快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 352348
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2026-24686 |
go-tuf Path Traversal in TAP 4 Multirepo Client Allows Arbitrary File Write via Malicious Repository Names
|
MEDIUM | 4.7 | 2026-01-27 |
theupdateframework go-tuf
|
CVE | |
| CVE-2026-24479 |
HUSTOJ has Arbitrary File Write (Zip Slip) in Problem Import Modules that leads to RCE
|
CRITICAL | 9.3 | 2026-01-27 |
zhblue hustoj
|
CVE | |
| CVE-2026-24490 |
MobSF has Stored XSS via Manifest Analysis - Dialer Code Host Field
|
HIGH | 8.1 | 2026-01-27 |
MobSF Mobile-Security-Framework-MobSF
|
CVE | |
| CVE-2026-24489 |
Gakido vulnerable to HTTP Header Injection (CRLF Injection)
|
MEDIUM | 5.3 | 2026-01-27 |
HappyHackingSpace gakido
|
CVE | |
| CVE-2026-24486 |
Python-Multipart has Arbitrary File Write via Non-Default Configuration
|
HIGH | 8.6 | 2026-01-27 |
Kludex python-multipart
|
CVE | |
| CVE-2026-24480 |
QGIS had validated RCE and Repository Takeover via GitHub Actions
|
HIGH | 8.7 | 2026-01-27 |
qgis QGIS
|
CVE | |
| CVE-2026-23683 |
Missing Authorization check in SAP Fiori App (Intercompany Balance Reconciliation)
|
MEDIUM | 4.3 | 2026-01-27 |
SAP_SE SAP Fiori App (Intercompany Balance Reconciliation)
SAP_SE SAP Fiori App (Intercompany Balance Reconciliation)
+3个
|
CVE | |
| CVE-2026-1449 |
Hisense TransTech Smart Bus Management System TireMng.aspx Page_Load sql injection
|
MEDIUM | 6.9 | 2026-01-26 |
Hisense TransTech Smart Bus Management System
|
CVE NVD | |
| CVE-2026-1448 |
D-Link DIR-615 Web Management wiz_policy_3_machine.php os command injection
|
HIGH | 8.6 | 2026-01-26 |
D-Link DIR-615
D-Link DIR-615
+9个
|
CVE NVD | |
| CVE-2026-24478 |
AnythingLLM vulnerable to Path Traversal
|
HIGH | 7.2 | 2026-01-26 |
Mintplex-Labs anything-llm
|
CVE NVD | |
| CVE-2026-24477 |
AnythingLLM has key leak in `systemSettings.js`
|
HIGH | 8.7 | 2026-01-26 |
Mintplex-Labs anything-llm
|
CVE NVD | |
| CVE-2025-30248 |
DLL hijacking in the WD Discovery Installer in Western Digital WD Discovery 5.2.730 on Windows allow...
|
HIGH | 8.9 | 2026-01-26 |
Western Digital WD Discovery
|
CVE NVD | |
| CVE-2026-24476 |
Shaarli vulnerable to stored XSS via Suggested Tags
|
MEDIUM | 5.3 | 2026-01-26 |
shaarli Shaarli
|
CVE NVD | |
| CVE-2026-24470 |
Skipper Ingress Controller Allows Unauthorized Access to Internal Services via ExternalName
|
HIGH | 8.1 | 2026-01-26 |
zalando skipper
|
CVE NVD | |
| CVE-2026-24408 |
sigstore has CSRF possibility in OIDC authentication during signing
|
LOW | N/A | 2026-01-26 |
sigstore sigstore-python
|
CVE NVD | |
| CVE-2026-24400 |
AssertJ has XML External Entity (XXE) vulnerability when parsing untrusted XML via isXmlEqualTo assertion
|
HIGH | 8.2 | 2026-01-26 |
assertj assertj
|
CVE NVD | |
| CVE-2026-24123 |
BentoML has a Path Traversal via Bentofile Configuration
|
HIGH | 7.4 | 2026-01-26 |
bentoml BentoML
|
CVE NVD | |
| CVE-2026-24003 |
EvseV2G has sequence state validation bypass
|
MEDIUM | 4.3 | 2026-01-26 |
EVerest everest-core
|
CVE NVD | |
| CVE-2026-24131 |
pnpm has Path Traversal via arbitrary file permission modification
|
MEDIUM | 6.7 | 2026-01-26 |
pnpm pnpm
|
CVE NVD | |
| CVE-2026-1445 |
iJason-Liu Books_Manager upload_bookCover.php unrestricted upload
|
MEDIUM | 5.1 | 2026-01-26 |
iJason-Liu Books_Manager
|
CVE NVD |