快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 353571
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2025-41735 |
Possible arbitrary file upload
|
HIGH | 8.8 | 2025-11-18 |
METZ CONNECT Energy-Controlling EWIO2-M
METZ CONNECT Energy-Controlling EWIO2-M-BM
+4个
|
CVE NVD | |
| CVE-2025-41734 |
Unauthenticated Local File Inclusion in php module
|
CRITICAL | 9.8 | 2025-11-18 |
METZ CONNECT Energy-Controlling EWIO2-M
METZ CONNECT Energy-Controlling EWIO2-M-BM
+4个
|
CVE NVD | |
| CVE-2025-41733 |
Possible malfunction credential injection
|
CRITICAL | 9.8 | 2025-11-18 |
METZ CONNECT Energy-Controlling EWIO2-M
METZ CONNECT Energy-Controlling EWIO2-M-BM
+4个
|
CVE NVD | |
| CVE-2025-41346 |
Stored Cross-Site Scripting (XSS) in WinPlus by Informática del Este
|
CRITICAL | 9.3 | 2025-11-18 |
Informática del Este WinPlus
iest winplus
|
CVE NVD | |
| CVE-2025-12391 |
Restrictions for BuddyPress <= 1.5.2 - Missing Authorization to Unauthenticated Tracking Status Update
|
MEDIUM | 5.3 | 2025-11-18 |
seventhqueen Restrictions for BuddyPress
|
CVE NVD | |
| CVE-2025-12457 |
Enable SVG, WebP, and ICO Upload <= 1.1.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Uploads
|
MEDIUM | 6.4 | 2025-11-18 |
ideastocode Enable SVG, WebP, and ICO Upload
|
CVE NVD | |
| CVE-2025-12691 |
Photonic Gallery & Lightbox for Flickr, SmugMug & Others <= 3.21 - Authenticated (Contributor+) Stored Cross-Site Scripting via Caption Attribute
|
MEDIUM | 6.4 | 2025-11-18 |
sayontan Photonic Gallery & Lightbox for Flickr, SmugMug & Others
|
CVE NVD | |
| CVE-2025-12639 |
wModes – Catalog Mode, Product Pricing, Enquiry Forms & Promotions | for WooCommerce <= 1.2.2 - Missing Authorization to Sensitive Information Disclosure
|
MEDIUM | 4.3 | 2025-11-18 |
sundayfanz wModes – Catalog Mode, Product Pricing, Enquiry Forms & Promotions | for WooCommerce
|
CVE NVD | |
| CVE-2025-12392 |
Cryptocurrency Payment Gateway for WooCommerce <= 2.0.22 - Missing Authorization to Unauthenticated Tracking Status Update
|
MEDIUM | 5.3 | 2025-11-18 |
tripleatechnology Cryptocurrency Payment Gateway for WooCommerce
|
CVE NVD | |
| CVE-2025-12088 |
Meta Display Block <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting
|
MEDIUM | 6.4 | 2025-11-18 |
bhargavbhandari90 Meta Display Block
|
CVE NVD | |
| CVE-2025-12481 |
WP Duplicate Page <= 1.7 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure
|
MEDIUM | 4.3 | 2025-11-18 |
ninjateam WP Duplicate Page
|
CVE NVD | |
| CVE-2025-13069 |
Enable SVG, WebP, and ICO Upload <= 1.1.2 - Authenticated (Author+) Arbitrary File Upload via ICO Upload Bypass
|
HIGH | 8.8 | 2025-11-18 |
ideastocode Enable SVG, WebP, and ICO Upload
|
CVE NVD | |
| CVE-2025-12079 |
WP Twitter Auto Publish <= 1.7.3 - Reflected Cross-Site Scripting via PostMessage
|
MEDIUM | 6.1 | 2025-11-18 |
f1logic WP Twitter Auto Publish
|
CVE NVD | |
| CVE-2025-13133 |
Simple User Import Export <= 1.1.7 - Authenticated (Admin+) CSV Injection
|
MEDIUM | 6.6 | 2025-11-18 |
vaniivan Simple User Import Export
|
CVE NVD | |
| CVE-2025-12955 |
Live sales notification for WooCommerce <= 2.3.39 - Missing Authorization to Unauthenticated Customer Data Exposure
|
HIGH | 7.5 | 2025-11-18 |
rajeshsingh520 Live sales notification for WooCommerce
|
CVE NVD | |
| CVE-2025-13196 |
Element Pack Addons for Elementor <= 8.3.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Open Street Map widget
|
MEDIUM | 5.4 | 2025-11-18 |
bdthemes Element Pack Addons for Elementor
|
CVE NVD | |
| CVE-2025-4212 |
Checkout Files Upload for WooCommerce <= 2.2.1 - Unauthenticated Stored Cross-Site Scripting
|
HIGH | 7.2 | 2025-11-18 |
wpwham Checkout Files Upload for WooCommerce
|
CVE NVD | |
| CVE-2025-11734 |
Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links <= 1.2.5 - Missing Authorization to Authenticated (Contributor+) Arbitrary Post Trashing
|
MEDIUM | 5.4 | 2025-11-18 |
aioseo Broken Link Checker by AIOSEO – Easily Fix/Monitor Internal and External links
|
CVE NVD | |
| CVE-2025-40545 |
SolarWinds Observability Self-Hosted Open Redirection Vulnerability
|
MEDIUM | 4.8 | 2025-11-18 |
SolarWinds SolarWinds Observability Self-Hosted
solarwinds observability_self-hosted
|
CVE NVD | |
| CVE-2025-26391 |
SolarWinds Observability Self-Hosted XSS Vulnerability
|
MEDIUM | 5.4 | 2025-11-18 |
SolarWinds SolarWinds Observability Self-Hosted
solarwinds observability_self-hosted
|
CVE NVD |