快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 355639
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2025-13136 |
GSheetConnector For Ninja Forms <= 2.0.1 - Missing Authorization to Authenticated (Subscriber+) System Information Exposure
|
MEDIUM | 4.3 | 2025-11-22 |
westerndeal GSheetConnector For Ninja Forms
|
CVE NVD | |
| CVE-2025-12877 |
IDonate – Blood Donation, Request And Donor Management System <= 2.1.15 - Missing Authorization to Unauthenticated Arbitrary Post Deletion
|
MEDIUM | 5.3 | 2025-11-22 |
themeatelier IDonate – Blood Donation, Request And Donor Management System
themeatelier idonate
|
CVE NVD | |
| CVE-2025-12752 |
Subscriptions & Memberships for PayPal <= 1.1.7 - Unauthenticated Fake Payment Creation
|
MEDIUM | 5.3 | 2025-11-22 |
scottpaterson Subscriptions & Memberships for PayPal
|
CVE NVD | |
| CVE-2025-13384 |
CP Contact Form with PayPal <= 1.3.56 - Missing Authorization to Unauthenticated Arbitrary Payment Confirmation
|
HIGH | 7.5 | 2025-11-22 |
codepeople CP Contact Form with PayPal
|
CVE NVD | |
| CVE-2025-13317 |
Appointment Booking Calendar <= 1.3.96 - Missing Authorization to Arbitrary Booking Confirmation via 'cpabc_ipncheck' Parameter
|
MEDIUM | 5.3 | 2025-11-22 |
codepeople Appointment Booking Calendar
|
CVE NVD | |
| CVE-2025-11186 |
Cookie Notice & Compliance for GDPR / CCPA <= 2.5.8 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
|
MEDIUM | 6.4 | 2025-11-22 |
humanityco Cookie Notice & Compliance for GDPR / CCPA
|
CVE NVD | |
| CVE-2025-12889 |
TLS 1.2 Client Can Downgrade Digest Used
|
LOW | 2.3 | 2025-11-21 |
wolfSSL wolfSSL
wolfssl wolfssl
|
CVE NVD | |
| CVE-2025-11932 |
Timing Side-Channel in PSK Binder Verification
|
LOW | 2.3 | 2025-11-21 |
wolfSSL wolfSSL
wolfssl wolfssl
|
CVE NVD | |
| CVE-2025-11931 |
Integer Underflow Leads to Out-of-Bounds Access in XChaCha20-Poly1305 Decrypt
|
LOW | 2.1 | 2025-11-21 |
wolfSSL wolfSSL
wolfssl wolfssl
|
CVE NVD | |
| CVE-2025-12888 |
Constant Time Issue with Xtensa-based ESP32 and X22519
|
LOW | 1.0 | 2025-11-21 |
wolfSSL wolfSSL
wolfssl wolfssl
|
CVE NVD | |
| CVE-2025-11936 |
Potential DoS Vulnerability through Multiple KeyShareEntry with Same Group in TLS 1.3 ClientHello
|
MEDIUM | 6.3 | 2025-11-21 |
wolfSSL wolfSSL
wolfssl wolfssl
|
CVE NVD | |
| CVE-2025-11933 |
DoS Vulnerability in wolfSSL TLS 1.3 CKS Extension
|
LOW | 2.3 | 2025-11-21 |
wofSSL wolfSSL
wolfssl wolfssl
|
CVE NVD | |
| CVE-2025-65947 |
thread-amount is Vulnerable to Resource Exhaustion (Memory and Handle Leaks) on Windows and macOS
|
HIGH | 8.7 | 2025-11-21 |
jzeuzs thread-amount
|
CVE NVD | |
| CVE-2025-11934 |
Improper Validation of Signature Algorithm Used in TLS 1.3 CertificateVerify
|
LOW | 2.1 | 2025-11-21 |
wolfSSL wolfSSL
wolfssl wolfssl
|
CVE NVD | |
| CVE-2025-65946 |
Roo Code is Vulnerable to Potential Remote Code Execution via zsh Command Validation Bug
|
HIGH | 8.1 | 2025-11-21 |
RooCodeInc Roo-Code
roocode roo_code
|
CVE NVD | |
| CVE-2025-11935 |
Forward Secrecy Violation in WolfSSL TLS 1.3
|
MEDIUM | 6.3 | 2025-11-21 |
wolfSSL wolfSSL
wolfssl wolfssl
|
CVE NVD | |
| CVE-2025-65111 |
SpiceDB's LookupResources with Multiple Entrypoints across Different Definitions Can Return Incomplete Results
|
LOW | 2.9 | 2025-11-21 |
authzed spicedb
authzed spicedb
|
CVE NVD | |
| CVE-2025-65109 |
Minder does not sandbox http.send in Rego programs
|
HIGH | 8.5 | 2025-11-21 |
mindersec minder
mindersec minder
|
CVE NVD | |
| CVE-2025-65108 |
md-to-pdf is vulnerable to arbitrary JavaScript code execution when parsing front matter
|
CRITICAL | 10.0 | 2025-11-21 |
simonhaenisch md-to-pdf
|
CVE NVD | |
| CVE-2025-65107 |
Langfuse SSO Account Takeover via CSRF or phishing attack
|
MEDIUM | 6.5 | 2025-11-21 |
langfuse langfuse
langfuse langfuse
+1个
|
CVE NVD |