快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 355518
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2025-12368 |
Sermon Manager <= 2.30.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
|
MEDIUM | 6.4 | 2025-12-05 |
wpforchurch Sermon Manager
|
CVE NVD | |
| CVE-2025-13621 |
dream gallery <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'dreampluginsmain' AJAX Action
|
MEDIUM | 6.1 | 2025-12-05 |
teamdream dream gallery
|
CVE NVD | |
| CVE-2025-12165 |
Webcake – Landing Page Builder <= 1.1 - Missing Authorization to Authenticated (Subscriber+) Settings Update
|
MEDIUM | 4.3 | 2025-12-05 |
huyme Webcake – Landing Page Builder
|
CVE NVD | |
| CVE-2025-12163 |
Omnipress <= 1.6.3 - Authenticated (Author+) Stored Cross-Site Scripting
|
MEDIUM | 6.4 | 2025-12-05 |
omnipressteam Omnipress
|
CVE NVD | |
| CVE-2025-13512 |
CoSign Single Signon <= 0.3.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']
|
MEDIUM | 6.1 | 2025-12-05 |
jiangxin CoSign Single Signon
|
CVE NVD | |
| CVE-2025-12124 |
FitVids for WordPress <= 4.0.1 - Authenticated (Admin+) Stored Cross-Site Scripting
|
MEDIUM | 4.4 | 2025-12-05 |
kevindees FitVids for WordPress
|
CVE NVD | |
| CVE-2025-13144 |
ContentStudio <= 1.3.7 - Cross-Site Request Forgery to Settings Update
|
MEDIUM | 4.3 | 2025-12-05 |
contentstudio ContentStudio
|
CVE NVD | |
| CVE-2025-13312 |
CRM Memberships <= 2.5 - Missing Authorization to Unauthenticated 'ntzcrm_add_new_tag' AJAX Action
|
MEDIUM | 5.3 | 2025-12-05 |
dripadmin CRM Memberships
|
CVE NVD | |
| CVE-2025-13006 |
SurveyFunnel – Survey Plugin for WordPress <= 1.1.5 - Unauthenticated Information Exposure
|
MEDIUM | 5.3 | 2025-12-05 |
wpeka-club SurveyFunnel – Survey Plugin for WordPress
|
CVE NVD | |
| CVE-2025-13313 |
CRM Memberships <= 2.5 - Missing Authorization to Privilege Escalation via Unauthenticated Password Reset in 'ntzcrm_changepassword' AJAX Endpoint
|
CRITICAL | 9.8 | 2025-12-05 |
dripadmin CRM Memberships
|
CVE NVD | |
| CVE-2025-13362 |
Norby AI <= 1.0.3 - Cross-Site Request Forgery to Settings Update
|
MEDIUM | 4.3 | 2025-12-05 |
jevgenisultanov Norby AI
|
CVE NVD | |
| CVE-2025-13494 |
SSP Debug <= 1.0.0 - Unauthenticated Sensitive Information Exposure
|
MEDIUM | 5.3 | 2025-12-05 |
jimmyredline80 SSP Debug
|
CVE NVD | |
| CVE-2025-12417 |
SurveyFunnel – Survey Plugin for WordPress <= 1.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
|
MEDIUM | 6.4 | 2025-12-05 |
wpeka-club SurveyFunnel – Survey Plugin for WordPress
|
CVE NVD | |
| CVE-2025-13066 |
Demo Importer Plus <= 2.0.6 - Authenticated (Author+) Arbitrary File Upload via WXR Upload Bypass
|
HIGH | 8.8 | 2025-12-05 |
kraftplugins Demo Importer Plus
|
CVE NVD | |
| CVE-2025-27389 |
OPPO ColorOS 安全漏洞
|
MEDIUM | 5.1 | 2025-12-05 |
ColorOS ColorOS
|
CVE NVD +1 | |
| CVE-2025-12804 |
Booking Calendar <= 10.14.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via bookingcalendar Shortcode
|
MEDIUM | 6.4 | 2025-12-05 |
wpdevelop Booking Calendar
|
CVE NVD | |
| CVE-2025-11759 |
Backup, Restore and Migrate your sites with XCloner <= 4.8.2 - Cross-Site Request Forgery in Xcloner_Remote_Storage:save()
|
MEDIUM | 4.3 | 2025-12-05 |
watchful Backup, Restore and Migrate your sites with XCloner
|
CVE NVD | |
| CVE-2025-62223 |
Microsoft Edge (Chromium-based) for Mac Spoofing Vulnerability
|
MEDIUM | 4.3 | 2025-12-05 |
Microsoft Microsoft Edge (Chromium-based)
microsoft edge_chromium
|
CVE NVD | |
| CVE-2025-14052 |
youlaitech youlai-mall members getMemberById access control
|
MEDIUM | 5.3 | 2025-12-05 |
youlaitech youlai-mall
youlaitech youlai-mall
+2个
|
CVE NVD | |
| CVE-2016-20023 |
In CKSource CKFinder before 2.5.0.1 for ASP.NET, authenticated users could download any file from th...
|
MEDIUM | 5.0 | 2025-12-05 |
CKSource CKFinder
cksource ckfinder
|
CVE NVD |