快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 355518
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2025-66238 |
Sunbird DCIM dcTrack and Power IQ Authentication Bypass Using an Alternate Path or Channel
|
HIGH | 7.4 | 2025-12-04 |
Sunbird DCIM dcTrack
Sunbird IQ
|
CVE NVD | |
| CVE-2025-66237 |
Sunbird DCIM dcTrack and Power IQ Use of Hard-coded Credentials
|
HIGH | 8.4 | 2025-12-04 |
Sunbird DCIM dcTrack
Sunbird IQ
|
CVE NVD | |
| CVE-2025-66479 |
Anthropic Sandbox Runtime Incorrectly Implemented Network Sandboxing
|
LOW | 1.8 | 2025-12-04 |
anthropic-experimental sandbox-runtime
|
CVE NVD | |
| CVE-2025-65959 |
Open WebUI vulnerable to Stored DOM XSS via Note 'Download PDF'
|
HIGH | 8.7 | 2025-12-04 |
open-webui open-webui
openwebui open_webui
|
CVE NVD | |
| CVE-2025-66576 |
Remote Keyboard Desktop 1.0.1 - Remote Code Execution (RCE)
|
HIGH | 8.9 | 2025-12-04 |
Remotecontrolio Remote Keyboard Desktop
remotecontrolio remote_keyboard_desktop
|
CVE NVD | |
| CVE-2025-66575 |
VeeVPN 1.6.1 - Unquoted Service Path Remote Code Execution
|
HIGH | 8.5 | 2025-12-04 |
VeePN VeeVPN
veepn veepn
|
CVE NVD | |
| CVE-2025-66574 |
TranzAxis 3.2.41.10.26 - Stored Cross-Site Scripting (XSS)
|
MEDIUM | 5.3 | 2025-12-04 |
Compass Plustechologies TranzAxis
compassplustechnologies tranzaxis
|
CVE NVD | |
| CVE-2025-66573 |
Solstice Pod API Session Key Extraction via API Endpoint
|
MEDIUM | 6.9 | 2025-12-04 |
mersive Solstice Pod API Session Key Extraction via API Endpoint
mersive Solstice Pod API Session Key Extraction via API Endpoint
+2个
|
CVE NVD | |
| CVE-2025-66572 |
Loaded Commerce 6.6 Client-Side Template Injection(CSTI)
|
MEDIUM | 6.9 | 2025-12-04 |
loadedcommerce Loaded Commerce
|
CVE NVD | |
| CVE-2025-66571 |
UNA CMS 9.0.0-RC1 - 14.0.0-RC4 PHP Object Injection
|
CRITICAL | 9.3 | 2025-12-04 |
Unknown UNA CMS
|
CVE NVD | |
| CVE-2025-66555 |
AirKeyboard iOS App 1.0.5 - Remote Input Injection
|
HIGH | 8.8 | 2025-12-04 |
airkeyboardapp AirKeyboard iOS App
|
CVE NVD | |
| CVE-2024-58278 |
IndigoSTAR Software - perl2exe <= V30.10C - Arbitrary Code Execution
|
HIGH | 8.5 | 2025-12-04 |
IndigoSTAR Software perl2exe
|
CVE NVD | |
| CVE-2024-58277 |
R Radio Network FM Transmitter 1.07 System Settings Disclosure
|
HIGH | 8.7 | 2025-12-04 |
R Radio Network Radio Network FM Transmitter
|
CVE NVD | |
| CVE-2024-58276 |
Obi08-Enrollment System 1.0 login.php SQL Injection
|
HIGH | 8.7 | 2025-12-04 |
Obi08/Enrollment System Obi08/Enrollment System
|
CVE NVD | |
| CVE-2024-58275 |
Easywall 0.3.1 - Authentication Bypass via Command Injection in /ports-save Endpoint
|
HIGH | 8.7 | 2025-12-04 |
jpylypiw Easywall
|
CVE NVD | |
| CVE-2023-53735 |
WEBIGniter 28.7.23 Cross-Site Scripting (XSS) in User Creation Process
|
MEDIUM | 5.3 | 2025-12-04 |
WEBIGniter WEBIGniter
|
CVE NVD | |
| CVE-2023-53734 |
dawa-pharma-1.0 - SQL Injection via Email Parameter
|
HIGH | 8.7 | 2025-12-04 |
mayurik dawa-pharma
|
CVE NVD | |
| CVE-2025-27935 |
Authentication Bypass in OTP (One-time Passcode) IdP Adapter Integration Kit
|
HIGH | 8.6 | 2025-12-04 |
Ping Identity One-Time Passcode Integration Kit for PingFederate
|
CVE NVD | |
| CVE-2025-13543 |
PostGallery <= 1.12.5 - Authenticated (Subscriber+) Arbitrary File Upload
|
HIGH | 8.8 | 2025-12-04 |
rtowebsites PostGallery
|
CVE NVD | |
| CVE-2025-12997 |
Insecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an authent...
|
LOW | 2.2 | 2025-12-04 |
Medtronic CareLink Network
medtronic carelink_network
|
CVE NVD |