快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 361436
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2026-27638 |
ActualBudget missing authorization in sync endpoints allows cross-user budget file access in multi-user mode
|
MEDIUM | 5.7 | 2026-02-26 |
actualbudget actual
actualbudget actual
|
CVE NVD | |
| CVE-2026-27839 |
wger: IDOR in nutritional_values endpoints exposes private dietary data via direct ORM lookup
|
MEDIUM | 4.3 | 2026-02-26 |
wger-project wger
wger wger
|
CVE NVD | |
| CVE-2026-27838 |
wger: IDOR via user-unscoped cache keys on routine API actions exposes workout data
|
LOW | 3.1 | 2026-02-26 |
wger-project wger
wger wger
|
CVE NVD | |
| CVE-2026-3264 |
go2ismail Free-CRM Administrative redirect
|
MEDIUM | 5.3 | 2026-02-26 |
go2ismail Free-CRM
go2ismail free-crm
|
CVE NVD | |
| CVE-2026-27835 |
wger: IDOR in RepetitionsConfig and MaxRepetitionsConfig API leak other users' workout data
|
MEDIUM | 4.3 | 2026-02-26 |
wger-project wger
wger wger
|
CVE NVD | |
| CVE-2026-27457 |
Weblate: Missing access control for the AddonViewSet API exposes all addon configurations
|
MEDIUM | 4.3 | 2026-02-26 |
WeblateOrg weblate
weblate weblate
|
CVE NVD | |
| CVE-2026-27449 |
Umbraco.Engage.Forms Allows Unauthorized Access to Multiple API Endpoints
|
HIGH | 7.5 | 2026-02-26 |
umbraco Umbraco.Engage.Forms
umbraco Umbraco.Engage.Forms
|
CVE NVD | |
| CVE-2026-25741 |
Zulip Vulnerable to Modification of Payment Method (Stripe Default Card) by Non-Billing Users
|
HIGH | 7.1 | 2026-02-26 |
zulip zulip
|
CVE NVD | |
| CVE-2026-3263 |
go2ismail Asp.Net-Core-Inventory-Order-Management-System Security API improper authorization
|
MEDIUM | 5.3 | 2026-02-26 |
go2ismail Asp.Net-Core-Inventory-Order-Management-System
go2ismail asp.net-core-inventory-order-management-system
|
CVE NVD | |
| CVE-2026-28227 |
Discourse Vulnerable to Unauthorized Topic Creation in Staff-Only Categories via Topic Timer publish_to_category
|
LOW | 1.2 | 2026-02-26 |
discourse discourse
discourse discourse
+3个
|
CVE NVD | |
| CVE-2026-28219 |
Privilege Escalation via Mass Assignment Allows Regular Users to Set Topics as Global Banners
|
LOW | 1.3 | 2026-02-26 |
discourse discourse
discourse discourse
+3个
|
CVE NVD | |
| CVE-2026-28218 |
Discourse's Fail-Open Access Control in Data Explorer Plugin Allows Unauthorized SQL Query Execution
|
MEDIUM | 5.3 | 2026-02-26 |
discourse discourse
discourse discourse
+3个
|
CVE NVD | |
| CVE-2026-27154 |
Discourse has XSS when editing a malicious post
|
LOW | 1.3 | 2026-02-26 |
discourse discourse
discourse discourse
+3个
|
CVE NVD | |
| CVE-2026-27153 |
Discourse doesn't prevent moderators from exporting user Chat DMs
|
LOW | 1.3 | 2026-02-26 |
discourse discourse
discourse discourse
+3个
|
CVE NVD | |
| CVE-2026-3262 |
go2ismail Asp.Net-Core-Inventory-Order-Management-System Administrative redirect
|
MEDIUM | 5.3 | 2026-02-26 |
go2ismail Asp.Net-Core-Inventory-Order-Management-System
go2ismail asp.net-core-inventory-order-management-system
|
CVE NVD | |
| CVE-2026-3261 |
itsourcecode School Management System Setting index.php sql injection
|
MEDIUM | 6.9 | 2026-02-26 |
itsourcecode School Management System
itsourcecode school_management_system
|
CVE NVD | |
| CVE-2026-22207 |
OpenViking Missing root_api_key Allows Anonymous ROOT Access
|
CRITICAL | 9.3 | 2026-02-26 |
Volcengine OpenViking
|
CVE NVD | |
| CVE-2023-31364 |
Improper handling of direct memory writes in the input-output memory management unit could allow a m...
|
HIGH | 8.3 | 2026-02-26 |
AMD AMD EPYC™ 7001 Series Processors
AMD AMD EPYC™ 7002 Series Processors
+31个
|
CVE NVD | |
| CVE-2026-22205 |
SPIP < 4.4.10 Authentication Bypass via PHP Type Juggling
|
HIGH | 8.7 | 2026-02-26 |
SPIP SPIP
spip spip
|
CVE NVD | |
| CVE-2026-22206 |
SPIP < 4.4.10 SQL Injection RCE via Union & PHP Tags
|
HIGH | 8.7 | 2026-02-26 |
SPIP SPIP
spip spip
|
CVE NVD |