快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 353084
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2025-66385 |
UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escala...
|
CRITICAL | 9.4 | 2025-11-28 |
cerebrate-project Cerebrate
|
CVE NVD | |
| CVE-2025-66386 |
app/Model/EventReport.php in MISP before 2.5.27 allows path traversal in view picture for a site-adm...
|
MEDIUM | 4.1 | 2025-11-28 |
MISP MISP
|
CVE NVD | |
| CVE-2025-3261 |
NOT_EXTRACTED
|
LOW | -1.0 | 2025-11-27 |
未知
|
CVE NVD | |
| CVE-2025-12421 |
Account Takeover via Code Exchange Endpoint
|
CRITICAL | 9.9 | 2025-11-27 |
Mattermost Mattermost
mattermost mattermost_server
|
CVE NVD | |
| CVE-2025-12559 |
Information Disclosure in Common Teams API
|
MEDIUM | 4.3 | 2025-11-27 |
Mattermost Mattermost
mattermost mattermost_server
|
CVE NVD | |
| CVE-2025-12419 |
Account takeover on OAuth/OpenID-enabled servers
|
CRITICAL | 9.9 | 2025-11-27 |
Mattermost Mattermost
mattermost mattermost_server
|
CVE NVD | |
| CVE-2025-13758 |
Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server: thro...
|
LOW | 3.5 | 2025-11-27 |
Devolutions Server
devolutions devolutions_server
|
CVE NVD | |
| CVE-2025-13757 |
SQL Injection vulnerability in last usage logs in Devolutions Server.This issue affects Devolutions ...
|
HIGH | 8.8 | 2025-11-27 |
Devolutions Server
devolutions devolutions_server
|
CVE NVD | |
| CVE-2025-13765 |
Exposure of email service credentials to users without administrative rights in Devolutions Server.T...
|
MEDIUM | 4.3 | 2025-11-27 |
Devolutions Server
devolutions devolutions_server
|
CVE NVD | |
| CVE-2025-12140 |
RCE in Wirtualna Uczelnia
|
CRITICAL | 9.3 | 2025-11-27 |
Simple SA Wirtualna Uczelnia
|
CVE NVD | |
| CVE-2025-13692 |
Unlimited Elements For Elementor and Unlimited Elements For Elementor (Premium) <= 2.0 - Unauthenticated Stored Cross-Site Scripting via SVG File Upload
|
HIGH | 7.2 | 2025-11-27 |
unitecms Unlimited Elements for Elementor (Premium)
unitecms Unlimited Elements For Elementor
|
CVE NVD | |
| CVE-2025-8890 |
Authenticated RCE in SDMC NE6037 router
|
CRITICAL | 9.3 | 2025-11-27 |
SDMC NE6037
|
CVE NVD | |
| CVE-2025-12971 |
Folders <= 3.1.5 - Incorrect Authorization to Authenticated (Contributor+) Folder Content Manipulation
|
MEDIUM | 4.3 | 2025-11-27 |
galdub Folders – Unlimited Folders to Organize Media Library Folder, Pages, Posts, File Manager
|
CVE NVD | |
| CVE-2025-54057 |
Apache SkyWalking: Stored XSS vulnerability
|
MEDIUM | 6.1 | 2025-11-27 |
Apache Software Foundation Apache SkyWalking
apache skywalking
|
CVE NVD | |
| CVE-2025-59302 |
Apache CloudStack: Potential remote code execution on Javascript engine defined rules
|
MEDIUM | 4.7 | 2025-11-27 |
Apache Software Foundation Apache CloudStack
apache cloudstack
+1个
|
CVE NVD | |
| CVE-2025-59454 |
Apache CloudStack: Lack of user permission validation leading to data leak for few APIs
|
MEDIUM | 4.3 | 2025-11-27 |
Apache Software Foundation Apache CloudStack
apache cloudstack
+1个
|
CVE NVD | |
| CVE-2025-13742 |
Limited HTML injection in emails
|
LOW | 2.4 | 2025-11-27 |
pretix pretix
pretix pretix
+2个
|
CVE NVD | |
| CVE-2025-10476 |
WP Fastest Cache <= 1.4.0 - Missing Authorization to Authenticated (Subscriber+) DB Cleanup Actions
|
MEDIUM | 4.3 | 2025-11-27 |
emrevona WP Fastest Cache
|
CVE NVD | |
| CVE-2025-59890 |
Improper input sanitization in the file archives upload functionality of Eaton Galileo software allo...
|
HIGH | 7.3 | 2025-11-27 |
Eaton Eaton Galileo Software
|
CVE NVD | |
| CVE-2025-13381 |
AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.0 - Missing Authorization to Unauthenticated Media File Uploads
|
MEDIUM | 5.3 | 2025-11-27 |
ays-pro AI ChatBot with ChatGPT and Content Generator by AYS
|
CVE NVD |