浏览 91+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-41130 | Craft CMS has a host header injection leading to SSRF via resource-js endpoint | craftcms | cms | - | - | 2026-04-21 23:36:31 | Deep Dive |
| CVE-2026-41129 | Craft CMS has Server-Side Request Forgery (SSRF) with Asset Uploads Mutations | craftcms | cms | - | - | 2026-04-21 23:34:57 | Deep Dive |
| CVE-2026-41128 | Craft CMS has a Missing Authorization Check on User Group Removal via save-permissions Action | craftcms | cms | - | - | 2026-04-21 23:32:38 | Deep Dive |
| CVE-2026-32272 | Craft Commerce: Blind SQL Injection via hasVariant/hasProduct | craftcms | commerce | 中危 | - | 2026-04-13 20:25:50 | Deep Dive |
| CVE-2026-32271 | Craft Commerce: SQL Injection can lead to Remote Code Execution via TotalRevenue Widget | craftcms | commerce | 高危 | - | 2026-04-13 20:19:19 | Deep Dive |
| CVE-2026-32270 | Craft Commerce: Unauthenticated information disclosure in `commerce/payments/pay` can leak some customer order data on anonymous payments | craftcms | commerce | 中危 | - | 2026-04-13 20:08:05 | Deep Dive |
| CVE-2026-33162 | Craft CMS: Authorization bypass in "entries/move-to-section" allows control panel user to move entries without section permissions | craftcms | cms | 中危 | - | 2026-03-24 17:32:27 | Deep Dive |
| CVE-2026-33161 | Craft CMS: Anonymous "assets/image-editor" calls returns private asset editor metadata to unauthorized users | craftcms | cms | 中危 | - | 2026-03-24 17:31:28 | Deep Dive |
| CVE-2026-33160 | Craft CMS: Anonymous "generate transform" calls for assets can expose private assets via transform URL | craftcms | cms | 中危 | - | 2026-03-24 17:30:20 | Deep Dive |
| CVE-2026-33159 | Craft CMS: Unauthenticated users could execute project configuration sync operations that should be restricted trusted users | craftcms | cms | 中危 | - | 2026-03-24 17:28:37 | Deep Dive |
| CVE-2026-33158 | Craft CMS: Low-privilege users could read private asset contents when editing an asset (IDOR) | craftcms | cms | 中危 | - | 2026-03-24 17:26:04 | Deep Dive |
| CVE-2026-33157 | Craft CMS: Potential authenticated Remote Code Execution via malicious attached Behavior | craftcms | cms | 中危 | - | 2026-03-24 17:22:01 | Deep Dive |
| CVE-2026-33051 | Craft CMS Vulnerable to Stored XSS in Revision Context Menu | craftcms | cms | 中危 | - | 2026-03-20 05:56:02 | Deep Dive |
| CVE-2026-32268 | Azure Blob Storage for Craft CMS Potential Sensitive Information Disclosure vulnerability | craftcms | azure-blob | 中危 | - | 2026-03-18 04:53:04 | Deep Dive |
| CVE-2026-32266 | Google Cloud Storage for Craft CMS has an Information Disclosure Vulnerability | craftcms | google-cloud | 中危 | - | 2026-03-18 03:46:00 | Deep Dive |
| CVE-2026-32265 | Amazon S3 for Craft CMS has an Information Disclosure vulnerability | craftcms | aws-s3 | 中危 | - | 2026-03-18 03:28:24 | Deep Dive |
| CVE-2026-32267 | Craft CMS Vulnerable to Privilege Escalation/Bypass through UsersController->actionImpersonateWithToken() | craftcms | cms | - | - | 2026-03-16 19:04:48 | Deep Dive |
| CVE-2026-32264 | Craft CMS vulnerable to behavior injection RCE ElementIndexesController and FieldsController | craftcms | cms | - | - | 2026-03-16 19:02:23 | Deep Dive |
| CVE-2026-32263 | Craft CMS vulnerable to behavior injection RCE via EntryTypesController | craftcms | cms | - | - | 2026-03-16 18:57:50 | Deep Dive |
| CVE-2026-32262 | Craft CMS has a Path Traversal Vulnerability in AssetsController | craftcms | cms | - | - | 2026-03-16 18:57:47 | Deep Dive |