SecLens 情报中心

{
  "affected_vendor": "Mmemed",
  "cnnvd_code": "CNNVD-202606-579",
  "create_time": "2026-06-03",
  "cve_code": "CVE-2026-3198",
  "detailed_publish_time": "2026-06-02 00:00:00",
  "detailed_update_time": "2026-06-03 00:00:00",
  "hazard_level": 0,
  "is_official": 1,
  "publish_time": "2026-06-02",
  "refer_url": "来源:huntr.com\r\n链接:https://huntr.com/bounties/e57db731-97d3-40c3-a429-831ee959807f",
  "update_time": "2026-06-03",
  "vendor": "1009097",
  "vul_desc": "MLflow是MLflow开源的一个简化机器学习开发的平台，包括跟踪实验、将代码打包成可重复的运行以及共享和部署模型。\r\nMLflow 3.9.0版本存在安全漏洞，该漏洞源于基本身份验证模式下未对多个Gateway API列表端点强制执行授权检查，可能导致任何经过身份验证的用户枚举所有网关密钥、端点和模型定义，泄露API密钥、端点配置和专有模型定义等敏感信息。",
  "vul_type": "0",
  "vul_type_name": "其他"
}

{
  "affected_vendor": "WordPress",
  "cnnvd_code": "CNNVD-202606-580",
  "create_time": "2026-06-03",
  "cve_code": "CVE-2026-3722",
  "detailed_publish_time": "2026-06-02 00:00:00",
  "detailed_update_time": "2026-06-03 00:00:00",
  "hazard_level": 3,
  "is_official": 1,
  "publish_time": "2026-06-02",
  "refer_url": "来源:plugins.trac.wordpress.org\r\n链接:https://plugins.trac.wordpress.org/browser/auto-image-attributes-from-filename-with-bulk-updater/tags/4.9/admin/columns-media-library.php#L50\r\n\r\n来源:plugins.trac.wordpress.org\r\n链接:https://plugins.trac.wordpress.org/browser/auto-image-attributes-from-filename-with-bulk-updater/tags/4.9/admin/do.php#L752\r\n\r\n来源:www.wordfence.com\r\n链接:https://www.wordfence.com/threat-intel/vulnerabilities/id/9696fae6-39fe-4478-90e7-488b5b573fa8?source=cve",
  "update_time": "2026-06-03",
  "vendor": "1015603",
  "vul_desc": "WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。WordPress plugin是一个应用插件。\r\nWordPress plugin Auto Image Attributes From Filename With Bulk Updater (Add Alt Text, Image Title For Image SEO) 4.9及之前版本存在跨站脚本漏洞，该漏洞源于输入清理和输出转义不足，可能导致经过身份验证的攻击者注入任意Web脚本。",
  "vul_type": "0",
  "vul_type_name": "跨站脚本"
}

{
  "affected_vendor": "合勤",
  "cnnvd_code": "CNNVD-202606-581",
  "create_time": "2026-06-03",
  "cve_code": "CVE-2026-3870",
  "detailed_publish_time": "2026-06-02 00:00:00",
  "detailed_update_time": "2026-06-03 00:00:00",
  "hazard_level": 3,
  "is_official": 1,
  "publish_time": "2026-06-02",
  "refer_url": "来源:www.zyxel.com\r\n链接:https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-buffer-overflow-vulnerabilities-in-the-upnp-function-of-certain-4g-lte-5g-nr-cpe-and-dsl-ethernet-cpe-06-02-2026",
  "update_time": "2026-06-03",
  "vendor": "1016249",
  "vul_desc": "Zyxel VMG4005-B50B是中国合勤（Zyxel）公司的一款VDSL2/ADSL2+宽带调制解调器。\r\nZyxel VMG4005-B50B firmware 5.13(ABRL.5.4)C0及之前版本存在安全漏洞，该漏洞源于UPnP AddPortMapping命令存在缓冲区溢出，可能导致相邻攻击者触发临时拒绝服务。",
  "vul_type": "0",
  "vul_type_name": "其他"
}

{
  "affected_vendor": "飞致云",
  "cnnvd_code": "CNNVD-202606-582",
  "create_time": "2026-06-03",
  "cve_code": "CVE-2026-10567",
  "detailed_publish_time": "2026-06-02 00:00:00",
  "detailed_update_time": "2026-06-03 00:00:00",
  "hazard_level": 4,
  "is_official": 1,
  "publish_time": "2026-06-02",
  "refer_url": "来源:github.com\r\n链接:https://github.com/1Panel-dev/CordysCRM/\r\n\r\n来源:github.com\r\n链接:https://github.com/1Panel-dev/CordysCRM/commit/c87682afa8df79853299f75489c9d333f7bc5fce\r\n\r\n来源:github.com\r\n链接:https://github.com/1Panel-dev/CordysCRM/issues/2233\r\n\r\n来源:github.com\r\n链接:https://github.com/1Panel-dev/CordysCRM/pull/2356\r\n\r\n来源:github.com\r\n链接:https://github.com/1Panel-dev/CordysCRM/releases/tag/v1.7.0\r\n\r\n来源:vuldb.com\r\n链接:https://vuldb.com/cve/CVE-2026-10567\r\n\r\n来源:vuldb.com\r\n链接:https://vuldb.com/submit/829316\r\n\r\n来源:vuldb.com\r\n链接:https://vuldb.com/vuln/367674\r\n\r\n来源:vuldb.com\r\n链接:https://vuldb.com/vuln/367674/cti",
  "update_time": "2026-06-03",
  "vendor": "1004815",
  "vul_desc": "FIT2CLOUD CordysCRM是中国飞致云（FIT2CLOUD）公司的一个客户关系管理系统。\r\nCordysCRM 1.4.1及之前版本存在代码注入漏洞，该漏洞源于ModuleFormController组件中文件src/main/java/cn/cordys/crm/system/service/ModuleFormService.java的Save函数问题，可能导致跨站脚本攻击。",
  "vul_type": "0",
  "vul_type_name": "代码注入"
}

{
  "affected_vendor": "itsourcecode",
  "cnnvd_code": "CNNVD-202606-583",
  "create_time": "2026-06-03",
  "cve_code": "CVE-2026-10568",
  "detailed_publish_time": "2026-06-02 00:00:00",
  "detailed_update_time": "2026-06-03 00:00:00",
  "hazard_level": 3,
  "is_official": 0,
  "publish_time": "2026-06-02",
  "refer_url": "来源:github.com\r\n链接:https://github.com/ltranquility/vuln_submit/issues/11\r\n\r\n来源:itsourcecode.com\r\n链接:https://itsourcecode.com/\r\n\r\n来源:vuldb.com\r\n链接:https://vuldb.com/cve/CVE-2026-10568\r\n\r\n来源:vuldb.com\r\n链接:https://vuldb.com/submit/829322\r\n\r\n来源:vuldb.com\r\n链接:https://vuldb.com/vuln/367675\r\n\r\n来源:vuldb.com\r\n链接:https://vuldb.com/vuln/367675/cti",
  "update_time": "2026-06-03",
  "vendor": "1006700",
  "vul_desc": "itsourcecode Fees Management System是itsourcecode开源的一个收费管理系统。\r\nitsourcecode Fees Management System 1.0版本存在SQL注入漏洞，该漏洞源于对文件/manage_payment.php中参数ID的操作，可能导致SQL注入。",
  "vul_type": "0",
  "vul_type_name": "SQL注入"
}

{
  "affected_vendor": "MetaGPT",
  "cnnvd_code": "CNNVD-202606-584",
  "create_time": "2026-06-03",
  "cve_code": "CVE-2026-10566",
  "detailed_publish_time": "2026-06-02 00:00:00",
  "detailed_update_time": "2026-06-03 00:00:00",
  "hazard_level": 3,
  "is_official": 0,
  "publish_time": "2026-06-02",
  "refer_url": "来源:github.com\r\n链接:https://github.com/FoundationAgents/MetaGPT/\r\n\r\n来源:github.com\r\n链接:https://github.com/FoundationAgents/MetaGPT/issues/2038\r\n\r\n来源:vuldb.com\r\n链接:https://vuldb.com/cve/CVE-2026-10566\r\n\r\n来源:vuldb.com\r\n链接:https://vuldb.com/submit/828301\r\n\r\n来源:vuldb.com\r\n链接:https://vuldb.com/vuln/367673\r\n\r\n来源:vuldb.com\r\n链接:https://vuldb.com/vuln/367673/cti",
  "update_time": "2026-06-03",
  "vendor": "1008819",
  "vul_desc": "MetaGPT是MetaGPT公司的一个多代理框架。\r\nMetaGPT 0.8.2及之前版本存在代码问题漏洞，该漏洞源于文件metagpt/schema.py的Message.check_instruct_content函数问题，可能导致反序列化。",
  "vul_type": "0",
  "vul_type_name": "代码问题"
}

{
  "affected_vendor": "Open5GS",
  "cnnvd_code": "CNNVD-202606-585",
  "create_time": "2026-06-03",
  "cve_code": "CVE-2026-10565",
  "detailed_publish_time": "2026-06-02 00:00:00",
  "detailed_update_time": "2026-06-03 00:00:00",
  "hazard_level": 4,
  "is_official": 1,
  "publish_time": "2026-06-02",
  "refer_url": "来源:github.com\r\n链接:https://github.com/open5gs/open5gs/\r\n\r\n来源:github.com\r\n链接:https://github.com/open5gs/open5gs/issues/4497\r\n\r\n来源:github.com\r\n链接:https://github.com/open5gs/open5gs/pull/4501\r\n\r\n来源:github.com\r\n链接:https://github.com/user-attachments/files/27111025/N2-SMC-Concurrent.zip\r\n\r\n来源:vuldb.com\r\n链接:https://vuldb.com/cve/CVE-2026-10565\r\n\r\n来源:vuldb.com\r\n链接:https://vuldb.com/submit/818938\r\n\r\n来源:vuldb.com\r\n链接:https://vuldb.com/vuln/367672\r\n\r\n来源:vuldb.com\r\n链接:https://vuldb.com/vuln/367672/cti",
  "update_time": "2026-06-03",
  "vendor": "1010240",
  "vul_desc": "Open5GS是Open5GS开源的一个 5G Core 和 Epc 的 C 语言开源实现，即 Lte/Nr 网络的核心网络。\r\nOpen5GS 2.7.6及之前版本存在竞争条件问题漏洞，该漏洞源于NGAP Handover组件中文件src/amf/gmm-sm.c的gmm_state_security_mode函数问题，可能导致竞争条件。",
  "vul_type": "0",
  "vul_type_name": "竞争条件问题"
}

{
  "affected_vendor": "传音",
  "cnnvd_code": "CNNVD-202606-586",
  "create_time": "2026-06-03",
  "cve_code": "CVE-2026-10510",
  "detailed_publish_time": "2026-06-02 00:00:00",
  "detailed_update_time": "2026-06-03 00:00:00",
  "hazard_level": 0,
  "is_official": 1,
  "publish_time": "2026-06-02",
  "refer_url": "来源:security.tecno.com\r\n链接:https://security.tecno.com/SRC/securityUpdates",
  "update_time": "2026-06-03",
  "vendor": "1014490",
  "vul_desc": "Transsion AI Assistant Lifestyle是中国传音（Transsion）公司的一款集成智能问答、内容生成、生活服务推荐和个人助理功能的移动端AI助手应用。\r\nTranssion AI Assistant Lifestyle存在安全漏洞，该漏洞源于GeniexWebView组件存在跨站脚本漏洞，可能导致远程攻击者通过特制的web_action_data URL参数在WebView环境中执行任意JavaScript。",
  "vul_type": "0",
  "vul_type_name": "其他"
}