Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

state:in-the-wild — CVE vulnerabilities tagged 393

393 CVE security advisories tagged "state:in-the-wild" with AI Chinese analysis, CVSS, references and POCs.

CVE IDTitleCVSSSeverityPublished
CVE-2026-26331 yt-dlp: Arbitrary Command Injection when using the `--netrc-cmd` option — yt-dlpCWE-78 8.8 High2026-02-24
CVE-2026-25815 Fortinet FortiOS 安全漏洞 — FortiOSCWE-1394 3.2 Low2026-02-05
CVE-2026-25137 NixOs Odoo database and filestore publicly accessible with default odoo configuration — nixpkgsCWE-552 9.1 Critical2026-02-02
CVE-2025-70974 Fastjson 安全漏洞 — FastjsonCWE-829 10.0 Critical2026-01-09
CVE-2025-66644 Array Networks ArrayOS AG 操作系统命令注入漏洞 — ArrayOS AGCWE-78 7.2 High2025-12-05
CVE-2025-55179 Facebook WhatsApp 安全漏洞 — WhatsApp Business for iOS 5.4 Medium2025-11-18
CVE-2023-7325 Mingyu Operations and Maintenance Audit and Risk Control System xmlrpc.sock SSRF — Mingyu Operations and Maintenance Audit and Risk Control SystemCWE-306 9.8AICriticalAI2025-10-30
CVE-2021-4461 Seeyon Zhiyuan OA Web Application System < 7.0 SP1 Authentication Bypass — Zhiyuan OA Web Application SystemCWE-306 5.3AIMediumAI2025-10-30
CVE-2025-43027 Genetec Security Center 安全漏洞 — Genetec Security CenterCWE-284 9.8 Critical2025-10-30
CVE-2016-15048 AMTT HiBOS Command Injection RCE via server_ping.php — Hotel Broadband Operation System (HiBOS)CWE-78 9.8AICriticalAI2025-10-22
CVE-2023-53691 Hikvision CSMP iSecure Center 安全漏洞 — CSMP iSecure CenterCWE-24 8.3 High2025-10-22
CVE-2024-58274 Hikvision CSMP iSecure Center 安全漏洞 — CSMP iSecure CenterCWE-78 8.3 High2025-10-22
CVE-2018-25118 GeoVision Command Injection RCE via /PictureCatch.cgi — GV-BX1500CWE-78 9.8AICriticalAI2025-10-20
CVE-2023-7305 SmartBI RMIServlet Unrestricted File Upload RCE — SmartBICWE-434 10.0AICriticalAI2025-10-15
CVE-2011-10033 WordPress Plugin is-human <= v1.4.2 Eval Injection RCE — is-human WordPress PluginCWE-95 9.8AICriticalAI2025-10-15
CVE-2018-25117 VestaCP Debian Installer Malicious Backdoor Supply Chain Compromise — Control Panel (CP)CWE-506 8.8AIHighAI2025-10-15
CVE-2024-13991 Huijietong Cloud Video Platform fileDownload Arbitrary File Read — Cloud Video PlatformCWE-22 7.5AIHighAI2025-10-15
CVE-2025-59530 quic-go has Client Crash Due to Premature HANDSHAKE_DONE Frame — quic-goCWE-617 7.5 High2025-10-10
CVE-2017-20203 NetSarang v5.0 Malicious Backdoor Supply Chain Compromise — Xmanager EnterpriseCWE-506 10.0AICriticalAI2025-10-09
CVE-2025-11371 Gladinet CentreStack and TrioFox Local File Inclusion Flaw — CentreStack and TrioFox 7.5AIHighAI2025-10-09
CVE-2025-42701 CrowdStrike Falcon Sensor for Windows Race Condition — Falcon sensor for WindowsCWE-367 5.6 Medium2025-10-08
CVE-2025-42706 CrowdStrike Falcon Sensor for Windows Logic Error — Falcon sensor for WindowsCWE-346 6.5 Medium2025-10-08
CVE-2022-4980 General Bytes Crypto Application Server (CAS) Unauthenticated Creation of Admin Account via Default-installation/First-admin Page — Crypto Application Server (CAS)CWE-306 9.8 -2025-09-19
CVE-2025-8088 Path traversal vulnerability in WinRAR — WinRARCWE-35 8.4 -2025-08-08
CVE-2023-44976 Hangzhou Shunwang Rentdrv2 安全漏洞 — Rentdrv2CWE-782 3.2 Low2025-08-01
CVE-2014-125123 Kloxo < 6.1.12 Unauthenticated SQL Injection RCE — KloxoCWE-89 9.8AICriticalAI2025-07-31
CVE-2025-53770 Microsoft SharePoint Server Remote Code Execution Vulnerability — Microsoft SharePoint Enterprise Server 2016CWE-502 9.8 Critical2025-07-20
CVE-2025-54309 CrushFTP 安全漏洞 — CrushFTPCWE-420 9.0 Critical2025-07-18
CVE-2025-34130 LILIN DVR Arbitrary File Read via net_html.cgi — DVR FirmwareCWE-306 9.8AICriticalAI2025-07-16
CVE-2025-34129 LILIN DVR RCE via Malicious FTP/NTP Configuration — DVR FirmwareCWE-78 7.2AIHighAI2025-07-16

Vulnerabilities classified as state:in-the-wild represent 393 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.