快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 353043
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2025-12465 |
Blind SQL Injection in QuickCMS
|
HIGH | 8.6 | 2025-12-02 |
OpenSolution QuickCMS
|
CVE NVD | |
| CVE-2025-13090 |
WP Directory Kit <= 1.4.6 - Authenticated (Admin+) SQL Injection
|
MEDIUM | 4.9 | 2025-12-02 |
listingthemes WP Directory Kit
|
CVE NVD | |
| CVE-2025-13353 |
gokey allows secret recovery from a seed file without the master password
|
HIGH | 7.1 | 2025-12-02 |
Cloudflare gokey
cloudflare gokey
|
CVE NVD | |
| CVE-2025-41742 |
Sprecher Automation: SPRECON-E series has a critical vulnerability due to the use of static cryptographic keys in system components
|
CRITICAL | 9.8 | 2025-12-02 |
Sprecher Automation SPRECON-E-C
Sprecher Automation SPRECON-E-P
+1个
|
CVE NVD | |
| CVE-2025-41743 |
Sprecher Automation: SPRECON-E series prone to weak encryption of update files
|
MEDIUM | 4.0 | 2025-12-02 |
Sprecher Automation SPRECON-E-C
Sprecher Automation SPRECON-E-P
+1个
|
CVE NVD | |
| CVE-2025-41744 |
Sprecher Automation: SPRECON-E series has static default key material for TLS connections
|
CRITICAL | 9.1 | 2025-12-02 |
Sprecher Automation SPRECON-E-C
Sprecher Automation SPRECON-E-P
+1个
|
CVE NVD | |
| CVE-2025-13873 |
The feature to import a survey is prone to stored Cross-Site Script attacks
|
MEDIUM | 4.8 | 2025-12-02 |
ObjectPlanet Opinio
objectplanet opinio
|
CVE NVD | |
| CVE-2025-13872 |
Blind Server-Side Request Forgery (SSRF) in the survey-import feature of ObjectPlanet Opinio
|
LOW | 2.1 | 2025-12-02 |
ObjectPlanet Opinio
objectplanet opinio
|
CVE NVD | |
| CVE-2025-13871 |
The feature to manage resources is prone to Cross-Site Request Forgery attacks
|
LOW | 2.3 | 2025-12-02 |
ObjectPlanet Opinio
objectplanet opinio
|
CVE NVD | |
| CVE-2025-13870 |
Unauthorized access and subscription vulnerability in Boards
|
LOW | 3.1 | 2025-12-02 |
Mattermost Mattermost
mattermost mattermost_server
|
CVE NVD | |
| CVE-2025-13516 |
SureMail – SMTP and Email Logs Plugin with Amazon SES, Postmark, and Other Providers <= 1.9.0 - Unauthenticated Arbitrary File Upload
|
HIGH | 8.1 | 2025-12-02 |
brainstormforce SureMail – SMTP and Email Logs Plugin with Amazon SES, Postmark, and Other Providers
|
CVE NVD | |
| CVE-2025-13724 |
VikRentCar Car Rental Management System <= 1.4.4 - Authenticated (Author+) SQL Injection via 'month' Parameter
|
HIGH | 7.5 | 2025-12-02 |
e4jvikwp VikRentCar Car Rental Management System
|
CVE NVD | |
| CVE-2025-13534 |
ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.2 - Authenticated (Contributor+) Privilege Escalation via eh_crm_edit_agent AJAX Action
|
MEDIUM | 6.3 | 2025-12-02 |
elextensions ELEX WordPress HelpDesk & Customer Ticketing System
elula wsdesk
|
CVE NVD | |
| CVE-2025-10543 |
In Eclipse Paho Go MQTT v3.1 library (paho.mqtt.golang) versions <=1.5.0 UTF-8 encoded strings, pass...
|
MEDIUM | 6.3 | 2025-12-02 |
Eclipse Foundation paho.mqtt.golang (Go MQTT v3.1 library)
eclipse paho_mqtt
|
CVE NVD | |
| CVE-2025-10971 |
Insecure Storage of Sensitive Information
|
HIGH | 8.8 | 2025-12-02 |
FERMAX ELECTRÓNICA S.A.U MeetMe
|
CVE NVD | |
| CVE-2025-11726 |
Beaver Builder – WordPress Page Builder <= 2.9.4 - Missing Authorization to Authenticated (Contributor+) Global Preset Modification
|
MEDIUM | 4.3 | 2025-12-02 |
beaverbuilder Beaver Builder Page Builder – Drag and Drop Website Builder
fastlinemedia beaver_builder
|
CVE NVD | |
| CVE-2025-13696 |
Zigaform <= 7.6.5 - Unauthenticated Form Submission Data Disclosure in rocket_front_payment_seesummary AJAX Endpoint
|
MEDIUM | 5.3 | 2025-12-02 |
softdiscover Zigaform – Price Calculator & Cost Estimation Form Builder Lite
|
CVE NVD | |
| CVE-2025-12483 |
Visualizer: Tables and Charts Manager for WordPress <= 3.11.12 - Authenticated (Contributor+) SQL Injection
|
MEDIUM | 6.5 | 2025-12-02 |
themeisle Visualizer: Tables and Charts Manager for WordPress
|
CVE NVD | |
| CVE-2025-13140 |
SurveyJS: Drag & Drop WordPress Form Builder <= 1.12.20 - Cross-Site Request Forgery to Survey Deletion
|
MEDIUM | 4.3 | 2025-12-02 |
devsoftbaltic SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity
|
CVE NVD | |
| CVE-2025-13685 |
Photo Gallery by Ays <= 6.4.8 - Cross-Site Request Forgery to Bulk Actions
|
MEDIUM | 4.3 | 2025-12-02 |
ays-pro Photo Gallery by Ays – Responsive Image Gallery
|
CVE NVD |