快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 352547
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2025-14125 |
Complag <= 1.0.2 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']
|
MEDIUM | 6.1 | 2025-12-12 |
andru1 Complag
|
CVE NVD | |
| CVE-2025-14393 |
Wpik WordPress Basic Ajax Form <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
|
MEDIUM | 6.4 | 2025-12-12 |
awanhrp Wpik WordPress Basic Ajax Form
|
CVE NVD | |
| CVE-2025-14143 |
Ayo Shortcodes <= 0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'color' Shortcode Attribute
|
MEDIUM | 6.4 | 2025-12-12 |
ayothemes Ayo Shortcodes
|
CVE NVD | |
| CVE-2025-13972 |
WatchTowerHQ <= 3.15.0 - Authenticated (Administrator+) Arbitrary File Read via 'wht_download_big_object_origin' Parameter
|
MEDIUM | 4.9 | 2025-12-12 |
watchtowerhq WatchTowerHQ
|
CVE NVD | |
| CVE-2025-14064 |
BuddyTask <= 1.3.0 - Missing Authorization to Authenticated (Subscriber+) Cross-Group Task Board Access and Manipulation
|
MEDIUM | 6.5 | 2025-12-12 |
cytechltd BuddyTask
|
CVE NVD | |
| CVE-2025-14467 |
WP Job Portal <= 2.3.9 - Authenticated (Editor+) Stored Cross-Site Scripting via Job Description Field
|
MEDIUM | 4.4 | 2025-12-12 |
wpjobportal WP Job Portal – AI-Powered Recruitment System for Company or Job Board website
|
CVE NVD | |
| CVE-2025-13889 |
Simple Nivo Slider <= 0.5.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
|
MEDIUM | 6.4 | 2025-12-12 |
tmus Simple Nivo Slider
|
CVE NVD | |
| CVE-2025-14170 |
Vimeo SimpleGallery <= 0.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Modification
|
MEDIUM | 5.3 | 2025-12-12 |
stiand Vimeo SimpleGallery
|
CVE NVD | |
| CVE-2025-13866 |
Flow-Flow Social Feed Stream 3.0.0 - 4.7.5 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting via flow_flow_social_auth AJAX action
|
MEDIUM | 6.4 | 2025-12-12 |
looks_awesome Flow-Flow Social Feed Stream
|
CVE NVD | |
| CVE-2025-14162 |
BMLT WordPress Plugin <= 3.11.4 - Cross-Site Request Forgery to Settings Creation and Deletion
|
MEDIUM | 4.3 | 2025-12-12 |
magblogapi BMLT WordPress Plugin
|
CVE NVD | |
| CVE-2025-13053 |
A missing encryption of sensitive data vulnerability was found in the UPS settings of ADM
|
HIGH | 7.0 | 2025-12-12 |
ASUSTOR ADM
|
CVE NVD | |
| CVE-2025-13670 |
High Level Synthesis Compiler Security Advisory
|
MEDIUM | 5.4 | 2025-12-12 |
Altera High Level Synthesis Compiler
intel high_level_synthesis_compiler
|
CVE NVD | |
| CVE-2025-13052 |
ASUSTOR ADM 安全漏洞
|
HIGH | 7.0 | 2025-12-12 |
ASUSTOR ADM
|
CVE NVD +1 | |
| CVE-2025-13669 |
High Level Synthesis Compiler Security Advisory
|
MEDIUM | 5.4 | 2025-12-12 |
Altera High Level Synthesis Compiler
intel high_level_synthesis_compiler
|
CVE NVD | |
| CVE-2025-13886 |
LT Unleashed <= 1.1.1 - Authenticated (Contributor+) Local File Inclusion via 'template' Parameter
|
HIGH | 7.5 | 2025-12-12 |
cvedovini LT Unleashed
|
CVE NVD | |
| CVE-2025-13839 |
LJUsers <= 1.2.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'name' Shortcode Attribute
|
MEDIUM | 6.4 | 2025-12-12 |
jenyay LJUsers
|
CVE NVD | |
| CVE-2025-13665 |
Quartus Prime Standard Security Advisory
|
MEDIUM | 5.4 | 2025-12-12 |
Altera Quartus Prime Standard
intel quartus_prime
|
CVE NVD | |
| CVE-2025-10451 |
H19Int15CallbackSmm: SMM memory corruption vulnerability in combined DXE/SMM (SMRAM write)
|
HIGH | 8.2 | 2025-12-12 |
Insyde Software InsydeH2O
|
CVE NVD | |
| CVE-2023-29144 |
Malwarebytes 1.0.14 for Linux doesn't properly compute signatures in some scenarios. This allows a b...
|
LOW | 3.3 | 2025-12-12 |
malwarebytes malwarebytes
|
CVE NVD | |
| CVE-2025-64011 |
Nextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core/pre...
|
MEDIUM | 4.3 | 2025-12-12 |
nextcloud nextcloud_server
|
CVE NVD |