Read vulnerability, all

The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Arbitrary File Read vulnerability, allowing privileged remote attackers to access files outside the intended directory scope.

CRITICAL NVD Recent 2026-06-17

CVE-2026-11535:An unauthorized access vulnerability exists in the PcSuite APP. The vulnerability can be exploited by attackers to Unaut

An unauthorized access vulnerability exists in the PcSuite APP. The vulnerability can be exploited by attackers to Unauthorized access to the victim’s device.

站内所有资源、漏洞预警、工具与专题内容仅面向企业授权自测、合规研究与安全运维使用。本站不提供可直接用于非法攻击的程序、载荷或黑产平台入口。