快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 356851
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2025-11748 |
Groups <= 3.7.0 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Group Join
|
MEDIUM | 4.3 | 2025-11-08 |
itthinx Groups
|
CVE NVD | |
| CVE-2025-12161 |
Smart Auto Upload Images <= 1.2.0 - Authenticated (Contributor+) Arbitrary File Upload
|
HIGH | 8.8 | 2025-11-08 |
burhandodhy Smart Auto Upload Images – Import External Images
|
CVE NVD | |
| CVE-2025-12193 |
Mang Board WP <= 2.3.1 - Reflected Cross-Site Scripting
|
MEDIUM | 6.1 | 2025-11-08 |
kitae-park Mang Board WP
|
CVE NVD | |
| CVE-2025-11972 |
Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI <= 3.40.0 - Authenticated (Editor+) SQL Injection
|
MEDIUM | 4.9 | 2025-11-08 |
stevejburge Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI
|
CVE NVD | |
| CVE-2025-7663 |
Ovatheme Events Manager <= 1.8.6 - Missing Authorization
|
MEDIUM | 6.5 | 2025-11-08 |
ovatheme Ovatheme Events Manager
|
CVE NVD | |
| CVE-2025-12353 |
WPFunnels <= 3.6.2 - Unauthorized User Registration
|
MEDIUM | 5.3 | 2025-11-08 |
getwpfunnels Easy WordPress Funnel Builder To Collect Leads And Increase Sales – WPFunnels
|
CVE NVD | |
| CVE-2025-12042 |
Course Booking System <= 6.1.5 - Missing Authorization to Unauthenticated Booking Data Export
|
MEDIUM | 5.3 | 2025-11-08 |
werbeagenturcommotion Course Booking System
|
CVE NVD | |
| CVE-2025-12064 |
WP2Social Auto Publish <= 2.4.7 - Reflected Cross-Site Scripting via PostMessage
|
MEDIUM | 6.1 | 2025-11-08 |
f1logic WP2Social Auto Publish
|
CVE NVD | |
| CVE-2025-12177 |
Download Manager <= 3.3.30 - Unauthenticated Cron Trigger due to Hardcoded Cron Key
|
MEDIUM | 5.3 | 2025-11-08 |
codename065 Download Manager
|
CVE NVD | |
| CVE-2025-12167 |
Contact Form 7 AWeber Extension <= 0.1.42 - Missing Authorization to Authenticated (Subscriber+) Log Reset
|
MEDIUM | 4.3 | 2025-11-08 |
rnzo Contact Form 7 AWeber Extension
|
CVE NVD | |
| CVE-2025-12583 |
Simple Downloads List <= 1.4.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
|
MEDIUM | 6.4 | 2025-11-08 |
neofix Simple Downloads List
|
CVE NVD | |
| CVE-2025-11452 |
Asgaros Forum <= 3.1.0 - Unauthenticated SQL Injection
|
HIGH | 7.5 | 2025-11-08 |
asgaros Asgaros Forum
|
CVE NVD | |
| CVE-2025-64496 |
Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events
|
HIGH | 7.3 | 2025-11-08 |
open-webui open-webui
openwebui open_webui
|
CVE NVD | |
| CVE-2025-64495 |
Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE
|
HIGH | 8.7 | 2025-11-08 |
open-webui open-webui
openwebui open_webui
|
CVE NVD | |
| CVE-2025-64494 |
Soft Serve does not sanitize ANSI escape sequences in user input
|
MEDIUM | 4.6 | 2025-11-08 |
charmbracelet soft-serve
|
CVE NVD | |
| CVE-2025-64493 |
SuiteCRM is Vulnerable to Authenticated Blind SQL Injection via GraphQL
|
MEDIUM | 6.5 | 2025-11-08 |
SuiteCRM SuiteCRM-Core
salesagility suitecrm
|
CVE NVD | |
| CVE-2025-64492 |
SuiteCRM is Vulnerable to Authenticated Time Based Blind SQL Injection
|
HIGH | 8.8 | 2025-11-08 |
SuiteCRM SuiteCRM-Core
salesagility suitecrm
|
CVE NVD | |
| CVE-2025-64491 |
SuiteCRM is vulnerable to unauthenticated reflected XSS through its Login page
|
MEDIUM | 6.1 | 2025-11-08 |
SuiteCRM SuiteCRM
salesagility suitecrm
|
CVE NVD | |
| CVE-2025-64490 |
SuiteCRM's Inconsistent RBAC Enforcement Enables Access Control Bypass
|
HIGH | 8.3 | 2025-11-08 |
SuiteCRM SuiteCRM
SuiteCRM SuiteCRM
+1个
|
CVE NVD | |
| CVE-2025-64489 |
SuiteCRM: Privilege Escalation via Improper Session Invalidation and Inactive User Bypass
|
HIGH | 8.3 | 2025-11-08 |
SuiteCRM SuiteCRM
SuiteCRM SuiteCRM
+1个
|
CVE NVD |