CVE安全周报 | 严重漏洞预警(29条)

2026-06-26

📅 统计周期: 2026-06-19 ~ 2026-06-26
📊 本周漏洞总数: 29条
🔴 严重漏洞: 29条

以下为本周收录的安全漏洞详情,请及时关注并修复受影响的系统。

🔴 严重漏洞(CVSS 9.0+)

📋 漏洞清单

CVE-2026-48939

  • CVSS评分: 10.0(🔴 严重)
  • 状态: Awaiting Analysis
  • 发布时间: 2026-06-20
  • CWE: CWE-284
  • 简述: A vulnerability in the iCagenda extension for Joomla allows the upload of arbitrary files in the file attachment feature, ultimately resulting in PHP ...

CVE-2026-12485

  • CVSS评分: 10.0(🔴 严重)
  • 状态: Deferred
  • 发布时间: 2026-06-24
  • CWE: CWE-121
  • 简述: GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485.

DVRSearch is a service run...

CVE-2026-12846

  • CVSS评分: 10.0(🔴 严重)
  • 状态: Deferred
  • 发布时间: 2026-06-24
  • CWE: CWE-121
  • 简述: GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485.

DVRSearch is a service run...

CVE-2026-12847

  • CVSS评分: 10.0(🔴 严重)
  • 状态: Deferred
  • 发布时间: 2026-06-24
  • CWE: CWE-121
  • 简述: GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485.

DVRSearch is a service run...

CVE-2026-12848

  • CVSS评分: 10.0(🔴 严重)
  • 状态: Deferred
  • 发布时间: 2026-06-24
  • CWE: CWE-121
  • 简述: GV-I/O Box 4E is a smart embedded device with 4 input and 4 relays output that can be controlled over Ethernet and RS-485.

DVRSearch is a service run...

CVE-2026-12537

  • CVSS评分: 10.0(🔴 严重)
  • 状态: Awaiting Analysis
  • 发布时间: 2026-06-24
  • CWE: CWE-20
  • 简述: Improper Neutralization used in an OS Command in the container launcher in Google Gemini CLI (versions prior to 0.39.1) and run-gemini-cli GitHub Acti...

CVE-2026-48584

  • CVSS评分: 9.9(🔴 严重)
  • 状态: Awaiting Analysis
  • 发布时间: 2026-06-19
  • CWE: CWE-250
  • 简述: Execution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate privileges over a network.

CVE-2026-12416

  • CVSS评分: 9.8(🔴 严重)
  • 状态: Deferred
  • 发布时间: 2026-06-24
  • CWE: CWE-640
  • 简述: The Invoice Generator plugin for WordPress is vulnerable to Account Takeover via Password Reset in all versions up to, and including, 1.0.0. This is d...

CVE-2026-12417

  • CVSS评分: 9.8(🔴 严重)
  • 状态: Deferred
  • 发布时间: 2026-06-24
  • CWE: CWE-640
  • 简述: The SignUp & SignIn plugin for WordPress is vulnerable to Authentication Bypass via Weak Password Reset Validation leading to Account Takeover in vers...

CVE-2026-49980

  • CVSS评分: 9.8(🔴 严重)
  • 状态: Awaiting Analysis
  • 发布时间: 2026-06-24
  • CWE: CWE-306
  • 简述: Rclone is a command-line program to sync files and directories to and from different cloud storage providers. From 1.46.0 until 1.74.3, rclone rcd --r...

CVE-2026-53662

  • CVSS评分: 9.6(🔴 严重)
  • 状态: Deferred
  • 发布时间: 2026-06-23
  • CWE: CWE-79,CWE-601
  • 简述: immich is a high performance self-hosted photo and video management solution. From commit 4ffa26c9 until 4eb1003, a reflected cross-site scripting (XS...

CVE-2026-11807

  • CVSS评分: 9.6(🔴 严重)
  • 状态: Awaiting Analysis
  • 发布时间: 2026-06-23
  • CWE: CWE-862
  • 简述: A missing authorization vulnerability was found in the Event-Driven Ansible (EDA) websocket API. The /api/eda/ws/ansible-rulebook endpoint does not ve...

CVE-2026-54588

  • CVSS评分: 9.6(🔴 严重)
  • 状态: Deferred
  • 发布时间: 2026-06-23
  • CWE: CWE-20,CWE-601
  • 简述: Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 use the attacker-controlled HTTP_HOST reque...

CVE-2026-13028

  • CVSS评分: 9.6(🔴 严重)
  • 状态: Analyzed
  • 发布时间: 2026-06-24
  • CWE: CWE-416
  • 简述: Use after free in WebGL in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to potentially perform a sandbox escape via a cr...

CVE-2026-13032

  • CVSS评分: 9.6(🔴 严重)
  • 状态: Analyzed
  • 发布时间: 2026-06-24
  • CWE: CWE-416
  • 简述: Use after free in WebGL in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to potentially perform a sandbox escape via a cr...

CVE-2026-53943

  • CVSS评分: 9.6(🔴 严重)
  • 状态: Deferred
  • 发布时间: 2026-06-24
  • CWE: CWE-524
  • 简述: Ghost is a Node.js content management system. From until 6.37.0, when Ghost is behind a shared caching layer that results in cached content being sha...

CVE-2026-48137

  • CVSS评分: 9.3(🔴 严重)
  • 状态: Analyzed
  • 发布时间: 2026-06-19
  • CWE: CWE-822
  • 简述: There is an untrusted pointer dereference vulnerability in the NI grpc-device sideband streaming API that may allow an attacker to cause an arbitrary ...

CVE-2026-9142

  • CVSS评分: 9.3(🔴 严重)
  • 状态: Analyzed
  • 发布时间: 2026-06-19
  • CWE: CWE-306
  • 简述: There is an insecure default credentials vulnerability in NI grpc-device when TLS configuration is not present and the server is bound beyond loopback...

CVE-2026-54257

  • CVSS评分: 9.3(🔴 严重)
  • 状态: Deferred
  • 发布时间: 2026-06-23
  • CWE: CWE-120
  • 简述: Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From 42.3.1 until 42.3.3, Buffer performs inco...

CVE-2026-56223

  • CVSS评分: 9.3(🔴 严重)
  • 状态: Deferred
  • 发布时间: 2026-06-24
  • CWE: CWE-287
  • 简述: Capgo before 12.128.2 contains a cross-domain SSO account takeover vulnerability in the provision-user endpoint that allows attackers to merge arbitra...

CVE-2026-56237

  • CVSS评分: 9.3(🔴 严重)
  • 状态: Deferred
  • 发布时间: 2026-06-24
  • CWE: CWE-287
  • 简述: Capgo before 12.128.2 contains a broken authentication vulnerability in its API key generation mechanism. API keys are exposed in frontend requests, a...

CVE-2026-56121

  • CVSS评分: 9.3(🔴 严重)
  • 状态: Deferred
  • 发布时间: 2026-06-24
  • CWE: CWE-502
  • 简述: Feast before 0.63.0 contains an unsafe deserialization vulnerability that allows unauthenticated or unauthorized attackers to achieve remote code exec...

CVE-2026-56258

  • CVSS评分: 9.2(🔴 严重)
  • 状态: Analyzed
  • 发布时间: 2026-06-23
  • CWE: CWE-22
  • 简述: Crawl4AI before 0.8.8 contains an arbitrary file write vulnerability in the screenshot and PDF endpoints that allows unauthenticated attackers to writ...

CVE-2026-12628

  • CVSS评分: 9.1(🔴 严重)
  • 状态: Undergoing Analysis
  • 发布时间: 2026-06-22
  • CWE: CWE-798
  • 简述: IBM Storage Protect Client 8.1.0.0 through 8.2.1.0 and IBM Storage Protect Snapshot For Windows 8.1.0.0 through 8.2.1.0 could allow a remote attacker ...

CVE-2026-12486

  • CVSS评分: 9.1(🔴 严重)
  • 状态: Deferred
  • 发布时间: 2026-06-24
  • CWE: CWE-78
  • 简述: Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network ...

CVE-2026-12849

  • CVSS评分: 9.1(🔴 严重)
  • 状态: Deferred
  • 发布时间: 2026-06-24
  • CWE: CWE-78
  • 简述: Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network ...

CVE-2026-12850

  • CVSS评分: 9.1(🔴 严重)
  • 状态: Deferred
  • 发布时间: 2026-06-24
  • CWE: CWE-78
  • 简述: Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network ...

CVE-2026-12851

  • CVSS评分: 9.1(🔴 严重)
  • 状态: Deferred
  • 发布时间: 2026-06-24
  • CWE: CWE-78
  • 简述: Multiple OS command injection vulnerabilities exist in the libNetSetObj.so functionality of GeoVision GV-I/O Box 4E 2.09. A specially crafted network ...

CVE-2026-54157

  • CVSS评分: 9.0(🔴 严重)
  • 状态: Deferred
  • 发布时间: 2026-06-23
  • CWE: CWE-918
  • 简述: LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.57, the /webapi/proxy endp...

🤖 本文由 CVE 安全周报机器人自动生成
数据来源: NVD (National Vulnerability Database) | 更新时间: 2026-06-26 15:29