漏洞列表 - 漏洞数据展示平台

快速搜索提示： 按厂商查询（如：microsoft）| 按产品查询（如：microsoft sql_server）

搜索关键词支持模糊搜索，但速度较慢

严重程度

数据源

排序

常用厂商： microsoft cisco google apple oracle

示例： microsoft sql_server cisco ios apache http_server

漏洞列表 354457

CVE ID	标题	严重程度	CVSS	发布时间	受影响产品	数据源
CVE-2025-66435	An SSTI (Server-Side Template Injection) vulnerability exists in the get_contract_template method of...	MEDIUM	4.3	2025-12-15	frappe erpnext	CVE NVD
CVE-2025-66436	An SSTI (Server-Side Template Injection) vulnerability exists in the get_terms_and_conditions method...	MEDIUM	4.3	2025-12-15	frappe erpnext	CVE NVD
CVE-2025-66437	An SSTI (Server-Side Template Injection) vulnerability exists in the get_address_display method of F...	HIGH	8.8	2025-12-15	frappe erpnext	CVE NVD
CVE-2025-66438	A Server-Side Template Injection (SSTI) vulnerability exists in the Frappe ERPNext through 15.89.0 P...	CRITICAL	9.8	2025-12-15	frappe erpnext	CVE NVD
CVE-2025-66439	An issue was discovered in Frappe ERPNext through 15.89.0. Function get_outstanding_reference_docume...	CRITICAL	9.8	2025-12-15	frappe erpnext	CVE NVD
CVE-2025-66440	An issue was discovered in Frappe ERPNext through 15.89.0. Function get_outstanding_reference_docume...	CRITICAL	9.8	2025-12-15	frappe erpnext	CVE NVD
CVE-2025-66843	grav before v1.7.49.5 has a Stored Cross-Site Scripting (Stored XSS) vulnerability in the page editi...	MEDIUM	5.4	2025-12-15	getgrav grav	CVE NVD
CVE-2025-66844	In grav <1.7.49.5, a SSRF (Server-Side Request Forgery) vector may be triggered via Twig templates w...	CRITICAL	9.1	2025-12-15	getgrav grav	CVE NVD
CVE-2025-66963	An issue in Hitron HI3120 v.7.2.4.5.2b1 allows a local attacker to obtain sensitive information via ...	MEDIUM	5.5	2025-12-15	hitrontech hi3120_firmware	CVE NVD
CVE-2025-67809	An issue was discovered in Zimbra Collaboration (ZCS) 10.0 and 10.1. A hardcoded Flickr API key and ...	MEDIUM	4.7	2025-12-15	zimbra collaboration	CVE NVD
CVE-2025-67901	openrsync through 0.5.0, as used in OpenBSD through 7.8 and on other platforms, allows a client to c...	MEDIUM	5.3	2025-12-14	kristapsdz openrsync	CVE NVD
CVE-2025-14692	Mayan EDMS authentication redirect	MEDIUM	5.3	2025-12-14	Mayan EDMS Mayan EDMS	CVE NVD
CVE-2025-14691	Mayan EDMS authentication cross site scripting	MEDIUM	5.3	2025-12-14	Mayan EDMS Mayan EDMS	CVE NVD
CVE-2025-67900	NXLog Agent before 6.11 can load a file specified by the OPENSSL_CONF environment variable.	HIGH	8.1	2025-12-14	NXLog NXLog Agent	CVE NVD
CVE-2025-67899	uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMu...	LOW	2.9	2025-12-14	uriparser project uriparser	CVE NVD
CVE-2025-67898	MJML through 4.18.0 allows mj-include directory traversal to test file existence and (in the type="c...	MEDIUM	4.5	2025-12-14	MJML MJML	CVE NVD
CVE-2025-13281	Kubernetes 安全漏洞	MEDIUM	5.8	2025-12-14	Kubernetes Kubernetes	CVE NVD +1
CVE-2025-14674	aizuda snail-job QLExpressEngine.java QLExpressEngine.doEval injection	MEDIUM	5.3	2025-12-14	aizuda snail-job aizuda snail-job +5个	CVE NVD
CVE-2025-14673	gmg137 snap7-rs client.rs as_ct_write heap-based overflow	MEDIUM	6.9	2025-12-14	gmg137 snap7-rs gmg137 snap7-rs +1个	CVE NVD
CVE-2025-14672	gmg137 snap7-rs s7_micro_client.cpp opWriteArea heap-based overflow	MEDIUM	6.9	2025-12-14	gmg137 snap7-rs gmg137 snap7-rs +1个	CVE NVD

耗时统计

总耗时:	235.86 ms
构建查询耗时:	0.0 ms
统计耗时:	228.99 ms
获取数据耗时:	6.22 ms
数据转换耗时:	0.65 ms

数据统计

匹配文档数:	354457
返回文档数:	20
当前页码:	435
每页数量:	20
跳过记录数:	8680

查询详情

查询集合:	`uni_vulnerabilities`
使用过滤器:	否
搜索关键词:	-
严重程度:	-
数据源:	-
效率分析:	良好查询速度正常

优化建议：

匹配文档数量很大（354457），建议使用更精确的搜索条件
当前未使用任何过滤条件，查询全部数据可能较慢

漏洞列表 354457

参考链接