快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 350655
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2026-22908 |
Uploading unvalidated container images may allow remote attackers to gain full access to the system,...
|
CRITICAL | 9.1 | 2026-01-15 |
SICK AG TDC-X401GL
|
CVE NVD | |
| CVE-2026-22907 |
An attacker may gain unauthorized access to the host filesystem, potentially allowing them to read a...
|
CRITICAL | 9.9 | 2026-01-15 |
SICK AG TDC-X401GL
|
CVE NVD | |
| CVE-2026-0976 |
Org.keycloak/keycloak-quarkus-server: keycloak: proxy bypass due to improper handling of matrix parameters in url paths
|
LOW | 3.7 | 2026-01-15 |
Red Hat Red Hat Build of Keycloak
Red Hat Red Hat JBoss Enterprise Application Platform 8
+1个
|
CVE NVD | |
| CVE-2025-14457 |
Drag and Drop Multiple File Upload for Contact Form 7 <= 1.3.9.2 - Missing Authorization to Unauthenticated File Deletion
|
LOW | 3.7 | 2026-01-15 |
glenwpcoder Drag and Drop Multiple File Upload for Contact Form 7
|
CVE NVD | |
| CVE-2025-14448 |
WP-Members Membership Plugin <= 3.5.4.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting via Multiple Checkbox and Multiple Select User Profile Fields
|
MEDIUM | 5.4 | 2026-01-15 |
cbutlerjr WP-Members Membership Plugin
|
CVE NVD | |
| CVE-2024-48077 |
An issue in nanomq v0.22.7 allows attackers to cause a Denial of Service (DoS) via a crafted request...
|
HIGH | 7.5 | 2026-01-15 |
未知
|
CVE NVD | |
| CVE-2025-65349 |
A Stored Cross-Site Scripting (XSS) vulnerability in Web management interface in Each Italy Wireless...
|
MEDIUM | 5.4 | 2026-01-15 |
未知
|
CVE NVD | |
| CVE-2025-65368 |
SparkyFitness v0.15.8.2 is vulnerable to Cross Site Scripting (XSS) via user input and LLM output.
|
MEDIUM | 6.1 | 2026-01-15 |
未知
|
CVE NVD | |
| CVE-2025-67025 |
Cross Site Scripting vulnerability in Anycomment anycomment.io 0.4.4 allows a remote attacker to exe...
|
MEDIUM | 6.1 | 2026-01-15 |
未知
|
CVE NVD | |
| CVE-2025-67076 |
Directory traversal vulnerability in Omnispace Agora Project before 25.10 allowing unauthenticated a...
|
HIGH | 7.5 | 2026-01-15 |
未知
|
CVE NVD | |
| CVE-2025-67077 |
File upload vulnerability in Omnispace Agora Project before 25.10 allowing authenticated, or under c...
|
MEDIUM | 6.5 | 2026-01-15 |
未知
|
CVE NVD | |
| CVE-2025-67078 |
Cross site scripting (XSS) vulnerability in Omnispace Agora Project before 25.10 allowing attackers ...
|
MEDIUM | -1.0 | 2026-01-15 |
未知
|
CVE NVD | |
| CVE-2025-67079 |
File upload vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute code...
|
CRITICAL | 9.8 | 2026-01-15 |
未知
|
CVE NVD | |
| CVE-2025-67081 |
An SQL injection vulnerability in Itflow through 25.06 has been identified in the "role_id" paramete...
|
MEDIUM | 4.9 | 2026-01-15 |
未知
|
CVE NVD | |
| CVE-2025-67082 |
An SQL injection vulnerability in InvoicePlane through 1.6.3 has been identified in "maxQuantity" an...
|
MEDIUM | 6.5 | 2026-01-15 |
未知
|
CVE NVD | |
| CVE-2025-67083 |
Directory traversal vulnerability in InvoicePlane through 1.6.3 allows unauthenticated attackers to ...
|
MEDIUM | 5.3 | 2026-01-15 |
未知
|
CVE NVD | |
| CVE-2025-67084 |
File upload vulnerability in InvoicePlane through 1.6.3 allows authenticated attackers to upload arb...
|
MEDIUM | 6.5 | 2026-01-15 |
未知
|
CVE NVD | |
| CVE-2025-67246 |
A local information disclosure vulnerability exists in the Ludashi driver before 5.1025 due to a lac...
|
HIGH | 7.3 | 2026-01-15 |
未知
|
CVE NVD | |
| CVE-2025-67822 |
A vulnerability in the Provisioning Manager component of Mitel MiVoice MX-ONE 7.3 (7.3.0.0.50) throu...
|
MEDIUM | -1.0 | 2026-01-15 |
未知
|
CVE NVD | |
| CVE-2025-67823 |
A vulnerability in the Multimedia Email component of Mitel MiContact Center Business through 10.2.0....
|
MEDIUM | -1.0 | 2026-01-15 |
未知
|
CVE NVD |