快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 353084
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2025-13786 |
taosir WTCMS index.php fetch code injection
|
MEDIUM | 6.9 | 2025-11-30 |
taosir WTCMS
wtcms_project wtcms
|
CVE NVD | |
| CVE-2025-13785 |
yungifez Skuul School Management System Image profile information disclosure
|
MEDIUM | 5.3 | 2025-11-30 |
yungifez Skuul School Management System
yungifez Skuul School Management System
+5个
|
CVE NVD | |
| CVE-2025-13784 |
yungifez Skuul School Management System SVG File edit cross site scripting
|
MEDIUM | 4.8 | 2025-11-30 |
yungifez Skuul School Management System
yungifez Skuul School Management System
+5个
|
CVE NVD | |
| CVE-2025-13783 |
taosir WTCMS CommentadminController CommentadminController.class.php delete sql injection
|
MEDIUM | 5.3 | 2025-11-30 |
taosir WTCMS
wtcms_project wtcms
|
CVE NVD | |
| CVE-2025-13782 |
taosir WTCMS SlideController SlideController.class.php delete sql injection
|
MEDIUM | 6.9 | 2025-11-30 |
taosir WTCMS
wtcms_project wtcms
|
CVE NVD | |
| CVE-2025-13615 |
StreamTube Core <= 4.78 - Unauthenticated Arbitrary User Password Change
|
CRITICAL | 9.8 | 2025-11-30 |
phpface StreamTube Core
|
CVE NVD | |
| CVE-2025-66420 |
Tryton sao (aka tryton-sao) before 7.6.9 allows XSS via an HTML attachment. This is fixed in 7.6.9, ...
|
MEDIUM | 5.4 | 2025-11-30 |
Tryton sao
|
CVE NVD | |
| CVE-2025-66421 |
Tryton sao (aka tryton-sao) before 7.6.11 allows XSS because it does not escape completion values. T...
|
MEDIUM | 5.4 | 2025-11-30 |
Tryton sao
|
CVE NVD | |
| CVE-2025-66422 |
Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back (server setup) i...
|
MEDIUM | 4.3 | 2025-11-30 |
Tryton trytond
tryton trytond
|
CVE NVD | |
| CVE-2025-66423 |
Tryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor. Th...
|
HIGH | 7.1 | 2025-11-30 |
Tryton trytond
tryton trytond
|
CVE NVD | |
| CVE-2025-66424 |
Tryton trytond 6.0 before 7.6.11 does not enforce access rights for data export. This is fixed in 7....
|
MEDIUM | 6.5 | 2025-11-30 |
Tryton trytond
tryton trytond
|
CVE NVD | |
| CVE-2025-66432 |
In Oxide control plane 15 through 17 before 17.1, API tokens can be renewed past their expiration da...
|
MEDIUM | 5.0 | 2025-11-30 |
Oxide Omicron
|
CVE NVD | |
| CVE-2025-66433 |
HTCondor Access Point before 25.3.1 allows an authenticated user to impersonate other users on the l...
|
MEDIUM | 4.2 | 2025-11-30 |
wisc HTCondor
|
CVE NVD | |
| CVE-2025-6666 |
motogadget mo.lock Ignition Lock NFC hard-coded key
|
LOW | 1.0 | 2025-11-29 |
motogadget mo.lock Ignition Lock
|
CVE NVD | |
| CVE-2025-66291 |
OrangeHRM is Vulnerable to Improper Authorization Allowing Unauthorized Access to Interview Attachments
|
MEDIUM | 5.3 | 2025-11-29 |
orangehrm orangehrm
orangehrm orangehrm
|
CVE NVD | |
| CVE-2025-66290 |
OrangeHRM is Vulnerable to Improper Authorization Allowing Unauthorized Access to Candidate Attachments
|
MEDIUM | 5.3 | 2025-11-29 |
orangehrm orangehrm
orangehrm orangehrm
|
CVE NVD | |
| CVE-2025-66289 |
OrangeHRM is Vulnerable to Persistent Session Access Due to Missing Invalidation After User Disable and Password Change
|
HIGH | 8.7 | 2025-11-29 |
orangehrm orangehrm
orangehrm orangehrm
|
CVE NVD | |
| CVE-2025-66225 |
OrangeHRM is Vulnerable to Account Takeover Through Unvalidated Username in Password Reset Workflow
|
HIGH | 8.7 | 2025-11-29 |
orangehrm orangehrm
orangehrm orangehrm
|
CVE NVD | |
| CVE-2025-66224 |
OrangeHRM is Vulnerable to Code Execution Through Arbitrary File Write from Sendmail Parameter Injection
|
CRITICAL | 9.0 | 2025-11-29 |
orangehrm orangehrm
orangehrm orangehrm
|
CVE NVD | |
| CVE-2025-66223 |
OpenObserve's Invite Token Lifecycle Misconfiguration
|
HIGH | 8.4 | 2025-11-29 |
openobserve openobserve
|
CVE NVD |