快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 360566
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2026-3824 |
IFTOP developed by WellChoose has an Open redirect vulnerability, allowing authenticated remote atta
|
MEDIUM | 6.1 | 2026-03-11 |
未知
|
NVD | |
| CVE-2026-3534 |
The Astra theme for WordPress is vulnerable to Stored Cross-Site Scripting via the `ast-page-backgro
|
MEDIUM | 6.4 | 2026-03-11 |
未知
|
NVD | |
| CVE-2026-31844 |
An authenticated SQL Injection vulnerability (CWE-89) exists in the Koha staff interface in the /cgi
|
HIGH | 8.8 | 2026-03-11 |
未知
|
NVD | |
| CVE-2026-3911 |
A flaw was found in Keycloak. An authenticated user with the view-users role could exploit a vulnera
|
LOW | 2.7 | 2026-03-11 |
未知
|
NVD | |
| CVE-2026-3884 |
Versions of the package spin.js before 3.0.0 are vulnerable to Cross-site Scripting (XSS) via the sp
|
MEDIUM | 6.1 | 2026-03-11 |
未知
|
NVD | |
| CVE-2026-3222 |
The WP Maps plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'location_i
|
HIGH | 7.5 | 2026-03-11 |
未知
|
NVD | |
| CVE-2026-2707 |
The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the REST API entry
|
MEDIUM | 6.4 | 2026-03-11 |
未知
|
NVD | |
| CVE-2026-2631 |
The Datalogics Ecommerce Delivery WordPress plugin before 2.6.60 exposes an unauthenticated REST en
|
CRITICAL | 9.8 | 2026-03-11 |
未知
|
NVD | |
| CVE-2026-2626 |
The divi-booster WordPress plugin before 5.0.2 does not have authorization and CSRF checks in one of
|
HIGH | 8.1 | 2026-03-11 |
未知
|
NVD | |
| CVE-2026-2466 |
The DukaPress WordPress plugin through 3.2.4 does not sanitise and escape a parameter before outputt
|
HIGH | 7.1 | 2026-03-11 |
未知
|
NVD | |
| CVE-2026-2358 |
The WP ULike plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `[wp_ulike_li
|
MEDIUM | 6.4 | 2026-03-11 |
未知
|
NVD | |
| CVE-2026-27842 |
Authentication bypass issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker to bypa
|
CRITICAL | 9.8 | 2026-03-11 |
未知
|
NVD | |
| CVE-2026-24448 |
Use of hard-coded credentials issue exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker
|
CRITICAL | 9.8 | 2026-03-11 |
未知
|
NVD | |
| CVE-2026-20892 |
Code injection vulnerability exists in MR-GM5L-S1 and MR-GM5A-L1, which may allow an attacker with a
|
HIGH | 7.2 | 2026-03-11 |
未知
|
NVD | |
| CVE-2026-1867 |
The Guest posting / Frontend Posting / Front Editor WordPress plugin before 5.0.6 allows passing a
|
MEDIUM | 5.9 | 2026-03-11 |
未知
|
NVD | |
| CVE-2026-1753 |
The Gutena Forms WordPress plugin before 1.6.1 does not validate option to be updated, which could
|
MEDIUM | 6.8 | 2026-03-11 |
未知
|
NVD | |
| CVE-2023-27573 |
netbox-docker before 2.5.0 has a superuser account with default credentials (admin password for the
|
CRITICAL | 9.0 | 2026-03-11 |
未知
|
NVD | |
| CVE-2026-2413 |
The Ally – Web Accessibility & Usability plugin for WordPress is vulnerable to SQL Injection via the
|
HIGH | 7.5 | 2026-03-11 |
未知
|
NVD | |
| CVE-2025-13067 |
The Royal Addons for Elementor plugin for WordPress is vulnerable to arbitrary file upload in all ve
|
HIGH | 8.8 | 2026-03-11 |
未知
|
NVD | |
| CVE-2026-29515 |
MiCode FileExplorer contains an authentication bypass vulnerability in the embedded SwiFTP FTP serve
|
UNKNOWN | N/A | 2026-03-11 |
未知
|
NVD |