漏洞列表 - 漏洞数据展示平台

快速搜索提示： 按厂商查询（如：microsoft）| 按产品查询（如：microsoft sql_server）

搜索关键词支持模糊搜索，但速度较慢

严重程度

数据源

排序

常用厂商： microsoft cisco google apple oracle

示例： microsoft sql_server cisco ios apache http_server

漏洞列表 353043

CVE ID	标题	严重程度	CVSS	发布时间	受影响产品	数据源
CVE-2025-65657	FeehiCMS version 2.1.1 has a Remote Code Execution via Unrestricted File Upload in Ad Management. Fe...	MEDIUM	6.5	2025-12-02	feehi feehicms	CVE NVD
CVE-2025-65844	EverShop 2.0.1 allows a remote unauthenticated attacker to upload arbitrary files and create directo...	HIGH	7.5	2025-12-02	evershop evershop	CVE NVD
CVE-2025-65858	A Stored Cross-Site Scripting (XSS) vulnerability in Calibre-Web v0.6.25 allows attackers to inject ...	LOW	3.5	2025-12-02	janeczku calibre-web	CVE NVD
CVE-2025-65877	Lvzhou CMS before commit c4ea0eb9cab5f6739b2c87e77d9ef304017ed615 (2025-09-22) is vulnerable to SQL ...	HIGH	7.5	2025-12-02	wanliofficial lvzhou_cms	CVE NVD
CVE-2025-65881	Sourcecodester Zoo Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in /classes/Lo...	MEDIUM	6.1	2025-12-02	oretnom23 zoo_management_system	CVE NVD
CVE-2025-65896	SQL injection vulnerability in long2ice assyncmy thru 0.2.10 allows attackers to execute arbitrary S...	CRITICAL	9.8	2025-12-02	long2ice asyncmy	CVE NVD
CVE-2025-66448	vLLM vulnerable to remote code execution via transformers_utils/get_config	HIGH	7.1	2025-12-01	vllm-project vllm vllm vllm	CVE NVD
CVE-2025-66401	MCP Watch has a Critical Command Injection in cloneRepo allows Remote Code Execution (RCE) via malicious URL	CRITICAL	9.8	2025-12-01	kapilduraphe mcp-watch	CVE NVD
CVE-2025-66415	fastify-reply-from bypass of reply forwarding	MEDIUM	6.9	2025-12-01	fastify fastify-reply-from	CVE NVD
CVE-2025-66412	Angular Stored XSS Vulnerability via SVG Animation, SVG URL and MathML Attributes	HIGH	8.5	2025-12-01	angular angular angular angular +2个	CVE NVD
CVE-2025-66410	Gin-vue-admin has an arbitrary file deletion vulnerability	HIGH	8.7	2025-12-01	flipped-aurora gin-vue-admin	CVE NVD
CVE-2025-66405	Portkey.ai Gateway: Server-Side Request Forgery (SSRF) in Custom Host	MEDIUM	6.9	2025-12-01	Portkey-AI gateway	CVE NVD
CVE-2025-66403	FileRise Vulnerable to Stored XSS via SVG Upload	MEDIUM	4.6	2025-12-01	error311 FileRise filerise filerise	CVE NVD
CVE-2025-66400	mdast-util-to-hast unsanitized class attribute	MEDIUM	6.9	2025-12-01	syntax-tree mdast-util-to-hast	CVE NVD
CVE-2025-66313	ChurchCRM vulnerable to a time-based blind SQL injection via the 1FieldSec parameter	MEDIUM	5.1	2025-12-01	ChurchCRM CRM churchcrm churchcrm	CVE NVD
CVE-2025-66312	Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/accounts/groups/[group]` parameter `data[readableName]`	MEDIUM	6.2	2025-12-01	getgrav grav getgrav grav-plugin-admin	CVE NVD
CVE-2025-66311	Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/pages/[page]` in Multiples parameters	MEDIUM	6.2	2025-12-01	getgrav grav getgrav grav-plugin-admin	CVE NVD
CVE-2025-66310	Grav vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/pages/[page]` parameter `data[header][template]` in Advanced Tab	MEDIUM	6.2	2025-12-01	getgrav grav getgrav grav-plugin-admin	CVE NVD
CVE-2025-66309	Grav vulnerable to Cross-Site Scripting (XSS) Reflected endpoint /admin/pages/[page], parameter data[header][content][items], located in the "Blog Config" tab	MEDIUM	6.2	2025-12-01	getgrav grav getgrav grav-plugin-admin	CVE NVD
CVE-2025-66308	Grav Admin Plugin vulnerable to Cross-Site Scripting (XSS) Stored endpoint `/admin/config/site` parameter `data[taxonomies]`	MEDIUM	6.8	2025-12-01	getgrav grav getgrav grav-plugin-admin	CVE NVD

耗时统计

总耗时:	267.53 ms
构建查询耗时:	0.0 ms
统计耗时:	254.31 ms
获取数据耗时:	11.95 ms
数据转换耗时:	1.26 ms

数据统计

匹配文档数:	353043
返回文档数:	20
当前页码:	486
每页数量:	20
跳过记录数:	9700

查询详情

查询集合:	`uni_vulnerabilities`
使用过滤器:	否
搜索关键词:	-
严重程度:	-
数据源:	-
效率分析:	良好查询速度正常

优化建议：

匹配文档数量很大（353043），建议使用更精确的搜索条件
当前未使用任何过滤条件，查询全部数据可能较慢

漏洞列表 353043

参考链接