快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 353043
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2025-11263 |
Link Whisper Free <= 0.8.8 - Reflected Cross-Site Scripting
|
MEDIUM | 6.1 | 2025-12-06 |
linkwhspr Link Whisper Free
|
CVE NVD | |
| CVE-2025-12510 |
Widgets for Google Reviews <= 13.2.4 - Unauthenticated Stored Cross-Site Scripting via Google Reviews
|
HIGH | 7.2 | 2025-12-06 |
trustindex Widgets for Google Reviews
|
CVE NVD | |
| CVE-2025-66629 |
HedgeDoc is missing state parameter in OAuth2 flows could lead to CSRF
|
LOW | 3.7 | 2025-12-05 |
hedgedoc hedgedoc
hedgedoc hedgedoc
|
CVE NVD | |
| CVE-2025-14116 |
xerrors Yuxi-Know embed.py OtherEmbedding.aencode server-side request forgery
|
MEDIUM | 5.1 | 2025-12-05 |
xerrors Yuxi-Know
xerrors Yuxi-Know
+2个
|
CVE NVD | |
| CVE-2025-14111 |
Rarlab RAR App com.rarlab.rar path traversal
|
LOW | 2.3 | 2025-12-05 |
Rarlab RAR App
rarlab rar
|
CVE NVD | |
| CVE-2025-34291 |
Langflow <= 1.6.9 CORS Misconfiguration to Token Hijack & RCE
|
CRITICAL | 9.4 | 2025-12-05 |
Langflow Langflow
langflow langflow
|
CVE NVD | |
| CVE-2025-14108 |
ZSPACE Q2C NAS HTTP POST Request open zfilev2_api.OpenSafe command injection
|
HIGH | 8.7 | 2025-12-05 |
ZSPACE Q2C NAS
zspace q2c_nas_firmware
|
CVE NVD | |
| CVE-2025-14107 |
ZSPACE Q2C NAS HTTP POST Request status zfilev2_api.SafeStatus command injection
|
HIGH | 8.7 | 2025-12-05 |
ZSPACE Q2C NAS
zspace q2c_nas_firmware
|
CVE NVD | |
| CVE-2025-14106 |
ZSPACE Q2C NAS HTTP POST Request close zfilev2_api.CloseSafe command injection
|
HIGH | 8.7 | 2025-12-05 |
ZSPACE Q2C NAS
zspace q2c_nas_firmware
|
CVE NVD | |
| CVE-2025-13426 |
Improper Sandboxing in Google Apigee's JavaCallout Policy Allows for Remote Code Execution
|
HIGH | 8.7 | 2025-12-05 |
Google Cloud Apigee hybrid Javacallout policy
|
CVE NVD | |
| CVE-2025-14105 |
TOZED ZLT M30S/ZLT M30S PRO Web proc_post denial of service
|
MEDIUM | 5.3 | 2025-12-05 |
TOZED ZLT M30S
TOZED ZLT M30S
+2个
|
CVE NVD | |
| CVE-2025-8148 |
CVE-2025-8148 Improper Access Control in SFTP service of GoAnywhere MFT
|
MEDIUM | 4.2 | 2025-12-05 |
Fortra GoAnywhere MFT
fortra goanywhere_managed_file_transfer
|
CVE NVD | |
| CVE-2025-46603 |
Dell CloudBoost Virtual Appliance, versions 19.13.0.0 and prior, contains an Improper Restriction of...
|
HIGH | 7.0 | 2025-12-05 |
Dell CloudBoost Virtual Appliance
dell cloudboost_virtual_appliance
|
CVE NVD | |
| CVE-2025-66624 |
BACnet Stack 缓冲区错误漏洞
|
HIGH | 7.5 | 2025-12-05 |
bacnet-stack bacnet-stack
|
CVE NVD +1 | |
| CVE-2025-66623 |
Strimzi allows unrestricted access to all Secrets in the same Kubernetes namespace from Kafka Connect and MirrorMaker 2 operands
|
HIGH | 7.4 | 2025-12-05 |
strimzi strimzi-kafka-operator
|
CVE NVD | |
| CVE-2025-66581 |
Frappe LMS is Missing Server-Side Authorization in Business Logic
|
LOW | 1.3 | 2025-12-05 |
frappe lms
frappe learning
|
CVE NVD | |
| CVE-2025-66577 |
cpp-httplib Untrusted HTTP Header Handling: X-Forwarded-For/X-Real-IP Trust
|
MEDIUM | 5.3 | 2025-12-05 |
yhirose cpp-httplib
yhirose cpp-httplib
|
CVE NVD | |
| CVE-2025-66570 |
cpp-httplib Untrusted HTTP Header Handling: Internal Header Shadowing (REMOTE*/LOCAL*)
|
CRITICAL | 10.0 | 2025-12-05 |
yhirose cpp-httplib
yhirose cpp-httplib
|
CVE NVD | |
| CVE-2025-66566 |
LZ4 Java 安全漏洞
|
HIGH | 8.2 | 2025-12-05 |
yawkat lz4-java
|
CVE NVD +1 | |
| CVE-2025-66562 |
TUUI vulnerable to Remote Code Execution (RCE) via XSS in Markdown ECharts Rendering
|
HIGH | 8.9 | 2025-12-05 |
AI-QL tuui
|
CVE NVD |