快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 355518
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2025-13896 |
Social Feed Gallery Portfolio <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute
|
MEDIUM | 6.4 | 2025-12-06 |
wpdiscover Social Feed Gallery Portfolio
|
CVE NVD | |
| CVE-2025-13898 |
Ultra Skype Button <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'btn_id' Shortcode Attribute
|
MEDIUM | 6.4 | 2025-12-06 |
sozan45 Ultra Skype Button
|
CVE NVD | |
| CVE-2025-13137 |
Live Sales Notification for Woocommerce – Woomotiv <= 3.6.3 - Reflected Cross-Site Scripting
|
MEDIUM | 6.1 | 2025-12-06 |
delabon Live Sales Notification for Woocommerce – Woomotiv
|
CVE NVD | |
| CVE-2025-13626 |
myLCO <= 0.8.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']
|
MEDIUM | 6.1 | 2025-12-06 |
realloc myLCO
|
CVE NVD | |
| CVE-2025-14117 |
fit2cloud Halo cross-site request forgery
|
MEDIUM | 5.3 | 2025-12-06 |
fit2cloud Halo
fit2cloud halo
|
CVE NVD | |
| CVE-2025-13292 |
Google Apigee-X 安全漏洞
|
HIGH | 7.6 | 2025-12-06 |
Google Cloud Apigee-X
|
CVE NVD +1 | |
| CVE-2025-13922 |
Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI <= 3.40.1 - Authenticated (Contributor+) SQL Injection via ORDER BY Clause
|
MEDIUM | 6.5 | 2025-12-06 |
stevejburge Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI
|
CVE NVD | |
| CVE-2025-12505 |
weDocs <= 2.1.14 - Missing Authorization to Settings Update
|
MEDIUM | 5.4 | 2025-12-06 |
wedevs weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot
|
CVE NVD | |
| CVE-2025-11263 |
Link Whisper Free <= 0.8.8 - Reflected Cross-Site Scripting
|
MEDIUM | 6.1 | 2025-12-06 |
linkwhspr Link Whisper Free
|
CVE NVD | |
| CVE-2025-12510 |
Widgets for Google Reviews <= 13.2.4 - Unauthenticated Stored Cross-Site Scripting via Google Reviews
|
HIGH | 7.2 | 2025-12-06 |
trustindex Widgets for Google Reviews
|
CVE NVD | |
| CVE-2025-66629 |
HedgeDoc is missing state parameter in OAuth2 flows could lead to CSRF
|
LOW | 3.7 | 2025-12-05 |
hedgedoc hedgedoc
hedgedoc hedgedoc
|
CVE NVD | |
| CVE-2025-14116 |
xerrors Yuxi-Know embed.py OtherEmbedding.aencode server-side request forgery
|
MEDIUM | 5.1 | 2025-12-05 |
xerrors Yuxi-Know
xerrors Yuxi-Know
+2个
|
CVE NVD | |
| CVE-2025-14111 |
Rarlab RAR App com.rarlab.rar path traversal
|
LOW | 2.3 | 2025-12-05 |
Rarlab RAR App
rarlab rar
|
CVE NVD | |
| CVE-2025-34291 |
Langflow <= 1.6.9 CORS Misconfiguration to Token Hijack & RCE
|
CRITICAL | 9.4 | 2025-12-05 |
Langflow Langflow
langflow langflow
|
CVE NVD | |
| CVE-2025-14108 |
ZSPACE Q2C NAS HTTP POST Request open zfilev2_api.OpenSafe command injection
|
HIGH | 8.7 | 2025-12-05 |
ZSPACE Q2C NAS
zspace q2c_nas_firmware
|
CVE NVD | |
| CVE-2025-14107 |
ZSPACE Q2C NAS HTTP POST Request status zfilev2_api.SafeStatus command injection
|
HIGH | 8.7 | 2025-12-05 |
ZSPACE Q2C NAS
zspace q2c_nas_firmware
|
CVE NVD | |
| CVE-2025-14106 |
ZSPACE Q2C NAS HTTP POST Request close zfilev2_api.CloseSafe command injection
|
HIGH | 8.7 | 2025-12-05 |
ZSPACE Q2C NAS
zspace q2c_nas_firmware
|
CVE NVD | |
| CVE-2025-13426 |
Improper Sandboxing in Google Apigee's JavaCallout Policy Allows for Remote Code Execution
|
HIGH | 8.7 | 2025-12-05 |
Google Cloud Apigee hybrid Javacallout policy
|
CVE NVD | |
| CVE-2025-14105 |
TOZED ZLT M30S/ZLT M30S PRO Web proc_post denial of service
|
MEDIUM | 5.3 | 2025-12-05 |
TOZED ZLT M30S
TOZED ZLT M30S
+2个
|
CVE NVD | |
| CVE-2025-8148 |
CVE-2025-8148 Improper Access Control in SFTP service of GoAnywhere MFT
|
MEDIUM | 4.2 | 2025-12-05 |
Fortra GoAnywhere MFT
fortra goanywhere_managed_file_transfer
|
CVE NVD |