安全情报专区 31+

精选漏洞公告、利用分析、安全博客、GHSA Advisory 等情报来源，已自动清洗 + 中英双语呈现，持续更新。

筛选

仅 KEV

已验证 PoC

Critical

Craft CMS 远程代码执行（RCE）漏洞分析

github.com · 2026-05-22

Craft CMS <= 6.0.0-alpha.4

Medium

Craft CMS GQL URL 注入漏洞修复通报 (GSA-gj2p-p9m4-c8gw)

GHSA-gj2p-p9m4-c8gw · github.com · 2026-05-22

### 漏洞概述 - **漏洞描述**：修复了一个安全漏洞，该漏洞允许通过 `Gql` 查询缓存结果，即使这些结果包含转换生成的 URL。 - **漏洞编号**：`GSA-gj2p-p9m4-c8gw` - **严重程度**：中等（[moderate-severity](https://github.com/craftcms/cms/security/policy/severity#remedia…

Medium

Craft CMS GraphQL 地址解析器越权导致 PII 泄露 (CVE-2025-44010)

CVE-2025-44010 · github.com · 2026-05-22

craftcms/cms >= 5.0.0, < 5.9.18 · craftcms/cms >= 4.0.0, < 4.17.12

High

Craft CMS 路径遍历漏洞修复分析

GHSA-95wr-3f2v-v2wh · github.com · 2026-04-22

Craft CMS < latest patched version

High

CraftCMS Host Header Injection 导致 SSRF (CVE-2024-5555)

github.com · 2026-04-22

Craft CMS >= 5.0.0-RC1, <= 5.9.14 · Craft CMS >= 4.0.0-RC1, <= 4.17.8

Medium

Craft CMS 用户组移除权限绕过漏洞 (CVE-2026-41128)

CVE-2026-41128 · github.com · 2026-04-22

Craft CMS 5.6.0 · Craft CMS 5.9.14

High

Craft CMS 授权绕过漏洞修复 (GHS-1q2f-59p3-p3m3)

GHSA-jq2f-59pj-p3m3 · github.com · 2026-04-22

Craft CMS < latest patch version for commit b135384

High

CraftCMS文件上传协议绕过漏洞修复分析

GHSA-3m9m-24vh-39wx · github.com · 2026-04-22

craftcms/cms

High

Craft CMS 元素索引 SQL 注入漏洞 (CVE-2026-25495)

CVE-2026-25495 · github.com · 2026-04-18

craftcms/cms 5.0.0-RC1 to 5.8.21 · craftcms/cms 4.0.0-RC1 to 4.16.17

High

控制面板SQL注入漏洞及修复方案

github.com · 2026-04-18

Craft Commerce <= 5.5.4

Low

Craft Commerce 未授权信息泄露漏洞 (CVE-2025-32270)

CVE-2025-32270 · github.com · 2026-04-18

Craft Commerce 5.0.0 to 5.5.4 · Craft Commerce 4.0.0 to 4.10.2

High

CraftCMS Commerce 远程代码执行漏洞分析 (CVE-2026-52271)

CVE-2026-52271 · github.com · 2026-04-18

craftcms/commerce >= 4.0.0, <= 4.10.2 · craftcms/commerce >= 5.0.0, <= 5.5.4

Medium

Craft CMS CVE-2026-27129 IPv6 SSRF绕过漏洞分析

GHSA-v2gc-rm6g-wrw9 · github.com · 2026-02-24

Craft CMS >= 5.0.0-RC1 <= 5.8.22 · Craft CMS >= 3.5.0 <= 4.16.18

Unknown

Craft CMS SSRF漏洞修复(GHSA-v2gc-rm6g-wrw9)

GHSA-v2gc-rm6g-wrw9 · github.com · 2026-02-24

Craft CMS < 5.9.12 · Craft CMS < 4.16.19

Low

Craft CMS 存储型XSS漏洞 (CVE-2026-27126) 及利用细节

CVE-2026-27126 · github.com · 2026-02-24

Craft CMS >= 4.5.0-RC1, <= 4.16.18 · Craft CMS >= 5.0.0-RC1, <= 5.8.22

Medium

CVE-2026-25492: GraphQL SSRF导致AWS凭证泄露

CVE-2026-25492 · github.com · 2026-02-10

Craft CMS >= 5.0.0-RC1, <= 5.8.21 · Craft CMS >= 3.5.0, <= 4.16.17

Critical

Craft CMS 管理员权限远程代码执行漏洞 (CVE-2026-25498)

CVE-2026-25498 · github.com · 2026-02-10

Craft CMS >= 5.0.0-RC1, <= 5.8.21 · Craft CMS >= 4.0.0-RC1, <= 4.16.17

Low

Craft CMS 存储型XSS漏洞 (CVE-2026-25496)

CVE-2026-25496 · github.com · 2026-02-10

Craft CMS >= 5.0.0-RC1, <= 5.8.21 · Craft CMS >= 4.0.0-RC1, <= 4.16.17

High

Craft CMS GraphQL 权限提升漏洞 (CVE-2026-25497)

CVE-2026-25497 · github.com · 2026-02-10

craftcms/cms >= 5.0.0-RC1, < 5.9.0-beta.1 · craftcms/cms >= 4.0.0-RC1, < 4.17.0-beta.1

Medium

CVE-2026-25493: GraphQL SSRF绕过HTTP重定向

GHSA-8jr8-7hr4-vhfx · github.com · 2026-02-10

Craft CMS >= 5.0.0-RC1, <= 5.8.21 · Craft CMS >= 4.0.0-RC1, <= 4.16.17

每篇文章经过自动 HTML→Markdown 清洗 + LLM 去噪 + 中英双语翻译。原始链接保留在文章末尾。

想看哪个安全博客 / 公告源？邮件告诉我们，每周新接 1-2 个。