快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 353043
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2025-66454 |
Arcade MCP Default Hardcoded Worker Secret Allows Full Unauthorized Access to All HTTP MCP Worker Endpoints
|
MEDIUM | 6.5 | 2025-12-02 |
ArcadeAI arcade-mcp
|
CVE NVD | |
| CVE-2025-66416 |
DNS Rebinding Protection Disabled by Default in Model Context Protocol Python SDK for Servers Running on Localhost
|
HIGH | 7.6 | 2025-12-02 |
modelcontextprotocol python-sdk
|
CVE NVD | |
| CVE-2025-66414 |
DNS Rebinding Protection Disabled by Default in Model Context Protocol TypeScript SDK for Servers Running on Localhost
|
HIGH | 7.6 | 2025-12-02 |
modelcontextprotocol typescript-sdk
|
CVE NVD | |
| CVE-2025-66409 |
ESF-IDF has an Out-of-Bounds Read in ESP32 Bluetooth AVRCP Command Handling
|
LOW | 2.7 | 2025-12-02 |
espressif esp-idf
espressif esp-idf
+3个
|
CVE NVD | |
| CVE-2025-52622 |
HCL BigFix SaaS Remediate is affected by a security vulnerability
|
MEDIUM | 5.4 | 2025-12-02 |
HCL Software BigFix SaaS Remediate
|
CVE NVD | |
| CVE-2025-66399 |
SNMP Command Injection leads to RCE in Cacti
|
HIGH | 7.4 | 2025-12-02 |
Cacti cacti
cacti cacti
|
CVE NVD | |
| CVE-2025-65105 |
Apptainer ineffective application of selinux and apparmor --security options
|
MEDIUM | 4.5 | 2025-12-02 |
apptainer apptainer
lfprojects apptainer
|
CVE NVD | |
| CVE-2025-64750 |
Singluarity ineffectively applies of selinux / apparmor LSM process labels
|
MEDIUM | 4.5 | 2025-12-02 |
sylabs singularity
sylabs singularity
|
CVE NVD | |
| CVE-2025-13828 |
Mautic user without privileged access to the Marketplace can install and uninstall composer packages
|
CRITICAL | 9.0 | 2025-12-02 |
Mautic Mautic
|
CVE NVD | |
| CVE-2025-13827 |
GrapesJsBuilder File Upload allows all file uploads
|
HIGH | 8.8 | 2025-12-02 |
Mautic Mautic
|
CVE NVD | |
| CVE-2025-13877 |
nocobase JWT Service jwt-service.ts hard-coded key
|
MEDIUM | 6.3 | 2025-12-02 |
未知
|
CVE NVD | |
| CVE-2025-12630 |
Upload.am File Hosting VPN < 1.0.1 - Contributor+ Arbitrary Option Disclosure
|
MEDIUM | 4.9 | 2025-12-02 |
Unknown Upload.am
|
CVE NVD | |
| CVE-2025-58113 |
An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Co. Ltd PDF-XChan...
|
MEDIUM | 6.5 | 2025-12-02 |
PDF-XChange Co. Ltd PDF-XChange Editor
pdf-xchange pdf-xchange_editor
|
CVE NVD | |
| CVE-2025-64460 |
Potential denial-of-service vulnerability in XML serializer text extraction
|
HIGH | 7.5 | 2025-12-02 |
djangoproject Django
djangoproject django
|
CVE NVD | |
| CVE-2025-13372 |
Potential SQL injection in FilteredRelation column aliases on PostgreSQL
|
MEDIUM | 4.3 | 2025-12-02 |
djangoproject Django
djangoproject django
|
CVE NVD | |
| CVE-2025-13876 |
Rareprob HD Video Player All Formats App com.rocks.music.videoplayer path traversal
|
MEDIUM | 4.8 | 2025-12-02 |
Rareprob HD Video Player All Formats App
|
CVE NVD | |
| CVE-2025-13875 |
Yohann0617 oci-helper OCI Configuration Upload OciServiceImpl.java addCfg path traversal
|
MEDIUM | 5.3 | 2025-12-02 |
Yohann0617 oci-helper
Yohann0617 oci-helper
+3个
|
CVE NVD | |
| CVE-2025-13505 |
Stored XSS in Datateam's Datactive
|
MEDIUM | 4.8 | 2025-12-02 |
Datateam Information Technologies Inc. Datactive
datateam datactive
|
CVE NVD | |
| CVE-2025-41066 |
Disclosure of sensitive information in Horde Groupware
|
MEDIUM | 6.9 | 2025-12-02 |
Horde Groupware
horde groupware
|
CVE NVD | |
| CVE-2025-13731 |
Nexter Extension <= 4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode
|
MEDIUM | 6.4 | 2025-12-02 |
posimyththemes Nexter Extension – Site Enhancements Toolkit
|
CVE NVD |