快速搜索提示:
按厂商查询(如:microsoft)|
按产品查询(如:microsoft sql_server)
漏洞列表 340282
| CVE ID | 标题 | 严重程度 | CVSS | 发布时间 | 受影响产品 | 数据源 | 操作 |
|---|---|---|---|---|---|---|---|
| CVE-2025-12167 |
Contact Form 7 AWeber Extension <= 0.1.42 - Missing Authorization to Authenticated (Subscriber+) Log Reset
|
MEDIUM | 4.3 | 2025-11-08 |
rnzo Contact Form 7 AWeber Extension
|
CVE NVD | |
| CVE-2025-12583 |
Simple Downloads List <= 1.4.3 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
|
MEDIUM | 6.4 | 2025-11-08 |
neofix Simple Downloads List
|
CVE NVD | |
| CVE-2025-11452 |
Asgaros Forum <= 3.1.0 - Unauthenticated SQL Injection
|
HIGH | 7.5 | 2025-11-08 |
asgaros Asgaros Forum
|
CVE NVD | |
| CVE-2025-64496 |
Open WebUI Affected by an External Model Server (Direct Connections) Code Injection via SSE Events
|
HIGH | 7.3 | 2025-11-08 |
open-webui open-webui
|
CVE NVD | |
| CVE-2025-64495 |
Open WebUI vulnerable to Stored DOM XSS via prompts when 'Insert Prompt as Rich Text' is enabled resulting in ATO/RCE
|
HIGH | 8.7 | 2025-11-08 |
open-webui open-webui
|
CVE NVD | |
| CVE-2025-64494 |
Soft Serve does not sanitize ANSI escape sequences in user input
|
MEDIUM | 4.6 | 2025-11-08 |
charmbracelet soft-serve
|
CVE NVD | |
| CVE-2025-64493 |
SuiteCRM is Vulnerable to Authenticated Blind SQL Injection via GraphQL
|
MEDIUM | 6.5 | 2025-11-08 |
SuiteCRM SuiteCRM-Core
|
CVE NVD | |
| CVE-2025-64492 |
SuiteCRM is Vulnerable to Authenticated Time Based Blind SQL Injection
|
HIGH | 8.8 | 2025-11-08 |
SuiteCRM SuiteCRM-Core
|
CVE NVD | |
| CVE-2025-64491 |
SuiteCRM is vulnerable to unauthenticated reflected XSS through its Login page
|
MEDIUM | 6.1 | 2025-11-08 |
SuiteCRM SuiteCRM
|
CVE NVD | |
| CVE-2025-64490 |
SuiteCRM's Inconsistent RBAC Enforcement Enables Access Control Bypass
|
HIGH | 8.3 | 2025-11-08 |
SuiteCRM SuiteCRM
SuiteCRM SuiteCRM
|
CVE NVD | |
| CVE-2025-64489 |
SuiteCRM: Privilege Escalation via Improper Session Invalidation and Inactive User Bypass
|
HIGH | 8.3 | 2025-11-08 |
SuiteCRM SuiteCRM
SuiteCRM SuiteCRM
|
CVE NVD | |
| CVE-2025-64488 |
SuiteCRM: Authenticated SQL Injection Possible in Reschedule Call Module
|
HIGH | 8.6 | 2025-11-07 |
SuiteCRM SuiteCRM
SuiteCRM SuiteCRM
|
CVE NVD | |
| CVE-2025-64486 |
calibre is vulnerable to arbitrary code execution when opening FB2 files
|
CRITICAL | 9.3 | 2025-11-07 |
kovidgoyal calibre
|
CVE NVD | |
| CVE-2025-12911 |
Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote...
|
MEDIUM | 4.3 | 2025-11-07 |
Google Chrome
|
CVE NVD | |
| CVE-2025-12910 |
Inappropriate implementation in Passkeys in Google Chrome prior to 140.0.7339.80 allowed a local att...
|
MEDIUM | 6.2 | 2025-11-07 |
Google Chrome
|
CVE NVD | |
| CVE-2025-12909 |
Insufficient policy enforcement in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remote...
|
MEDIUM | 5.3 | 2025-11-07 |
Google Chrome
|
CVE NVD | |
| CVE-2025-12908 |
Insufficient validation of untrusted input in Downloads in Google Chrome on Android prior to 140.0.7...
|
MEDIUM | 5.4 | 2025-11-07 |
Google Chrome
|
CVE NVD | |
| CVE-2025-12907 |
Insufficient validation of untrusted input in Devtools in Google Chrome prior to 140.0.7339.80 allow...
|
HIGH | 8.8 | 2025-11-07 |
Google Chrome
|
CVE NVD | |
| CVE-2025-12906 |
Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remote...
|
MEDIUM | 5.4 | 2025-11-07 |
Google Chrome
|
CVE NVD | |
| CVE-2025-12905 |
Inappropriate implementation in Downloads in Google Chrome on Windows prior to 140.0.7339.80 allowed...
|
MEDIUM | 5.4 | 2025-11-07 |
Google Chrome
|
CVE NVD |