快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 352547
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2025-11876 |
Mailgun Subscriptions <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
|
MEDIUM | 6.4 | 2025-12-12 |
jbrinley Mailgun Subscriptions
|
CVE NVD | |
| CVE-2025-67728 |
Fireshare Public Uploads feature is vulnerable to OS Command Injection (RCE)
|
CRITICAL | 9.8 | 2025-12-12 |
ShaneIsrael fireshare
shaneisrael fireshare
|
CVE NVD | |
| CVE-2025-67737 |
AzuraCast Vulnerable to Pre-Auth File Deletion & Admin RCE
|
LOW | 3.1 | 2025-12-12 |
AzuraCast AzuraCast
|
CVE NVD | |
| CVE-2025-67727 |
Parse Server 安全漏洞
|
MEDIUM | 6.9 | 2025-12-12 |
parse-community parse-server
parseplatform parse-server
+1个
|
CVE NVD +1 | |
| CVE-2025-12655 |
Hippoo Mobile App for WooCommerce <= 1.7.1 - Missing Authorization to Unauthenticated Limited File Write
|
MEDIUM | 5.3 | 2025-12-12 |
hippooo Hippoo Mobile App for WooCommerce
|
CVE NVD | |
| CVE-2025-14068 |
WPNakama <= 0.6.3 - Unauthenticated SQL Injection via 'order_by' Parameter
|
HIGH | 7.5 | 2025-12-12 |
qdonow WPNakama – Team and multi-Client Collaboration, Editorial and Project Management
|
CVE NVD | |
| CVE-2025-14356 |
Ultra Addons for Contact Form 7 <= 3.5.33 - Missing Authorization to Authenticated (Subscriber+) to Generate Form Submission PDF
|
MEDIUM | 4.3 | 2025-12-12 |
themefic Ultra Addons for Contact Form 7
|
CVE NVD | |
| CVE-2025-12570 |
Fancy Product Designer <= 6.4.8 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload
|
HIGH | 7.2 | 2025-12-12 |
radykal Fancy Product Designer
|
CVE NVD | |
| CVE-2025-13660 |
Guest Support <= 1.2.3 - Unauthenticated User Email Disclosure in guest_support_handler AJAX Endpoint
|
MEDIUM | 5.3 | 2025-12-12 |
rcatheme Guest Support
|
CVE NVD | |
| CVE-2025-67726 |
Tornado is Vulnerable to Quadratic DoS via Crafted Multipart Parameters
|
HIGH | 7.5 | 2025-12-12 |
tornadoweb tornado
tornadoweb tornado
|
CVE NVD | |
| CVE-2025-10684 |
Construction Light < 1.6.8 - Subscriber+ Arbitrary Plugin Activation
|
MEDIUM | 4.3 | 2025-12-12 |
Unknown Construction Light
|
CVE NVD | |
| CVE-2025-67725 |
Tornado is Vulnerable to Quadratic DoS via Repeated Header Coalescing
|
HIGH | 7.5 | 2025-12-12 |
tornadoweb tornado
tornadoweb tornado
|
CVE NVD | |
| CVE-2025-67724 |
Tornado vulnerable to Header Injection and XSS via reason argument
|
MEDIUM | 5.4 | 2025-12-12 |
tornadoweb tornado
tornadoweb tornado
|
CVE NVD | |
| CVE-2025-67508 |
gardenctl is vulnerable to Command Injection when used with non‑POSIX shells
|
HIGH | 8.0 | 2025-12-12 |
gardener gardenctl-v2
|
CVE NVD | |
| CVE-2025-64781 |
In GroupSession Free edition prior to ver5.7.1, GroupSession byCloud prior to ver5.7.1, and GroupSes...
|
MEDIUM | 5.1 | 2025-12-12 |
Japan Total System Co.,Ltd. GroupSession Free edition
Japan Total System Co.,Ltd. GroupSession byCloud
+1个
|
CVE NVD | |
| CVE-2025-62192 |
Japan Total System多款产品 SQL注入漏洞
|
MEDIUM | 5.3 | 2025-12-12 |
Japan Total System Co.,Ltd. GroupSession Free edition
Japan Total System Co.,Ltd. GroupSession byCloud
+1个
|
CVE NVD +1 | |
| CVE-2025-58576 |
Japan Total System多款产品 跨站请求伪造漏洞
|
MEDIUM | 5.1 | 2025-12-12 |
Japan Total System Co.,Ltd. GroupSession Free edition
Japan Total System Co.,Ltd. GroupSession byCloud
+2个
|
CVE NVD +1 | |
| CVE-2025-61987 |
Japan Total System多款产品 安全漏洞
|
MEDIUM | 6.9 | 2025-12-12 |
Japan Total System Co.,Ltd. GroupSession Free edition
Japan Total System Co.,Ltd. GroupSession byCloud
+1个
|
CVE NVD +1 | |
| CVE-2025-61950 |
In GroupSession, a Circular notice can be created with its memo field non-editable, but the authoriz...
|
MEDIUM | 5.3 | 2025-12-12 |
Japan Total System Co.,Ltd. GroupSession Free edition
Japan Total System Co.,Ltd. GroupSession byCloud
+1个
|
CVE NVD | |
| CVE-2025-65120 |
Japan Total System多款产品 跨站脚本漏洞
|
MEDIUM | 5.1 | 2025-12-12 |
Japan Total System Co.,Ltd. GroupSession Free edition
Japan Total System Co.,Ltd. GroupSession byCloud
+1个
|
CVE NVD +1 |