快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 352999
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2025-13899 |
TR Timthumb <= 1.0.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes
|
MEDIUM | 6.4 | 2025-12-06 |
pntrinh TR Timthumb
|
CVE NVD | |
| CVE-2025-13308 |
Application Passwords <= 0.1.3 - Reflected Cross-Site Scripting via reject_url
|
MEDIUM | 5.4 | 2025-12-06 |
georgestephanis Application Passwords
|
CVE NVD | |
| CVE-2025-13666 |
Helloprint <= 2.1.2 - Missing Authorization to Unauthenticated Arbitrary Order Status Modification
|
MEDIUM | 5.3 | 2025-12-06 |
helloprint Plug your WooCommerce into the largest catalog of customized print products from Helloprint
|
CVE NVD | |
| CVE-2025-13629 |
WP Landing Page <= 0.9.3 - Cross-Site Request Forgery to Arbitrary Post Meta Update
|
MEDIUM | 4.3 | 2025-12-06 |
xbenx WP Landing Page
|
CVE NVD | |
| CVE-2025-12673 |
Flex QR Code Generator <= 1.2.6 - Unauthenticated Arbitrary File Upload
|
CRITICAL | 9.8 | 2025-12-06 |
ajitdas Flex QR Code Generator
|
CVE NVD | |
| CVE-2025-12720 |
g-FFL Cockpit <= 1.7.1 - Improper Authorization to Unauthenticated Product Deletion
|
MEDIUM | 5.3 | 2025-12-06 |
garidium g-FFL Cockpit
|
CVE NVD | |
| CVE-2025-12574 |
Listar – Directory Listing & Classifieds WordPress Plugin <= 3.0.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion
|
MEDIUM | 4.3 | 2025-12-06 |
passionui Listar – Directory Listing & Classifieds WordPress Plugin
|
CVE NVD | |
| CVE-2025-12721 |
g-FFL Cockpit <= 1.7.1 - Missing Authorization to Unauthenticated Information Exposure
|
MEDIUM | 5.3 | 2025-12-06 |
garidium g-FFL Cockpit
|
CVE NVD | |
| CVE-2025-13896 |
Social Feed Gallery Portfolio <= 1.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'id' Shortcode Attribute
|
MEDIUM | 6.4 | 2025-12-06 |
wpdiscover Social Feed Gallery Portfolio
|
CVE NVD | |
| CVE-2025-13898 |
Ultra Skype Button <= 1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'btn_id' Shortcode Attribute
|
MEDIUM | 6.4 | 2025-12-06 |
sozan45 Ultra Skype Button
|
CVE NVD | |
| CVE-2025-13137 |
Live Sales Notification for Woocommerce – Woomotiv <= 3.6.3 - Reflected Cross-Site Scripting
|
MEDIUM | 6.1 | 2025-12-06 |
delabon Live Sales Notification for Woocommerce – Woomotiv
|
CVE NVD | |
| CVE-2025-13626 |
myLCO <= 0.8.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']
|
MEDIUM | 6.1 | 2025-12-06 |
realloc myLCO
|
CVE NVD | |
| CVE-2025-14117 |
fit2cloud Halo cross-site request forgery
|
MEDIUM | 5.3 | 2025-12-06 |
fit2cloud Halo
fit2cloud halo
|
CVE NVD | |
| CVE-2025-13292 |
Google Apigee-X 安全漏洞
|
HIGH | 7.6 | 2025-12-06 |
Google Cloud Apigee-X
|
CVE NVD +1 | |
| CVE-2025-13922 |
Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI <= 3.40.1 - Authenticated (Contributor+) SQL Injection via ORDER BY Clause
|
MEDIUM | 6.5 | 2025-12-06 |
stevejburge Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI
|
CVE NVD | |
| CVE-2025-12505 |
weDocs <= 2.1.14 - Missing Authorization to Settings Update
|
MEDIUM | 5.4 | 2025-12-06 |
wedevs weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot
|
CVE NVD | |
| CVE-2025-11263 |
Link Whisper Free <= 0.8.8 - Reflected Cross-Site Scripting
|
MEDIUM | 6.1 | 2025-12-06 |
linkwhspr Link Whisper Free
|
CVE NVD | |
| CVE-2025-12510 |
Widgets for Google Reviews <= 13.2.4 - Unauthenticated Stored Cross-Site Scripting via Google Reviews
|
HIGH | 7.2 | 2025-12-06 |
trustindex Widgets for Google Reviews
|
CVE NVD | |
| CVE-2025-66629 |
HedgeDoc is missing state parameter in OAuth2 flows could lead to CSRF
|
LOW | 3.7 | 2025-12-05 |
hedgedoc hedgedoc
hedgedoc hedgedoc
|
CVE NVD | |
| CVE-2025-14116 |
xerrors Yuxi-Know embed.py OtherEmbedding.aencode server-side request forgery
|
MEDIUM | 5.1 | 2025-12-05 |
xerrors Yuxi-Know
xerrors Yuxi-Know
+2个
|
CVE NVD |