{ "count": 50, "generated_at": "2026-04-26T02:25:40.895787", "items": [ { "cve_id": "CVE-2026-6977", "cvss": 7.3, "cwe_id": "CWE-285", "preview": "# CVE-2026-6977: vanna-ai \u9057\u7559 Flask API \u6388\u6743\u4e0d\u5f53\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u5b58\u5728\u4e8e `vanna-ai` \u5e93\uff08\u5177\u4f53\u4e3a 2.0.2 \u53ca\u66f4\u65e9\u7248\u672c\uff09\u7684 **Legacy Flask API** \u5b9e\u73b0\u4e2d\u3002\u6838\u5fc3\u95ee\u9898\u662f **\u6388\u6743\u4e0d\u5f53**\u3002\n\n\u9057\u7559\u6a21\u5757\u4e2d\u7684 Flask API \u7aef\u70b9\u672a\u80fd\u6b63\u786e\u9a8c\u8bc1\u53d1\u51fa\u8bf7\u6c42\u7684\u7528\u6237\u7684\u8eab\u4efd\u6216\u6743\u9650\u3002\u5177\u4f53\u6765\u8bf4\uff0cAPI \u53ef\u80fd\u5728\u5bf9\u654f\u611f\u64cd\u4f5c\uff08\u5982\u67e5\u8be2\u6570\u636e\u5e93\u3001\u4fee\u6539\u914d\u7f6e\u6216\u901a\u8fc7 `vanna` \u63a5\u53e3\u6267\u884c\u7c7b SQL \u67e5\u8be2\uff09\u65f6\u4f9d\u8d56\u4e8e\u9690\u5f0f\u4fe1\u4efb\u6216\u7f3a\u5c11\u8eab\u4efd\u9a8c\u8bc1\u68c0\u67e5\u3002\n\n\u5728\u8bb8\u591a Flask \u5e94\u7528\u7a0b\u5e8f\u4e2d\uff0c\u5982\u679c\u8def\u7531\u672a\u663e\u5f0f\u4f7f", "product": "vanna", "severity": "High", "title": "vanna-ai \u65e7\u7248 Flask API \u6388\u6743\u7f3a\u9677\u6f0f\u6d1e", "title_en": "vanna-ai vanna Legacy Flask API improper authorization", "updated_at": "2026-04-25T11:06:50", "url": "https://cve.imfht.com/detail/CVE-2026-6977", "vendor": "vanna-ai" }, { "cve_id": "CVE-2026-6951", "cvss": 9.8, "cwe_id": "CWE-94", "preview": "# CVE-2026-6951 \u6f0f\u6d1e\u5206\u6790\n\n## \u6f0f\u6d1e\u6982\u8ff0\n\n**CVE-2026-6951** \u662f `simple-git` Node.js \u5e93\uff08\u7248\u672c < 3.36.0\uff09\u4e2d\u7684\u4e00\u4e2a\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\uff08RCE\uff09\u6f0f\u6d1e\u3002\u5b83\u662f\u5bf9 [CVE-2022-25912](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-3112221) \u7684\u4e0d\u5b8c\u6574\u4fee\u590d\u3002\n\n\u867d\u7136\u4e4b\u524d\u7684\u4fee\u590d\u963b\u6b62\u4e86\u4f7f\u7528\u77ed\u9009\u9879 `-c` \u5411 git \u4f20\u9012\u914d\u7f6e\uff0c\u4f46\u672a\u80fd\u963b\u6b62\u7b49\u6548\u7684\u957f\u9009\u9879 `--config`\u3002\u80fd\u591f\u63a7\u5236\u4f20\u9012\u7ed9 `simple-git` \u7684 `options` \u53c2", "product": "simple-git", "severity": "Critical", "title": "simple-git<3.36.0 RCE\u6f0f\u6d1e\u56e0--config\u672a\u4fee\u590d", "title_en": null, "updated_at": "2026-04-25T05:39:05", "url": "https://cve.imfht.com/detail/CVE-2026-6951", "vendor": "n/a" }, { "cve_id": "CVE-2019-11043", "cvss": 8.7, "cwe_id": "CWE-120", "preview": "# CVE-2019-11043 \u5206\u6790\u62a5\u544a\n\n## \u6f0f\u6d1e\u6982\u8ff0\n**CVE-2019-11043**\uff1aPHP-FPM \u4e2d\u7684\u6574\u6570\u4e0b\u6ea2\u53ef\u5bfc\u81f4\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\uff08RCE\uff09\u3002 \n**\u4e25\u91cd\u7a0b\u5ea6**\uff1a\u9ad8 \n**\u53d7\u5f71\u54cd\u7248\u672c**\uff1aPHP 7.1.x < 7.1.33\u30017.2.x < 7.2.24\u30017.3.x < 7.3.11 \n\n## \u6839\u672c\u539f\u56e0\u5206\u6790\n\u8be5\u6f0f\u6d1e\u5b58\u5728\u4e8e PHP-FPM\uff08FastCGI \u8fdb\u7a0b\u7ba1\u7406\u5668\uff09\u6a21\u5757\u4e2d\u3002\u5f53 PHP-FPM \u901a\u8fc7 FastCGI \u534f\u8bae\u914d\u7f6e\u4f7f\u7528 `php_admin_value` \u6216 `php_flag` \u6307\u4ee4\u65f6\uff0c\u4f1a\u89e3\u6790\u4f20\u5165\u7684\u8bf7\u6c42\u6570\u636e\u3002\n\n\u5728\u5b58\u5728\u6f0f", "product": "PHP", "severity": "High", "title": "PHP \u5b89\u5168\u6f0f\u6d1e", "title_en": "Underflow in PHP-FPM can lead to RCE", "updated_at": "2026-04-25T03:37:48", "url": "https://cve.imfht.com/detail/CVE-2019-11043", "vendor": "PHP" }, { "cve_id": "CVE-2020-5256", "cvss": 7.9, "cwe_id": "CWE-95", "preview": "# CVE-2020-5256 \u6f0f\u6d1e\u5206\u6790\uff1a\u901a\u8fc7 BookStack \u4e2d\u7684\u56fe\u7247\u4e0a\u4f20\u5b9e\u73b0\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u5b58\u5728\u4e8e BookStack\uff080.25.5 \u7248\u672c\u4e4b\u524d\uff09\u7684\u56fe\u7247\u4e0a\u4f20\u529f\u80fd\u4e2d\u3002\u5e94\u7528\u7a0b\u5e8f\u672a\u80fd\u5bf9\u4e0a\u4f20\u6587\u4ef6\u7684\u5185\u5bb9\u8fdb\u884c\u4e25\u683c\u6821\u9a8c\u3002\u5177\u4f53\u6765\u8bf4\uff0c\u5b83\u5141\u8bb8\u7528\u6237\u901a\u8fc7\u64cd\u63a7\u6587\u4ef6\u6269\u5c55\u540d\u6216 MIME \u7c7b\u578b\u6765\u4e0a\u4f20\u53ef\u6267\u884c\u6269\u5c55\u540d\u7684\u6587\u4ef6\uff08\u4f8b\u5982 `.php`\uff09\uff0c\u4ece\u800c\u7ed5\u8fc7\u670d\u52a1\u5668\u7aef\u7684\u6821\u9a8c\u68c0\u67e5\u3002\n\n\u5728\u8bb8\u591a PHP \u5e94\u7528\u4e2d\uff0c\u5982\u679c Web \u670d\u52a1\u5668\u6839\u636e\u6269\u5c55\u540d\u914d\u7f6e\u4e3a\u6267\u884c PHP \u6587\u4ef6\uff0c\u6216\u8005\u5e94\u7528\u5c06\u4e0a\u4f20\u7684\u6587\u4ef6\u5b58\u653e\u5728\u53ef\u88ab Web \u8bbf\u95ee\u7684\u76ee\u5f55\u4e14\u672a\u7981\u7528\u8be5\u76ee\u5f55\u7684\u6267\u884c\u6743\u9650\uff0c\u90a3\u4e48\u53ea\u9700\u8bf7\u6c42\u8be5", "product": "BookStack", "severity": "High", "title": "BookStack \u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e", "title_en": "Remote Code Execution Through Image Uploads in BookStack", "updated_at": "2026-04-25T03:32:55", "url": "https://cve.imfht.com/detail/CVE-2020-5256", "vendor": "BookStackApp" }, { "cve_id": "CVE-2020-5302", "cvss": 8.2, "cwe_id": "CWE-284", "preview": "# CVE-2020-5302\uff1aMH-WikiBot \u4e2d\u65e0\u6743\u9650\u7528\u6237\u63d0\u6743\u6f0f\u6d1e\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6982\u8ff0\nMH-WikiBot \u662f\u4e00\u6b3e\u7528\u4e8e\u4e0e Miraheze API \u4ea4\u4e92\u7684 IRC \u673a\u5668\u4eba\uff0c\u5176\u4e2d\u5b58\u5728\u4e00\u4e2a\u4e25\u91cd\u7684\u8bbf\u95ee\u63a7\u5236\u6f0f\u6d1e\u3002\u8be5\u673a\u5668\u4eba\u5141\u8bb8\u4efb\u4f55\u8fde\u63a5\u5230 IRC \u9891\u9053\u7684\u7528\u6237\u901a\u8fc7\u7b80\u5355\u5730\u5192\u5145\u7279\u6743\u7528\u6237\u7684\u6635\u79f0\u6765\u6267\u884c\u7279\u6743 \u201csteward\u201d \u547d\u4ee4\uff08\u4f8b\u5982\u5c01\u7981\u7528\u6237\uff09\u3002\u673a\u5668\u4eba\u5728\u8fdb\u884c\u6388\u6743\u68c0\u67e5\u65f6\u4ec5\u4f9d\u8d56\u53d1\u9001\u8005\u7684\u6635\u79f0\uff08`sender`\uff09\uff0c\u800c\u672a\u9a8c\u8bc1\u7528\u6237\u662f\u5426\u5b9e\u9645\u5df2\u767b\u5f55\u6216\u8fde\u63a5\u662f\u5426\u5408\u6cd5\u3002\n\n### \u6839\u672c\u539f\u56e0\n\u6839\u672c\u539f\u56e0\u662f\u7f3a\u4e4f\u5bf9\u7279\u6743\u547d\u4ee4\u7684\u8eab\u4efd\u8ba4\u8bc1\u6821\u9a8c\u3002\u5728 `on_message` \u51fd\u6570\u4e2d\uff0c\u673a\u5668", "product": "MH-WikiBot", "severity": "High", "title": "MH-WikiBot \u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e", "title_en": "unprivileged user can access priviledged action in MH-WikiBot", "updated_at": "2026-04-25T03:32:55", "url": "https://cve.imfht.com/detail/CVE-2020-5302", "vendor": "examknow" }, { "cve_id": "CVE-2020-10750", "cvss": 7.1, "cwe_id": "CWE-532", "preview": "# CVE-2020-10750 \u5206\u6790\uff1aJaeger \u4e2d\u5c06\u654f\u611f\u4fe1\u606f\u5199\u5165\u65e5\u5fd7\u6587\u4ef6\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u5b58\u5728\u4e8e Jaeger \u9879\u76ee\uff08\u5177\u4f53\u4e3a 1.18.1 \u4e4b\u524d\u7684\u7248\u672c\uff09\u4e2d\uff0c\u5f53\u914d\u7f6e\u4e86 Kafka \u6570\u636e\u5b58\u50a8\u6216 Kafka \u63a5\u6536\u5668/\u6536\u96c6\u5668\u65f6\u4f1a\u51fa\u73b0\u6b64\u95ee\u9898\u3002\u95ee\u9898\u7684\u6839\u6e90\u5728\u4e8e\u65e5\u5fd7\u914d\u7f6e\u4ee5\u53ca Kafka \u5ba2\u6237\u7aef\u5e93\uff08\u4ee5\u53ca Jaeger \u5bf9\u5176\u7684\u5c01\u88c5\uff09\u5904\u7406\u8fde\u63a5\u53c2\u6570\u7684\u65b9\u5f0f\u3002\n\n\u5f53 Jaeger \u521d\u59cb\u5316 Kafka \u8fde\u63a5\u65f6\uff0c\u901a\u5e38\u4f1a\u8bb0\u5f55\u914d\u7f6e\u8be6\u60c5\u4ee5\u4fbf\u8c03\u8bd5\u6216\u8fd0\u7ef4\u53ef\u89c2\u6d4b\u6027\u3002\u5177\u4f53\u800c\u8a00\uff0c`sarama` \u5e93\uff08\u6216 Jaeger \u4f7f\u7528\u7684\u7c7b\u4f3c Kafka Go \u5ba2\u6237\u7aef\uff09\u6216 Jaeg", "product": "jaegertracing/jaeger", "severity": "High", "title": "jaegertracing/jaeger \u65e5\u5fd7\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e", "title_en": null, "updated_at": "2026-04-25T03:29:02", "url": "https://cve.imfht.com/detail/CVE-2020-10750", "vendor": "the Jager project" }, { "cve_id": "CVE-2020-7679", "cvss": 7.3, "cwe_id": null, "preview": "# CVE-2020-7679\uff1aCasperJS \u4e2d\u7684\u539f\u578b\u6c61\u67d3\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u5b58\u5728\u4e8e `modules/utils.js` \u6587\u4ef6\u4e2d\u7684 `mergeObjects` \u5de5\u5177\u51fd\u6570\u3002\u6b64\u51fd\u6570\u65e8\u5728\u9012\u5f52\u5730\u5c06\u4e00\u4e2a\u5bf9\u8c61\uff08`add`\uff09\u7684\u5c5e\u6027\u5408\u5e76\u5230\u53e6\u4e00\u4e2a\u5bf9\u8c61\uff08`origin`\uff09\u4e2d\u3002\n\n\u6838\u5fc3\u95ee\u9898\u5728\u4e8e\u8be5\u51fd\u6570\u4f7f\u7528 `for...in` \u5faa\u73af\u904d\u5386 `add` \u5bf9\u8c61\u7684\u6240\u6709\u53ef\u679a\u4e3e\u5c5e\u6027\uff0c\u4f46\u6ca1\u6709\u5bf9\u5c5e\u6027\u540d\u8fdb\u884c\u6821\u9a8c\u3002\u5728 JavaScript \u4e2d\uff0c\u50cf `__proto__` \u6216 `constructor` \u8fd9\u6837\u7684\u5c5e\u6027\u540d\u53ef\u4ee5\u7528\u6765\u4fee\u6539 `Object` \u6784\u9020\u51fd\u6570\u7684\u539f\u578b\uff0c\u4ece", "product": "casperjs", "severity": "High", "title": "CasperJS \u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e", "title_en": "Prototype Pollution", "updated_at": "2026-04-25T03:29:02", "url": "https://cve.imfht.com/detail/CVE-2020-7679", "vendor": "n/a" }, { "cve_id": "CVE-2020-11056", "cvss": 7.4, "cwe_id": "CWE-94", "preview": "# CVE-2020-11056\uff1aSprout Forms \u4e2d\u7684\u670d\u52a1\u5668\u7aef\u6a21\u677f\u6ce8\u5165\n\n## \u6f0f\u6d1e\u5206\u6790\n\n**\u4e25\u91cd\u7a0b\u5ea6\uff1a** \u9ad8 \n**\u53d7\u5f71\u54cd\u7ec4\u4ef6\uff1a** barrelstrength/Sprout Forms\uff083.9.0 \u4e4b\u524d\u7248\u672c\uff09 \n**\u6f0f\u6d1e\u7c7b\u578b\uff1a** \u670d\u52a1\u5668\u7aef\u6a21\u677f\u6ce8\u5165\uff08SSTI\uff09/ \u4ee3\u7801\u6ce8\u5165 \n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u5b58\u5728\u4e8e\u901a\u77e5\u90ae\u4ef6\u751f\u6210\u8fc7\u7a0b\u4e2d\u3002Sprout Forms \u5141\u8bb8\u7ba1\u7406\u5458\u5728\u901a\u77e5\u90ae\u4ef6\u6a21\u677f\u4e2d\u914d\u7f6e\u81ea\u5b9a\u4e49\u5b57\u6bb5\u3002\u8fd9\u4e9b\u6a21\u677f\u4f7f\u7528 Twig \u6a21\u677f\u5f15\u64ce\u8fdb\u884c\u5904\u7406\u3002\n\n\u5728 3.9.0 \u4e4b\u524d\u7684\u7248\u672c\u4e2d\uff0c\u8d1f\u8d23\u6e32\u67d3\u8fd9\u4e9b\u901a\u77e5\u90ae\u4ef6\u7684\u4ee3\u7801\u672a\u80fd\u5bf9 Twig \u73af\u5883\u8fdb\u884c\u9002\u5f53\u6e05\u7406\u6216", "product": "Sprout Forms", "severity": "High", "title": "Sprout Forms \u6ce8\u5165\u6f0f\u6d1e", "title_en": "Potential Code Injection in Sprout Forms", "updated_at": "2026-04-25T03:29:02", "url": "https://cve.imfht.com/detail/CVE-2020-11056", "vendor": "barrelstrength" }, { "cve_id": "CVE-2020-11090", "cvss": 7.5, "cwe_id": "CWE-400", "preview": "# CVE-2020-11090 \u5206\u6790\uff1aIndy Node \u4e2d\u7684\u4e0d\u53d7\u63a7\u8d44\u6e90\u6d88\u8017\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u5b58\u5728\u4e8e Indy Node \u670d\u52a1\u5668\u5bf9 Transaction Author Agreement\uff08TAA\uff09\u8bf7\u6c42\u7684\u5904\u7406\u8fc7\u7a0b\u4e2d\u3002\u5177\u4f53\u6765\u8bf4\uff0c`TxnAuthorAgreementHandler`\uff08\u4ee5\u53ca\u76f8\u5173\u7684\u5904\u7406\u5668\uff09\u5728\u5904\u7406 TAA \u4ea4\u6613\u65f6\uff0c\u6ca1\u6709\u5bf9\u8fd9\u4e9b\u8bf7\u6c42\u7684\u9891\u7387\u548c\u5927\u5c0f\u8fdb\u884c\u5145\u5206\u7684\u9a8c\u8bc1\u6216\u8bbe\u7f6e\u8d44\u6e90\u9650\u5236\u3002\n\n\u5728 Indy Node 1.12.3 \u4e4b\u524d\u7684\u7248\u672c\uff08\u7279\u522b\u662f 1.12.2\uff09\u4e2d\uff0c\u6076\u610f\u6784\u9020\u6216\u5feb\u901f\u8fde\u7eed\u53d1\u9001\u7684 TAA \u4ea4\u6613\u53ef\u80fd\u5bfc\u81f4\u4e3b\u8282\u70b9\u5d29\u6e83\u6216\u65e0\u54cd\u5e94\u3002\u8fd9\u901a", "product": "Indy Node", "severity": "High", "title": "Indy Node \u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e", "title_en": "Uncontrolled Resource Consumption in Indy Node", "updated_at": "2026-04-25T03:29:02", "url": "https://cve.imfht.com/detail/CVE-2020-11090", "vendor": "Hyperledger" }, { "cve_id": "CVE-2020-15127", "cvss": 7.5, "cwe_id": "CWE-306", "preview": "# CVE-2020-15127 \u5206\u6790\uff1aContour Shutdown Manager \u4e2d\u7684\u672a\u8ba4\u8bc1\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u5b58\u5728\u4e8e Project Contour \u7684 **Shutdown Manager** \u7ec4\u4ef6\u4e2d\uff08\u5177\u4f53\u4e3a 1.7.0 \u4e4b\u524d\u7684\u7248\u672c\uff09\u3002Shutdown Manager \u662f\u4e00\u4e2a\u4e0e Envoy proxy \u4e00\u8d77\u90e8\u7f72\u7684 sidecar \u5bb9\u5668\uff0c\u7528\u4e8e\u7ba1\u7406\u4f18\u96c5\u5173\u95ed\u3002\u5b83\u5728\u4e00\u4e2a\u53ef\u914d\u7f6e\u7684\u7aef\u53e3\u4e0a\uff08\u9ed8\u8ba4\u4e3a 8090\uff09\u66b4\u9732\u4e00\u4e2a HTTP \u670d\u52a1\u5668\uff0c\u7528\u4e8e\u5904\u7406\u5065\u5eb7\u68c0\u67e5\u548c\u5173\u95ed\u534f\u8c03\u3002\n\n\u5173\u952e\u7f3a\u9677\u5728\u4e8e\u8be5 HTTP \u670d\u52a1\u5668\u76d1\u542c\u5728 `0.0.0", "product": "contour", "severity": "High", "title": "Contour \u8bbf\u95ee\u63a7\u5236\u9519\u8bef\u6f0f\u6d1e", "title_en": "Denial of service in Contour", "updated_at": "2026-04-25T03:23:34", "url": "https://cve.imfht.com/detail/CVE-2020-15127", "vendor": "projectcontour" }, { "cve_id": "CVE-2020-7739", "cvss": 8.2, "cwe_id": null, "preview": "# CVE-2020-7739\uff1aphantomjs-seo \u4e2d\u7684\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\uff08SSRF\uff09\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6982\u8ff0\n`phantomjs-seo` \u5305\u662f\u4e00\u4e2a\u57fa\u4e8e Express \u7684\u4e2d\u95f4\u4ef6\uff0c\u65e8\u5728\u4e3a\u641c\u7d22\u5f15\u64ce\u722c\u866b\u9884\u6e32\u67d3\u5927\u91cf\u4f7f\u7528 JavaScript \u7684\u7f51\u7ad9\u3002\u5b83\u5229\u7528 PhantomJS \u6765\u6e32\u67d3\u9875\u9762\u3002\u8be5\u4e2d\u95f4\u4ef6\u5b58\u5728\u4e00\u4e2a\u4e25\u91cd\u7684\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\uff08SSRF\uff09\u6f0f\u6d1e\uff0c\u56e0\u4e3a\u5b83\u63a5\u53d7\u7528\u6237\u53ef\u63a7\u7684 URL \u53c2\u6570\uff08`_escaped_fragment_`\uff09\uff0c\u5e76\u5728\u6ca1\u6709\u8fdb\u884c\u5145\u5206\u9a8c\u8bc1\u6216\u6e05\u7406\u7684\u60c5\u51b5\u4e0b\u76f4\u63a5\u4f20\u9012\u7ed9 PhantomJS\u3002\n\n### \u6839\u672c\u539f\u56e0\n\u6f0f\u6d1e\u4f4d\u4e8e `index.js` ", "product": "phantomjs-seo", "severity": "High", "title": "PhantomJS \u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e", "title_en": "Server-side Request Forgery (SSRF)", "updated_at": "2026-04-25T03:20:58", "url": "https://cve.imfht.com/detail/CVE-2020-7739", "vendor": "n/a" }, { "cve_id": "CVE-2020-1045", "cvss": 7.5, "cwe_id": null, "preview": "# CVE-2020-1045\uff1aMicrosoft ASP.NET Core \u5b89\u5168\u529f\u80fd\u7ed5\u8fc7\u6f0f\u6d1e\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6982\u8ff0\nCVE-2020-1045 \u662f Microsoft ASP.NET Core \u4e2d\u7684\u4e00\u4e2a**\u9ad8\u5371**\u4e25\u91cd\u6027\u7684\u5b89\u5168\u529f\u80fd\u7ed5\u8fc7\u6f0f\u6d1e\u3002\u5b83\u5f71\u54cd\u6846\u67b6\u5728\u89e3\u6790\u548c\u5904\u7406 cookie \u540d\u79f0\u65f6\u7684\u65b9\u5f0f\uff0c\u5c24\u5176\u6d89\u53ca\u767e\u5206\u53f7\u7f16\u7801\u5b57\u7b26\u7684\u60c5\u51b5\u3002\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u6e90\u4e8e ASP.NET Core \u6846\u67b6\uff08\u5177\u4f53\u4f4d\u4e8e `Microsoft.AspNetCore.Http`\uff09\u4e2d\u7684 `CookieParser` \u903b\u8f91\u3002\u5728\u89e3\u6790\u4f20\u5165\u7684 cookie \u65f6\uff0c\u6846\u67b6\u4f1a\u5bf9\u6574\u4e2a co", "product": "ASP.NET Core 2.1", "severity": "High", "title": "Microsoft .NET Core\u548cMicrosoft ASP.NET Core \u5b89\u5168\u6f0f\u6d1e", "title_en": "Microsoft ASP.NET Core Security Feature Bypass Vulnerability", "updated_at": "2026-04-25T03:20:12", "url": "https://cve.imfht.com/detail/CVE-2020-1045", "vendor": "Microsoft" }, { "cve_id": "CVE-2020-7720", "cvss": 9.8, "cwe_id": null, "preview": "# CVE-2020-7720\uff1anode-forge \u4e2d\u7684\u539f\u578b\u6c61\u67d3\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u5b58\u5728\u4e8e `node-forge` \u5e93\u7684 `util.setPath` \u51fd\u6570\u4e2d\uff08\u7248\u672c\u4f4e\u4e8e 0.10.0\uff09\u3002\u6b64\u51fd\u6570\u5141\u8bb8\u5728\u5bf9\u8c61\u7684\u7279\u5b9a\u8def\u5f84\u4e0a\u8bbe\u7f6e\u503c\u3002\u7136\u800c\uff0c\u5b83\u5e76\u672a\u5bf9\u8def\u5f84\u952e\u8fdb\u884c\u6e05\u7406\u3002\u5982\u679c\u653b\u51fb\u8005\u63d0\u4f9b\u7684\u8def\u5f84\u5305\u542b `__proto__` \u6216 `constructor.prototype`\uff0c\u4ed6\u4eec\u5c31\u53ef\u4ee5\u5411 JavaScript Object \u7684\u539f\u578b\u4e2d\u6ce8\u5165\u5c5e\u6027\uff0c\u4ece\u800c\u5f71\u54cd\u5e94\u7528\u4e2d\u7684\u6240\u6709\u5bf9\u8c61\u3002\n\n### \u53d7\u5f71\u54cd\u7ec4\u4ef6\n- **\u5305**\uff1a`node-forge`\n- **\u7248\u672c**", "product": "node-forge", "severity": "Critical", "title": "node-forge \u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e", "title_en": "Prototype Pollution", "updated_at": "2026-04-25T03:20:12", "url": "https://cve.imfht.com/detail/CVE-2020-7720", "vendor": "n/a" }, { "cve_id": "CVE-2020-23834", "cvss": 8.8, "cwe_id": null, "preview": "# CVE-2020-23834 \u5206\u6790\u62a5\u544a\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u6e90\u4e8e BarracudaDrive \u670d\u52a1\u5b89\u88c5\u76ee\u5f55\uff08`C:\\bd\\`\uff09\u4ee5\u53ca\u670d\u52a1\u53ef\u6267\u884c\u6587\u4ef6\uff08`C:\\bd\\bd.exe`\uff09\u4e0a\u7684**\u4e0d\u5b89\u5168\u7684\u9ed8\u8ba4\u6587\u4ef6\u548c\u6587\u4ef6\u5939\u6743\u9650**\u3002\n\n1. **\u6587\u4ef6\u5939\u6743\u9650\uff08`C:\\bd`\uff09**\uff1a`BUILTIN\\Users` \u7ec4\u62e5\u6709\u8bfb\u53d6\u548c\u6267\u884c\u6743\u9650\uff08`R`\uff09\u3002\u867d\u7136\u4ed6\u4eec\u5bf9\u6587\u4ef6\u5939\u672c\u8eab\u6ca1\u6709\u5199\u5165\u6743\u9650\uff0c\u4f46\u4e0b\u9762\u7684\u6587\u4ef6\u6743\u9650\u5141\u8bb8\u5b9e\u73b0\u6240\u63cf\u8ff0\u7684\u7279\u5b9a\u5229\u7528\u8def\u5f84\u3002 \n2. **\u6587\u4ef6\u6743\u9650\uff08`C:\\bd\\bd.exe`\uff09**\uff1a`BUILTIN\\Users` \u7ec4\u62e5\u6709\u8bfb\u53d6\u548c\u6267\u884c\u6743\u9650\uff08", "product": "n/a", "severity": "High", "title": "Real Time Logic BarracudaDrive \u5b89\u5168\u6f0f\u6d1e", "title_en": null, "updated_at": "2026-04-25T03:20:12", "url": "https://cve.imfht.com/detail/CVE-2020-23834", "vendor": "n/a" }, { "cve_id": "CVE-2020-14363", "cvss": 7.8, "cwe_id": "CWE-190", "preview": "# CVE-2020-14363 \u6f0f\u6d1e\u5206\u6790\u62a5\u544a\n\n## \u6267\u884c\u6458\u8981 \n**CVE-2020-14363** \u662f X11 \u9879\u76ee\u7684 `libX11` \u5e93\u4e2d\u7684\u4e00\u4e2a\u9ad8\u4e25\u91cd\u6027\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6d89\u53ca OpenMotif (OM) \u6a21\u5757\u5728\u5904\u7406\u5b57\u4f53\u96c6\u5408\u65f6\u7684\u6574\u6570\u6ea2\u51fa\uff0c\u4ece\u800c\u5bfc\u81f4\u53cc\u91cd\u91ca\u653e\uff08double-free\uff09\u6761\u4ef6\u3002\u6b64\u7f3a\u9677\u4f7f\u672c\u5730\u5177\u5907\u6743\u9650\u7684\u653b\u51fb\u8005\u80fd\u591f\u5d29\u6e83\u4f7f\u7528 libX11 \u7684\u5e94\u7528\u7a0b\u5e8f\uff0c\u6216\u53ef\u80fd\u5b9e\u73b0\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\n\n## \u6f0f\u6d1e\u8be6\u60c5 \n\n### \u6839\u672c\u539f\u56e0\u5206\u6790 \n\u8be5\u6f0f\u6d1e\u5b58\u5728\u4e8e libX11 \u6e90\u4ee3\u7801\u7684\u6587\u4ef6 `modules/om/generic/omGeneric.c` \u4e2d\u3002\u95ee\u9898\u51fa\u73b0\u5728 ", "product": "libX11", "severity": "High", "title": "X.Org libX11 \u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e", "title_en": null, "updated_at": "2026-04-25T03:20:12", "url": "https://cve.imfht.com/detail/CVE-2020-14363", "vendor": "The X11 Project" }, { "cve_id": "CVE-2020-25213", "cvss": 10.0, "cwe_id": null, "preview": "# CVE-2020-25213 \u6f0f\u6d1e\u5206\u6790\n\n## \u6f0f\u6d1e\u6982\u8ff0\n**CVE-2020-25213** \u662f **wp-file-manager** WordPress \u63d2\u4ef6\uff086.9 \u7248\u672c\u4e4b\u524d\uff09\u4e2d\u7684\u4e00\u4e2a\u4e25\u91cd\u7ea7\u522b\u6f0f\u6d1e\u3002\u5b83\u5141\u8bb8\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u8fdc\u7a0b\u653b\u51fb\u8005\u5728\u76ee\u6807\u670d\u52a1\u5668\u4e0a\u4e0a\u4f20\u5e76\u6267\u884c\u4efb\u610f PHP \u4ee3\u7801\u3002\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u63d2\u4ef6\u4e2d\u5305\u542b\u4e86\u4e00\u4e2a\u4e0d\u5b89\u5168\u7684 **elFinder**\uff08\u63d2\u4ef6\u4f7f\u7528\u7684\u6587\u4ef6\u7ba1\u7406\u5668\u5e93\uff09\u793a\u4f8b\u8fde\u63a5\u5668\u6587\u4ef6\u3002\u5177\u4f53\u8868\u73b0\u4e3a\uff1a \n1. \u63d2\u4ef6\u9644\u5e26\u4e86\u4e00\u4e2a\u7528\u4e8e\u5f00\u53d1/\u6d4b\u8bd5\u7684\u793a\u4f8b\u8fde\u63a5\u5668\u6587\u4ef6\uff08`connector.minimal.php`\uff09\u3002 \n2. \u8be5\u6587\u4ef6\u53ef\u901a\u8fc7 Web", "product": "n/a", "severity": "Critical", "title": "wordpress \u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e", "title_en": null, "updated_at": "2026-04-25T03:20:12", "url": "https://cve.imfht.com/detail/CVE-2020-25213", "vendor": "n/a" }, { "cve_id": "CVE-2020-7740", "cvss": 8.2, "cwe_id": null, "preview": "# CVE-2020-7740\uff1anode-pdf-generator \u4e2d\u7684\u670d\u52a1\u5668\u7aef\u8bf7\u6c42\u4f2a\u9020\uff08SSRF\uff09\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u5b58\u5728\u4e8e `index.js` \u6587\u4ef6\u7684 `acceptHtmlAndProvidePdf` \u51fd\u6570\u4e2d\u3002\u5e94\u7528\u7a0b\u5e8f\u63a5\u53d7\u5305\u542b HTML \u5185\u5bb9\u7684 HTTP POST \u8bf7\u6c42\uff0c\u5e76\u901a\u8fc7 `htmlToPdf` \u51fd\u6570\u5c06\u8be5\u5185\u5bb9\u76f4\u63a5\u4f20\u9012\u7ed9 `wkhtmltopdf` \u5e93\u3002\n\n`wkhtmltopdf` \u5e93\uff08\u4ee5\u53ca\u5e95\u5c42\u7684 `wkhtmltopdf` \u4e8c\u8fdb\u5236\u6587\u4ef6\uff09\u4f1a\u5904\u7406\u8be5 HTML\u3002\u5982\u679c HTML \u4e2d\u5305\u542b\u5916\u90e8\u8d44\u6e90\uff08\u5982\u56fe\u7247\u3001\u6837\u5f0f\u8868\u3001\u811a\u672c\uff09\uff0c", "product": "node-pdf-generator", "severity": "High", "title": "node-pdf-generator \u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e", "title_en": "Server-side Request Forgery (SSRF)", "updated_at": "2026-04-25T03:16:00", "url": "https://cve.imfht.com/detail/CVE-2020-7740", "vendor": "n/a" }, { "cve_id": "CVE-2020-15238", "cvss": 7.1, "cwe_id": "CWE-74", "preview": "# CVE-2020-15238\uff1aBlueman DhcpClient \u53c2\u6570\u6ce8\u5165\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0 \n\u8be5\u6f0f\u6d1e\u662f **\u53c2\u6570\u6ce8\u5165** \u7f3a\u9677\uff0c\u5b58\u5728\u4e8e\u901a\u8fc7 `blueman-mechanism` \u7684 D-Bus \u63a5\u53e3\u66b4\u9732\u7684 `DhcpClient` \u65b9\u6cd5\u4e2d\u3002\n\n1. **\u4e0d\u53ef\u4fe1\u8f93\u5165**\uff1aD-Bus \u65b9\u6cd5 `DhcpClient` \u63a5\u53d7\u4e00\u4e2a\u5b57\u7b26\u4e32\u53c2\u6570 (`object_path`)\uff0c\u7528\u4e8e\u83b7\u53d6\u7f51\u7edc\u63a5\u53e3\u540d\u79f0\u3002 \n2. **\u7f3a\u4e4f\u6e05\u7406**\uff1a\u5728 `blueman/plugins/mechanism/Network.py` \u4e2d\uff0c\u63a5\u53e3\u540d\u79f0\u4ece Blue", "product": "blueman", "severity": "High", "title": "Blueman \u53c2\u6570\u6ce8\u5165\u6f0f\u6d1e", "title_en": "Local privilege escalation Blueman", "updated_at": "2026-04-25T03:14:38", "url": "https://cve.imfht.com/detail/CVE-2020-15238", "vendor": "blueman-project" }, { "cve_id": "CVE-2020-7753", "cvss": 7.5, "cwe_id": null, "preview": "# CVE-2020-7753\uff1a`trim` \u4e2d\u7684\u6b63\u5219\u8868\u8fbe\u5f0f\u62d2\u7edd\u670d\u52a1\uff08ReDoS\uff09\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0 \n\u8be5\u6f0f\u6d1e\u5b58\u5728\u4e8e `index.js` \u4e2d\u7684 `trim` \u51fd\u6570\u3002\u4ee3\u7801\u8bd5\u56fe\u4e3a\u539f\u751f `String.prototype.trim()` \u65b9\u6cd5\u4e0d\u53ef\u7528\u7684\u73af\u5883\u63d0\u4f9b\u56de\u9000\u65b9\u6848\u3002\u7136\u800c\uff0c\u56de\u9000\u5b9e\u73b0\u4e2d\u4f7f\u7528\u7684\u6b63\u5219\u8868\u8fbe\u5f0f\u5b58\u5728 **ReDoS\uff08\u6b63\u5219\u8868\u8fbe\u5f0f\u62d2\u7edd\u670d\u52a1\uff09** \u98ce\u9669\u3002\n\n**\u5b58\u5728\u6f0f\u6d1e\u7684\u4ee3\u7801\uff08`index.js`\uff0c\u7b2c 6 \u884c\uff09\uff1a** \n```javascript\nreturn str.replace(/^\\s*|\\s*$/g, '');\n```\n\n\u6b63\u5219", "product": "trim", "severity": "High", "title": "Components trim \u8d44\u6e90\u7ba1\u7406\u9519\u8bef\u6f0f\u6d1e", "title_en": "Regular Expression Denial of Service (ReDoS)", "updated_at": "2026-04-25T03:14:38", "url": "https://cve.imfht.com/detail/CVE-2020-7753", "vendor": "n/a" }, { "cve_id": "CVE-2020-7777", "cvss": 7.2, "cwe_id": null, "preview": "# CVE-2020-7777\uff1ajsen \u4e2d\u7684\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0 \n\u8be5\u6f0f\u6d1e\u5b58\u5728\u4e8e `jsen` \u5e93\u4e2d\uff08\u5177\u4f53\u4f4d\u4e8e\u4ee3\u7801\u751f\u6210\u9636\u6bb5\uff09\u3002\u8be5\u5e93\u7684\u8bbe\u8ba1\u76ee\u7684\u662f\u5c06 JSON Schema \u5b9a\u4e49\u7f16\u8bd1\u6210\u7528\u4e8e\u9a8c\u8bc1\u7684 JavaScript \u51fd\u6570\u3002 \n\n\u6838\u5fc3\u95ee\u9898\u5728\u4e8e\u5e93\u5bf9 `required` \u5173\u952e\u5b57\u53ca\u5176\u4ed6 schema \u5c5e\u6027\u7684\u5904\u7406\u65b9\u5f0f\u3002\u5728\u751f\u6210\u9a8c\u8bc1\u51fd\u6570\u65f6\uff0c`jsen` \u4f1a\u6839\u636e schema \u5b9a\u4e49\u6784\u9020\u4e00\u4e2a JavaScript \u5b57\u7b26\u4e32\u3002\u968f\u540e\u8be5\u5b57\u7b26\u4e32\u4f1a\u4f20\u9012\u7ed9 `new Function()`\uff08\u6216\u6839\u636e\u7279\u5b9a\u5b9e\u73b0\u7248\u672c\u4f7f\u7528 `Function.apply`", "product": "jsen", "severity": "High", "title": "Bugventure Jsen \u5b89\u5168\u6f0f\u6d1e", "title_en": "Arbitrary Code Execution", "updated_at": "2026-04-25T03:13:19", "url": "https://cve.imfht.com/detail/CVE-2020-7777", "vendor": "n/a" }, { "cve_id": "CVE-2020-7792", "cvss": 7.5, "cwe_id": null, "preview": "# CVE-2020-7792\uff1amout \u4e2d\u7684\u539f\u578b\u6c61\u67d3\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u5b58\u5728\u4e8e `mout` \u5e93\u4e2d\uff0c\u5177\u4f53\u4f4d\u4e8e `deepFillIn` \u548c `deepMixIn` \u51fd\u6570\u5185\u3002\u8fd9\u4e24\u4e2a\u51fd\u6570\u4f1a\u9012\u5f52\u5730\u5c06\u6e90\u5bf9\u8c61\u7684\u5c5e\u6027\u5408\u5e76\u5230\u76ee\u6807\u5bf9\u8c61\u4e2d\u3002\u7136\u800c\uff0c\u5b83\u4eec\u5e76\u672a\u5bf9\u7528\u4e8e\u8bbf\u95ee\u6216\u4fee\u6539\u76ee\u6807\u5bf9\u8c61\u7684 `key` \u8fdb\u884c\u6821\u9a8c\u3002\n\n\u5728 JavaScript \u4e2d\uff0c\u5bf9\u8c61\u4f1a\u4ece\u539f\u578b\u94fe\u7ee7\u627f\u5c5e\u6027\u3002\u5982\u679c\u653b\u51fb\u8005\u80fd\u591f\u63a7\u5236\u6e90\u5bf9\u8c61\u4e2d\u7684\u952e\uff0c\u5c31\u53ef\u4ee5\u5411 `Object.prototype` \u6ce8\u5165\u5c5e\u6027\u3002\u8fd9\u88ab\u79f0\u4e3a\u539f\u578b\u6c61\u67d3\u3002\n\n1. **`deepFillIn` (`src/object/deepFi", "product": "mout", "severity": "High", "title": "Mout deepFillIn \u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e", "title_en": "Prototype Pollution", "updated_at": "2026-04-25T03:11:17", "url": "https://cve.imfht.com/detail/CVE-2020-7792", "vendor": "n/a" }, { "cve_id": "CVE-2020-27659", "cvss": 8.4, "cwe_id": "CWE-79", "preview": "# CVE-2020-27659 \u6f0f\u6d1e\u5206\u6790\n\n## \u6f0f\u6d1e\u6982\u8ff0\n\n**CVE-2020-27659** \u662f Synology SafeAccess \u7248\u672c\u4f4e\u4e8e 1.2.3-0234 \u4e2d\u5b58\u5728\u7684\u4e00\u4e2a\u9ad8\u5371\u5b58\u50a8\u578b\u8de8\u7ad9\u811a\u672c\uff08XSS\uff09\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u901a\u8fc7 `domain` \u6216 `profile` \u53c2\u6570\u6ce8\u5165\u4efb\u610f\u7f51\u9875\u811a\u672c\u6216 HTML\u3002\n\n## \u6839\u672c\u539f\u56e0\n\n\u6f0f\u6d1e\u6e90\u4e8e SafeAccess Web \u754c\u9762\u4e2d\u672a\u6b63\u786e\u5904\u7406\u7528\u4e8e\u7f51\u9875\u7684\u7279\u6b8a\u5143\u7d20\uff08XSS\uff09\u3002\u5177\u4f53\u6765\u8bf4\uff0c\u5f53\u7528\u6237\u5c1d\u8bd5\u8bbf\u95ee\u88ab SafeAccess Web Filter \u62e6\u622a\u7684\u7f51\u7ad9\u65f6\uff0c\u8bf7\u6c42\u7684\u57df\u540d\u4f1a\u88ab\u8bb0\u5f55\u5230\u6d3b\u52a8\u65e5\u5fd7\u548c\u62a5\u544a\u4e2d\u3002\n", "product": "Safe Access", "severity": "High", "title": "Synology SafeAccess \u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e", "title_en": null, "updated_at": "2026-04-25T03:11:17", "url": "https://cve.imfht.com/detail/CVE-2020-27659", "vendor": "Synology" }, { "cve_id": "CVE-2020-27660", "cvss": 9.6, "cwe_id": "CWE-89", "preview": "# CVE-2020-27660 \u5206\u6790\u62a5\u544a\n\n## \u6f0f\u6d1e\u5206\u6790\n\n**CVE-2020-27660** \u662f\u5728 **Synology SafeAccess**\uff08\u7248\u672c\u4f4e\u4e8e 1.2.3-0234\uff09\u4e2d\u53d1\u73b0\u7684\u4e00\u4e2a**\u4e25\u91cd**\u7ea7\u522b\u7684 SQL \u6ce8\u5165\u6f0f\u6d1e\u3002\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u5b58\u5728\u4e8e SafeAccess \u5e94\u7528\u7684 `request.cgi` \u7ec4\u4ef6\u4e2d\u3002\u5177\u4f53\u800c\u8a00\uff0cHTTP \u8bf7\u6c42\u4e2d\u4f20\u5165\u7684 `domain` \u53c2\u6570\u5728\u7528\u4e8e SQLite \u6570\u636e\u5e93\u67e5\u8be2\u4e4b\u524d\uff0c\u672a\u7ecf\u8fc7\u9002\u5f53\u7684\u8fc7\u6ee4\u6216\u53c2\u6570\u5316\u5904\u7406\u3002\u8fd9\u4f7f\u5f97\u653b\u51fb\u8005\u80fd\u591f\u6ce8\u5165\u4efb\u610f SQL \u547d\u4ee4\u3002\n\n### \u5f71\u54cd\n\u6210\u529f\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u4f7f\u8fdc\u7a0b\u653b\u51fb\u8005\uff1a\n1. ", "product": "Safe Access", "severity": "Critical", "title": "Synology SafeAccess SQL\u6ce8\u5165\u6f0f\u6d1e", "title_en": null, "updated_at": "2026-04-25T03:10:29", "url": "https://cve.imfht.com/detail/CVE-2020-27660", "vendor": "Synology" }, { "cve_id": "CVE-2020-35948", "cvss": 9.9, "cwe_id": null, "preview": "# CVE-2020-35948 \u6f0f\u6d1e\u5206\u6790\n\n## \u6f0f\u6d1e\u6982\u8ff0\n- **CVE ID**\uff1aCVE-2020-35948 \n- **\u4e25\u91cd\u7a0b\u5ea6**\uff1aCRITICAL\uff08\u4e25\u91cd\uff09 \n- **\u53d7\u5f71\u54cd\u8f6f\u4ef6**\uff1aWordPress \u7684 XCloner Backup and Restore \u63d2\u4ef6 \n- **\u53d7\u5f71\u54cd\u7248\u672c**\uff1a4.2.13 \u4e4b\u524d\u7684\u7248\u672c\uff08\u5177\u4f53\u4e3a 4.2.1 - 4.2.12\uff09 \n- **CWE**\uff1aCWE-732\uff08\u5173\u952e\u8d44\u6e90\u6743\u9650\u5206\u914d\u4e0d\u5f53\uff09/ CWE-22\uff08\u8def\u5f84\u904d\u5386\uff09 \n- **\u653b\u51fb\u9014\u5f84**\uff1a\u7f51\u7edc\uff08\u9700\u8ba4\u8bc1\uff09\n\n## \u6839\u672c\u539f\u56e0\u89e3\u6790\n\u8be5\u6f0f\u6d1e\u5b58\u5728\u4e8e XCloner", "product": "n/a", "severity": "Critical", "title": "WordPress XCloner Backup and Restore plugin \u5b89\u5168\u6f0f\u6d1e", "title_en": null, "updated_at": "2026-04-25T03:09:31", "url": "https://cve.imfht.com/detail/CVE-2020-35948", "vendor": "n/a" }, { "cve_id": "CVE-2021-21260", "cvss": 7.6, "cwe_id": "CWE-79", "preview": "# CVE-2021-21260 \u6f0f\u6d1e\u5206\u6790\n\n## \u6f0f\u6d1e\u6982\u8ff0\n**CVE-2021-21260** \u662f Online Invoicing System (OIS) 4.0 \u7248\u672c\u4e2d\u7684\u4e00\u4e2a\u5b58\u50a8\u578b\u8de8\u7ad9\u811a\u672c\uff08Stored XSS\uff09\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u5b58\u5728\u4e8e `item_description` \u5b57\u6bb5\u4e2d\uff0c\u8be5\u5b57\u6bb5\u5728\u5e94\u7528\u7684\u754c\u9762\u4e2d\u88ab\u76f4\u63a5\u56de\u663e\uff0c\u4e14\u672a\u8fdb\u884c\u9002\u5f53\u7684\u6e05\u7406\u6216\u7f16\u7801\u5904\u7406\u3002\u8fd9\u4f7f\u5f97\u653b\u51fb\u8005\u53ef\u4ee5\u6ce8\u5165\u6076\u610f JavaScript \u8f7d\u8377\uff0c\u5f53\u7ba1\u7406\u5458\u67e5\u770b\u53d7\u5f71\u54cd\u7684\u6761\u76ee\u65f6\u6267\u884c\u3002\n\n## \u6839\u56e0\u5206\u6790\n\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u4f7f\u7528\u4e86 **AppGini**\uff0c\u8fd9\u662f\u4e00\u4e2a PHP \u5e94\u7528\u751f\u6210\u5668\u3002AppGini \u751f\u6210\u7684\u4ee3\u7801\u901a\u5e38\u7f3a", "product": "online-invoicing-system", "severity": "High", "title": "BigProf Online Invoicing System \u8de8\u7ad9\u811a\u672c\u6f0f\u6d1e", "title_en": "XSS in description field", "updated_at": "2026-04-25T03:07:26", "url": "https://cve.imfht.com/detail/CVE-2021-21260", "vendor": "bigprof-software" }, { "cve_id": "CVE-2020-7782", "cvss": 9.8, "cwe_id": null, "preview": "# CVE-2020-7782\uff1aspritesheet-js \u4e2d\u7684\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u662f\u4e00\u4e2a **\u547d\u4ee4\u6ce8\u5165** \u7f3a\u9677\uff0c\u4f4d\u4e8e `spritesheet-js` \u5305\u4e2d\uff0c\u5177\u4f53\u5728 `lib/generator.js` \u6587\u4ef6\u5185\u3002\u8be5\u5305\u4f9d\u8d56\u4e00\u4e2a\u5b58\u5728\u6f0f\u6d1e\u7684\u4f9d\u8d56\u9879 `platform-command`\uff08\u5b83\u5c01\u88c5\u4e86 Node.js \u7684 `child_process.exec`\uff09\u3002\n\n\u6ce8\u5165\u53d1\u751f\u5728 `trimImages` \u51fd\u6570\uff08\u7ea6\u5728 `lib/generator.js` \u7b2c 36 \u884c\uff09\u4ee5\u53ca\u53ef\u80fd\u5728 `getImagesSizes`\uff08\u7b2c 51 ", "product": "spritesheet-js", "severity": "Critical", "title": "spritesheet.js \u6ce8\u5165\u6f0f\u6d1e", "title_en": "Command Injection", "updated_at": "2026-04-25T03:06:09", "url": "https://cve.imfht.com/detail/CVE-2020-7782", "vendor": "n/a" }, { "cve_id": "CVE-2020-7785", "cvss": 9.8, "cwe_id": null, "preview": "# CVE-2020-7785\uff1anode-ps \u4e2d\u7684\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u662f\u4f4d\u4e8e `lib/index.js` \u7b2c 72 \u884c\u7684 **\u547d\u4ee4\u6ce8\u5165** \u7f3a\u9677\u3002`_ps` \u51fd\u6570\u901a\u8fc7\u5c06\u7528\u6237\u63d0\u4f9b\u7684\u53c2\u6570\uff08`args`\uff09\u76f4\u63a5\u62fc\u63a5\u5230\u547d\u4ee4\u5b57\u7b26\u4e32\u4e2d\u6784\u9020\u4e00\u4e2a shell \u547d\u4ee4\uff0c\u4e14\u672a\u505a\u4efb\u4f55\u6e05\u7406\u6216\u9a8c\u8bc1\u3002\n\n```javascript\n// lib/index.js lines 68-72\nvar cmd = 'ps';\nif (args) {\n cmd += ' ' + args.join(' '); // User input directl", "product": "node-ps", "severity": "Critical", "title": "Neekey node-ps \u6ce8\u5165\u6f0f\u6d1e", "title_en": "Command Injection", "updated_at": "2026-04-25T03:06:09", "url": "https://cve.imfht.com/detail/CVE-2020-7785", "vendor": "n/a" }, { "cve_id": "CVE-2021-21326", "cvss": 7.7, "cwe_id": "CWE-862", "preview": "# CVE-2021-21326 \u5206\u6790\uff1aGLPI \u4e2d\u7684\u6c34\u5e73\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\uff08CVE-2021-21326\uff09\u5f71\u54cd GLPI 9.5.4 \u4e4b\u524d\u7684\u7248\u672c\uff0c\u5141\u8bb8\u7528\u6237\u5728\u81ea\u52a9\u670d\u52a1\u754c\u9762\u4ee3\u8868\u5176\u4ed6\u7528\u6237\u521b\u5efa\u5de5\u5355\uff0c\u800c\u76ee\u6807\u7528\u6237\u5e76\u672a\u663e\u5f0f\u914d\u7f6e\u88ab\u59d4\u6258\u6743\u9650\u3002\n\n\u5728\u5b89\u5168\u7684\u7cfb\u7edf\u4e2d\uff0c\u4ee5\u201c\u4ed6\u4eba\u8eab\u4efd\u201d\u521b\u5efa\u5de5\u5355\uff08\u5373\u5de5\u5355\u5f52\u5c5e\u4e8e\u8be5\u7528\u6237\uff09\u5e94\u5f53\u6ee1\u8db3\u4ee5\u4e0b\u6761\u4ef6\u4e4b\u4e00\uff1a\n1. \u8be5\u7528\u6237\u662f\u76ee\u6807\u7528\u6237\u7684\u88ab\u59d4\u6258\u4eba\u3002\n2. \u8be5\u7528\u6237\u62e5\u6709\u7ba1\u7406\u5458\u6743\u9650\u3002\n\n\u7136\u800c\u5728\u53d7\u5f71\u54cd\u7684\u7248\u672c\u4e2d\uff0c\u81ea\u52a9\u670d\u52a1\u5de5\u5355\u521b\u5efa\u7aef\u70b9\u7684\u9a8c\u8bc1\u903b\u8f91\u672a\u80fd\u68c0\u67e5\u8bf7\u6c42\u7528\u6237\u662f\u5426\u6709\u6743\u5c06\u8be5\u5de5\u5355\u6307\u6d3e\u7ed9\u6307\u5b9a\u7528\u6237\u3002\u4ee3\u7801\u76f4\u63a5\u4ece\u8bf7\u6c42\u8d1f\u8f7d\u4e2d\u83b7\u53d6 `users", "product": "glpi", "severity": "High", "title": "GLPI \u5b89\u5168\u6f0f\u6d1e", "title_en": "Horizontal Privilege Escalation", "updated_at": "2026-04-25T03:04:58", "url": "https://cve.imfht.com/detail/CVE-2021-21326", "vendor": "glpi-project" }, { "cve_id": "CVE-2020-9306", "cvss": 8.8, "cwe_id": null, "preview": "# CVE-2020-9306 \u5206\u6790\u62a5\u544a\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\nCVE-2020-9306 \u662f\u4e00\u4e2a **\u786c\u7f16\u7801\u51ed\u636e\u4f7f\u7528** \u6f0f\u6d1e\uff0c\u5f71\u54cd **Digi ConnectPort X2e** \u8bbe\u5907\uff0c\u5c24\u5176\u662f\u5728 Tesla SolarCity Solar Monitoring Gateways\uff08\u56fa\u4ef6\u7248\u672c\u81f3 5.46.43\uff09\u4e2d\u4f7f\u7528\u65f6\u3002\n\n\u6839\u672c\u539f\u56e0\u662f\u56fa\u4ef6\u5c06\u672c\u5730 `python` \u7528\u6237\u8d26\u6237\u7684\u660e\u6587\u5bc6\u7801\u5b58\u50a8\u5728\u8bbe\u5907\u56fa\u4ef6\u5185\u5d4c\u5165\u7684\u5df2\u7f16\u8bd1 Python\uff08`.pyc`\uff09\u6587\u4ef6\u4e2d\u3002\u8fd9\u4e9b\u51ed\u636e\u88ab\u786c\u7f16\u7801\uff0c\u5e76\u5728\u6240\u6709\u53d7\u5f71\u54cd\u7684\u8bbe\u5907\u4e2d\u5171\u4eab\u3002\n\n### \u6280\u672f\u7ec6\u8282\n1. **\u4f4d\u7f6e**\uff1a\u51ed", "product": "n/a", "severity": "High", "title": "Tesla SolarCity Solar Monitoring Gateway \u4fe1\u4efb\u7ba1\u7406\u95ee\u9898\u6f0f\u6d1e", "title_en": null, "updated_at": "2026-04-25T03:04:58", "url": "https://cve.imfht.com/detail/CVE-2020-9306", "vendor": "n/a" }, { "cve_id": "CVE-2020-28502", "cvss": 8.1, "cwe_id": null, "preview": "# CVE-2020-28502 \u6f0f\u6d1e\u5206\u6790\n\n## \u6f0f\u6d1e\u6982\u8ff0\n**CVE-2020-28502** \u662f\u4e00\u4e2a\u9ad8\u5371\u7b49\u7ea7\u7684\u4efb\u610f\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e\uff0c\u5f71\u54cd `xmlhttprequest` npm \u5305\uff08\u7248\u672c < 1.7.0\uff09\u4ee5\u53ca `xmlhttprequest-ssl`\uff08\u6240\u6709\u7248\u672c\uff09\u3002\n\n\u8be5\u6f0f\u6d1e\u5b58\u5728\u4e8e\u540c\u6b65\u8bf7\u6c42\u5904\u7406\u673a\u5236\u4e2d\u3002\u5f53\u4ee5\u540c\u6b65\u65b9\u5f0f\u53d1\u8d77\u8bf7\u6c42\uff08`async: false`\uff09\u65f6\uff0c\u5e93\u4f1a\u751f\u6210\u4e00\u4e2a\u5b50 Node.js \u8fdb\u7a0b\u6765\u6267\u884c HTTP \u8bf7\u6c42\u3002`xhr.send()` \u53d1\u9001\u7684\u6709\u6548\u8f7d\u8377\u4f1a\u76f4\u63a5\u88ab\u63d2\u5165\u5230\u4e00\u4e2a JavaScript \u5b57\u7b26\u4e32\u4e2d\uff0c\u5e76\u901a\u8fc7 `child_process.spawn", "product": "xmlhttprequest", "severity": "High", "title": "Dan DeFelippi node-XMLHttpRequest \u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e", "title_en": "Arbitrary Code Injection", "updated_at": "2026-04-25T03:04:58", "url": "https://cve.imfht.com/detail/CVE-2020-28502", "vendor": "n/a" }, { "cve_id": "CVE-2021-3120", "cvss": 9.8, "cwe_id": null, "preview": "# CVE-2021-3120 \u6f0f\u6d1e\u5206\u6790\n\n## \u6f0f\u6d1e\u6982\u8ff0\n**CVE-2021-3120** \u662f\u4e00\u4e2a\u4e25\u91cd\u7ea7\u522b\u7684\u6f0f\u6d1e\uff0c\u5f71\u54cd WordPress \u7684\u63d2\u4ef6 **YITH WooCommerce Gift Cards Premium**\uff083.3.1 \u4e4b\u524d\u7684\u7248\u672c\uff09\u3002\u8be5\u6f0f\u6d1e\u5141\u8bb8\u672a\u7ecf\u8ba4\u8bc1\u6216\u6743\u9650\u8f83\u4f4e\u7684\u653b\u51fb\u8005\u901a\u8fc7\u4efb\u610f\u6587\u4ef6\u4e0a\u4f20\u5b9e\u73b0\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\uff08RCE\uff09\u3002\n\n## \u6839\u56e0\u5206\u6790\n\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u793c\u54c1\u5361\u8bbe\u8ba1\u4e0a\u4f20\u8fc7\u7a0b\u4e2d\uff0c\u5bf9 `ywgc-upload-picture` \u53c2\u6570\u4e2d\u63d0\u4f9b\u7684\u6587\u4ef6\u540d\u548c\u6269\u5c55\u540d\u9a8c\u8bc1\u4e0d\u8db3\u3002\n\n1. **\u8f93\u5165\u5411\u91cf**\uff1a\u653b\u51fb\u8005\u4f1a\u4e0e WooCommerce \u7f51\u7ad9\u4e0a\u7684\u201c\u52a0\u5165\u8d2d\u7269", "product": "n/a", "severity": "Critical", "title": "WooCommerce for WordPress \u4ee3\u7801\u95ee\u9898\u6f0f\u6d1e", "title_en": null, "updated_at": "2026-04-25T03:04:58", "url": "https://cve.imfht.com/detail/CVE-2021-3120", "vendor": "n/a" }, { "cve_id": "CVE-2021-21297", "cvss": 7.7, "cwe_id": "CWE-1321", "preview": "# CVE-2021-21297: Node-RED \u4e2d\u7684\u539f\u578b\u6c61\u67d3\u6f0f\u6d1e\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u662f\u4e00\u4e2a\u4f4d\u4e8e Node-RED `updateUserSettings` API \u7aef\u70b9\u7684 **\u539f\u578b\u6c61\u67d3\uff08Prototype Pollution\uff09** \u7f3a\u9677\u3002\u8be5\u7aef\u70b9\u5141\u8bb8\u7ecf\u8fc7\u8eab\u4efd\u9a8c\u8bc1\u7684\u7528\u6237\u901a\u8fc7\u5411 `/settings/user` \u53d1\u9001 POST \u8bf7\u6c42\u6765\u66f4\u65b0\u5176\u7528\u6237\u8bbe\u7f6e\u3002\n\n\u6838\u5fc3\u95ee\u9898\u5728\u4e8e\u8bbe\u7f6e\u7684\u5904\u7406\u4e0e\u5b58\u50a8\u65b9\u5f0f\u3002\u5728 1.2.8 \u4e4b\u524d\u7684\u7248\u672c\u4e2d\uff0c`packages/node_modules/@node-red/runtime/lib/api/settings", "product": "node-red", "severity": "High", "title": "Node-Red \u5b89\u5168\u6f0f\u6d1e", "title_en": "Prototype Pollution in Node-Red", "updated_at": "2026-04-25T03:03:07", "url": "https://cve.imfht.com/detail/CVE-2021-21297", "vendor": "node-red" }, { "cve_id": "CVE-2021-21373", "cvss": 7.5, "cwe_id": "CWE-348", "preview": "# CVE-2021-21373 \u6f0f\u6d1e\u5206\u6790\n\n## \u6f0f\u6d1e\u5206\u6790\n\n**\u6f0f\u6d1e\uff1a** Nimble \u5728\u83b7\u53d6\u5305\u65f6\u4f1a\u56de\u9000\u5230\u4e0d\u5b89\u5168\u7684 HTTP URL \n**\u4e25\u91cd\u7a0b\u5ea6\uff1a** \u9ad8 \n**\u53d7\u5f71\u54cd\u7248\u672c\uff1a** Nim < 1.2.10 \u548c Nim < 1.4.4 \n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u5b58\u5728\u4e8e `nimble` \u5305\u7ba1\u7406\u5668\u7684\u5305\u5217\u8868\u5237\u65b0\u673a\u5236\u4e2d\u3002\u5177\u4f53\u6765\u8bf4\uff0c\u5728 `src/nimblepkg/packageinfo.nim` \u6587\u4ef6\u4e2d\uff0c`fetchList` \u8fc7\u7a0b\u4f1a\u5c1d\u8bd5\u4ece HTTPS URL \u4e0b\u8f7d\u5305\u5217\u8868\u3002\u5982\u679c HTTPS \u8fde\u63a5\u5931\u8d25\uff08\u7531\u4e8e\u7f51\u7edc\u9519\u8bef\u3001\u8bc1\u4e66\u95ee\u9898\u6216\u4e2d\u95f4\u4eba\u653b\u51fb\uff09\uff0c\u4ee3\u7801\u4f1a", "product": "security", "severity": "High", "title": "Nimble \u4fe1\u4efb\u7ba1\u7406\u95ee\u9898\u6f0f\u6d1e", "title_en": "Nimble falls back to insecure http url when fetching packages", "updated_at": "2026-04-25T03:01:00", "url": "https://cve.imfht.com/detail/CVE-2021-21373", "vendor": "nim-lang" }, { "cve_id": "CVE-2021-23377", "cvss": 9.8, "cwe_id": null, "preview": "# CVE-2021-23377 \u6f0f\u6d1e\u5206\u6790\uff1aonion-oled-js \u4e2d\u7684\u4efb\u610f\u547d\u4ee4\u6ce8\u5165\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u662f\u4e00\u4e2a\u4f4d\u4e8e `src/oled-exp.js` \u6587\u4ef6\u4e2d\u7684 **\u4efb\u610f\u547d\u4ee4\u6ce8\u5165** \u7f3a\u9677\u3002\u8be5\u5e93\u4f7f\u7528 Node.js \u7684 `child_process.exec` \u6765\u6267\u884c\u7cfb\u7edf\u547d\u4ee4\u4ee5\u63a7\u5236 OLED \u663e\u793a\u5c4f\u3002\u5177\u4f53\u800c\u8a00\uff0c`scroll` \u51fd\u6570\uff08\u4ee5\u53ca\u53ef\u80fd\u7684\u5176\u4ed6\u51fd\u6570\u5982 `write`\u3001`power`\u3001`invert`\u3001`cursor`\uff09\u4f1a\u5c06\u7528\u6237\u53ef\u63a7\u7684\u8f93\u5165\u76f4\u63a5\u62fc\u63a5\u5230\u547d\u4ee4\u5b57\u7b26\u4e32\u4e2d\uff0c\u4e14\u672a\u8fdb\u884c\u4efb\u4f55\u6e05\u7406\u3002\n\n\u5f53\u4f7f\u7528 `child_process.e", "product": "onion-oled-js", "severity": "Critical", "title": "npm onion-oled-js \u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e", "title_en": "Arbitrary Command Injection", "updated_at": "2026-04-25T02:58:50", "url": "https://cve.imfht.com/detail/CVE-2021-23377", "vendor": "n/a" }, { "cve_id": "CVE-2021-23376", "cvss": 9.8, "cwe_id": null, "preview": "# CVE-2021-23376\uff1affmpegdotjs \u4e2d\u7684\u4efb\u610f\u547d\u4ee4\u6ce8\u5165\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6982\u8ff0\n`ffmpegdotjs` npm \u5305\u5b58\u5728\u4e00\u4e2a\u4e25\u91cd\u7ea7\u522b\u7684 **\u4efb\u610f\u547d\u4ee4\u6ce8\u5165** \u6f0f\u6d1e\uff08CVE-2021-23376\uff09\u3002\u8be5\u5e93\u4f7f\u7528 `child_process.exec` \u51fd\u6570\u6765\u6267\u884c FFmpeg \u547d\u4ee4\u3002\u7136\u800c\uff0c\u5b83\u5728\u5c06\u7528\u6237\u63d0\u4f9b\u7684\u8f93\u5165\u63d2\u5165\u5230\u547d\u4ee4\u5b57\u7b26\u4e32\u4e4b\u524d\uff0c\u5e76\u672a\u8fdb\u884c\u6e05\u7406\u6216\u8f6c\u4e49\u5904\u7406\u3002\u8fd9\u4f7f\u5f97\u653b\u51fb\u8005\u53ea\u8981\u80fd\u591f\u63a7\u5236\u4f20\u9012\u7ed9\u5e93\u51fd\u6570\u7684\u4efb\u610f\u53c2\u6570\uff0c\u5373\u53ef\u6ce8\u5165\u4efb\u610f Shell \u547d\u4ee4\u3002\n\n### \u6839\u672c\u539f\u56e0\n\u6839\u672c\u539f\u56e0\u662f\u76f4\u63a5\u5c06\u672a\u7ecf\u8fc7\u6e05\u7406\u7684\u53d8\u91cf\u63d2\u5165\u5230\u901a\u8fc7 `exec()` \u6267\u884c\u7684 Sh", "product": "ffmpegdotjs", "severity": "Critical", "title": "npm ffmpegdotjs \u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e", "title_en": "Arbitrary Command Injection", "updated_at": "2026-04-25T02:58:50", "url": "https://cve.imfht.com/detail/CVE-2021-23376", "vendor": "n/a" }, { "cve_id": "CVE-2021-23378", "cvss": 9.8, "cwe_id": null, "preview": "# CVE-2021-23378: picotts \u4e2d\u7684\u4efb\u610f\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u662f\u4e00\u4e2a\u5178\u578b\u7684 **\u547d\u4ee4\u6ce8\u5165** \u7f3a\u9677\uff0c\u4f4d\u4e8e `index.js` \u4e2d\u3002`say` \u51fd\u6570\u901a\u8fc7\u5c06\u7528\u6237\u53ef\u63a7\u7684\u8f93\u5165\uff08`text` \u548c `lang` \u53c2\u6570\uff09\u76f4\u63a5\u63d2\u5165\u5230\u6a21\u677f\u5b57\u7b26\u4e32\u4e2d\u6784\u9020 shell \u547d\u4ee4\uff0c\u4e14\u672a\u505a\u4efb\u4f55\u6e05\u7406\u6216\u8f6c\u4e49\u5904\u7406\u3002\n\n**\u6587\u4ef6\uff1a** `index.js` \n**\u884c\u53f7\uff1a** 13-19\n\n```javascript\nfunction say(text, lang, cb) {\n var file = getTmpFile(),\n", "product": "picotts", "severity": "Critical", "title": "npm picotts \u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e", "title_en": "Arbitrary Command Injection", "updated_at": "2026-04-25T02:58:50", "url": "https://cve.imfht.com/detail/CVE-2021-23378", "vendor": "n/a" }, { "cve_id": "CVE-2021-23374", "cvss": 7.3, "cwe_id": null, "preview": "# CVE-2021-23374: ps-visitor \u4e2d\u7684\u4efb\u610f\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u662f\u4e00\u4e2a\u4f4d\u4e8e `index.js` \u4e2d `kill` \u51fd\u6570\u7684 **\u547d\u4ee4\u6ce8\u5165\uff08Command Injection\uff09** \u7f3a\u9677\u3002\u8be5\u51fd\u6570\u5728\u4f7f\u7528 `child_process.exec` \u6784\u9020 shell \u547d\u4ee4\u5b57\u7b26\u4e32\u65f6\uff0c\u672a\u5bf9 `pid` \u8f93\u5165\u53c2\u6570\u8fdb\u884c\u6e05\u7406\u3002\n\n\u5728 Node.js \u4e2d\uff0c`child_process.exec` \u4f1a\u5c06\u547d\u4ee4\u5b57\u7b26\u4e32\u4f20\u9012\u7ed9\u7cfb\u7edf shell\uff08\u7c7b Unix \u7cfb\u7edf\u4e0a\u4e3a `/bin/sh`\uff09\u3002\u5982\u679c `pid` \u53c2\u6570\u4e2d\u5305\u542b she", "product": "ps-visitor", "severity": "High", "title": "ps-visitor \u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e", "title_en": "Arbitrary Command Injection", "updated_at": "2026-04-25T02:56:37", "url": "https://cve.imfht.com/detail/CVE-2021-23374", "vendor": "n/a" }, { "cve_id": "CVE-2021-23381", "cvss": 7.3, "cwe_id": null, "preview": "# CVE-2021-23381\uff1a`killing` \u4e2d\u7684\u4efb\u610f\u547d\u4ee4\u6ce8\u5165\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u662f **\u547d\u4ee4\u6ce8\u5165** \u7f3a\u9677\uff0c\u4f4d\u4e8e `killing` npm \u5305\u4e2d\uff08\u5177\u4f53\u5728 `lib/killing.js`\uff09\u3002\u8be5\u5305\u7684\u8bbe\u8ba1\u76ee\u7684\u662f\u6839\u636e\u540d\u79f0\u67e5\u627e\u5e76\u7ec8\u6b62\u8fdb\u7a0b\u3002\u7136\u800c\uff0c\u5b83\u63a5\u53d7\u7528\u6237\u4f20\u5165\u7684 `name` \u53c2\u6570\uff0c\u5e76\u5728\u672a\u7ecf\u8fc7\u4efb\u4f55\u6e05\u7406\u6216\u9a8c\u8bc1\u7684\u60c5\u51b5\u4e0b\uff0c\u76f4\u63a5\u5c06\u5176\u62fc\u63a5\u5230\u901a\u8fc7 `child_process.exec()` \u6267\u884c\u7684 shell \u547d\u4ee4\u4e2d\u3002\n\n### \u53d7\u5f71\u54cd\u4ee3\u7801\n- **\u6587\u4ef6**\uff1a`lib/killing.js`\n- **\u884c\u53f7**\uff1a\u7b2c 35 \u884c\u548c\u7b2c 62 \u884c", "product": "killing", "severity": "High", "title": "npm killing \u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e", "title_en": "Arbitrary Command Injection", "updated_at": "2026-04-25T02:56:37", "url": "https://cve.imfht.com/detail/CVE-2021-23381", "vendor": "n/a" }, { "cve_id": "CVE-2021-23379", "cvss": 7.3, "cwe_id": null, "preview": "# CVE-2021-23379\uff1aportkiller \u4e2d\u7684\u4efb\u610f\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u662f\u4e00\u4e2a\u4f4d\u4e8e `index.js` \u4e2d\u7684 **\u547d\u4ee4\u6ce8\u5165\uff08Command Injection\uff09** \u7f3a\u9677\u3002`portkiller` \u5305\u901a\u8fc7\u547d\u4ee4\u884c\u53c2\u6570\uff08`process.argv[2]`\uff09\u63a5\u6536\u7aef\u53e3\u53f7\uff0c\u5e76\u672a\u7ecf\u4efb\u4f55\u6e05\u7406\u6216\u9a8c\u8bc1\u5c31\u76f4\u63a5\u5c06\u5176\u62fc\u63a5\u5230\u901a\u8fc7 `child_process.exec()` \u6267\u884c\u7684 shell \u547d\u4ee4\u4e2d\u3002\n\n### \u53d7\u5f71\u54cd\u6587\u4ef6\u4e0e\u884c\u53f7\n- **\u6587\u4ef6**\uff1a`index.js`\n- **\u7b2c 10 \u884c**\uff1a`exec(\\`lsof -i ", "product": "portkiller", "severity": "High", "title": "npm portkiller \u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e", "title_en": "Arbitrary Command Injection", "updated_at": "2026-04-25T02:56:37", "url": "https://cve.imfht.com/detail/CVE-2021-23379", "vendor": "n/a" }, { "cve_id": "CVE-2021-23375", "cvss": 7.3, "cwe_id": null, "preview": "# CVE-2021-23375 \u6f0f\u6d1e\u5206\u6790\uff1apsnode \u4e2d\u7684\u4efb\u610f\u547d\u4ee4\u6ce8\u5165\n\n## \u6f0f\u6d1e\u5206\u6790\n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u662f\u4e00\u4e2a**\u4efb\u610f\u547d\u4ee4\u6ce8\u5165**\u7f3a\u9677\uff0c\u4f4d\u4e8e `psnode` \u5e93\u7684 `kill` \u51fd\u6570\u4e2d\u3002\n\n\u5728 `lib/index.js` \u7b2c 58 \u884c\uff0c`kill` \u51fd\u6570\u901a\u8fc7\u76f4\u63a5\u5c06\u7528\u6237\u63d0\u4f9b\u7684 `pid` \u53c2\u6570\u4e0e\u7cfb\u7edf kill \u547d\u4ee4\u62fc\u63a5\u6765\u6784\u9020\u4e00\u4e2a shell \u547d\u4ee4\u5b57\u7b26\u4e32\uff1a\n\n```javascript\nvar killCommand = process.platform !== 'darwin' ? 'taskkill /F /PID ' + pid :", "product": "psnode", "severity": "High", "title": "npm psnode \u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e", "title_en": "Arbitrary Command Injection", "updated_at": "2026-04-25T02:56:37", "url": "https://cve.imfht.com/detail/CVE-2021-23375", "vendor": "n/a" }, { "cve_id": "CVE-2021-29460", "cvss": 7.6, "cwe_id": "CWE-79", "preview": "# CVE-2021-29460 \u6f0f\u6d1e\u5206\u6790\n\n## \u6f0f\u6d1e\u5206\u6790\n\n**\u6f0f\u6d1e\u7c7b\u578b\uff1a** \u901a\u8fc7\u672a\u6e05\u7406\u7684 SVG \u4e0a\u4f20\u5bfc\u81f4\u7684\u8de8\u7ad9\u811a\u672c\u653b\u51fb\uff08XSS\uff09 \n**\u4e25\u91cd\u7a0b\u5ea6\uff1a** \u9ad8 \n**\u53d7\u5f71\u54cd\u7ec4\u4ef6\uff1a** `getkirby/kirby`\uff08\u5177\u4f53\u4e3a\u6587\u4ef6\u5904\u7406\u4e0e Panel \u4e0a\u4f20\u673a\u5236\uff09 \n**\u4fee\u590d\u7248\u672c\uff1a** 3.5.4 \n\n### \u6839\u672c\u539f\u56e0\n\u8be5\u6f0f\u6d1e\u7684\u5b58\u5728\u662f\u56e0\u4e3a Kirby \u7684 Panel \u5141\u8bb8\u62e5\u6709\u5199\u5165\u6743\u9650\u7684\u5df2\u8ba4\u8bc1\u7528\u6237\u4e0a\u4f20 SVG \u6587\u4ef6\u3002SVG \u6587\u4ef6\u57fa\u4e8e XML\uff0c\u53ef\u4ee5\u5305\u542b\u53ef\u6267\u884c\u7684 JavaScript\uff08\u4f8b\u5982 `