快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 353084
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2025-65963 |
CFiles Unauthorized Folder/ZIP Access in Public Spaces
|
MEDIUM | 5.4 | 2025-11-25 |
humhub cfiles
humhub cfiles
|
CVE NVD | |
| CVE-2025-66019 |
pypdf manipulated LZWDecode streams can exhaust RAM
|
MEDIUM | 6.6 | 2025-11-25 |
py-pdf pypdf
|
CVE NVD | |
| CVE-2025-65957 |
Core Bot is Leaking Sensitive Credentials in Logs, Errors, and Messages
|
HIGH | 8.8 | 2025-11-25 |
Intercore-Productions Core-Bot
|
CVE NVD | |
| CVE-2025-65956 |
Formwork CMS Has a Stored Cross-Site Scripting (XSS) Vulnerability in Blog Tags
|
MEDIUM | 6.5 | 2025-11-25 |
getformwork formwork
formwork_project formwork
|
CVE NVD | |
| CVE-2025-65953 |
NanoMQ UAF of retain message due to invalid MQTTV5 properties
|
MEDIUM | 6.0 | 2025-11-25 |
nanomq nanomq
|
CVE NVD | |
| CVE-2025-65952 |
Console is vulnerable to path traversal regarding custom assets
|
HIGH | 8.7 | 2025-11-25 |
iiDk-the-actual Console
|
CVE NVD | |
| CVE-2025-13597 |
AI Feeds <= 1.0.11 - Unauthenticated Arbitrary File Upload
|
CRITICAL | 9.8 | 2025-11-25 |
soportecibeles AI Feeds
|
CVE NVD | |
| CVE-2025-13595 |
CIBELES AI <= 1.10.8 - Unauthenticated Arbitrary File Upload
|
CRITICAL | 9.8 | 2025-11-25 |
soportecibeles CIBELES AI
|
CVE NVD | |
| CVE-2025-65942 |
VictoriaMetrics Snappy Decoder DoS Vulnerability is Causing OOM
|
LOW | 2.7 | 2025-11-25 |
VictoriaMetrics VictoriaMetrics
VictoriaMetrics VictoriaMetrics
+1个
|
CVE NVD | |
| CVE-2025-64713 |
WebAssembly Micro Runtime frame_offset_bottom array bounds overflow in fast Interpreter mode when handling GET_GLOBAL(I32) followed by if opcode
|
MEDIUM | 5.1 | 2025-11-25 |
bytecodealliance wasm-micro-runtime
bytecodealliance webassembly_micro_runtime
|
CVE NVD | |
| CVE-2025-64704 |
WebAssembly Micro Runtime vulnerable to a segmentation fault in v128.store instruction
|
MEDIUM | 4.7 | 2025-11-25 |
bytecodealliance wasm-micro-runtime
bytecodealliance webassembly_micro_runtime
|
CVE NVD | |
| CVE-2025-21621 |
GeoServer Reflected Cross-Site Scripting (XSS) vulnerability in WMS GetFeatureInfo HTML format
|
MEDIUM | 6.1 | 2025-11-25 |
geoserver geoserver
geoserver geoserver
|
CVE NVD | |
| CVE-2025-62703 |
Fugue is Vulnerable to Remote Code Execution by Pickle Deserialization via FlaskRPCServer
|
HIGH | 8.8 | 2025-11-25 |
fugue-project fugue
fugue-project fugue
|
CVE NVD | |
| CVE-2025-58360 |
GeoServer is vulnerable to an Unauthenticated XML External Entities (XXE) attack via WMS GetMap feature
|
HIGH | 8.2 | 2025-11-25 |
geoserver geoserver
geoserver geoserver
+1个
|
CVE NVD | |
| CVE-2025-66017 |
CGGMP21 presignatures can be used in the way that significantly reduces security
|
HIGH | 8.2 | 2025-11-25 |
LFDT-Lockness cggmp21
LFDT-Lockness cggmp21
|
CVE NVD | |
| CVE-2025-66016 |
CGGMP24 is missing a check in the ZK proof used in CGGMP21
|
CRITICAL | 9.3 | 2025-11-25 |
LFDT-Lockness cggmp21
|
CVE NVD | |
| CVE-2025-9624 |
OpenSearch 3.2.0 - Nested Boolean/Disjunction asymmetric DoS
|
HIGH | 8.3 | 2025-11-25 |
OpenSearch OpenSearch
amazon opensearch
|
CVE NVD | |
| CVE-2025-65965 |
Grype has a credential disclosure vulnerability in Grype JSON output
|
HIGH | 8.2 | 2025-11-25 |
anchore grype
|
CVE NVD | |
| CVE-2025-12816 |
CVE-2025-12816
|
HIGH | 8.6 | 2025-11-25 |
Digital Bazaar node-forge
Digital Bazaar forge
+1个
|
CVE NVD | |
| CVE-2025-65961 |
Contao is vulnerable to cross-site scripting in templates
|
LOW | 3.3 | 2025-11-25 |
contao contao
contao contao
+2个
|
CVE NVD |