SecLens 情报中心

{
  "CNVD-ID": "CNVD-2026-17183",
  "CVE ID": "CVE-2026-32916",
  "公开日期": "2026-04-15",
  "危害级别": "高\n(\nAV:N/AC:L/Au:N/C:C/I:C/A:C\n)",
  "厂商补丁": "OpenClaw存在未明漏洞（CNVD-2026-17183）的补丁",
  "参考链接": "https://github.com/openclaw/openclaw/security/advisories/GHSA-xw77-45gv-p728",
  "影响产品": "OpenClaw OpenClaw <2026.3.11",
  "报送时间": "2026-04-10",
  "收录时间": "2026-04-14",
  "更新时间": "2026-04-14",
  "漏洞描述": "OpenClaw是OpenClaw开源的一个智能人工助理。\nOpenClaw存在安全漏洞，该漏洞源于插件子代理路由通过具有广泛管理范围的合成操作员客户端执行网关方法，攻击者可利用该漏洞导致授权绕过和特权操作。",
  "漏洞类型": "通用型漏洞",
  "漏洞解决方案": "厂商已发布了漏洞修复程序，请及时关注更新：\nhttps://github.com/openclaw/openclaw/releases",
  "漏洞附件": "(无附件)",
  "验证信息": "(暂无验证信息)"
}

{
  "CNVD-ID": "CNVD-2026-17277",
  "CVE ID": "CVE-2026-22768",
  "公开日期": "2026-04-15",
  "危害级别": "中\n(\nAV:L/AC:L/Au:S/C:C/I:C/A:C\n)",
  "厂商补丁": "Dell AppSync权限提升漏洞（CNVD-2026-17277）的补丁",
  "参考链接": "https://issues.chromium.org/issues/40073848",
  "影响产品": "Dell AppSync >=4.6.0.0，<4.6.1.0",
  "报送时间": "2026-04-10",
  "收录时间": "2026-04-15",
  "更新时间": "2026-04-15",
  "漏洞描述": "Dell AppSync是美国戴尔（Dell）公司的一个数据复制管理应用。\nDell AppSync 4.6.0版本存在权限提升漏洞。该漏洞源于关键资源权限分配不当，攻击者可利用该漏洞导致权限提升。",
  "漏洞类型": "通用型漏洞",
  "漏洞解决方案": "厂商已发布了漏洞修复程序，请及时关注更新：\nhttps://www.google.com/chrome/",
  "漏洞附件": "(无附件)",
  "验证信息": "(暂无验证信息)"
}

{
  "CNVD-ID": "CNVD-2026-17276",
  "CVE ID": "CVE-2026-6135",
  "公开日期": "2026-04-15",
  "危害级别": "高\n(\nAV:N/AC:L/Au:S/C:C/I:C/A:C\n)",
  "厂商补丁": "(无补丁信息)",
  "参考链接": "https://nvd.nist.gov/vuln/detail/CVE-2026-6135",
  "影响产品": "Tenda F451 1.0.0.7_cn_svn7958",
  "报送时间": "2026-04-13",
  "收录时间": "2026-04-15",
  "更新时间": "2026-04-15",
  "漏洞描述": "Tenda F451是一款无线路由器产品，它主要提供网络连接和无线覆盖功能。\nTenda F451存在栈缓冲区溢出漏洞。该漏洞源于/goform/SetIpBind中的fromSetIpBind函数未能正确处理page参数，攻击者可利用该漏洞通过远程发送恶意数据触发栈溢出。",
  "漏洞类型": "通用型漏洞",
  "漏洞解决方案": "厂商尚未发布漏洞修复程序，请及时关注更新：\nhttps://vuldb.com/vuln/356999",
  "漏洞附件": "(无附件)",
  "验证信息": "(暂无验证信息)"
}

{
  "CNVD-ID": "CNVD-2026-17275",
  "CVE ID": "CVE-2026-30999",
  "公开日期": "2026-04-15",
  "危害级别": "高\n(\nAV:N/AC:L/Au:N/C:N/I:N/A:C\n)",
  "厂商补丁": "FFmpeg av_bprint_finalize()函数堆缓冲区溢出漏洞的补丁",
  "参考链接": "https://nvd.nist.gov/vuln/detail/CVE-2026-30999",
  "影响产品": "FFmpeg Ffmpeg 8.0.1",
  "报送时间": "2026-04-14",
  "收录时间": "2026-04-15",
  "更新时间": "2026-04-15",
  "漏洞描述": "FFmpeg是一款用于处理多媒体数据的开源软件库。\nFFmpeg存在堆缓冲区溢出漏洞。该漏洞源于av_bprint_finalize()函数未能正确处理特制输入，攻击者可利用该漏洞导致拒绝服务。",
  "漏洞类型": "通用型漏洞",
  "漏洞解决方案": "厂商已发布了漏洞修复程序，请及时关注更新：\nhttps://github.com/FFmpeg/FFmpeg/blob/master/tools/zmqsend.c",
  "漏洞附件": "(无附件)",
  "验证信息": "(暂无验证信息)"
}

{
  "CNVD-ID": "CNVD-2026-17247",
  "CVE ID": "CVE-2026-3830",
  "公开日期": "2026-04-15",
  "危害级别": "高\n(\nAV:N/AC:L/Au:N/C:C/I:N/A:N\n)",
  "厂商补丁": "WordPress插件Product Filter for WooCommerce by WBW存在未明漏洞的补丁",
  "参考链接": "https://wpscan.com/vulnerability/768014fd-0403-4182-b19e-3d46c92d8755/",
  "影响产品": "WordPress Product Filter for WooCommerce by WBW <3.1.3",
  "报送时间": "2026-04-14",
  "收录时间": "2026-04-15",
  "更新时间": "2026-04-15",
  "漏洞描述": "WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。WordPress plugin是一个应用插件。\nWordPress插件Product Filter for WooCommerce by WBW存在安全漏洞，该漏洞源于清理和转义不足，攻击者可利用该漏洞导致SQL注入攻击。",
  "漏洞类型": "通用型漏洞",
  "漏洞解决方案": "厂商已发布了漏洞修复程序，请及时关注更新：\nhttps://wpscan.com/vulnerability/768014fd-0403-4182-b19e-3d46c92d8755/",
  "漏洞附件": "(无附件)",
  "验证信息": "(暂无验证信息)"
}

{
  "CNVD-ID": "CNVD-2026-17274",
  "CVE ID": "CVE-2026-6168",
  "公开日期": "2026-04-15",
  "危害级别": "高\n(\nAV:N/AC:L/Au:S/C:C/I:C/A:C\n)",
  "厂商补丁": "(无补丁信息)",
  "参考链接": "https://vuldb.com/vuln/357056",
  "影响产品": "TOTOLINK A7000R 9.1.0u.6115",
  "报送时间": "2026-04-14",
  "收录时间": "2026-04-15",
  "更新时间": "2026-04-15",
  "漏洞描述": "TOTOLINK A7000R是一款无线路由器产品，主要用于提供网络连接和Wi-Fi接入服务。\nTOTOLINK A7000R存在栈缓冲区溢出漏洞。该漏洞源于/cgi-bin/cstecgi.cgi文件中的setWiFiEasyGuestCfg函数未能正确处理ssid5g参数，攻击者可利用该漏洞通过远程发送特制数据触发栈溢出。",
  "漏洞类型": "通用型漏洞",
  "漏洞解决方案": "厂商尚未发布漏洞修复程序，请及时关注更新：\nhttps://vuldb.com/vuln/357056",
  "漏洞附件": "(无附件)",
  "验证信息": "(暂无验证信息)"
}

{
  "CNVD-ID": "CNVD-2026-17273",
  "CVE ID": "CVE-2026-6194",
  "公开日期": "2026-04-15",
  "危害级别": "高\n(\nAV:N/AC:L/Au:S/C:C/I:C/A:C\n)",
  "厂商补丁": "(无补丁信息)",
  "参考链接": "https://nvd.nist.gov/vuln/detail/CVE-2026-6194",
  "影响产品": "TOTOLINK A3002MU B20211125.1046",
  "报送时间": "2026-04-14",
  "收录时间": "2026-04-15",
  "更新时间": "2026-04-15",
  "漏洞描述": "Totolink A3002MU是一款无线路由器产品，它提供网络连接和无线接入功能。\nTotolink A3002MU存在栈缓冲区溢出漏洞。该漏洞源于HTTP请求处理组件中对wan-url参数未能正确处理，攻击者可利用该漏洞通过发送特制请求触发栈溢出实现远程代码执行。",
  "漏洞类型": "通用型漏洞",
  "漏洞解决方案": "厂商尚未发布漏洞修复程序，请及时关注更新：\nhttps://vuldb.com/vuln/357116",
  "漏洞附件": "(无附件)",
  "验证信息": "(暂无验证信息)"
}

{
  "CNVD-ID": "CNVD-2026-17246",
  "CVE ID": "CVE-2026-6203",
  "公开日期": "2026-04-15",
  "危害级别": "中\n(\nAV:N/AC:L/Au:N/C:P/I:P/A:N\n)",
  "厂商补丁": "WordPress插件User Registration & Membership输入验证错误漏洞的补丁",
  "参考链接": "https://www.wordfence.com/threat-intel/vulnerabilities/id/020bed37-9544-49b7-941d-3b7f509fdfdf?source=cve",
  "影响产品": "WordPress User Registration & Membership <=5.1.4",
  "报送时间": "2026-04-14",
  "收录时间": "2026-04-15",
  "更新时间": "2026-04-15",
  "漏洞描述": "WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。WordPress plugin是一个应用插件。\nWordPress插件User Registration & Membership存在输入验证错误漏洞，该漏洞源于对redirect_to_on_logout GET参数验证不足，攻击者可利用该漏洞导致开放重定向攻击。",
  "漏洞类型": "通用型漏洞",
  "漏洞解决方案": "厂商已发布了漏洞修复程序，请及时关注更新：\nhttps://www.wordfence.com/threat-intel/vulnerabilities/id/020bed37-9544-49b7-941d-3b7f509fdfdf?source=cve",
  "漏洞附件": "(无附件)",
  "验证信息": "(暂无验证信息)"
}