快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 353262
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2025-12893 |
Improper Certificate Validation May Allow Successful TLS Handshaking Despite Invalid Extended Key Usage Fields in MongoDB Server
|
LOW | 2.3 | 2025-11-25 |
MongoDB Inc. MongoDB Server
mongodb mongodb
|
CVE NVD | |
| CVE-2025-13507 |
Time-series operations may cause internal BSON size limit to be exceed
|
HIGH | 7.1 | 2025-11-25 |
MongoDB Inc. MongoDB Server
mongodb mongodb
|
CVE NVD | |
| CVE-2025-13068 |
Telegram Bot & Channel <= 4.1 - Unauthenticated Stored Cross-Site Scripting via Telegram Username
|
HIGH | 7.2 | 2025-11-25 |
milmor Telegram Bot & Channel
|
CVE NVD | |
| CVE-2025-13559 |
EduKart Pro <= 1.0.3 - Unauthenticated Privilege Escalation
|
CRITICAL | 9.8 | 2025-11-25 |
venusweb EduKart Pro
|
CVE NVD | |
| CVE-2025-13558 |
Blog2Social <= 8.7.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Trashing
|
MEDIUM | 5.4 | 2025-11-25 |
pr-gateway Blog2Social: Social Media Auto Post & Scheduler
|
CVE NVD | |
| CVE-2025-64730 |
Cross-site scripting vulnerability exists in SNC-CX600W all versions. If this vulnerability is explo...
|
MEDIUM | 4.8 | 2025-11-25 |
Sony Corporation SNC-CX600W
sony snc-cx600w_firmware
|
CVE NVD | |
| CVE-2025-62497 |
Cross-site request forgery vulnerability exists in SNC-CX600W versions prior to Ver.2.8.0. If a user...
|
LOW | 2.1 | 2025-11-25 |
Sony Corporation SNC-CX600W
sony snc-cx600w_firmware
|
CVE NVD | |
| CVE-2025-64304 |
"FOD" App uses hard-coded cryptographic keys, which may allow a local unauthenticated attacker to re...
|
MEDIUM | 5.1 | 2025-11-25 |
Fuji Television Network, Inc. "FOD" App for Android
Fuji Television Network, Inc. "FOD" App for iOS
|
CVE NVD | |
| CVE-2025-10646 |
Search Exclude <= 2.5.7 – Missing Authorization to Authenticated (Contributor+) Search Settings Modification via REST API
|
MEDIUM | 4.3 | 2025-11-25 |
quadlayers Search Exclude
|
CVE NVD | |
| CVE-2025-6389 |
Sneeit Framework <= 8.3 - Unauthenticated Remote Code Execution in sneeit_articles_pagination_callback
|
CRITICAL | 9.8 | 2025-11-25 |
Sneeit Sneeit Framework
|
CVE NVD | |
| CVE-2025-59373 |
A local privilege escalation vulnerability exists in
the restore mechanism of
ASUS System Contr...
|
HIGH | 8.5 | 2025-11-25 |
ASUS MyASUS
|
CVE NVD | |
| CVE-2025-65951 |
Inside Track / Entropy Derby Timelock Encryption Bypassed via Pre-Computed VDF Output Leakage
|
HIGH | 8.7 | 2025-11-25 |
mescuwa entropy-derby
|
CVE NVD | |
| CVE-2025-65944 |
Sentry-Javascript deals with leaked sensitive headers when `sendDefaultPii` is set to `true`
|
MEDIUM | 5.1 | 2025-11-25 |
getsentry sentry-javascript
|
CVE NVD | |
| CVE-2025-64761 |
OpenBao Privileged Operator Identity Group Root Escalation
|
HIGH | 7.5 | 2025-11-25 |
openbao openbao
openbao openbao
|
CVE NVD | |
| CVE-2025-9803 |
Improper Authentication in lunary-ai/lunary
|
CRITICAL | 9.3 | 2025-11-25 |
lunary-ai lunary-ai/lunary
lunary lunary
|
CVE NVD | |
| CVE-2025-51741 |
An issue was discovered in Veal98 Echo Open-Source Community System 2.2 thru 2.3 allowing an unauthe...
|
HIGH | 7.5 | 2025-11-25 |
interviewx echo
interviewx echo
|
CVE NVD | |
| CVE-2025-51742 |
An issue was discovered in jishenghua JSH_ERP 2.3.1. The /material/getMaterialEnableSerialNumberList...
|
CRITICAL | 9.8 | 2025-11-25 |
jishenghua jsherp
|
CVE NVD | |
| CVE-2025-51743 |
An issue was discovered in jishenghua JSH_ERP 2.3.1. The /materialCategory/addMaterialCategory endpo...
|
CRITICAL | 9.8 | 2025-11-25 |
jishenghua jsherp
|
CVE NVD | |
| CVE-2025-51744 |
An issue was discovered in jishenghua JSH_ERP 2.3.1. The /user/addUser endpoint is vulnerable to fas...
|
CRITICAL | 9.8 | 2025-11-25 |
jishenghua jsherp
|
CVE NVD | |
| CVE-2025-51745 |
An issue was discovered in jishenghua JSH_ERP 2.3.1. The /role/addcan endpoint is vulnerable to fast...
|
CRITICAL | 9.8 | 2025-11-25 |
jishenghua jsherp
|
CVE NVD |