快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 355639
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2025-12138 |
URL Image Importer <= 1.0.6 - Authenticated (Author+) Arbitrary File Upload
|
HIGH | 8.8 | 2025-11-21 |
bww URL Image Importer
|
CVE NVD | |
| CVE-2025-11765 |
Stock Tools <= 1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
|
MEDIUM | 6.4 | 2025-11-21 |
developdaly Stock Tools
|
CVE NVD | |
| CVE-2025-12170 |
Checkbox <= 2.8.10 - Missing Authorization to Unauthenticated Log Clearing
|
MEDIUM | 5.3 | 2025-11-21 |
bandido Checkbox
|
CVE NVD | |
| CVE-2025-12086 |
Return Refund and Exchange For WooCommerce <= 4.5.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Refund Request Cancellation
|
MEDIUM | 4.3 | 2025-11-21 |
wpswings Return Refund and Exchange For WooCommerce
|
CVE NVD | |
| CVE-2025-12661 |
Pollcaster Shortcode Plugin <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
|
MEDIUM | 6.4 | 2025-11-21 |
qzzr Pollcaster Shortcode Plugin
|
CVE NVD | |
| CVE-2025-13322 |
WP AUDIO GALLERY <= 2.0 - Authenticated (Subscriber+) Arbitrary File Deletion via 'audio_upload' Parameter
|
HIGH | 8.1 | 2025-11-21 |
husainali52 WP AUDIO GALLERY
|
CVE NVD | |
| CVE-2025-12660 |
Padlet Shortcode <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
|
MEDIUM | 6.4 | 2025-11-21 |
coffeebite Padlet Shortcode
|
CVE NVD | |
| CVE-2025-12746 |
Tainacan <= 1.0.0 - Reflected Cross-Site Scripting
|
MEDIUM | 6.1 | 2025-11-21 |
tainacan Tainacan
|
CVE NVD | |
| CVE-2025-64695 |
Uncontrolled search path element issue exists in the installer of LogStare Collector (for Windows). ...
|
HIGH | 8.4 | 2025-11-21 |
LogStare Inc. Installer of LogStare Collector (for Windows)
secuavail logstare_collector
|
CVE NVD | |
| CVE-2025-64299 |
LogStare Collector improperly handles the password hash data. An administrative user may obtain the ...
|
MEDIUM | 6.9 | 2025-11-21 |
LogStare Inc. LogStare Collector (for Windows)
LogStare Inc. LogStare Collector (for Linux)
+1个
|
CVE NVD | |
| CVE-2025-62687 |
Cross-site request forgery vulnerability exists in LogStare Collector. If a user views a crafted pag...
|
MEDIUM | 6.9 | 2025-11-21 |
LogStare Inc. LogStare Collector (for Windows)
LogStare Inc. LogStare Collector (for Linux)
+1个
|
CVE NVD | |
| CVE-2025-62189 |
LogStare Collector contains an incorrect authorization vulnerability in UserRegistration. If exploit...
|
MEDIUM | 5.3 | 2025-11-21 |
LogStare Inc. LogStare Collector (for Windows)
LogStare Inc. LogStare Collector (for Linux)
+1个
|
CVE NVD | |
| CVE-2025-61949 |
LogStare Collector contains a stored cross-site scripting vulnerability in UserManagement. If crafte...
|
MEDIUM | 4.8 | 2025-11-21 |
LogStare Inc. LogStare Collector (for Windows)
LogStare Inc. LogStare Collector (for Linux)
+1个
|
CVE NVD | |
| CVE-2025-58097 |
The installation directory of LogStare Collector is configured with incorrect access permissions. A ...
|
MEDIUM | 6.8 | 2025-11-21 |
LogStare Inc. LogStare Collector (for Windows)
LogStare Inc. LogStare Collector (for Linux)
+1个
|
CVE NVD | |
| CVE-2025-13499 |
Wireshark 缓冲区错误漏洞
|
HIGH | 7.8 | 2025-11-21 |
Wireshark Foundation Wireshark
wireshark wireshark
+1个
|
CVE NVD +1 | |
| CVE-2025-9825 |
Missing Authorization in GitLab
|
MEDIUM | 5.0 | 2025-11-21 |
GitLab GitLab
gitlab gitlab
|
CVE NVD | |
| CVE-2025-12169 |
ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.0 - Missing Authorization to Authenitcated (Subscriber+) to Scheduled Trigger Deletion
|
MEDIUM | 4.3 | 2025-11-21 |
elextensions ELEX WordPress HelpDesk & Customer Ticketing System
elula wsdesk
|
CVE NVD | |
| CVE-2025-12022 |
ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Trash Restore
|
MEDIUM | 4.3 | 2025-11-21 |
elextensions ELEX WordPress HelpDesk & Customer Ticketing System
elula wsdesk
|
CVE NVD | |
| CVE-2025-12085 |
ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Trash Empty
|
MEDIUM | 4.3 | 2025-11-21 |
elextensions ELEX WordPress HelpDesk & Customer Ticketing System
elula wsdesk
|
CVE NVD | |
| CVE-2025-12023 |
ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.1 - Missing Authorization to Authenticated (Subscriber+) Ticket Restore
|
MEDIUM | 4.3 | 2025-11-21 |
elextensions ELEX WordPress HelpDesk & Customer Ticketing System
elula wsdesk
|
CVE NVD |