快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 353262
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2025-65089 |
XWiki view file macro: User can view content of office file without view rights on the attachment
|
MEDIUM | 6.8 | 2025-11-19 |
xwikisas xwiki-pro-macros
xwiki pro_macros
|
CVE NVD | |
| CVE-2025-65095 |
Lookyloo is vulnerable due to improper user input sanitization
|
CRITICAL | 9.4 | 2025-11-19 |
Lookyloo lookyloo
|
CVE NVD | |
| CVE-2025-65099 |
Claude Code vulnerable to command execution prior to startup trust dialog
|
HIGH | 7.7 | 2025-11-19 |
anthropics claude-code
anthropic claude_code
|
CVE NVD | |
| CVE-2025-65026 |
esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript
|
MEDIUM | 6.1 | 2025-11-19 |
esm-dev esm.sh
esm esm.sh
|
CVE NVD | |
| CVE-2025-65025 |
esm.sh CDN service has arbitrary file write via tarslip
|
HIGH | 8.2 | 2025-11-19 |
esm-dev esm.sh
esm esm.sh
|
CVE NVD | |
| CVE-2025-65034 |
Rallly Improper Authorization Allows Reopening of Any Finalized Poll via Public pollId
|
HIGH | 8.1 | 2025-11-19 |
lukevella rallly
rallly rallly
|
CVE NVD | |
| CVE-2025-65033 |
Rallly Broken Authorization: Any User Can Pause or Resume Any Poll via Poll ID Manipulation
|
HIGH | 8.1 | 2025-11-19 |
lukevella rallly
rallly rallly
|
CVE NVD | |
| CVE-2025-65032 |
Rallly Has an IDOR Vulnerability in Participant Rename Function Allows Unauthorized Modification of Other Users’ Names
|
MEDIUM | 6.5 | 2025-11-19 |
lukevella rallly
rallly rallly
|
CVE NVD | |
| CVE-2025-65031 |
Rallly Improper Authorization in Comment Endpoint Allows User Impersonation
|
MEDIUM | 6.5 | 2025-11-19 |
lukevella rallly
rallly rallly
|
CVE NVD | |
| CVE-2025-65030 |
Rallly Improper Authorization in Comment Deletion Endpoint Allows Unauthorized Comment Removal
|
HIGH | 7.1 | 2025-11-19 |
lukevella rallly
rallly rallly
|
CVE NVD | |
| CVE-2025-65029 |
Rallly Has an IDOR Vulnerability in Participant Deletion Endpoint Allows Unauthorized Removal of Poll Participants
|
HIGH | 8.1 | 2025-11-19 |
lukevella rallly
rallly rallly
|
CVE NVD | |
| CVE-2025-65021 |
Rallly Has Unauthorized Poll Finalization via Insecure Direct Object Reference (IDOR)
|
CRITICAL | 9.1 | 2025-11-19 |
lukevella rallly
rallly rallly
|
CVE NVD | |
| CVE-2025-65020 |
Rallly Has Unauthorized Poll Duplication via Insecure Direct Object Reference (IDOR)
|
MEDIUM | 6.5 | 2025-11-19 |
lukevella rallly
rallly rallly
|
CVE NVD | |
| CVE-2025-65028 |
Rallly Has an IDOR Vulnerability in Vote Update Endpoint Allows Unauthorized Manipulation of Participant Votes
|
MEDIUM | 6.5 | 2025-11-19 |
lukevella rallly
rallly rallly
|
CVE NVD | |
| CVE-2025-64708 |
authentik invitation expiry is delayed by at least 5 minutes
|
MEDIUM | 5.8 | 2025-11-19 |
goauthentik authentik
goauthentik authentik
+1个
|
CVE NVD | |
| CVE-2025-64521 |
authentik deactivated service accounts can authenticate to OAuth
|
MEDIUM | 4.8 | 2025-11-19 |
goauthentik authentik
goauthentik authentik
+1个
|
CVE NVD | |
| CVE-2025-13400 |
Tenda CH22 WrlExtraGet formWrlExtraGet buffer overflow
|
HIGH | 8.7 | 2025-11-19 |
Tenda CH22
tenda ch22_firmware
|
CVE NVD | |
| CVE-2025-12743 |
SQL Injection in Looker Project Generation Endpoint Allows Access to Internal MySQL Database
|
MEDIUM | 6.0 | 2025-11-19 |
Google Cloud Looker
|
CVE NVD | |
| CVE-2025-64765 |
Astro middleware authentication checks based on url.pathname can be bypassed via url encoded values
|
MEDIUM | 6.9 | 2025-11-19 |
withastro astro
astro astro
|
CVE NVD | |
| CVE-2025-64764 |
Astro is vulnerable to Reflected XSS via the server islands feature
|
HIGH | 7.1 | 2025-11-19 |
withastro astro
astro astro
|
CVE NVD |