快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 353084
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2025-59390 |
Apache Druid: Kerberos authenticaton chooses a cryptographically unsecure secret if not configured explicitly.
|
CRITICAL | 9.8 | 2025-11-26 |
Apache Software Foundation Apache Druid
apache druid
|
CVE NVD | |
| CVE-2025-62728 |
Apache Hive: SQL injection vulnerability when processing delete column statistics requests via the HMS Thrift APIs
|
MEDIUM | 5.4 | 2025-11-26 |
Apache Software Foundation Apache Hive
apache hive
|
CVE NVD | |
| CVE-2025-13735 |
Out-of-bounds Read in nr flc
|
HIGH | 7.4 | 2025-11-26 |
ASR Lapwing_Linux
|
CVE NVD | |
| CVE-2025-12061 |
Tax Service Electronic HDM < 1.2.1 - Unauthenticated Arbitrary SQL Execution
|
HIGH | 8.6 | 2025-11-26 |
Unknown TAX SERVICE Electronic HDM
|
CVE NVD | |
| CVE-2025-9557 |
Bluetooth: Mesh: Out-of-Bound Write in gen_prov_cont
|
HIGH | 7.6 | 2025-11-26 |
zephyrproject-rtos Zephyr
|
CVE NVD | |
| CVE-2025-9558 |
Bluetooth: Mesh: Out-of-Bound Write in gen_prov_start
|
HIGH | 7.6 | 2025-11-26 |
zephyrproject-rtos Zephyr
|
CVE NVD | |
| CVE-2025-64983 |
Smart Video Doorbell firmware versions prior to 2.01.078 contain an active debug code vulnerability ...
|
HIGH | 8.6 | 2025-11-26 |
SwitchBot Smart Video Doorbell
|
CVE NVD | |
| CVE-2025-66022 |
FACTION Unauthenticated Custom Extension Upload leads to RCE
|
CRITICAL | 9.7 | 2025-11-26 |
factionsecurity faction
owasp faction
|
CVE NVD | |
| CVE-2025-66026 |
REDAXO is Vulnerable to Reflected XSS in Mediapool Info Banner via args[types]
|
MEDIUM | 6.1 | 2025-11-26 |
redaxo redaxo
redaxo redaxo
|
CVE NVD | |
| CVE-2025-66025 |
Caido Improperly Handles External Links in Markdown
|
MEDIUM | 4.3 | 2025-11-26 |
caido caido
|
CVE NVD | |
| CVE-2025-66021 |
OWASP Java HTML Sanitizer is vulnerable to XSS via noscript tag and improper style tag sanitization
|
HIGH | 8.6 | 2025-11-26 |
OWASP java-html-sanitizer
owasp java_html_sanitizer
|
CVE NVD | |
| CVE-2025-66020 |
Valibot has a ReDoS vulnerability in `EMOJI_REGEX`
|
HIGH | 7.5 | 2025-11-26 |
open-circle valibot
|
CVE NVD | |
| CVE-2025-12848 |
XSS vulnerability when rendering filename in Webform Multiform
|
HIGH | 7.0 | 2025-11-26 |
Drupal Drupal
webform_multiple_file_upload_project webform_multiple_file_upload
+5个
|
CVE NVD | |
| CVE-2025-66269 |
Unquoted Service Path in UPSilon2000V6.0(RupsMon and USBMate) running as SYSTEM
|
HIGH | 7.1 | 2025-11-26 |
MegaTec Taiwan UPSilon2000V6.0
|
CVE NVD | |
| CVE-2025-66266 |
Insecure SYSTEM Service Permissions in UPSilon2000V6.0 (RupsMon.exe) leading to trivial Local Privilege Escalation
|
CRITICAL | 9.3 | 2025-11-26 |
MegaTec Taiwan UPSilon2000V6.0
|
CVE NVD | |
| CVE-2025-66265 |
Insecure permissions in configuration directory (C:\\usr)
|
MEDIUM | 6.9 | 2025-11-26 |
MegaTec Taiwan ClientMate
|
CVE NVD | |
| CVE-2025-66264 |
Unquoted Service path in UPSilon2000V6.0 SYSTEM privilege service
|
HIGH | 7.2 | 2025-11-26 |
MegaTec Taiwan ClientMate
|
CVE NVD | |
| CVE-2025-66263 |
Unauthenticated Arbitrary File Read via Null Byte Injection
|
HIGH | 8.9 | 2025-11-26 |
DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter
DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter
+31个
|
CVE NVD | |
| CVE-2025-66262 |
Arbitrary File Overwrite via Tar Extraction Path Traversal
|
CRITICAL | 9.3 | 2025-11-26 |
DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter
DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter
+31个
|
CVE NVD | |
| CVE-2025-66261 |
Unauthenticated OS Command Injection (restore_settings.php)
|
CRITICAL | 9.9 | 2025-11-26 |
DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter
DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter
+31个
|
CVE NVD |