快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 353571
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2025-13410 |
Campcodes Retro Basketball Shoes Online Store receipt.php sql injection
|
MEDIUM | 6.9 | 2025-11-19 |
Campcodes Retro Basketball Shoes Online Store
campcodes retro_basketball_shoes_online_store
|
CVE NVD | |
| CVE-2025-36371 |
IBM i 安全漏洞
|
MEDIUM | 6.5 | 2025-11-19 |
IBM i
IBM i
+8个
|
CVE NVD +1 | |
| CVE-2025-65103 |
OpenSTAManager has an authenticated SQL Injection vulnerability in API via 'display' parameter
|
HIGH | 8.8 | 2025-11-19 |
devcode-it openstamanager
|
CVE NVD | |
| CVE-2025-65094 |
WBCE CMS is Vulnerable to Privilege Escalation via Group ID Manipulation (IDOR)
|
HIGH | 8.7 | 2025-11-19 |
WBCE WBCE_CMS
wbce wbce_cms
|
CVE NVD | |
| CVE-2025-65100 |
Security Snapshot May Use Unintended Timestamp When Only ISAR_APT_SNAPSHOT_DATE Is Set
|
MEDIUM | 6.9 | 2025-11-19 |
ilbers isar
|
CVE NVD | |
| CVE-2025-64759 |
Homarr is Vulnerable to Stored Cross-Site Scripting (XSS) and Possible Privilege Escalation via Malicious SVG Upload
|
HIGH | 8.1 | 2025-11-19 |
homarr-labs homarr
|
CVE NVD | |
| CVE-2025-13316 |
Hard-coded encryption keys in Twonky Server
|
HIGH | 8.2 | 2025-11-19 |
Lynxtechnology Twonky Server
lynxtechnology twonky_server
|
CVE NVD | |
| CVE-2025-13315 |
Unauthenticated log access in Twonky Server
|
CRITICAL | 9.3 | 2025-11-19 |
Lynxtechnology Twonky Server
lynxtechnology twonky_server
|
CVE NVD | |
| CVE-2025-65089 |
XWiki view file macro: User can view content of office file without view rights on the attachment
|
MEDIUM | 6.8 | 2025-11-19 |
xwikisas xwiki-pro-macros
xwiki pro_macros
|
CVE NVD | |
| CVE-2025-65095 |
Lookyloo is vulnerable due to improper user input sanitization
|
CRITICAL | 9.4 | 2025-11-19 |
Lookyloo lookyloo
|
CVE NVD | |
| CVE-2025-65099 |
Claude Code vulnerable to command execution prior to startup trust dialog
|
HIGH | 7.7 | 2025-11-19 |
anthropics claude-code
anthropic claude_code
|
CVE NVD | |
| CVE-2025-65026 |
esm.sh CDN service has JS Template Literal Injection in CSS-to-JavaScript
|
MEDIUM | 6.1 | 2025-11-19 |
esm-dev esm.sh
esm esm.sh
|
CVE NVD | |
| CVE-2025-65025 |
esm.sh CDN service has arbitrary file write via tarslip
|
HIGH | 8.2 | 2025-11-19 |
esm-dev esm.sh
esm esm.sh
|
CVE NVD | |
| CVE-2025-65034 |
Rallly Improper Authorization Allows Reopening of Any Finalized Poll via Public pollId
|
HIGH | 8.1 | 2025-11-19 |
lukevella rallly
rallly rallly
|
CVE NVD | |
| CVE-2025-65033 |
Rallly Broken Authorization: Any User Can Pause or Resume Any Poll via Poll ID Manipulation
|
HIGH | 8.1 | 2025-11-19 |
lukevella rallly
rallly rallly
|
CVE NVD | |
| CVE-2025-65032 |
Rallly Has an IDOR Vulnerability in Participant Rename Function Allows Unauthorized Modification of Other Users’ Names
|
MEDIUM | 6.5 | 2025-11-19 |
lukevella rallly
rallly rallly
|
CVE NVD | |
| CVE-2025-65031 |
Rallly Improper Authorization in Comment Endpoint Allows User Impersonation
|
MEDIUM | 6.5 | 2025-11-19 |
lukevella rallly
rallly rallly
|
CVE NVD | |
| CVE-2025-65030 |
Rallly Improper Authorization in Comment Deletion Endpoint Allows Unauthorized Comment Removal
|
HIGH | 7.1 | 2025-11-19 |
lukevella rallly
rallly rallly
|
CVE NVD | |
| CVE-2025-65029 |
Rallly Has an IDOR Vulnerability in Participant Deletion Endpoint Allows Unauthorized Removal of Poll Participants
|
HIGH | 8.1 | 2025-11-19 |
lukevella rallly
rallly rallly
|
CVE NVD | |
| CVE-2025-65021 |
Rallly Has Unauthorized Poll Finalization via Insecure Direct Object Reference (IDOR)
|
CRITICAL | 9.1 | 2025-11-19 |
lukevella rallly
rallly rallly
|
CVE NVD |